Whether you’re completely new to Azure security certifications or are seeking to level up your existing cloud credentials, there are a couple of key questions you need to keep in mind.
First, “Am I looking at the most up-to-date certification information?” Just be aware that Microsoft is fond of tweaking its proprietary exams and, in fact, has very recently carried out an overhaul involving changes to some existing certifications and the retirement of others.
Secondly, “Am I taking the right step along the Azure security certification path to match my career goals?” Once you get into mid-level (‘Associate’) and Expert certifications, the exams become very role-specific. There’s a strong ‘choose your own adventure’ element here, and you don’t want to waste time and money by taking the wrong turn on the road.
This guide should help you with both of these questions. Read on for the most up-to-date info on Azure security certifications, along with the full lowdown on the focus of each exam, the specific skills it validates, and the roles it prepares you for.
Fundamental Certifications
These certifications are focused on demonstrating your foundational knowledge of Microsoft’s cloud services, along with broad knowledge of the type of solutions and strategies required to secure Azure environments.
Microsoft Certified: Azure Fundamentals
Required exam
AZ-900
Prerequisites
None
About the certification
Microsoft Azure Fundamentals isn’t an Azure security certificate as such (although it does touch upon basic cloud security elements). Rather, it’s designed for recent or aspiring technology professionals to demonstrate their knowledge of cloud services in general - and how those services are delivered through Microsoft Azure in particular.
The certification content breakdown is as follows:
- Describing cloud concepts (25-30%)
- Describing Azure architecture and services (35-40%)
- Describing Azure management and governance (30-35%)
The exam comprises 40-60 questions with a duration of 45 minutes and a passing score of 700 out of 1000.
Job roles
This fundamentals course is particularly useful for any junior role that requires knowledge of the Azure ecosystem. This includes junior administrator, junior engineer, trainee software developer, IT helpdesk assistant, and any entry-level cyber position.
Microsoft Azure Fundamentals is also valuable if you work for an organization that is just developing its cloud strategy and is planning on investing in Azure services in the near future.
Cost
$99
Courses
Microsoft Certified: Security, Compliance, and Identity Fundamentals
Required exam
SC-900
Prerequisites
None
About the certification
Microsoft Certified: Security, Compliance and Identity Fundamentals is for anyone looking to familiarize themselves with and validate their knowledge of the security basics across Microsoft’s cloud services.
The content breakdown is as follows:
- Describing the concepts of security, compliance, and identity (10-15%)
- Describing the capabilities of Microsoft Azure Active Directory, part of Microsoft Entra (25-30%)
- Describing the capabilities of Microsoft Security Solutions (25-30%)
- Describe the capabilities of Microsoft compliance solutions (25-30%)
Assessment is via a 45-minute exam comprising 40-60 questions with a passing score of 700/1000.
Job roles
This certification is aimed towards a broad audience, including recent or aspiring IT professionals who want to demonstrate their knowledge of Microsoft security. Typical roles include trainee IT security analyst, junior security engineer, trainee data officer, network engineering assistant, cloud security engineer, and junior Microsoft 365/Azure administrator.
Cost
$99
Courses
Comparison
Both of these Microsoft Fundamentals certifications are focused on the big picture: i.e. they are designed to demonstrate that you grasp the general concepts of cloud computing and you know your way around Microsoft’s architecture and services.
AZ-900 Azure Fundamentals is very much focused on basic orientation. You’re showing that you know your way around Azure’s architectural components, service types, and toolsets and how they fit together.
By contrast, SC-900 - while still an entry-level certification - is more of a deep dive. It assumes that you are already familiar with Microsoft Azure and Microsoft 365. Building on this, it’s designed to show your understanding of Microsoft’s services and capabilities surrounding security, compliance and identity.
| AZ-900: Azure Fundamentals | SC-900: Security, Compliance, and Identity Fundamentals |
|---|---|
| General Azure Foundations | Azure Security Foundations |
| Path to support and junior admin positions and for gaining/establishing general familiarity with the Azure ecosystem | Path to junior security analyst/engineer positions |
| Components, architecture, toolsets, service types. | Security, compliance, and identity as it relates to Azure, Active Directory, and security solutions. |
| $99 | $99 |
Associate Certifications
Microsoft’s mid-level tier of accreditation, known as Microsoft Certified Associate certifications are designed to set you on a certification path towards specific technical job roles. In this guide, we’ve focused on the Associate-level certifications most relevant to jobs in security.
Note: There are no formal prerequisites for sitting any Microsoft Associate exams. However, for most of them, Microsoft recommends gaining knowledge of Microsoft 365 services and at least 1-2 years of experience working in Azure environments.
Tip: if you fall short on formal experience, our courses are a really effective way of bridging any knowledge deficit.
