Microsoft Security, Compliance, and Identity Fundamentals Study Guide

Explanation

A cloud security framework that defines which security responsibilities belong to the cloud provider versus the customer. Microsoft provides security OF the cloud (physical infrastructure, hardware, network controls, host OS patching), while customers are responsible for security IN the cloud (data, identity, access management, applications, network controls, guest OS).

Examples

Microsoft Azure manages physical datacenter security, hardware maintenance, and hypervisor patching. Customers manage user access permissions, data encryption, application security, and network security groups.

Key Mechanisms

- Core function: A cloud security framework that defines which security responsibilities belong to the cloud provider versus the customer. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Azure manages physical datacenter security, hardware maintenance, and hypervisor patching. - Decision clue: A healthcare organization migrating to Azure must understand that while Microsoft secures the physical infrastructure and platform services, the organization remains responsible for protecting patient data through proper access controls, encryption, and compliance with HIPAA requirements.

Review Path

Review path:

1. Open Azure portal 2. Search for Shared Responsibility Model 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A layered security approach that uses multiple security measures to protect information and systems. If one layer fails, additional layers continue to provide protection. This strategy assumes that no single security measure is perfect and that attackers may breach some defenses.

Examples

Microsoft implements defense in depth through physical security at datacenters, network security with firewalls and DDoS protection, identity security with multi-factor authentication, application security with threat detection, and data security with encryption.

Key Mechanisms

- Core function: A layered security approach that uses multiple security measures to protect information and systems. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft implements defense in depth through physical security at datacenters, network security with firewalls and DDoS protection, identity security with multi-factor authentication, application security with threat detection, and data security with encryption. - Decision clue: A financial services company implements defense in depth by combining network firewalls, endpoint protection, identity verification, application security scanning, data encryption, and security monitoring to protect customer financial data from various attack vectors.

Review Path

Review path:

1. Open Azure portal 2. Search for Defense in Depth 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A security model that assumes breach and verifies each request as though it originates from an uncontrolled network. Zero Trust operates on the principle of "never trust, always verify" regardless of where the request originates or what resource it accesses.

Examples

Microsoft Zero Trust architecture includes identity verification with Microsoft Entra ID, device compliance checks, least privilege access policies, and continuous monitoring through Microsoft Defender and Sentinel.

Key Mechanisms

- Core function: A security model that assumes breach and verifies each request as though it originates from an uncontrolled network. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Zero Trust architecture includes identity verification with Microsoft Entra ID, device compliance checks, least privilege access policies, and continuous monitoring through Microsoft Defender and Sentinel. - Decision clue: A remote-first company implements Zero Trust by requiring all users to authenticate through MFA, validating device compliance before access, applying conditional access policies based on risk signals, and monitoring all access attempts in real-time.

Review Path

Review path:

1. Open Azure portal 2. Search for Zero Trust Methodology 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The fundamental principles of information security. Confidentiality ensures information is accessible only to authorized individuals. Integrity ensures information accuracy and completeness. Availability ensures authorized users can access information when needed.

Examples

Microsoft Azure protects confidentiality through encryption and access controls, maintains integrity through checksums and digital signatures, and ensures availability through redundancy and disaster recovery capabilities.

Key Mechanisms

- Core function: The fundamental principles of information security. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Azure protects confidentiality through encryption and access controls, maintains integrity through checksums and digital signatures, and ensures availability through redundancy and disaster recovery capabilities. - Decision clue: A hospital system ensures patient record confidentiality through role-based access and encryption, maintains data integrity through audit trails and backup verification, and guarantees availability through redundant systems and failover capabilities.

Review Path

Review path:

1. Open Azure portal 2. Search for CIA Triad (Confidentiality, Integrity, Availability) 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Various methods attackers use to compromise systems and data. Understanding common threats helps organizations implement appropriate security controls and defenses. Threats can be external (hackers, malware) or internal (disgruntled employees, accidental disclosure).

Examples

Common threats include malware (viruses, ransomware), phishing emails, social engineering attacks, denial of service attacks, insider threats, and advanced persistent threats (APTs).

Key Mechanisms

- Core function: Various methods attackers use to compromise systems and data. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Common threats include malware (viruses, ransomware), phishing emails, social engineering attacks, denial of service attacks, insider threats, and advanced persistent threats (APTs). - Decision clue: A retail company faces threats including credit card skimming malware on POS systems, phishing attacks targeting employee credentials, DDoS attacks on their e-commerce site, and potential insider threats from employees with access to customer data.

Review Path

Review path:

1. Open Azure portal 2. Search for Common Threats and Attack Vectors 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The paths or methods attackers use to gain unauthorized access to systems or networks. Attack vectors can be technical (exploiting software vulnerabilities) or non-technical (social engineering). Understanding attack vectors helps organizations prioritize security controls.

Examples

Common attack vectors include email attachments with malware, vulnerable web applications, unpatched software, weak passwords, USB drives with malware, and social engineering phone calls.

Key Mechanisms

- Core function: The paths or methods attackers use to gain unauthorized access to systems or networks. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Common attack vectors include email attachments with malware, vulnerable web applications, unpatched software, weak passwords, USB drives with malware, and social engineering phone calls. - Decision clue: A government agency must protect against multiple attack vectors including spear phishing emails targeting employees, nation-state actors exploiting zero-day vulnerabilities, and social engineering attacks attempting to gain physical access to facilities.

Review Path

Review path:

1. Open Azure portal 2. Search for Attack Vectors 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A comprehensive security framework based on the principle of "never trust, always verify." The model requires verification of every user and device before granting access to applications and data, regardless of location or network.

Examples

Microsoft Zero Trust implementation includes identity verification through Microsoft Entra ID, device compliance through Microsoft Intune, application protection through Conditional Access, and data protection through Microsoft Purview.

Key Mechanisms

- Core function: A comprehensive security framework based on the principle of "never trust, always verify." The model requires verification of every user and device before granting access to applications and data, regardless of location or network. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Zero Trust implementation includes identity verification through Microsoft Entra ID, device compliance through Microsoft Intune, application protection through Conditional Access, and data protection through Microsoft Purview. - Decision clue: A global corporation adopts Zero Trust to secure hybrid work environments by implementing multi-factor authentication, device compliance policies, conditional access rules, and continuous monitoring across all user interactions.

Review Path

Review path:

1. Open Azure portal 2. Search for Zero Trust Security Model 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A Zero Trust principle requiring authentication and authorization based on all available data points including user identity, location, device health, service or workload, data classification, and anomalies.

Examples

Microsoft Conditional Access evaluates user identity, device compliance status, location, application sensitivity, and real-time risk signals before granting access to resources.

Key Mechanisms

- Core function: A Zero Trust principle requiring authentication and authorization based on all available data points including user identity, location, device health, service or workload, data classification, and anomalies. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Conditional Access evaluates user identity, device compliance status, location, application sensitivity, and real-time risk signals before granting access to resources. - Decision clue: A financial services firm implements explicit verification by checking user credentials, device encryption status, geographic location, application risk level, and behavioral patterns before allowing access to trading systems.

Review Path

Review path:

1. Open Azure portal 2. Search for Verify Explicitly 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A security principle that provides users with the minimum levels of access needed to perform their job functions. Access is limited by Just-In-Time (JIT) and Just-Enough-Access (JEA), risk-based adaptive policies, and data protection.

Examples

Microsoft implements least privilege through Privileged Identity Management (PIM) for administrative access, Conditional Access policies for context-aware permissions, and role-based access control (RBAC) for granular permissions.

Key Mechanisms

- Core function: A security principle that provides users with the minimum levels of access needed to perform their job functions. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft implements least privilege through Privileged Identity Management (PIM) for administrative access, Conditional Access policies for context-aware permissions, and role-based access control (RBAC) for granular permissions. - Decision clue: A technology company grants developers access only to development resources, limits database administrators to specific schemas, and provides temporary elevated access only when needed for specific tasks.

Review Path

Review path:

1. Open Azure portal 2. Search for Least Privileged Access 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A Zero Trust principle that operates under the assumption that a breach has already occurred or will occur. This mindset drives the need for comprehensive security monitoring, incident response capabilities, and minimization of blast radius.

Examples

Microsoft designs security architectures with network segmentation, encrypted communications, comprehensive logging through Microsoft Sentinel, and automated response capabilities through security playbooks.

Key Mechanisms

- Core function: A Zero Trust principle that operates under the assumption that a breach has already occurred or will occur. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft designs security architectures with network segmentation, encrypted communications, comprehensive logging through Microsoft Sentinel, and automated response capabilities through security playbooks. - Decision clue: A government agency implements assume breach methodology by segmenting networks, encrypting all data flows, monitoring all activities through SIEM, and maintaining incident response teams ready to contain potential breaches.

Review Path

Review path:

1. Open Azure portal 2. Search for Assume Breach 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The encryption of data when it is stored on a storage device or database. This protects data from unauthorized access if the physical storage is compromised. Microsoft uses AES-256 encryption for data at rest across all services.

Examples

Azure Storage Service Encryption automatically encrypts data in Azure Blob storage, Azure Files, and Azure Queues. SQL Database Transparent Data Encryption (TDE) encrypts database files and backups.

Key Mechanisms

- Core function: The encryption of data when it is stored on a storage device or database. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Azure Storage Service Encryption automatically encrypts data in Azure Blob storage, Azure Files, and Azure Queues. - Decision clue: A healthcare provider stores patient records in Azure SQL Database with TDE enabled, ensuring that even if someone gains physical access to the database files, the patient data remains encrypted and unreadable.

Review Path

Review path:

1. Open Azure portal 2. Search for Encryption at Rest 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The encryption of data while it moves between locations, such as across networks or between applications. This protects data from interception during transmission. Microsoft enforces HTTPS/TLS for all communications.

Examples

Azure services use TLS 1.2 or higher for web traffic, IPsec for VPN connections, and encrypted channels for service-to-service communications. Microsoft 365 encrypts email in transit using TLS.

Key Mechanisms

- Core function: The encryption of data while it moves between locations, such as across networks or between applications. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Azure services use TLS 1.2 or higher for web traffic, IPsec for VPN connections, and encrypted channels for service-to-service communications. - Decision clue: A financial institution ensures all customer transactions are encrypted during transmission using TLS 1.3, protecting sensitive financial data from network eavesdropping and man-in-the-middle attacks.

Review Path

Review path:

1. Open Azure portal 2. Search for Encryption in Transit 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The encryption of data while it is being processed in memory or CPU. This advanced protection ensures data remains encrypted even during computation, using technologies like confidential computing and secure enclaves.

Examples

Azure Confidential Computing uses hardware-based trusted execution environments (TEEs) to protect data in use. Microsoft SQL Server Always Encrypted allows computations on encrypted data without decrypting it.

Key Mechanisms

- Core function: The encryption of data while it is being processed in memory or CPU. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Azure Confidential Computing uses hardware-based trusted execution environments (TEEs) to protect data in use. - Decision clue: A pharmaceutical company processes sensitive drug research data using Azure Confidential Computing, ensuring that even during analysis and computation, the proprietary formulations remain encrypted and protected.

