Thoughts on preparing and passing the new Microsoft Cybersecurity Architect (SC-100) certification

Thoughts on preparing and passing the new Microsoft Cybersecurity Architect (SC-100) certification

This past April, I had a chance to try out the new Microsoft Cybersecurity Architect (SC-100) certification exam beta. At the time, no official study or preparation material was available. As it usually goes with beta exams, the results take weeks to arrive – and finally, in early July, I got the word that I did pass the exam!

To learn about the actual certification, look at Microsoft’s official page.

The requirements for the SC-100 exam are that you have to pass one of the lower-tier security exams first – so one of the following:

With just two exams, you can achieve the highest Microsoft security certification. For my journey, I did almost all of the previous security exams before the SC-100 became available. If I had to choose just one, I would do the AZ-500 before trying out the SC-100. This is because the AZ-500 exam has a considerable breadth of security-related content – as opposed to some of the other exams, which are pretty narrowed down to one or two services.

To prepare for the exam, as I could not use the usual MCT guides or the labs on GitHub, I went through the main topics of the exam and mapped those to both Microsoft Docs and the previous exams. You can now find the official study guide here.

The architect exam focuses a lot on designing solutions rather than implementing them, leaving room for interpretation at times. I knew this going in, so less focus was needed on how to do something, and more emphasis was needed on the numerous options and capabilities. I’m a little rusty on certain aspects, such as Azure AD B2C and Azure Synapse, so I spent more time browsing and learning about those before the exam.

Almost everything in this exam aligns with the Microsoft Cybersecurity Reference Architecture (see:, and it’s an invaluable resource for learning about everything needed. In addition, the Well-architected Framework – specifically the Security category – is vital here. We also recently walked through the exam in our weekly podcast – the episode can be found here.

Beyond this, browse through all the labs for all the other exams – these are SC-200, SC-300, MS-500, and AZ-500. You can find the links to the labs in the bulleted list above.

A few years ago, I wrote this guide on how I prepare for exams. I reviewed this again, and it is all very relevant today still.

Good luck with the exam(s)!