Azure SC-900 Study Guide

Exam

1.1 Credential Purpose and Audience 1.2 Exam Duration, Seat Duration, and Experience 1.3 Scoring, Scaled Score, and Pass-Rate Myths 1.4 Retake Policy and Certification Lifecycle 1.5 Scheduling, Price, and Delivery Options 1.6 Skills Measured and Study Map

2.1 Shared Responsibility Model 2.2 Defense in Depth and the CIA Triad 2.3 Zero Trust Model 2.4 Encryption, Hashing, and Data States 2.5 Governance, Risk, and Compliance 2.6 Identity Perimeter, Authentication, Authorization, and Federation

3.1 Microsoft Entra ID Foundations 3.2 Identity Types and Directory Objects 3.3 Hybrid Identity and Entra Connect Concepts 3.4 Authentication Methods and Sign-in Assurance 3.5 Multifactor Authentication 3.6 Password Protection and Password Management

4.1 Conditional Access Purpose 4.2 Signals and Controls 4.3 Microsoft Entra Roles and Role-Based Access Control 4.4 Identity Governance, Entitlement Management, and Lifecycle Governance 4.5 Access Reviews and Privileged Identity Management 4.6 Microsoft Entra ID Protection and Risk

5.1 Choose the Right Infrastructure Security Control 5.2 Azure DDoS Protection for Availability 5.3 Azure Firewall for Centralized Network Policy 5.4 Web Application Firewall for HTTP Workloads 5.5 Virtual Networks, Subnets, and Network Security Groups 5.6 Bastion and Key Vault for Administration and Secrets

6.1 Defender for Cloud Purpose and Exam Role 6.2 CSPM, Foundational Posture, and Defender CSPM 6.3 Policies, Standards, and Security Recommendations 6.4 Secure Score and Remediation Priority 6.5 Regulatory Compliance and Multicloud Posture 6.6 Cloud Workload Protection and Defender Plans

7.1 Sentinel as SIEM and SOAR 7.2 Data Connectors and Security Signals 7.3 Analytics Rules, Incidents, and Detection 7.4 Workbooks for Visual Review 7.5 Hunting, KQL Awareness, and Notebooks 7.6 Automation Rules and Logic Apps Playbooks

8.1 Defender XDR Suite and Microsoft Defender Portal 8.2 Defender for Office 365 8.3 Defender for Endpoint 8.4 Defender for Cloud Apps 8.5 Defender for Identity 8.6 Vulnerability Management and Threat Intelligence

9.1 Service Trust Portal and Assurance Resources 9.2 Privacy Principles and Microsoft Priva 9.3 Microsoft Purview Portal 9.4 Compliance Manager Assessments 9.5 Compliance Score and Improvement Actions 9.6 Scenario Selection for Trust, Privacy, and Compliance Manager

10.1 Data Classification Foundations 10.2 Content Explorer and Activity Explorer 10.3 Sensitivity Labels and Label Policies 10.4 Data Loss Prevention 10.5 Retention, Records Management, and Label Policies 10.6 eDiscovery, Audit, and Insider Risk Management

11.1 Read the Scenario Before Picking a Product 11.2 Entra Playbook for Identity, Access, and Governance 11.3 Defender Playbook for Protection, Detection, and Posture 11.4 Sentinel Playbook for SIEM, SOAR, and Hunting 11.5 Purview Playbook for Compliance, Data, and Risk 11.6 Renamed Products and Similar-Name Traps 11.7 Microsoft Learn Practice Assessment Review Loop

12.1 Domain-Weighted Final Review Plan 12.2 Timed Practice and Pacing 12.3 Exam Sandbox and Question Experience 12.4 Exam-Day Logistics and Boundaries 12.5 Scoring, Retakes, and After-Exam Decisions 12.6 Final Memory Check and Scenario Drills 12.7 Next Certification Path After SC-900

4.6 Microsoft Entra ID Protection and Risk

Key Takeaways

Microsoft Entra ID Protection is the Entra capability area for identity risk scenarios.
Risk language in a question often points to suspicious sign-in or identity compromise concerns.
Identity Protection is distinct from Defender for Identity, which protects on-premises Active Directory.
Risk-based identity scenarios still rely on the same authentication, access, and governance concepts.

Last updated: May 2026

Identity Protection focuses on risk

Microsoft Entra ID Protection is the Entra topic associated with identity risk. The exam objective names Identity Protection alongside Conditional Access, roles, governance, access reviews, and PIM. At SC-900 depth, the important idea is that risk signals can affect identity security decisions. If a sign-in or identity looks risky, the organization needs a way to detect that concern and respond with identity-centered controls.