Review Path

Review path:

1. Open Azure portal 2. Search for Encryption in Use 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Asymmetric encryption uses a pair of mathematically related keys - a public key for encryption and a private key for decryption. This allows secure communication without the need to share secret keys. Microsoft uses asymmetric encryption in TLS/SSL certificates, digital signatures, and Azure Key Vault for key exchange.

Examples

RSA (2048-bit or 4096-bit) used in Azure certificates and SSL/TLS connections ECC (Elliptic Curve Cryptography) for lightweight mobile and IoT device encryption Microsoft Entra ID uses RSA for SAML token signing and validation Digital certificates in Azure App Service use asymmetric key pairs Code signing certificates for Microsoft Store apps use RSA digital signatures S/MIME email encryption in Microsoft 365 uses public/private key pairs

Key Mechanisms

- Core function: Asymmetric encryption uses a pair of mathematically related keys - a public key for encryption and a private key for decryption. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Examples - Decision clue: Use Case

Review Path

Review path:

1. Open Azure portal 2. Search for Asymmetric Encryption 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Symmetric encryption uses the same secret key for both encryption and decryption, providing fast and efficient protection for large amounts of data. Microsoft services use AES-256 symmetric encryption as the industry standard for encrypting data at rest and in transit, often combined with asymmetric encryption for secure key exchange.

Examples

AES-256 used for Azure Storage Service Encryption (data at rest) BitLocker drive encryption on Azure Virtual Machines uses AES-128 or AES-256 Azure SQL Database Transparent Data Encryption (TDE) uses AES-256 Microsoft 365 encrypts mailbox data with AES-256 Azure Disk Encryption uses AES for OS and data disk encryption OneDrive and SharePoint files encrypted with AES-256 at rest

Key Mechanisms

- Core function: Symmetric encryption uses the same secret key for both encryption and decryption, providing fast and efficient protection for large amounts of data. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Examples - Decision clue: Use Case

Review Path

Review path:

1. Open Azure portal 2. Search for Symmetric Encryption 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A one-way cryptographic function that converts input data into a fixed-length string (hash). Hashing is used to verify data integrity and authenticate users without storing actual passwords. Common algorithms include SHA-256 and bcrypt.

Examples

Microsoft Entra ID uses bcrypt to hash passwords before storage. Azure Storage uses MD5 hashes to verify file integrity during uploads. Digital signatures use SHA-256 hashing for document verification.

Key Mechanisms

- Core function: A one-way cryptographic function that converts input data into a fixed-length string (hash). - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID uses bcrypt to hash passwords before storage. - Decision clue: An e-commerce platform stores customer passwords using bcrypt hashing with salt, ensuring that even if the database is compromised, actual passwords cannot be retrieved, only the irreversible hash values.

Review Path

Review path:

1. Open Azure portal 2. Search for Hashing 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The practice of adding random data (salt) to a password before hashing to protect against rainbow table attacks and ensure that identical passwords produce different hash values. Each password gets a unique salt value.

Examples

Microsoft Entra ID automatically adds random salt values to passwords before hashing with bcrypt. Azure Active Directory B2C uses salted hashes for customer identity passwords.

Key Mechanisms

- Core function: The practice of adding random data (salt) to a password before hashing to protect against rainbow table attacks and ensure that identical passwords produce different hash values. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID automatically adds random salt values to passwords before hashing with bcrypt. - Decision clue: A banking application implements salted password hashing, ensuring that even if two customers have the same password, their stored hash values are completely different due to unique salt values.

Review Path

Review path:

1. Open Azure portal 2. Search for Salting 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The administration of cryptographic keys throughout their lifecycle including generation, distribution, storage, rotation, and destruction. Proper key management is essential for maintaining the security of encrypted systems.

Examples

Azure Key Vault provides centralized key management with hardware security modules (HSMs). Microsoft manages encryption keys for platform services, while customers can manage their own keys (BYOK - Bring Your Own Key).

Key Mechanisms

- Core function: The administration of cryptographic keys throughout their lifecycle including generation, distribution, storage, rotation, and destruction. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Azure Key Vault provides centralized key management with hardware security modules (HSMs). - Decision clue: A multinational corporation uses Azure Key Vault to centrally manage encryption keys across all global offices, implementing automatic key rotation, access policies, and audit logging for compliance requirements.

Review Path

Review path:

1. Open Azure portal 2. Search for Key Management 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

GRC is an integrated approach that coordinates governance (policies and oversight), risk management (threat identification and mitigation), and compliance (regulatory adherence) across an organization to ensure effective decision-making, risk management, and regulatory compliance.

Examples

Microsoft Azure implements GRC through Azure Policy for governance, Azure Security Center for risk management, and compliance frameworks like SOC, ISO, and GDPR attestations for regulatory compliance.

Key Mechanisms

- Core function: GRC is an integrated approach that coordinates governance (policies and oversight), risk management (threat identification and mitigation), and compliance (regulatory adherence) across an organization to ensure effective decision-making, risk management, and regulatory compliance. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Azure implements GRC through Azure Policy for governance, Azure Security Center for risk management, and compliance frameworks like SOC, ISO, and GDPR attestations for regulatory compliance. - Decision clue: A financial services company implements GRC by establishing board governance policies, conducting regular risk assessments for cyber threats, and maintaining compliance with banking regulations like SOX and PCI DSS.

Review Path

Review path:

1. Open Azure portal 2. Search for Governance, Risk, and Compliance (GRC) Concepts 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Compliance refers to regulations and standards that organizations must follow to meet legal, regulatory, and industry requirements. Unlike security (which is broader), compliance focuses on legally mandated minimum standards and specific requirements that vary by industry, region, and data type.

Examples

Healthcare organizations must comply with HIPAA, financial institutions with SOX and PCI DSS, EU-facing companies with GDPR, and government contractors with NIST frameworks. Each has specific requirements for data protection, reporting, and governance.

Key Mechanisms

- Core function: Compliance refers to regulations and standards that organizations must follow to meet legal, regulatory, and industry requirements. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Healthcare organizations must comply with HIPAA, financial institutions with SOX and PCI DSS, EU-facing companies with GDPR, and government contractors with NIST frameworks. - Decision clue: A global bank must implement compliance programs covering multiple frameworks: GDPR for European customers, PCI DSS for payment processing, SOX for financial reporting, and local banking regulations in each operating country.

Review Path

Review path:

1. Open Azure portal 2. Search for Compliance Concepts 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Governance encompasses the policies, procedures, and oversight mechanisms that guide an organization's decision-making, strategic direction, and accountability. It includes board oversight, policy frameworks, risk appetite definition, and ensuring organizational objectives align with stakeholder expectations.

Examples

Microsoft Azure Governance includes Azure Policy for resource compliance, management groups for organizational hierarchy, Azure Blueprints for standardized deployments, and Cost Management for financial oversight.

Key Mechanisms

- Core function: Governance encompasses the policies, procedures, and oversight mechanisms that guide an organization's decision-making, strategic direction, and accountability. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Azure Governance includes Azure Policy for resource compliance, management groups for organizational hierarchy, Azure Blueprints for standardized deployments, and Cost Management for financial oversight. - Decision clue: A healthcare organization implements governance through board-approved data protection policies, executive oversight of compliance programs, standardized security procedures across all facilities, and regular governance reviews of patient data handling practices.

Review Path

Review path:

1. Open Azure portal 2. Search for Governance Concepts 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Risk management involves identifying, assessing, analyzing, and mitigating potential threats that could impact an organization's operations, reputation, or objectives. It includes risk identification, assessment, treatment, monitoring, and communication across the organization.

Examples

Microsoft Azure Risk Management includes Azure Security Center for threat detection, Azure Advisor for risk recommendations, Azure Monitor for continuous monitoring, and Azure Sentinel for security information and event management.

Key Mechanisms

- Core function: Risk management involves identifying, assessing, analyzing, and mitigating potential threats that could impact an organization's operations, reputation, or objectives. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Azure Risk Management includes Azure Security Center for threat detection, Azure Advisor for risk recommendations, Azure Monitor for continuous monitoring, and Azure Sentinel for security information and event management. - Decision clue: A financial institution implements risk management by conducting regular cybersecurity risk assessments, maintaining a risk register of identified threats, implementing controls to mitigate high-priority risks, and continuously monitoring for emerging threats.

Review Path

Review path:

1. Open Azure portal 2. Search for Risk Management Concepts 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The requirement that data must be stored within specific geographical boundaries or jurisdictions. Data residency ensures compliance with local laws and regulations regarding where citizen or business data can be physically located.

Examples

Microsoft Azure offers data residency options through regional datacenters, allowing customers to specify that their data remains within specific countries or regions like Europe, Canada, or Australia.

Key Mechanisms

- Core function: The requirement that data must be stored within specific geographical boundaries or jurisdictions. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Azure offers data residency options through regional datacenters, allowing customers to specify that their data remains within specific countries or regions like Europe, Canada, or Australia. - Decision clue: A European healthcare organization chooses Azure Europe regions to ensure patient health records remain within EU boundaries, complying with GDPR requirements and national healthcare data protection laws.

Review Path

Review path:

1. Open Azure portal 2. Search for Data Residency 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The concept that data is subject to the laws and governance structures of the country or region where it is physically located. Data sovereignty goes beyond residency to include legal jurisdiction and control over the data.

Examples

Microsoft Azure provides data sovereignty assurances through local datacenters, clear data handling policies, and transparency about government access requests through the Government Security Program.

Key Mechanisms

- Core function: The concept that data is subject to the laws and governance structures of the country or region where it is physically located. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Azure provides data sovereignty assurances through local datacenters, clear data handling policies, and transparency about government access requests through the Government Security Program. - Decision clue: A Canadian government agency requires data sovereignty for citizen records, using Azure Canada regions with assurances that Canadian law governs the data and that foreign governments cannot access it without proper legal processes.

Review Path

Review path:

1. Open Azure portal 2. Search for Data Sovereignty 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Fundamental guidelines for protecting personal information, with core principles including transparency about data collection, notice of data processing activities, and protection of personal information. These principles also encompass purpose limitation, data minimization, accuracy, retention limitation, and accountability.

Examples

Microsoft implements privacy principles through transparent privacy statements explaining data collection, providing clear notice about data processing purposes, implementing strong protection measures, and giving users control over their personal data.

Key Mechanisms

- Core function: Fundamental guidelines for protecting personal information, with core principles including transparency about data collection, notice of data processing activities, and protection of personal information. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft implements privacy principles through transparent privacy statements explaining data collection, providing clear notice about data processing purposes, implementing strong protection measures, and giving users control over their personal data. - Decision clue: A social media company implements privacy principles by transparently explaining data collection purposes, providing clear notice of data processing activities, protecting user information with encryption, minimizing data collection to essential functions, and offering data deletion capabilities.

Review Path

Review path:

1. Open Azure portal 2. Search for Privacy Principles 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Data privacy focuses on transparency about data collection and processing activities, specifically concerning personal data that can be directly or indirectly linked to an individual. It emphasizes providing clear notice about data use, being transparent about collection and processing purposes, and covering how data is shared.

