SC-100: Microsoft Cybersecurity Architect

Module 1: Design a resiliency strategy for ransomware and other attacks

Design a security strategy to support business resiliency goals, including identifying and prioritizing threats
Design solutions for business continuity and disaster recovery (BCDR) in hybrid and multicloud environments
Design solutions for mitigating ransomware attacks, including prioritization of BCDR and privileged access
Evaluate solutions for security updates

Module 2: Design solutions that align with MCRA and Microsoft cloud security benchmark

Design solutions that align with best practices for cybersecurity capabilities and controls
Design solutions for protecting against insider, external, and supply chain attacks
Design solutions that align with Zero Trust best practices, including Rapid Modernization Plan (RaMP)

Module 3: Design solutions that align with Cloud Adoption Framework and Well-Architected Framework

Design or evaluate a security and governance strategy based on CAF and WAF
Recommend solutions for security and governance based on CAF and WAF
Design solutions for implementing and governing security by using Azure landing zones
Design a DevSecOps process aligned with best practices in CAF

Module 4: Design solutions for security operations

Design a solution for detection and response including XDR and SIEM
Design a solution for centralized logging and auditing, including Microsoft Purview Audit
Design monitoring to support hybrid and multicloud environments
Design a SOAR solution including Microsoft Sentinel and Microsoft Defender XDR
Design and evaluate threat detection coverage by using MITRE ATT&CK matrices

Module 5: Design solutions for identity and access management

Design a solution for access to SaaS, PaaS, IaaS, hybrid, and multicloud resources
Design a solution for Microsoft Entra ID in hybrid and multicloud environments
Design a solution for external identities, including B2B and decentralized identity
Design a modern authentication and authorization strategy including Conditional Access
Design a solution to manage secrets, keys, and certificates

Module 6: Design solutions for securing privileged access

Design a solution for assigning and delegating privileged roles using the enterprise access model
Evaluate the security of Microsoft Entra ID including PIM, entitlement management, and access reviews
Design a solution for securing the administration of cloud tenants
Design a solution for cloud infrastructure entitlement management
Design a solution for secure workstations for privileged access

Module 7: Design solutions for regulatory compliance

Translate compliance requirements into security controls
Design a solution to address compliance requirements by using Microsoft Purview
Design a solution to address privacy requirements, including Microsoft Priva
Design Azure Policy solutions to address security and compliance requirements
Evaluate and validate alignment with regulatory standards using Microsoft Defender for Cloud

Module 8: Design solutions for security posture management in hybrid and multicloud environments

Evaluate security posture by using Microsoft Defender for Cloud and Microsoft Secure Score
Design integrated security posture management solutions including Defender for Cloud
Design a solution integrating hybrid and multicloud environments by using Azure Arc
Design a solution for Microsoft Defender External Attack Surface Management (Defender EASM)

Module 9: Specify requirements for securing server and client endpoints

Specify security requirements for servers across multiple platforms and operating systems
Specify security requirements for mobile devices and clients
Specify security requirements for IoT devices and embedded systems
Evaluate solutions for securing OT and ICS by using Microsoft Defender for IoT
Specify security baselines and evaluate Windows LAPS solutions

Module 10: Specify requirements for securing SaaS, PaaS, and IaaS services

Module 11: Evaluate solutions for network security and Security Service Edge (SSE)

Evaluate network designs to align with security requirements and best practices
Evaluate solutions that use Microsoft Entra Internet Access as a secure web gateway
Evaluate solutions that use Microsoft Entra Internet Access for Microsoft Services
Evaluate solutions that use Microsoft Entra Private Access

Module 12: Evaluate solutions for securing Microsoft 365

Evaluate security posture for productivity and collaboration workloads
Evaluate solutions including Microsoft Defender for Office 365 and Defender for Cloud Apps
Evaluate device management solutions including Microsoft Intune
Evaluate solutions for securing data in Microsoft 365 by using Microsoft Purview
Evaluate data security controls in Microsoft Copilot for Microsoft 365 services

Module 13: Design solutions for securing applications

Evaluate the security posture of existing application portfolios
Evaluate threats to business-critical applications by using threat modeling
Design a full lifecycle strategy for application security
Design a solution for workload identities and API management and security
Design solutions that secure applications by using Azure Web Application Firewall (WAF)

Module 14: Design solutions for securing an organization's data

Evaluate solutions for data discovery and classification
Evaluate solutions for encryption of data at rest and in transit, including Azure Key Vault
Design a security solution for data in Azure SQL, Azure Synapse Analytics, and Azure Cosmos DB
Design a security solution for data in Azure Storage
Design a solution including Microsoft Defender for Storage and Defender for Databases

Microsoft Cybersecurity Architect