Microsoft Certified: Azure Security Engineer Associate
Required exam
AZ-500
Prerequisites
None
About the certification
A security engineer implements controls and threat protection, manages identity and access, and protects data, applications, and networks. The Microsoft Certified: Azure Security Engineer Associate certification validates your competency in carrying out this role in Azure, multi-cloud and hybrid environments.
Areas covered in the exam are as follows:
- Managing identity and access (25-30%)
- Secure networking (20-25%)
- Secure compute, storage and databases (20-25%)
- Manage security operations (25-30%)
The AZ-500 exam comprises 40-60 questions with a duration of 120 minutes.
Job roles
This certification validates your capabilities as an Azure Security Engineer. Allied to this, it is relevant to any job role that requires you to do the following:
- Assisting with the development of cloud security frameworks
- Deploying security measures in Azure environments
- Assisting with senior management in the creation/implementation of cyber security strategies in cloud environments.
These roles are often described as follows:
- Cloud Security Engineer
- Cloud Security Engineer (Azure)
- Cloud Security Assistant - Security Engineering
- Azure Infrastructure & Security Systems Administrator
Cost
$165
Microsoft Certified: Identity and Access Administrator Associate
Required exam
SC-300
Prerequisites
None
About the certification
The Microsoft Certified: Identity and Access Administrator Associate certification validates your knowledge of how to design, implement and operate an organization’s identity and access management (IAM) procedures within an Azure environment.
The certification requires a solid working knowledge of Azure and Microsoft 365 in general, and Microsoft’s proprietary IAM tool, Azure Active Directory (Azure AD) in particular. The exam content for this comprises the following:
- Implementing identities in Azure AD (20-25%)
- Implementing authentication and access management (25-30%)
- Implementing access management for applications (15-20%)
- Planning and implementing identity governance in Azure AD (20-25%)
This is a 120-minute exam comprising 40-60 multi-response questions, with a passing score of 700/1000.
Job roles
This certification validates your competency in the specific role of Identity and Access Administrator. In broader terms, this is a valuable accreditation for any job which involves managing identity and access management and the authorization of users devices and applications in a cloud environment.
These roles are sometimes described as follows:
- Identity and Access Management Analyst
- Identity and Access Management Consultant
- Information Security Analyst - Access Management and Assurance
- IAM Engineer
- Identity and Access Security Administrator
- Cyber Security Identity Access Lead
Cost
$165
Courses
Microsoft Certified: Security Operations Analyst Associate
Required exam
SC-200
Prerequisites
None
About the certification
Microsoft defines a Security Operations Analyst as a professional who “collaborates with organizational stakeholders to secure information systems for the organization.” The Microsoft Certified: Security Operations Analyst Associate certification validates your competence in the various elements of this, including vulnerability management and threat response.
In practical terms, a big chunk of this certification involves demonstrating your knowledge of configuring and deploying Microsoft’s flagship threat-hunting and response tools: Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.
The content breakdown looks like this:
- Mitigating threats using Microsoft 365 Defender (25-30%)
- Mitigating threats using Microsoft Defender for Cloud (20-25%)
- Mitigating threats using Microsoft Sentinel (50-55%)
The SC-200 exam comprises a 180-minute test that includes 40-60 multiple response questions with a pass mark of 700/1000.
Job roles
This Associate certification validates your knowledge for operations analyst-type roles within a cloud environment. The type of job advert where this certification is often cited as required or desirable includes the following:
- Microsoft SecOps Analyst
- SOC Analyst - MS Defender/Azure
- IT Security Analyst
- Senior Technical Analyst
- Datacentre Operations Analyst
- Security Operations Governance Associate
Cost
$165
Courses
Microsoft Certified: Information Protection Administrator Associate
Required exam
SC-400
Prerequisites
None
About the certification
Microsoft defines the role of Information Protection Administrator as someone who plans and implements the controls necessary to meet an organization’s information protection and governance requirements.
The emphasis of the Information Protection Administrator Associate certification is on validating your knowledge of what it takes to implement various measures linked to content classification, data loss prevention, governance, and protection.
Exam content is broken down as follows:
- Implementing information protection (35-40%)
- Implementing data loss prevention (30-35%)
- Implementing information governance (25-30%)
Testing is via a 120-minute exam comprising 40-60 questions with a passing score of 700/1000.
Job roles
As well as covering Microsoft’s defined job title ‘Information Protection Administrator,’ this certification is also a valuable one for any role involving data protection type tasks such as classification of information, encryption solutions, managing data retention, and records management.