Examples

Microsoft implements data privacy through clear privacy statements, transparent data collection notices, user consent mechanisms, and detailed explanations of how personal data is processed, stored, and shared across Microsoft services.

Key Mechanisms

- Core function: Data privacy focuses on transparency about data collection and processing activities, specifically concerning personal data that can be directly or indirectly linked to an individual. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft implements data privacy through clear privacy statements, transparent data collection notices, user consent mechanisms, and detailed explanations of how personal data is processed, stored, and shared across Microsoft services. - Decision clue: A social media company implements data privacy by providing clear notices about what personal data is collected, obtaining explicit consent for data processing, explaining how user information is shared with advertisers, and offering users control over their privacy settings.

Review Path

Review path:

1. Open Azure portal 2. Search for Data Privacy 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Standards and regulations that organizations must follow to protect data and ensure security. These frameworks provide guidelines for security controls, data protection, and governance practices across different industries and regions.

Examples

Common frameworks include GDPR for EU privacy, HIPAA for US healthcare, PCI DSS for payment processing, SOX for financial reporting, ISO 27001 for information security, and NIST for US government and critical infrastructure.

Key Mechanisms

- Core function: Standards and regulations that organizations must follow to protect data and ensure security. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Common frameworks include GDPR for EU privacy, HIPAA for US healthcare, PCI DSS for payment processing, SOX for financial reporting, ISO 27001 for information security, and NIST for US government and critical infrastructure. - Decision clue: A multinational bank must comply with multiple frameworks: GDPR for European customers, PCI DSS for payment processing, SOX for financial reporting, and local banking regulations in each country where they operate.

Review Path

Review path:

1. Open Azure portal 2. Search for Regulatory Compliance Frameworks 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A comprehensive privacy regulation in the EU that governs how personal data of EU citizens is collected, processed, and stored. GDPR applies to any organization that processes EU citizen data, regardless of where the organization is located.

Examples

GDPR requires explicit consent for data processing, provides rights like data portability and erasure, mandates breach notification within 72 hours, and can impose fines up to 4% of annual global turnover.

Key Mechanisms

- Core function: A comprehensive privacy regulation in the EU that governs how personal data of EU citizens is collected, processed, and stored. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: GDPR requires explicit consent for data processing, provides rights like data portability and erasure, mandates breach notification within 72 hours, and can impose fines up to 4% of annual global turnover. - Decision clue: A US-based e-commerce company with EU customers implements GDPR compliance by obtaining explicit consent for cookies, providing data export capabilities, appointing a Data Protection Officer, and implementing privacy by design.

Review Path

Review path:

1. Open Azure portal 2. Search for General Data Protection Regulation (GDPR) 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The overall security status and strength of an organization's cybersecurity measures, policies, and controls. Security posture encompasses all security tools, processes, and practices that protect against threats and vulnerabilities.

Examples

Microsoft Secure Score evaluates security posture across Microsoft 365, Azure, and other services. Organizations improve posture through multi-factor authentication, endpoint protection, security training, and regular assessments.

Key Mechanisms

- Core function: The overall security status and strength of an organization's cybersecurity measures, policies, and controls. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Secure Score evaluates security posture across Microsoft 365, Azure, and other services. - Decision clue: A financial institution maintains strong security posture through 24/7 monitoring, regular vulnerability assessments, employee security training, incident response plans, and continuous compliance auditing to protect customer financial data.

Review Path

Review path:

1. Open Azure portal 2. Search for Security Posture 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The six fundamental components that form the foundation of Zero Trust security architecture: Identity, Devices, Applications, Data, Infrastructure, and Networks. Each pillar must be secured and verified independently.

Examples

Microsoft implements Zero Trust through Entra ID for identity, Intune for devices, Defender for applications, Purview for data, Azure for infrastructure, and network security groups for networks.

Key Mechanisms

- Core function: The six fundamental components that form the foundation of Zero Trust security architecture: Identity, Devices, Applications, Data, Infrastructure, and Networks. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft implements Zero Trust through Entra ID for identity, Intune for devices, Defender for applications, Purview for data, Azure for infrastructure, and network security groups for networks. - Decision clue: A healthcare organization secures each pillar: verifying doctor identities with MFA, managing medical devices with compliance policies, protecting patient apps with conditional access, classifying health data, securing cloud infrastructure, and segmenting networks.

Review Path

Review path:

1. Open Azure portal 2. Search for Zero Trust Pillars 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The Identity pillar focuses on verifying and securing all identities (users, services, devices) before granting access. It treats identity as the primary security perimeter, requiring strong authentication, authorization, and continuous verification of trust.

Examples

Microsoft Entra ID provides multi-factor authentication, conditional access policies, identity governance, and privileged identity management to verify user identities before granting resource access.

Key Mechanisms

- Core function: The Identity pillar focuses on verifying and securing all identities (users, services, devices) before granting access. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID provides multi-factor authentication, conditional access policies, identity governance, and privileged identity management to verify user identities before granting resource access. - Decision clue: A financial company implements identity verification requiring all employees to use MFA, biometric authentication for high-risk transactions, and regular access reviews to ensure only authorized personnel access sensitive financial systems.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Zero Trust Identity Pillar 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The Devices pillar secures all endpoints including mobile devices, laptops, IoT devices, and servers. It ensures device compliance, health assessment, and secure access regardless of device ownership or location.

Examples

Microsoft Intune manages device compliance policies, enrolls corporate and personal devices, applies security configurations, and blocks non-compliant devices from accessing company resources.

Key Mechanisms

- Core function: The Devices pillar secures all endpoints including mobile devices, laptops, IoT devices, and servers. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Intune manages device compliance policies, enrolls corporate and personal devices, applies security configurations, and blocks non-compliant devices from accessing company resources. - Decision clue: A healthcare organization manages doctor mobile devices, medical IoT equipment, and workstations by enforcing encryption, installing security patches, monitoring device health, and isolating non-compliant devices from patient data systems.

Review Path

Review path:

1. Open Azure portal 2. Search for Zero Trust Devices Pillar 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The Applications pillar protects applications through security policies, access controls, and runtime protection. It secures both cloud and on-premises applications, APIs, and microservices with comprehensive app governance.

Examples

Microsoft Defender for Cloud Apps provides app discovery, access policies, data protection, and threat detection for SaaS applications, while Application Gateway protects web applications with WAF capabilities.

Key Mechanisms

- Core function: The Applications pillar protects applications through security policies, access controls, and runtime protection. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Defender for Cloud Apps provides app discovery, access policies, data protection, and threat detection for SaaS applications, while Application Gateway protects web applications with WAF capabilities. - Decision clue: A legal firm secures case management applications with single sign-on, protects document sharing apps with data loss prevention, and monitors legal research tools for suspicious activities and unauthorized access attempts.

Review Path

Review path:

1. Open Azure portal 2. Search for Zero Trust Applications Pillar 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The Data pillar focuses on discovering, classifying, protecting, and governing sensitive data wherever it resides. It applies encryption, access controls, and data loss prevention to maintain data security throughout its lifecycle.

Examples

Microsoft Purview automatically discovers and classifies sensitive data, applies sensitivity labels, prevents data exfiltration, and provides data governance across Microsoft 365, Azure, and third-party platforms.

Key Mechanisms

- Core function: The Data pillar focuses on discovering, classifying, protecting, and governing sensitive data wherever it resides. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Purview automatically discovers and classifies sensitive data, applies sensitivity labels, prevents data exfiltration, and provides data governance across Microsoft 365, Azure, and third-party platforms. - Decision clue: A pharmaceutical company classifies research data with sensitivity labels, encrypts drug formulas, restricts access to clinical trial results, monitors data usage, and prevents unauthorized sharing of intellectual property.

Review Path

Review path:

1. Open Azure portal 2. Search for Zero Trust Data Pillar 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The Infrastructure pillar secures compute resources including virtual machines, containers, serverless functions, and microservices. It ensures infrastructure security through just-in-time access, security baselines, and continuous monitoring.

Examples

Azure provides just-in-time VM access, security center recommendations, container security scanning, Azure Policy for governance, and Defender for Cloud for infrastructure protection and compliance monitoring.

Key Mechanisms

- Core function: The Infrastructure pillar secures compute resources including virtual machines, containers, serverless functions, and microservices. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Azure provides just-in-time VM access, security center recommendations, container security scanning, Azure Policy for governance, and Defender for Cloud for infrastructure protection and compliance monitoring. - Decision clue: A retail company secures e-commerce infrastructure with JIT access for administrators, security scanning for container images, automated patching for virtual machines, and continuous monitoring of cloud resources for vulnerabilities.

Review Path

Review path:

1. Open Azure portal 2. Search for Zero Trust Infrastructure Pillar 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The Networks pillar implements micro-segmentation, network security controls, and encrypted communications. It treats the network as hostile, requiring verification for all network access and lateral movement prevention.

Examples

Azure Virtual Network provides network security groups, application security groups, Azure Firewall for filtering, VPN Gateway for secure connections, and network monitoring for traffic analysis.

Key Mechanisms

- Core function: The Networks pillar implements micro-segmentation, network security controls, and encrypted communications. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Azure Virtual Network provides network security groups, application security groups, Azure Firewall for filtering, VPN Gateway for secure connections, and network monitoring for traffic analysis. - Decision clue: A manufacturing company segments production networks from corporate networks, encrypts all communications, monitors network traffic for anomalies, and restricts access between network segments to prevent lateral movement of threats.

Review Path

Review path:

1. Open Azure portal 2. Search for Zero Trust Networks Pillar 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Detailed breakdown of the six Zero Trust pillars: Identity (authentication and authorization), Devices (endpoint security), Applications (app protection), Data (information protection), Infrastructure (secure compute), and Networks (network security).

Examples

Identity uses conditional access, devices use compliance policies, applications use app protection policies, data uses sensitivity labels, infrastructure uses just-in-time access, networks use micro-segmentation.

Key Mechanisms

- Core function: Detailed breakdown of the six Zero Trust pillars: Identity (authentication and authorization), Devices (endpoint security), Applications (app protection), Data (information protection), Infrastructure (secure compute), and Networks (network security). - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Identity uses conditional access, devices use compliance policies, applications use app protection policies, data uses sensitivity labels, infrastructure uses just-in-time access, networks use micro-segmentation. - Decision clue: A law firm implements all six pillars: lawyer identity verification, secure laptop management, protected legal apps, classified case data, secured cloud infrastructure, and isolated network segments for client confidentiality.

Review Path

Review path:

1. Open Azure portal 2. Search for Zero Trust Six Pillars Details 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

An international standard for information security management systems (ISMS) that provides a systematic approach to managing sensitive information and ensuring its confidentiality, integrity, and availability through risk management processes.

Examples

Organizations achieve ISO 27001 certification through risk assessments, security controls implementation, management reviews, and continuous improvement. Microsoft datacenters are ISO 27001 certified.

