1.6 Skills Measured and Study Map
Key Takeaways
- As of the November 7, 2025 update, SC-900 has four weighted skill areas spanning concepts, Microsoft Entra, security solutions, and compliance solutions.
- Microsoft security solutions carry the largest weight at 35-40 percent, making product selection across Defender for Cloud, Sentinel, and Defender XDR the highest-yield study area.
- Microsoft Entra is weighted 25-30 percent and Microsoft compliance solutions 20-25 percent; the concepts domain is smallest at 10-15 percent.
- Microsoft rebrands are heavily tested: Azure AD is now Microsoft Entra ID, Azure Sentinel is Microsoft Sentinel, Microsoft 365 Defender is Microsoft Defender XDR, and information protection lives in Microsoft Purview.
The four weighted skill areas (as of November 7, 2025)
The official Microsoft study guide lists the SC-900 skills measured as of November 7, 2025, and the four areas are not equally weighted. Let the weights drive how you allocate time.
| Skills-measured area | Weight | What it covers |
|---|---|---|
| Describe the concepts of security, compliance, and identity | 10-15% | Shared responsibility, defense in depth, Zero Trust, encryption/hashing, GRC; authentication, authorization, identity providers, directory services, federation |
| Describe the capabilities of Microsoft Entra | 25-30% | Entra ID and identity types, authentication methods and MFA, Conditional Access, RBAC, ID Governance, access reviews, PIM, ID Protection |
| Describe the capabilities of Microsoft security solutions | 35-40% | Azure infra security (DDoS, Firewall, WAF, NSGs, Bastion, Key Vault), Defender for Cloud and CSPM, Microsoft Sentinel (SIEM/SOAR), Microsoft Defender XDR |
| Describe the capabilities of Microsoft compliance solutions | 20-25% | Service Trust Portal, Microsoft privacy principles, Priva, Microsoft Purview (Compliance Manager, labels, DLP, retention, records, eDiscovery, audit, insider risk) |
The security-solutions domain is the largest single area at 35-40%, so it earns the most study time. Microsoft Entra (25-30%) is close behind and underpins almost every identity scenario. The concepts domain is the smallest at 10-15%, but never skip it: it defines the vocabulary — Zero Trust, shared responsibility, GRC, authentication vs. authorization — that every later product question assumes.
Rebrands are heavily tested — learn the current names
Microsoft renames products often, and SC-900 tests the current names while older training material and dumps still use the old ones. Memorize these mappings; a question may name either form, and the right answer uses the current name.
| Former / legacy name | Current name (tested) |
|---|---|
| Azure Active Directory (Azure AD) | Microsoft Entra ID |
| Azure Sentinel | Microsoft Sentinel |
| Microsoft 365 Defender | Microsoft Defender XDR |
| Microsoft Information Protection (MIP) | part of Microsoft Purview |
| Azure Security Center / Azure Defender | Microsoft Defender for Cloud |
| Microsoft Cloud App Security (MCAS) | Microsoft Defender for Cloud Apps |
A classic trap pairs Microsoft Defender for Cloud (cloud security posture management + workload protection for Azure/hybrid resources) against Microsoft Defender for Cloud Apps (a cloud access security broker, CASB, part of Defender XDR). They sound nearly identical but live in different sub-areas; read the full name carefully.
How to use the map across this guide
This guide is sequenced to match the weighted blueprint:
- Start with the concepts domain even though it is smallest — it is the vocabulary layer for everything else.
- Spend proportionally more time on security solutions, the largest area, drilling which Defender, Sentinel, or Azure infra service fits each scenario.
- Treat Microsoft Entra and Microsoft Purview as distinct domains with different exam cues: identity/access vs. compliance/data governance.
- Reserve final review for look-alike names and scenario verbs — "detect and investigate at scale" points to Sentinel (SIEM/SOAR), "posture and recommendations" points to Defender for Cloud, "prevent oversharing of sensitive data" points to Purview DLP.
Microsoft also notes that most questions cover general availability (GA) features, though preview features may appear if commonly used, and that related topics beyond the bullet list may show up. So learn the purpose and boundary of each capability rather than memorizing a narrow slogan list. Because the weights are ranges, use them as priorities, not exact point forecasts: build durable recognition across all four areas first, then narrow your final review to the highest-weight security and identity material.
A chapter-by-chapter study map for this guide
This guide sequences its content to match the weighted blueprint, building vocabulary first and then layering on the heavier product domains. Use the map to allocate study sessions in proportion to the weights.
| Guide chapters | Skill area covered | Weight | Key landmarks |
|---|---|---|---|
| 1 | Orientation (this chapter) | — | Logistics, scoring, retakes, study map |
| 2 | Concepts of SCI | 10-15% | Shared responsibility, defense in depth, Zero Trust, encryption/hashing, GRC, authentication, authorization, federation |
| 3-4 | Microsoft Entra | 25-30% | Entra ID, identity types, MFA, Conditional Access, RBAC, PIM, access reviews, ID Protection |
| 5-8 | Microsoft security solutions | 35-40% | Azure infra security, Defender for Cloud + CSPM, Microsoft Sentinel (SIEM/SOAR), Defender XDR workloads |
| 9-10 | Microsoft compliance solutions | 20-25% | Service Trust Portal, privacy principles, Priva, Purview (Compliance Manager, labels, DLP, retention, eDiscovery, audit, insider risk) |
| 11-12 | Product selection & final review | — | Look-alike traps, timed practice, next steps |
Scenario verbs: matching the prompt to the product
The fastest way to answer a "which service?" question is to listen for the scenario verb — the action the prompt describes — and map it to the family that owns that action. Train these reflexes:
- "Prove who a user is" / "require a second factor" -> Microsoft Entra ID (authentication, MFA).
- "Allow access only from compliant devices or trusted locations" -> Conditional Access (Entra).
- "Grant just-in-time, time-bound admin access" -> Privileged Identity Management (Entra).
- "Assess cloud posture and get hardening recommendations" -> Microsoft Defender for Cloud (CSPM).
- "Collect logs at scale, correlate alerts, automate response" -> Microsoft Sentinel (SIEM/SOAR).
- "Detect and investigate threats across email, endpoints, identities, and apps" -> Microsoft Defender XDR.
- "Classify, label, and prevent oversharing of sensitive data" -> Microsoft Purview (sensitivity labels, DLP).
- "Retain or delete records to meet a regulation" -> Microsoft Purview retention/records.
- "Search and hold content for a legal case" -> Microsoft Purview eDiscovery.
- "Review audited regulatory documents and compliance reports" -> Service Trust Portal.
How to run your final review
- Start with concepts even though it is smallest — it unlocks everything else.
- Over-invest in the 35-40% security domain, where most points and most look-alike traps live.
- Keep Entra and Purview mentally separate — identity/access versus compliance/data governance.
- Drill the rebrand table and the scenario-verb list until each prompt instantly snaps to one product family.
Master this map and the verb-to-product reflexes, and SC-900 becomes an exercise in recognition: every scenario announces its domain, and the right answer is the product family that owns that domain's action.
Which SC-900 skills area carries the largest weight as of November 7, 2025?
What is the current Microsoft name for the product formerly called Azure Active Directory (Azure AD)?
Why should the concepts domain be studied carefully even though it is weighted only 10-15 percent?