Identity Protection belongs to Microsoft Entra.
It is associated with identity risk.
Risk scenarios often involve suspicious sign-in or compromise concerns.
It complements, rather than replaces, authentication and access controls.

Product boundary matters

The name can sound similar to other Defender products, so keep the boundary clear. Microsoft Entra ID Protection is an identity risk capability in the Entra area. Defender for Identity is a Defender product that protects on-premises Active Directory. Microsoft Sentinel is for SIEM and SOAR. Microsoft Purview is for compliance and data governance. The question wording should tell you whether the risk is an identity access problem or a broader security operations problem.

Scenario clue	Best product area
Risky identity or sign-in	Microsoft Entra ID Protection
On-premises Active Directory protection	Defender for Identity
SIEM incident and automation	Microsoft Sentinel
Compliance, labels, or retention	Microsoft Purview

Risk-based access reasoning

Risk does not erase the rest of the identity model. A risky sign-in still involves an identity, an authentication method, and an access decision. Identity Protection adds the risk context that can influence how the organization responds. In a scenario, look for language about detected risk, suspicious identity behavior, or possible compromise. Then decide whether the answer should identify risk, require stronger proof, restrict access, or govern privileges.

Risk detected: Identity Protection clue.
Stronger proof required: MFA or Conditional Access control.
Administrative elevation: PIM clue.
Continued access validation: access review clue.

Final Entra decision map

The Microsoft Entra portion of SC-900 covers a connected identity story. Entra ID stores and manages identities. Authentication methods and MFA help prove identities. Conditional Access evaluates context and applies controls. Roles and RBAC grant permissions. Governance, access reviews, and PIM keep access appropriate over time. Identity Protection adds risk awareness to identity decisions. Use this map to avoid treating every Entra question as the same feature.

Identity object problem: Entra ID basics.
Sign-in proof problem: authentication and MFA.
Contextual access problem: Conditional Access.
Ongoing access or privilege problem: governance, access reviews, or PIM.
Risk wording: Identity Protection.

Exam anchor

Risk wording should make you pause before choosing a generic access tool. If the risk is specifically about identity or sign-in behavior, Identity Protection is the Entra capability to consider. If the wording shifts to investigation, incidents, and automation, the scenario may have moved into Microsoft Sentinel instead.

Identity risk: Entra ID Protection.
Stronger sign-in proof: MFA.
Context-based enforcement: Conditional Access.
Security operations: Microsoft Sentinel.

Test Your Knowledge

Which Microsoft Entra capability area is most directly associated with identity risk?

Microsoft Entra ID Protection

Microsoft Purview Audit

Azure Bastion

Microsoft Sentinel workbooks

Test Your Knowledge

Which product boundary is correct for SC-900 product matching?

Microsoft Entra ID Protection is for identity risk, while Defender for Identity protects on-premises Active Directory

Microsoft Entra ID Protection is the same as Microsoft Purview

Defender for Identity is the primary tool for retention labels

Microsoft Sentinel is the directory service for user sign-in

Test Your Knowledge

A question mentions suspicious sign-in risk and asks for the Entra capability that helps address identity risk. What should you choose?

Microsoft Entra ID Protection

Microsoft Priva

Azure DDoS Protection

Defender for Office 365

Up Next

5.1 Choose the Right Infrastructure Security Control

Azure Infrastructure Security: DDoS, Firewall, WAF, NSGs, Bastion, and Key Vault

Azure SC-900 Study Guide

1Orientation: SC-900 Audience, Format, Scoring, Retakes, and Study Map

2Security, Compliance, and Identity Concepts: Zero Trust, Shared Responsibility, and GRC

3Microsoft Entra ID: Identities, Hybrid Identity, and Authentication

4Microsoft Entra Access Management, Governance, PIM, and Identity Protection

5Azure Infrastructure Security: DDoS, Firewall, WAF, NSGs, Bastion, and Key Vault

6Defender for Cloud: CSPM, Cloud Workload Protection, and Secure Score

7Microsoft Sentinel: SIEM, SOAR, Analytics, Hunting, Workbooks, and Playbooks

8Microsoft Defender XDR: Office, Endpoint, Cloud Apps, Identity, Vulnerability, and Threat Intelligence

9Microsoft Purview, Service Trust, Privacy, Compliance Manager, and Compliance Score

10Microsoft Purview Data Classification, Labels, DLP, Retention, eDiscovery, and Audit

11SC-900 Product Selection Playbooks and Common Microsoft Rebrand Traps

12Final SC-900 Review, Timed Practice, Exam Day, and Next Certification Path

4.6 Microsoft Entra ID Protection and Risk

Key Takeaways

Identity Protection focuses on risk

Product boundary matters

Risk-based access reasoning

Final Entra decision map

Exam anchor