Key Mechanisms

- Core function: An international standard for information security management systems (ISMS) that provides a systematic approach to managing sensitive information and ensuring its confidentiality, integrity, and availability through risk management processes. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Organizations achieve ISO 27001 certification through risk assessments, security controls implementation, management reviews, and continuous improvement. - Decision clue: A technology company pursues ISO 27001 certification to demonstrate security commitment to clients, implementing comprehensive security policies, regular audits, risk management processes, and employee security training.

Review Path

Review path:

1. Open Azure portal 2. Search for ISO 27001 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The National Institute of Standards and Technology Cybersecurity Framework providing a policy framework of computer security guidance for how organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks.

Examples

NIST Framework includes five core functions: Identify, Protect, Detect, Respond, Recover. Many organizations use NIST as their cybersecurity foundation, including federal agencies and critical infrastructure.

Key Mechanisms

- Core function: The National Institute of Standards and Technology Cybersecurity Framework providing a policy framework of computer security guidance for how organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: NIST Framework includes five core functions: Identify, Protect, Detect, Respond, Recover. - Decision clue: A power utility company adopts NIST Framework to protect electrical grid infrastructure, implementing asset identification, protective controls, threat detection systems, incident response procedures, and recovery planning.

Review Path

Review path:

1. Open Azure portal 2. Search for NIST Framework 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A US federal law that mandates strict financial reporting and internal controls for publicly traded companies to protect investors from accounting fraud. SOX requires accurate financial disclosures and executive accountability.

Examples

SOX Section 404 requires management assessment of internal controls, independent auditor attestation, and IT controls over financial reporting systems. Non-compliance can result in criminal penalties.

Key Mechanisms

- Core function: A US federal law that mandates strict financial reporting and internal controls for publicly traded companies to protect investors from accounting fraud. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: SOX Section 404 requires management assessment of internal controls, independent auditor attestation, and IT controls over financial reporting systems. - Decision clue: A public manufacturing company implements SOX compliance through segregation of duties in financial systems, regular IT control audits, executive certifications of financial statements, and comprehensive audit trails.

Review Path

Review path:

1. Open Azure portal 2. Search for Sarbanes-Oxley Act (SOX) 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A security standard for organizations that handle credit card information from major card brands. PCI DSS mandates security controls to protect cardholder data and reduce credit card fraud through secure payment processing.

Examples

PCI DSS requires secure networks, data protection, vulnerability management, access controls, monitoring, and information security policies. Compliance levels vary based on transaction volume.

Key Mechanisms

- Core function: A security standard for organizations that handle credit card information from major card brands. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: PCI DSS requires secure networks, data protection, vulnerability management, access controls, monitoring, and information security policies. - Decision clue: An e-commerce retailer achieves PCI DSS compliance by encrypting cardholder data, implementing secure payment processing, regular security testing, access controls for payment systems, and security awareness training.

Review Path

Review path:

1. Open Azure portal 2. Search for Payment Card Industry Data Security Standard (PCI DSS) 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The concept that in modern computing, identity has become the new security perimeter instead of the traditional network perimeter. With cloud computing and mobile access, controlling who can access resources is more important than controlling where they access from.

Examples

Microsoft Entra ID serves as the identity control plane, authenticating and authorizing users regardless of their location or device. Conditional Access policies evaluate identity signals to make access decisions.

Key Mechanisms

- Core function: The concept that in modern computing, identity has become the new security perimeter instead of the traditional network perimeter. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID serves as the identity control plane, authenticating and authorizing users regardless of their location or device. - Decision clue: A remote-first company relies on identity-based security rather than VPN-based network security, using Microsoft Entra ID to verify user identities and apply appropriate access controls based on risk assessments.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Identity as the Primary Security Perimeter 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Different categories of identities that need authentication and authorization in modern systems, including human identities (employees, customers, partners), workload identities (applications, services), and device identities (computers, mobile devices, IoT devices).

Examples

Microsoft Entra ID manages human identities through user accounts, workload identities through service principals and managed identities, and device identities through device registration and compliance policies.

Key Mechanisms

- Core function: Different categories of identities that need authentication and authorization in modern systems, including human identities (employees, customers, partners), workload identities (applications, services), and device identities (computers, mobile devices, IoT devices). - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID manages human identities through user accounts, workload identities through service principals and managed identities, and device identities through device registration and compliance policies. - Decision clue: A manufacturing company manages employee identities for access control, service identities for automated systems, and IoT device identities for factory equipment, all through a unified identity platform.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Identity Types 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Digital representations of people who need access to systems and resources. Human identities include employees, customers, business partners, and guests. Each requires different levels of access and security controls based on their relationship with the organization.

Examples

Microsoft Entra ID manages employee identities with corporate accounts, customer identities through Azure AD B2C, and partner identities through B2B collaboration features.

Key Mechanisms

- Core function: Digital representations of people who need access to systems and resources. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID manages employee identities with corporate accounts, customer identities through Azure AD B2C, and partner identities through B2B collaboration features. - Decision clue: A retail company manages employee identities for internal systems access, customer identities for online shopping accounts, and supplier partner identities for B2B portal access, each with appropriate security controls.

Review Path

Review path:

1. Open Azure portal 2. Search for Human Identities 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Digital identities assigned to applications, services, and automated processes that need to authenticate and access resources. Workload identities eliminate the need for hard-coded credentials in applications and enable secure service-to-service authentication.

Examples

Azure Managed Identity provides workload identities for Azure services. Service Principals enable applications to authenticate to Azure AD. GitHub Actions uses workload identities to deploy to Azure without storing secrets.

Key Mechanisms

- Core function: Digital identities assigned to applications, services, and automated processes that need to authenticate and access resources. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Azure Managed Identity provides workload identities for Azure services. - Decision clue: A web application uses Azure Managed Identity to securely access Azure Key Vault for secrets and Azure Storage for data, eliminating the need to store database passwords or API keys in the application code.

Review Path

Review path:

1. Open Azure portal 2. Search for Workload Identities 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Digital identities assigned to physical devices to verify their legitimacy and enforce security policies. Device identities enable organizations to control which devices can access corporate resources and ensure devices meet security requirements.

Examples

Microsoft Intune registers device identities and enforces compliance policies. Azure AD device registration creates device identities for Windows, macOS, iOS, and Android devices.

Key Mechanisms

- Core function: Digital identities assigned to physical devices to verify their legitimacy and enforce security policies. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Intune registers device identities and enforces compliance policies. - Decision clue: A financial services company requires all devices accessing corporate email to be registered with Intune, encrypted, and running updated operating systems, using device identity to enforce these compliance requirements.

Review Path

Review path:

1. Open Azure portal 2. Search for Device Identities 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The process of verifying the identity of a user, device, or system. Authentication answers "Who are you?" and typically involves something you know (password), something you have (phone/token), or something you are (biometric).

Examples

Microsoft Entra ID supports multiple authentication methods including passwords, phone calls, SMS, Microsoft Authenticator app, FIDO2 security keys, and Windows Hello biometric authentication.

Key Mechanisms

- Core function: The process of verifying the identity of a user, device, or system. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID supports multiple authentication methods including passwords, phone calls, SMS, Microsoft Authenticator app, FIDO2 security keys, and Windows Hello biometric authentication. - Decision clue: A bank implements multi-factor authentication requiring customers to provide their password (something they know) and a code from their phone (something they have) before accessing online banking.

Review Path

Review path:

1. Open Azure portal 2. Search for Authentication Concepts 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The process of determining what an authenticated identity is allowed to do. Authorization answers "What can you access?" and involves permissions, roles, and policies that define access rights to resources and operations.

Examples

Microsoft Entra ID uses Role-Based Access Control (RBAC) to grant specific permissions. Azure Resource Manager enforces authorization policies to control access to Azure resources.

Key Mechanisms

- Core function: The process of determining what an authenticated identity is allowed to do. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID uses Role-Based Access Control (RBAC) to grant specific permissions. - Decision clue: After a user authenticates to a document management system, authorization determines whether they can read, edit, or delete specific documents based on their role and the document classification.

Review Path

Review path:

1. Open Azure portal 2. Search for Authorization Concepts 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Services that create, maintain, and manage identity information while providing authentication services to applications. Identity providers act as trusted sources of identity verification for federated systems and single sign-on scenarios.

Examples

Microsoft Entra ID serves as an identity provider for Microsoft 365 and Azure. Other identity providers include Google Identity, Facebook Login, ADFS, and SAML-based enterprise identity systems.

Key Mechanisms

- Core function: Services that create, maintain, and manage identity information while providing authentication services to applications. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID serves as an identity provider for Microsoft 365 and Azure. - Decision clue: A university uses Microsoft Entra ID as their primary identity provider for faculty and staff, while also accepting federated logins from partner universities and allowing student access through social identity providers.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Identity Providers 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Advanced authentication protocols and methods that provide enhanced security compared to basic authentication. Modern authentication includes OAuth 2.0, OpenID Connect, SAML, and multi-factor authentication, supporting features like single sign-on and conditional access.

Examples

Microsoft 365 uses modern authentication with OAuth 2.0 and OpenID Connect for single sign-on. Azure AD supports SAML federation for third-party applications and conditional access for risk-based authentication.

Key Mechanisms

- Core function: Advanced authentication protocols and methods that provide enhanced security compared to basic authentication. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft 365 uses modern authentication with OAuth 2.0 and OpenID Connect for single sign-on. - Decision clue: A company implements modern authentication allowing employees to sign in once with MFA and access all approved SaaS applications without additional login prompts, while maintaining security through token-based authentication.

Review Path

Review path:

1. Open Azure portal 2. Search for Modern Authentication 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The practice of linking a user's identity across multiple separate identity management systems. Federation allows users to access resources in different organizations using their home organization credentials, establishing trust relationships between identity providers.

Examples

Microsoft Entra ID supports federation with external identity providers through SAML, WS-Federation, and OAuth protocols. Azure AD B2B enables partner organizations to access resources using their own identities.

Key Mechanisms

- Core function: The practice of linking a user's identity across multiple separate identity management systems. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID supports federation with external identity providers through SAML, WS-Federation, and OAuth protocols. - Decision clue: A university consortium allows students from any member university to access research databases and library resources using their home university credentials through federated identity trust relationships.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Identity Federation 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

An authentication scheme that allows users to log in with a single set of credentials to access multiple applications and services. SSO improves user experience and reduces password fatigue while maintaining security through centralized authentication.

Examples

Microsoft Entra ID provides SSO for thousands of pre-integrated SaaS applications. Office 365 SSO allows users to access Outlook, Teams, SharePoint, and other services with one login.

Key Mechanisms

- Core function: An authentication scheme that allows users to log in with a single set of credentials to access multiple applications and services. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID provides SSO for thousands of pre-integrated SaaS applications. - Decision clue: A marketing agency implements SSO so employees can access their email, CRM, project management, and design tools with a single login, reducing password complexity while improving productivity and security.

Review Path

Review path:

1. Open Azure portal 2. Search for Single Sign-On (SSO) 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The advantages of implementing single sign-on including improved user experience, enhanced security through centralized authentication, reduced password fatigue, decreased IT support costs, and better compliance monitoring.