Other job specs where this particular Associate certification is valued include the following:
- Microsoft Cloud Security Consultant
- Information Systems Data Administrator
- Information Security Administrator
- D365 System Administrator
- Information Governance Manager
- Data Protection and Privacy Manager
Cost
$165
Comparison
| AZ-500: Azure Security Engineer Associate | SC-300: Identity and Access Administrator Associate | SC-200: Security Operations Analyst Associate | SC-400: Information Protection Administrator Associate |
|---|---|---|---|
| Implement, manage, and monitor security for resources in Azure, multi-cloud, and hybrid environments. | Design, implement, and operate an organization’s identity and access management systems. | Remediating active attacks, advising on improvements to threat protection practices, reporting violations, and responding to and hunting for threats. | Plan and implement controls that meet organizational information protection and governance requirements. Focused on translating information protection requirements and controls into technical implementation. |
| Cloud Security Engineer, Cloud Security Engineer (Azure), Cloud Security Assistant - Security Engineering, Azure Infrastructure & Security Systems Administrator | Identity and Access Management Analyst, Identity and Access Management Consultant, Information Security Analyst - Access Management and Assurance, IAM Engineer, Identity and Access Security Administrator, Cyber Security Identity Access Lead | Microsoft SecOps Analyst, SOC Analyst - MS Defender/Azure, IT Security Analyst, Senior Technical Analyst, Datacentre Operations Analyst, Security Operations Governance Associate | Microsoft Cloud Security Consultant, Information Systems Data Administrator, Information Security Administrator, D365 System Administrator, Information Governance Manager, Data Protection and Privacy Manager |
| Use a variety of security tools designed for threat protection. Identify and remediate vulnerabilities. | Configure and manage authentication and authorization of identities for users, devices, Azure resources, and applications. | Microsoft Sentinel, Microsoft 365 Defender, and third-party security products. | Microsoft 365 information protection services. |
| $165 | $165 | $165 | $165 |
Expert Certifications
Microsoft’s most advanced certifications are targeted towards an audience of professionals with 2-5 years of experience working in specific areas: i.e. people who already know their way around the Azure ecosystem and are competent in technical implementation and troubleshooting.
If you are ready to step up into a leadership role and take on responsibility for major projects - either in your current role or a whole new one - Expert Certification is your next natural step along the accreditation path. For this guide, we’ve honed in on Microsoft’s security-focused top-level cert…
Microsoft Certified: Cybersecurity Architect Expert
Required exam
SC-100
Prerequisites
To earn the Microsoft Cybersecurity Architect Expert certification, you must also pass one of the following Associate-level exams:
- Microsoft Certified: Azure Security Engineer Associate
- Microsoft Certified: Identity and Access Administrator Associate
- Microsoft 365 Certified: Security Administrator Associate (n.b: this certification is due to be retired on June 30,2023, hence we’ve omitted it from our Associate cert overview)
- Microsoft Certified: Security Operations Analyst Associate
About the certification
This advanced-level accreditation is designed to test and validate your knowledge in connection with the following areas of responsibility:
- Designing and evolving an organization’s cybersecurity strategy to align with its mission and business processes across the entire enterprise architecture.
- Applying Zero Trust strategies, including appropriate strategies for data, applications, access management, identity and infrastructure.
- Applying Governance Risk Compliance (GRC) technical strategies.
- Collaborating with other senior leaders to implement and hone strategies that continue to meet the needs of the organization.
Exam content is broken down as follows:
- Designing solutions that align with security best practices and priorities (20-25%)
- Designing security operations, identity and compliance capabilities (30-35%)
- Designing security solutions for infrastructure (20-25%)
- Designing security solutions for applications and data (20-25%)
Testing is via a 120-minute exam comprising 40-60 questions. The passing score is 700/1000.
Job roles
Beyond Microsoft’s formal role designation of Microsoft Cybersecurity Architect, this certification provides the type of validation that’s valuable for a wide range of senior technical and managerial roles. Examples of how these are described include the following:
- Senior Cyber Security Consultant
- Azure Cleared Solutions Architect
- Cloud Solutions Architect
- Solution Architect - MS Security
- Cloud Enterprise Architect and Engineer
- Project Manager - Cybersecurity
- Cloud Security Manager
- Senior Manager, Threat Hunting and Detection
- Operational Technology Cybersecurity Engineer
Cost
$165
Final Thoughts
A lot of general, vendor-agnostic security certifications try to be all things to all people. By contrast, and especially once you get to Asssoicate and Expert level, the refreshing thing about Microsoft’s framework from a student’s point of view is that the company is totally up-front about the specific roles each cert is designed for.
So if you know there’s a very good chance you’ll be working for organizations with Azure architecture, it’s a case of choosing which role you want to train up for, and then identifying the Azure certification that best matches it. Tip: if you want the lowdown on career options and the potential of different types of roles, our Interactive Career Pathway is definitely worth exploring.
Frequently Asked Questions
Level Up in Cyber Security: Join Our Membership Today!
