CertGrid
Microsoft Study Guide

SC-100: Microsoft Cybersecurity Architect Study Guide

Microsoft SC-100 (Cybersecurity Architect) validates your ability to design and continuously evolve an enterprise cybersecurity strategy across Zero Trust, governance/risk/compliance, security operations, identity, and protection of data, applications, endpoints, and infrastructure. It is aimed at experienced security architects who translate business and regulatory requirements into Microsoft security capabilities such as Entra, Defender XDR, Sentinel, Defender for Cloud, and Purview. Expect scenario-based questions that ask you to choose the best-fit architecture rather than to configure a single feature.

Reviewed Jul 2026.

Domain 1: Design solutions that align with security best practices and priorities

Key concepts you must know · 200 practice questions

Domain 2: Design security operations, identity, and compliance capabilities

Key concepts you must know · 200 practice questions

Domain 3: Design security solutions for infrastructure

Key concepts you must know · 200 practice questions

Domain 4: Design security solutions for applications and data

Key concepts you must know · 130 practice questions

SC-100 exam tips

Study guide FAQ

How is SC-100 different from SC-200, SC-300, and AZ-500?

SC-100 is a design and strategy exam for security architects: it assumes you already understand the operations (SC-200), identity (SC-300), and Azure security (AZ-500) technologies and tests whether you can combine them into an end-to-end architecture that meets business, risk, and compliance requirements. Microsoft recommends prior experience or certification in one of those areas before attempting SC-100.

Do I need to memorize portal steps and exact policy syntax?

No. SC-100 focuses on choosing the right capability and design pattern for a scenario rather than click-by-click configuration. You should recognize what each service does (for example that Azure Firewall Premium provides TLS inspection and IDPS, or that validate-jwt enforces token validation in API Management) and when to use it, not the precise steps to configure it.

What frameworks and reference materials should I be comfortable with?

Know the Microsoft Cybersecurity Reference Architectures (MCRA), the Microsoft Cloud Security Benchmark (MCSB) as the Defender for Cloud default baseline, the Cloud Adoption Framework (CAF) landing zones with Azure Policy and RBAC guardrails, the Well-Architected Framework Security pillar, and how detections map to MITRE ATT&CK. These frame most best-practice questions.

How current is the exam, and does it cover the unified Defender and Sentinel experience?

Yes. The current SC-100 reflects the 2025 unified security operations experience where Microsoft Sentinel is onboarded into the Microsoft Defender portal for a single correlated incident queue, and it includes modern capabilities such as Security Copilot, Entra Private Access, and multicloud posture management through Defender for Cloud. Study the latest Microsoft Learn content rather than older material.