Examples

Organizations implementing SSO report reduced help desk calls for password resets, improved user productivity, better security visibility, and reduced risk of password-related security breaches.

Key Mechanisms

- Core function: The advantages of implementing single sign-on including improved user experience, enhanced security through centralized authentication, reduced password fatigue, decreased IT support costs, and better compliance monitoring. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Organizations implementing SSO report reduced help desk calls for password resets, improved user productivity, better security visibility, and reduced risk of password-related security breaches. - Decision clue: A consulting firm implements SSO and sees a 70% reduction in password reset requests, improved employee satisfaction, and enhanced security visibility across all applications used by their distributed workforce.

Review Path

Review path:

1. Open Azure portal 2. Search for SSO Benefits 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Technical protocols and standards that enable secure identity federation across different systems and organizations. Common standards include SAML, OAuth 2.0, OpenID Connect, and WS-Federation, each serving different use cases and scenarios.

Examples

Microsoft Entra ID supports SAML 2.0 for enterprise applications, OAuth 2.0 for API access, OpenID Connect for modern web applications, and WS-Federation for legacy Windows-based applications.

Key Mechanisms

- Core function: Technical protocols and standards that enable secure identity federation across different systems and organizations. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID supports SAML 2.0 for enterprise applications, OAuth 2.0 for API access, OpenID Connect for modern web applications, and WS-Federation for legacy Windows-based applications. - Decision clue: An enterprise uses SAML for federated access to Salesforce, OAuth 2.0 for mobile app API access, and OpenID Connect for their custom web applications, all integrated with their Azure AD identity provider.

Review Path

Review path:

1. Open Azure portal 2. Search for Federation Standards 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

An XML-based open standard for exchanging authentication and authorization data between parties, particularly between an identity provider and a service provider. SAML enables secure web-based single sign-on.

Examples

Microsoft Entra ID acts as a SAML identity provider for applications like Salesforce, ServiceNow, and Box. SAML assertions contain user identity information and authentication status.

Key Mechanisms

- Core function: An XML-based open standard for exchanging authentication and authorization data between parties, particularly between an identity provider and a service provider. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID acts as a SAML identity provider for applications like Salesforce, ServiceNow, and Box. - Decision clue: An enterprise configures SAML federation between their Azure AD and Salesforce, allowing employees to access Salesforce using their corporate credentials without separate login.

Review Path

Review path:

1. Open Azure portal 2. Search for Security Assertion Markup Language (SAML) 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

An authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. OAuth provides authorization flows for web applications, mobile applications, and server-to-server scenarios.

Examples

Microsoft Graph API uses OAuth 2.0 for authorization. Mobile applications use OAuth to access Microsoft 365 data without storing user credentials. Third-party applications integrate with Azure AD using OAuth flows.

Key Mechanisms

- Core function: An authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Graph API uses OAuth 2.0 for authorization. - Decision clue: A mobile productivity app uses OAuth 2.0 to access a user's calendar and email from Microsoft 365 without requiring the user to share their password with the app.

Review Path

Review path:

1. Open Azure portal 2. Search for OAuth 2.0 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

An identity layer built on top of OAuth 2.0 that adds authentication to the authorization framework. OpenID Connect allows clients to verify the identity of users and obtain basic profile information about them.

Examples

Microsoft Entra ID supports OpenID Connect for modern web applications. Many SaaS applications use OpenID Connect with Azure AD for both authentication and authorization.

Key Mechanisms

- Core function: An identity layer built on top of OAuth 2.0 that adds authentication to the authorization framework. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID supports OpenID Connect for modern web applications. - Decision clue: A custom web application uses OpenID Connect with Azure AD to authenticate users and obtain their profile information for personalization while also getting OAuth tokens to access Microsoft Graph APIs.

Review Path

Review path:

1. Open Azure portal 2. Search for OpenID Connect 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Cloud and on-premises services that participate in identity federation, allowing users to authenticate once with their home organization and access multiple services across partner organizations without additional logins.

Examples

Microsoft 365, Salesforce, Google Workspace, and Dropbox can act as federated services with Azure AD. Users authenticate with their corporate credentials and access all connected services seamlessly.

Key Mechanisms

- Core function: Cloud and on-premises services that participate in identity federation, allowing users to authenticate once with their home organization and access multiple services across partner organizations without additional logins. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Microsoft 365, Salesforce, Google Workspace, and Dropbox can act as federated services with Azure AD. - Decision clue: A consulting firm enables employees to access client Microsoft 365 environments, partner Salesforce instances, and third-party project management tools using their corporate Azure AD credentials through federation.

Review Path

Review path:

1. Open Azure portal 2. Search for Federated Services 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A secure relationship established between identity providers and service providers that enables users from one organization to access resources in another organization. Trust relationships define authentication and authorization rules.

Examples

Azure AD federation trusts use digital certificates, metadata exchange, and cryptographic signatures to establish secure relationships with partners. SAML assertions carry trust tokens between organizations.

Key Mechanisms

- Core function: A secure relationship established between identity providers and service providers that enables users from one organization to access resources in another organization. - Category fit: This concept belongs to security concepts and identity foundations and should be identified by purpose, not just by name recognition. - Real signal: Azure AD federation trusts use digital certificates, metadata exchange, and cryptographic signatures to establish secure relationships with partners. - Decision clue: A law firm establishes federation trust with a client's Azure AD, allowing their lawyers to access the client's document repositories and project management systems using their law firm credentials.

Review Path

Review path:

1. Open Azure portal 2. Search for Federation Trust 3. Identify what business or security problem it solves within security concepts and identity foundations 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft's cloud-based identity and access management service, formerly known as Azure Active Directory. Entra ID provides identity services for Microsoft 365, Azure, and thousands of SaaS applications, serving as the central identity control plane.

Examples

Entra ID manages user authentication for Microsoft 365, provides single sign-on to Salesforce and AWS, enables secure access to Azure resources, and integrates with on-premises Active Directory through hybrid identity.

Key Mechanisms

- Core function: Microsoft's cloud-based identity and access management service, formerly known as Azure Active Directory. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Entra ID manages user authentication for Microsoft 365, provides single sign-on to Salesforce and AWS, enables secure access to Azure resources, and integrates with on-premises Active Directory through hybrid identity. - Decision clue: A global corporation uses Microsoft Entra ID as their primary identity provider, managing 50,000 employee identities, providing SSO to 200+ SaaS applications, and securing access to Azure cloud resources across multiple subscriptions.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Microsoft Entra ID 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The former name for Microsoft Entra ID. Azure AD was rebranded to Microsoft Entra ID as part of the broader Microsoft Entra family of identity and access management solutions. The functionality remains the same while providing clearer branding.

Examples

Azure AD features are now part of Microsoft Entra ID, including user management, conditional access, privileged identity management, and application integration capabilities.

Key Mechanisms

- Core function: The former name for Microsoft Entra ID. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Azure AD features are now part of Microsoft Entra ID, including user management, conditional access, privileged identity management, and application integration capabilities. - Decision clue: Organizations previously using Azure AD can continue with the same functionality under the Microsoft Entra ID branding, with all existing configurations and integrations remaining intact during the transition.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Active Directory (Legacy Name) 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The different types of identities that Microsoft Entra ID can manage, including users (internal employees and external users), groups (security and distribution groups), applications (service principals), and devices (managed and registered devices).

Examples

Entra ID manages employee user accounts with corporate email addresses, guest user accounts for partners, security groups for resource access, Microsoft 365 groups for collaboration, and device identities for compliance.

Key Mechanisms

- Core function: The different types of identities that Microsoft Entra ID can manage, including users (internal employees and external users), groups (security and distribution groups), applications (service principals), and devices (managed and registered devices). - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Entra ID manages employee user accounts with corporate email addresses, guest user accounts for partners, security groups for resource access, Microsoft 365 groups for collaboration, and device identities for compliance. - Decision clue: A technology company uses Entra ID to manage 10,000 employee identities, 500 contractor guest accounts, 100 security groups for different access levels, and 5,000 device identities for endpoint management.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Entra ID Identity Types 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The primary identity objects managed by Microsoft Entra ID. Users represent people, groups organize users and devices for access management, and devices represent endpoints that access organizational resources.

Examples

User objects contain profile information and authentication methods. Security groups control access to resources. Microsoft 365 groups enable collaboration. Device objects enforce compliance policies.

Key Mechanisms

- Core function: The primary identity objects managed by Microsoft Entra ID. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: User objects contain profile information and authentication methods. - Decision clue: An organization creates user accounts for employees, organizes them into security groups based on departments, creates Microsoft 365 groups for project teams, and registers devices to enforce encryption policies.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Users, Groups, and Devices in Entra ID 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Identity management capabilities for users outside your organization, including business partners (B2B), customers (B2C), and guest users. External identities enable secure collaboration while maintaining control over organizational resources.

Examples

Azure AD B2B allows partner companies to access SharePoint sites using their own corporate credentials. Azure AD B2C enables customer registration for e-commerce applications with social identity providers.

Key Mechanisms

- Core function: Identity management capabilities for users outside your organization, including business partners (B2B), customers (B2C), and guest users. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Azure AD B2B allows partner companies to access SharePoint sites using their own corporate credentials. - Decision clue: A consulting firm uses B2B external identities to give client employees secure access to project collaboration spaces, while their customer-facing application uses B2C for customer account management with social login options.

Review Path

Review path:

1. Open Azure portal 2. Search for External Identities 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Identity architecture that spans both on-premises and cloud environments, allowing organizations to maintain existing on-premises Active Directory while extending identity services to the cloud. Hybrid identity provides a unified identity experience across environments.

Examples

Azure AD Connect synchronizes on-premises AD users to Microsoft Entra ID. Azure AD Connect Cloud Sync provides a lightweight hybrid identity solution. Pass-through Authentication allows cloud authentication using on-premises credentials.

Key Mechanisms

- Core function: Identity architecture that spans both on-premises and cloud environments, allowing organizations to maintain existing on-premises Active Directory while extending identity services to the cloud. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Azure AD Connect synchronizes on-premises AD users to Microsoft Entra ID. - Decision clue: A traditional enterprise maintains their on-premises Active Directory for legacy applications while using Azure AD Connect to synchronize identities to Microsoft Entra ID for Microsoft 365 and SaaS application access.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Hybrid Identity 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Various ways users can prove their identity to access systems and resources. Microsoft Entra ID supports multiple authentication methods to provide flexibility and enhanced security, from traditional passwords to passwordless options.

Examples

Entra ID supports passwords, SMS verification, voice calls, Microsoft Authenticator app notifications, FIDO2 security keys, Windows Hello biometric authentication, and certificate-based authentication.

Key Mechanisms

- Core function: Various ways users can prove their identity to access systems and resources. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Entra ID supports passwords, SMS verification, voice calls, Microsoft Authenticator app notifications, FIDO2 security keys, Windows Hello biometric authentication, and certificate-based authentication. - Decision clue: A healthcare organization implements multiple authentication methods: doctors use Windows Hello biometric authentication for quick access, administrators use FIDO2 keys for high-security access, and remote workers use Microsoft Authenticator.

Review Path

Review path:

1. Open Azure portal 2. Search for Authentication Methods 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Traditional authentication method using a shared secret that only the user should know. While still widely used, passwords alone are considered weak authentication and should be combined with additional factors for security.

Examples

Microsoft Entra ID enforces password complexity policies, supports password protection against common weak passwords, and provides self-service password reset capabilities.

Key Mechanisms

- Core function: Traditional authentication method using a shared secret that only the user should know. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID enforces password complexity policies, supports password protection against common weak passwords, and provides self-service password reset capabilities. - Decision clue: An organization implements strong password policies requiring minimum length, complexity, and regular changes, while also enabling self-service password reset to reduce IT support burden.

Review Path

Review path:

1. Open Azure portal 2. Search for Password Authentication 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Authentication methods that use phone numbers for verification, including SMS text messages with verification codes and voice calls that provide spoken codes. Phone authentication serves as a second factor in multi-factor authentication.

Examples

Microsoft Entra ID can send SMS codes to registered mobile numbers or place voice calls with spoken verification codes during the authentication process.

Key Mechanisms

- Core function: Authentication methods that use phone numbers for verification, including SMS text messages with verification codes and voice calls that provide spoken codes. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID can send SMS codes to registered mobile numbers or place voice calls with spoken verification codes during the authentication process. - Decision clue: A financial services company uses phone authentication as a backup method for users who don't have smartphones, allowing them to receive verification codes via voice calls to their landline phones.

Review Path

Review path:

1. Open Azure portal 2. Search for Phone Authentication 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Hardware-based authentication devices that implement FIDO2 standards for strong, passwordless authentication. FIDO2 keys use public key cryptography and are resistant to phishing attacks.

Examples

Microsoft Entra ID supports FIDO2 security keys from vendors like Yubico, providing passwordless authentication for high-security scenarios and shared workstations.

Key Mechanisms

- Core function: Hardware-based authentication devices that implement FIDO2 standards for strong, passwordless authentication. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID supports FIDO2 security keys from vendors like Yubico, providing passwordless authentication for high-security scenarios and shared workstations. - Decision clue: A government agency deploys FIDO2 security keys to administrators accessing classified systems, providing strong authentication that cannot be phished or remotely compromised.

Review Path

Review path:

1. Open Azure portal 2. Search for FIDO2 Security Keys 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Authentication methods that eliminate the need for passwords while providing stronger security. Passwordless authentication uses something you have (device/key) and something you are (biometric) or something you have plus PIN.

Examples

Microsoft supports passwordless authentication through Windows Hello for Business (biometric + PIN), FIDO2 security keys, and Microsoft Authenticator phone sign-in with biometric verification.

Key Mechanisms

- Core function: Authentication methods that eliminate the need for passwords while providing stronger security. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Microsoft supports passwordless authentication through Windows Hello for Business (biometric + PIN), FIDO2 security keys, and Microsoft Authenticator phone sign-in with biometric verification. - Decision clue: A technology company eliminates passwords for all employees by deploying Windows Hello for Business on laptops, FIDO2 security keys for shared workstations, and Microsoft Authenticator phone sign-in for mobile access.

Review Path

Review path:

1. Open Azure portal 2. Search for Passwordless Authentication 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A passwordless authentication method that uses biometric authentication (fingerprint, facial recognition, or iris scan) or PIN tied to a specific device. Windows Hello for Business creates a cryptographic key pair tied to the device.

Examples

Employees use facial recognition or fingerprint scanning to unlock Windows devices and authenticate to Microsoft Entra ID without typing passwords.

Key Mechanisms

- Core function: A passwordless authentication method that uses biometric authentication (fingerprint, facial recognition, or iris scan) or PIN tied to a specific device. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Employees use facial recognition or fingerprint scanning to unlock Windows devices and authenticate to Microsoft Entra ID without typing passwords. - Decision clue: A healthcare organization deploys Windows Hello for Business on medical workstations, allowing doctors and nurses to quickly and securely access patient records using biometric authentication.

Review Path

Review path:

1. Open Azure portal 2. Search for Windows Hello for Business 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A mobile app that provides multi-factor authentication through push notifications, time-based one-time passwords (TOTP), and passwordless phone sign-in. The app can also store and autofill passwords.

Examples

Users receive push notifications on their phones to approve or deny login attempts. The app can also generate TOTP codes for applications that don't support push notifications.

Key Mechanisms

- Core function: A mobile app that provides multi-factor authentication through push notifications, time-based one-time passwords (TOTP), and passwordless phone sign-in. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Users receive push notifications on their phones to approve or deny login attempts. - Decision clue: A consulting company requires employees to use Microsoft Authenticator for MFA, with users receiving push notifications to approve login attempts and using the app's passwordless sign-in feature for enhanced security.

Review Path

Review path:

1. Open Azure portal 2. Search for Microsoft Authenticator 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A security method that requires users to provide two or more verification factors to gain access to a resource. MFA combines something you know, something you have, and/or something you are to provide stronger authentication security.

Examples

Microsoft Entra ID MFA includes SMS codes, voice calls, Microsoft Authenticator app approvals, FIDO2 security keys, and Windows Hello biometric authentication as second factors.

Key Mechanisms

- Core function: A security method that requires users to provide two or more verification factors to gain access to a resource. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID MFA includes SMS codes, voice calls, Microsoft Authenticator app approvals, FIDO2 security keys, and Windows Hello biometric authentication as second factors. - Decision clue: A financial services company requires MFA for all user accounts, using Microsoft Authenticator app notifications as the primary second factor, with SMS backup for users without smartphones, significantly reducing account compromise incidents.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Multi-Factor Authentication (MFA) 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A feature that allows users to reset their passwords without administrator intervention by verifying their identity through multiple authentication methods. SSPR reduces IT support burden while maintaining security.

Examples

Microsoft Entra ID SSPR can require users to verify identity through email, SMS, security questions, or mobile app before allowing password reset.

Key Mechanisms

- Core function: A feature that allows users to reset their passwords without administrator intervention by verifying their identity through multiple authentication methods. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID SSPR can require users to verify identity through email, SMS, security questions, or mobile app before allowing password reset. - Decision clue: A large corporation enables SSPR to reduce help desk calls by 80%, allowing employees to reset forgotten passwords using their registered mobile phone and alternate email address.

Review Path

Review path:

1. Open Azure portal 2. Search for Self-Service Password Reset (SSPR) 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

An intelligent security capability that evaluates signals about users, devices, locations, and applications to make automated access control decisions. Conditional Access applies the right access controls to the right users under the right circumstances.

Examples

Conditional Access can require MFA for users accessing sensitive applications, block access from untrusted locations, require device compliance for corporate data access, and apply session controls for high-risk scenarios.

Key Mechanisms

- Core function: An intelligent security capability that evaluates signals about users, devices, locations, and applications to make automated access control decisions. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Conditional Access can require MFA for users accessing sensitive applications, block access from untrusted locations, require device compliance for corporate data access, and apply session controls for high-risk scenarios. - Decision clue: A global corporation uses Conditional Access to require MFA for all admin accounts, block access from high-risk countries, require compliant devices for email access, and apply additional security for financial applications.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Conditional Access 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Rules that define when and how access controls are applied based on specific conditions. Policies consist of assignments (who, what, where) and access controls (grant/block, require MFA, require compliance).

Examples

A policy might require MFA for all users accessing financial applications from outside the corporate network, or block access to sensitive data from non-compliant devices.

Key Mechanisms

- Core function: Rules that define when and how access controls are applied based on specific conditions. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: A policy might require MFA for all users accessing financial applications from outside the corporate network, or block access to sensitive data from non-compliant devices. - Decision clue: A healthcare organization creates policies requiring MFA for accessing electronic health records, blocking access from countries where they don't operate, and requiring device compliance for all mobile access.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Conditional Access Policies 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Input data that conditional access policies use to make real-time access decisions. Signals include user identity, location, device state, application being accessed, risk detection, and session characteristics that are evaluated during authentication to determine access permissions.

Examples

Common signals include user group membership (Finance team accessing payroll), location (corporate network vs. home office), device compliance state (managed vs. personal device), application sensitivity (HR system vs. email), and sign-in risk (impossible travel detected).

Key Mechanisms

- Core function: Input data that conditional access policies use to make real-time access decisions. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Common signals include user group membership (Finance team accessing payroll), location (corporate network vs. - Decision clue: A bank uses signals to require MFA when employees access customer data from outside branch locations, block access to trading systems from unmanaged devices, and automatically grant access to low-risk applications from corporate networks.

Review Path

Review path:

1. Open Azure portal 2. Search for Signals 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The evaluation results made by conditional access policies based on analyzed signals. Decisions include Block (deny access), Grant (allow access), or Require (additional authentication or compliance) that are implemented in real-time during the authentication process.

Examples

Decision examples include blocking access from untrusted countries, granting access to compliant devices, requiring MFA for admin roles, requiring approved client apps for mobile access, and requiring terms of use acceptance for external users.

Key Mechanisms

- Core function: The evaluation results made by conditional access policies based on analyzed signals. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Decision examples include blocking access from untrusted countries, granting access to compliant devices, requiring MFA for admin roles, requiring approved client apps for mobile access, and requiring terms of use acceptance for external users. - Decision clue: A healthcare organization configures decisions to block patient data access from personal devices, require MFA for access outside medical facilities, grant full access to compliant devices within trusted locations, and require app protection for mobile access.

Review Path

Review path:

1. Open Azure portal 2. Search for Decisions 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The action taken to implement conditional access policy decisions during user authentication. Enforcement occurs at the authentication endpoint and includes blocking access, challenging for additional authentication, requiring device compliance, or applying session controls in real-time.

Examples

Enforcement actions include redirecting users to MFA enrollment, blocking sign-in with error messages, requiring device registration with Intune, prompting for app protection policies, enforcing session timeouts, and restricting copy/paste in web applications.

Key Mechanisms

- Core function: The action taken to implement conditional access policy decisions during user authentication. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Enforcement actions include redirecting users to MFA enrollment, blocking sign-in with error messages, requiring device registration with Intune, prompting for app protection policies, enforcing session timeouts, and restricting copy/paste in web applications. - Decision clue: A legal firm enforces conditional access by requiring partners to complete MFA when accessing case files remotely, blocking access from non-compliant devices, and applying session controls that prevent downloading confidential documents on personal devices.

Review Path

Review path:

1. Open Azure portal 2. Search for Enforcement 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Real-time monitoring and control of user sessions to limit specific activities within cloud applications. Session controls can restrict downloads, uploads, copy/paste operations, and printing based on risk assessment.

Examples

Session controls can prevent users from downloading sensitive files to unmanaged devices, restrict printing of confidential documents, or limit clipboard operations in high-risk scenarios.

Key Mechanisms

- Core function: Real-time monitoring and control of user sessions to limit specific activities within cloud applications. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Session controls can prevent users from downloading sensitive files to unmanaged devices, restrict printing of confidential documents, or limit clipboard operations in high-risk scenarios. - Decision clue: A legal firm applies session controls to prevent contractors from downloading client documents to personal devices while still allowing them to view and edit files within the browser.

Review Path

Review path:

1. Open Azure portal 2. Search for Session Controls 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Predefined network locations in Conditional Access that can be trusted or untrusted. Named locations help organizations apply different security policies based on where users are connecting from.

Examples

Organizations can define corporate office IP ranges as trusted locations and apply less restrictive policies, while unknown locations trigger additional security requirements.

Key Mechanisms

- Core function: Predefined network locations in Conditional Access that can be trusted or untrusted. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Organizations can define corporate office IP ranges as trusted locations and apply less restrictive policies, while unknown locations trigger additional security requirements. - Decision clue: A company configures their office networks and VPN IP ranges as trusted named locations, allowing password-only authentication from these locations while requiring MFA from all other locations.

Review Path

Review path:

1. Open Azure portal 2. Search for Named Locations 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The comprehensive set of policies, processes, and technologies used to control and monitor who has access to what resources, when they can access them, and what they can do with those resources. Access management encompasses authentication, authorization, and ongoing access governance.

Examples

Microsoft Entra ID provides access management through conditional access policies, privileged identity management, access reviews, entitlement management, and role-based access control for comprehensive access governance.

Key Mechanisms

- Core function: The comprehensive set of policies, processes, and technologies used to control and monitor who has access to what resources, when they can access them, and what they can do with those resources. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID provides access management through conditional access policies, privileged identity management, access reviews, entitlement management, and role-based access control for comprehensive access governance. - Decision clue: A financial services firm implements comprehensive access management by requiring MFA for all users, using role-based permissions for trading systems, conducting quarterly access reviews, and implementing just-in-time access for administrative functions.

Review Path

Review path:

1. Open Azure portal 2. Search for Access Management 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The set of processes and technologies that ensure the right people have appropriate access to the right resources at the right time. Identity governance includes access lifecycle management, access reviews, and privileged access management.

Examples

Microsoft Entra ID Governance provides entitlement management for access requests, access reviews for periodic certification, and Privileged Identity Management for just-in-time administrative access.

Key Mechanisms

- Core function: The set of processes and technologies that ensure the right people have appropriate access to the right resources at the right time. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID Governance provides entitlement management for access requests, access reviews for periodic certification, and Privileged Identity Management for just-in-time administrative access. - Decision clue: A pharmaceutical company uses identity governance to automatically provision access for new employees based on their role, conduct quarterly access reviews for compliance, and manage privileged access to research systems.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Identity Governance 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A capability that automates access request workflows, assignments, reviews, and expiration to scale access governance. Entitlement management helps organizations manage the identity and access lifecycle at scale.

Examples

Microsoft Entra entitlement management creates access packages for common roles, automates approval workflows, and automatically removes access when users leave the organization.

Key Mechanisms

- Core function: A capability that automates access request workflows, assignments, reviews, and expiration to scale access governance. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra entitlement management creates access packages for common roles, automates approval workflows, and automatically removes access when users leave the organization. - Decision clue: A consulting firm creates access packages for different project types, allowing project managers to request appropriate access for team members with automatic approval workflows and time-limited access.

Review Path

Review path:

1. Open Azure portal 2. Search for Entitlement Management 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Periodic reviews of user access rights to ensure users have appropriate access and remove unnecessary permissions. Access reviews help organizations maintain the principle of least privilege and meet compliance requirements.

Examples

Microsoft Entra ID Access Reviews can review group memberships, application access, and privileged role assignments on a regular schedule with customizable review workflows.

Key Mechanisms

- Core function: Periodic reviews of user access rights to ensure users have appropriate access and remove unnecessary permissions. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Entra ID Access Reviews can review group memberships, application access, and privileged role assignments on a regular schedule with customizable review workflows. - Decision clue: A financial services company conducts quarterly access reviews for all privileged accounts and sensitive application access, with managers reviewing their team members' access rights and removing unnecessary permissions.

Review Path

Review path:

1. Open Azure portal 2. Search for Access Reviews 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A service that manages, controls, and monitors access to important resources in your organization. PIM provides just-in-time privileged access, time-bound access, and approval workflows for administrative roles.

Examples

Azure AD PIM enables just-in-time access to Global Administrator roles, requires approval for Exchange Administrator access, provides time-limited access to Azure resources, and sends alerts for privileged role activations.

Key Mechanisms

- Core function: A service that manages, controls, and monitors access to important resources in your organization. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Azure AD PIM enables just-in-time access to Global Administrator roles, requires approval for Exchange Administrator access, provides time-limited access to Azure resources, and sends alerts for privileged role activations. - Decision clue: An IT department uses PIM to eliminate standing privileged access, requiring administrators to request and justify elevated permissions for specific time periods, significantly reducing the attack surface of privileged accounts.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Privileged Identity Management (PIM) 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The complete journey of an identity from creation through modification to deletion. Identity lifecycle management ensures identities are properly provisioned, maintained, and deprovisioned throughout their existence.

Examples

Employee identities are created during onboarding, modified during role changes, and deleted or disabled when employees leave the organization. Customer identities follow similar patterns.

Key Mechanisms

- Core function: The complete journey of an identity from creation through modification to deletion. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Employee identities are created during onboarding, modified during role changes, and deleted or disabled when employees leave the organization. - Decision clue: A large corporation automates identity lifecycle management by integrating HR systems with Microsoft Entra ID to automatically create accounts for new hires, update permissions for role changes, and disable accounts for departing employees.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Identity Lifecycle 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The management of access permissions throughout their lifecycle, including granting access based on job requirements, reviewing access periodically, and removing access when no longer needed.

Examples

Access is granted during onboarding or role changes, reviewed during access reviews or compliance audits, and removed during offboarding or role changes.

Key Mechanisms

- Core function: The management of access permissions throughout their lifecycle, including granting access based on job requirements, reviewing access periodically, and removing access when no longer needed. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Access is granted during onboarding or role changes, reviewed during access reviews or compliance audits, and removed during offboarding or role changes. - Decision clue: A healthcare organization manages access lifecycle by granting medical staff access to patient records based on their role, conducting monthly reviews of access permissions, and immediately removing access when staff change roles or leave.

Review Path

Review path:

1. Open Azure portal 2. Search for Access Lifecycle 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A Microsoft Entra feature that uses machine learning to detect identity-based risks and protect against suspicious activities. Identity Protection provides risk detection, risk-based policies, and investigation capabilities.

Examples

Identity Protection can detect impossible travel scenarios, leaked credentials, sign-ins from malware-infected devices, and other anomalous activities that might indicate compromised accounts.

Key Mechanisms

- Core function: A Microsoft Entra feature that uses machine learning to detect identity-based risks and protect against suspicious activities. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Identity Protection can detect impossible travel scenarios, leaked credentials, sign-ins from malware-infected devices, and other anomalous activities that might indicate compromised accounts. - Decision clue: A global company uses Identity Protection to automatically detect when employees' credentials appear in public breaches, identify unusual sign-in patterns, and apply risk-based policies to protect against account takeovers.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Identity Protection 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The capability to identify potentially suspicious activities and behaviors that might indicate compromised identities. Risk detection uses machine learning and heuristics to analyze sign-in patterns and user behaviors.

Examples

Risk detections include impossible travel (sign-ins from distant locations in short timeframes), leaked credentials found in public breaches, and sign-ins from infected devices or anonymous IP addresses.

Key Mechanisms

- Core function: The capability to identify potentially suspicious activities and behaviors that might indicate compromised identities. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Risk detections include impossible travel (sign-ins from distant locations in short timeframes), leaked credentials found in public breaches, and sign-ins from infected devices or anonymous IP addresses. - Decision clue: When an employee's account shows signs of compromise (leaked credentials plus sign-in from unusual location), risk detection identifies this pattern and triggers appropriate security responses.

Review Path

Review path:

1. Open Azure portal 2. Search for Risk Detection 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

An assessment of the likelihood that a user identity has been compromised. User risk is calculated based on various risk detections and signals associated with the user over time.

Examples

User risk increases when credentials are found in public breaches, when impossible travel is detected, or when multiple suspicious activities are associated with the account.

Key Mechanisms

- Core function: An assessment of the likelihood that a user identity has been compromised. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: User risk increases when credentials are found in public breaches, when impossible travel is detected, or when multiple suspicious activities are associated with the account. - Decision clue: A high user risk score might trigger requirements for password reset and re-registration for MFA, while low user risk allows normal access patterns to continue.

Review Path

Review path:

1. Open Azure portal 2. Search for User Risk 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

An assessment of the likelihood that a specific sign-in attempt is not authorized by the identity owner. Sign-in risk is calculated in real-time based on various factors about the specific authentication attempt.

Examples

Sign-in risk factors include unfamiliar locations, anonymous IP addresses, impossible travel scenarios, and device characteristics that differ from normal patterns.

Key Mechanisms

- Core function: An assessment of the likelihood that a specific sign-in attempt is not authorized by the identity owner. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Sign-in risk factors include unfamiliar locations, anonymous IP addresses, impossible travel scenarios, and device characteristics that differ from normal patterns. - Decision clue: A high sign-in risk might trigger MFA requirements or block the sign-in attempt, while low sign-in risk allows normal authentication to proceed.

Review Path

Review path:

1. Open Azure portal 2. Search for Sign-in Risk 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Actions taken to address identified risks and restore accounts to a secure state. Risk remediation can be automatic (policy-driven) or manual (administrator-initiated) based on the risk level and organizational policies.

Examples

Remediation actions include requiring password changes, re-registration for MFA, blocking access until manual review, or requiring additional authentication factors.

Key Mechanisms

- Core function: Actions taken to address identified risks and restore accounts to a secure state. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Remediation actions include requiring password changes, re-registration for MFA, blocking access until manual review, or requiring additional authentication factors. - Decision clue: When leaked credentials are detected, automatic remediation might require the user to change their password and re-register for MFA before allowing further access.

Review Path

Review path:

1. Open Azure portal 2. Search for Risk Remediation 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Automated policies that define how to respond to different levels of user and sign-in risk. Risk policies can automatically trigger remediation actions or additional security requirements based on risk assessments.

Examples

Policies might automatically require MFA for medium sign-in risk, force password reset for high user risk, or block access entirely for very high risk scenarios.

Key Mechanisms

- Core function: Automated policies that define how to respond to different levels of user and sign-in risk. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Policies might automatically require MFA for medium sign-in risk, force password reset for high user risk, or block access entirely for very high risk scenarios. - Decision clue: An organization configures risk policies to automatically require MFA for any sign-in with medium or high risk, and to block access entirely for accounts with high user risk until manual review.

Review Path

Review path:

1. Open Azure portal 2. Search for Risk Policies 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A comprehensive email and collaboration security solution that protects against advanced threats in email messages, links, and collaboration tools. It includes anti-phishing, safe attachments, safe links, and threat intelligence capabilities.

Examples

Defender for Office 365 scans email attachments in a safe environment, checks URLs for malicious content in real-time, protects against business email compromise, and provides threat hunting capabilities.

Key Mechanisms

- Core function: A comprehensive email and collaboration security solution that protects against advanced threats in email messages, links, and collaboration tools. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Defender for Office 365 scans email attachments in a safe environment, checks URLs for malicious content in real-time, protects against business email compromise, and provides threat hunting capabilities. - Decision clue: A law firm uses Defender for Office 365 to protect against targeted phishing attacks, scan client document attachments for malware, and prevent data exfiltration through malicious links in emails.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Microsoft Defender for Office 365 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Available in two plans: Plan 1 provides protection capabilities (Safe Attachments, Safe Links, Anti-phishing), while Plan 2 adds post-breach investigation, hunting, and response capabilities.

Examples

Plan 1 protects against malicious attachments and links. Plan 2 adds threat investigation, automated investigation and response, and attack simulation training.

Key Mechanisms

- Core function: Available in two plans: Plan 1 provides protection capabilities (Safe Attachments, Safe Links, Anti-phishing), while Plan 2 adds post-breach investigation, hunting, and response capabilities. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Plan 1 protects against malicious attachments and links. - Decision clue: A financial services company uses Plan 2 to not only protect against threats but also investigate security incidents, conduct threat hunting, and train employees with simulated phishing attacks.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Microsoft Defender for Office 365 Plans 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

An enterprise endpoint security platform that provides preventative protection, post-breach detection, automated investigation, and response capabilities. It protects endpoints from advanced threats and provides security operations teams with comprehensive visibility.

Examples

Defender for Endpoint detects ransomware behavior on Windows devices, automatically isolates infected machines, provides forensic analysis of attacks, and integrates with Microsoft Sentinel for centralized security operations.

Key Mechanisms

- Core function: An enterprise endpoint security platform that provides preventative protection, post-breach detection, automated investigation, and response capabilities. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Defender for Endpoint detects ransomware behavior on Windows devices, automatically isolates infected machines, provides forensic analysis of attacks, and integrates with Microsoft Sentinel for centralized security operations. - Decision clue: A healthcare organization uses Defender for Endpoint to protect patient workstations from malware, automatically respond to suspicious activities, and maintain compliance with healthcare security requirements.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Microsoft Defender for Endpoint 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A cloud-based security solution that monitors and analyzes user activities and information across your network, such as permissions, group membership, and authentication events, to identify suspicious activities and advanced attacks.

Examples

Defender for Identity detects pass-the-hash attacks, golden ticket attacks, reconnaissance attempts, and lateral movement across the network using machine learning and behavioral analysis.

Key Mechanisms

- Core function: A cloud-based security solution that monitors and analyzes user activities and information across your network, such as permissions, group membership, and authentication events, to identify suspicious activities and advanced attacks. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Defender for Identity detects pass-the-hash attacks, golden ticket attacks, reconnaissance attempts, and lateral movement across the network using machine learning and behavioral analysis. - Decision clue: An enterprise uses Defender for Identity to monitor Active Directory for advanced attacks, detect credential theft attempts, and identify suspicious user behavior that might indicate compromised accounts.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Microsoft Defender for Identity 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A cloud access security broker (CASB) that provides visibility, control, and protection for your data across cloud applications. It helps organizations secure their cloud environment through discovery, investigation, and governance.

Examples

Defender for Cloud Apps discovers shadow IT usage, protects sensitive data with DLP policies, detects anomalous user behavior, and provides app governance across sanctioned and unsanctioned applications.

Key Mechanisms

- Core function: A cloud access security broker (CASB) that provides visibility, control, and protection for your data across cloud applications. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Defender for Cloud Apps discovers shadow IT usage, protects sensitive data with DLP policies, detects anomalous user behavior, and provides app governance across sanctioned and unsanctioned applications. - Decision clue: A financial services company uses Defender for Cloud Apps to discover unauthorized cloud applications, protect customer data with DLP policies, and monitor for unusual file sharing activities.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Microsoft Defender for Cloud Apps 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Advanced security capabilities that extend across the Microsoft Defender family including threat analytics, automated investigation and response, vulnerability management, and attack surface reduction. These capabilities provide comprehensive threat protection and security insights.

Examples

Key capabilities include Microsoft Defender Vulnerability Management for identifying security weaknesses, threat analytics for understanding current attack campaigns, automated investigation for rapid response, and attack surface reduction rules to prevent attacks.

Key Mechanisms

- Core function: Advanced security capabilities that extend across the Microsoft Defender family including threat analytics, automated investigation and response, vulnerability management, and attack surface reduction. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Key capabilities include Microsoft Defender Vulnerability Management for identifying security weaknesses, threat analytics for understanding current attack campaigns, automated investigation for rapid response, and attack surface reduction rules to prevent attacks. - Decision clue: A financial institution uses Defender capabilities to automatically investigate suspicious activities, patch critical vulnerabilities within 24 hours, and reduce attack surface by blocking risky user behaviors.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Defender Capabilities 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Advanced threat intelligence capability in Microsoft Defender that provides real-time insights about emerging threats, attack techniques, and threat actor activities. It helps organizations understand their exposure to specific threats and provides actionable guidance.

Examples

Threat analytics reports cover major ransomware campaigns, nation-state activities, vulnerability exploits, and emerging attack trends with specific recommendations for defense and detection.

Key Mechanisms

- Core function: Advanced threat intelligence capability in Microsoft Defender that provides real-time insights about emerging threats, attack techniques, and threat actor activities. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Threat analytics reports cover major ransomware campaigns, nation-state activities, vulnerability exploits, and emerging attack trends with specific recommendations for defense and detection. - Decision clue: A cybersecurity team uses threat analytics to understand their exposure to the latest ransomware family, implement specific detection rules, and prioritize security controls based on current threat landscape.

Review Path

Review path:

1. Open Azure portal 2. Search for Threat Analytics 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

AI-powered capability in Microsoft Defender that automatically investigates security alerts and incidents, correlates related events, analyzes attack patterns, and provides remediation recommendations or takes automated response actions.

Examples

Automated investigation examines suspicious files, analyzes network connections, correlates user activities, checks threat intelligence, and can automatically quarantine malware or disable compromised accounts.

Key Mechanisms

- Core function: AI-powered capability in Microsoft Defender that automatically investigates security alerts and incidents, correlates related events, analyzes attack patterns, and provides remediation recommendations or takes automated response actions. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Automated investigation examines suspicious files, analyzes network connections, correlates user activities, checks threat intelligence, and can automatically quarantine malware or disable compromised accounts. - Decision clue: A security operations center uses automated investigation to handle 80% of routine security alerts automatically, allowing human analysts to focus on complex threats while ensuring rapid response to common attack patterns.

Review Path

Review path:

1. Open Azure portal 2. Search for Automated Investigation 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A comprehensive vulnerability management solution that continuously discovers, prioritizes, and remediates vulnerabilities across your organization's endpoints, applications, and infrastructure.

Examples

The solution provides vulnerability discovery, risk-based prioritization, configuration assessment, and remediation tracking across Windows, macOS, Linux, and mobile devices.

Key Mechanisms

- Core function: A comprehensive vulnerability management solution that continuously discovers, prioritizes, and remediates vulnerabilities across your organization's endpoints, applications, and infrastructure. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: The solution provides vulnerability discovery, risk-based prioritization, configuration assessment, and remediation tracking across Windows, macOS, Linux, and mobile devices. - Decision clue: An IT department uses Defender Vulnerability Management to automatically discover vulnerabilities across 10,000 endpoints, prioritize critical security updates, and track remediation progress.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Microsoft Defender Vulnerability Management 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution. Sentinel provides intelligent security analytics and threat intelligence across the enterprise.

Examples

Microsoft Sentinel collects security data from Azure, on-premises, and third-party sources, uses AI to detect threats, creates security incidents from alerts, and automates response through playbooks.

Key Mechanisms

- Core function: A cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Sentinel collects security data from Azure, on-premises, and third-party sources, uses AI to detect threats, creates security incidents from alerts, and automates response through playbooks. - Decision clue: A global manufacturing company uses Microsoft Sentinel to aggregate security logs from all locations, detect advanced persistent threats using machine learning, and automatically respond to common security incidents.

Review Path

Review path:

1. Open Azure portal -> Microsoft Sentinel 2. Search for Microsoft Sentinel 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Security Information and Event Management (SIEM) collects and analyzes security data, while Security Orchestration, Automation, and Response (SOAR) automates security processes and orchestrates response actions.

Examples

SIEM capabilities include log collection, correlation, and alerting. SOAR capabilities include automated playbooks, case management, and response orchestration across multiple security tools.

Key Mechanisms

- Core function: Security Information and Event Management (SIEM) collects and analyzes security data, while Security Orchestration, Automation, and Response (SOAR) automates security processes and orchestrates response actions. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: SIEM capabilities include log collection, correlation, and alerting. - Decision clue: A security operations center uses SIEM capabilities to detect threats and SOAR capabilities to automatically contain threats, notify stakeholders, and orchestrate response across multiple security tools.

Review Path

Review path:

1. Open Azure portal 2. Search for SIEM and SOAR Capabilities 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Components that enable Microsoft Sentinel to ingest security data from various sources including Microsoft services, third-party security tools, operating systems, and applications.

Examples

Connectors are available for Azure services, Microsoft 365, AWS, Google Cloud, Palo Alto Networks, Cisco, Symantec, and many other security and infrastructure products.

Key Mechanisms

- Core function: Components that enable Microsoft Sentinel to ingest security data from various sources including Microsoft services, third-party security tools, operating systems, and applications. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Connectors are available for Azure services, Microsoft 365, AWS, Google Cloud, Palo Alto Networks, Cisco, Symantec, and many other security and infrastructure products. - Decision clue: A hybrid cloud organization uses data connectors to ingest logs from Azure, AWS, on-premises Active Directory, Cisco firewalls, and endpoint protection tools into a unified security analytics platform.

Review Path

Review path:

1. Open Azure portal 2. Search for Data Connectors 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Queries that analyze ingested data to detect threats and create security alerts. Analytics rules use KQL (Kusto Query Language) to identify patterns, anomalies, and known attack signatures.

Examples

Rules can detect brute force attacks, impossible travel, privilege escalation, data exfiltration, and other suspicious activities based on log patterns and behavioral analysis.

Key Mechanisms

- Core function: Queries that analyze ingested data to detect threats and create security alerts. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Rules can detect brute force attacks, impossible travel, privilege escalation, data exfiltration, and other suspicious activities based on log patterns and behavioral analysis. - Decision clue: A security team creates analytics rules to detect when multiple failed login attempts are followed by a successful login from the same IP address, indicating a potential brute force attack.

Review Path

Review path:

1. Open Azure portal 2. Search for Analytics Rules 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Proactive threat hunting capabilities that allow security analysts to search through data to find threats that may have evaded automated detection. Hunting uses KQL queries to explore data and identify suspicious patterns.

Examples

Hunters can search for indicators of compromise, investigate user behavior anomalies, trace attack paths, and discover new attack techniques not yet covered by analytics rules.

Key Mechanisms

- Core function: Proactive threat hunting capabilities that allow security analysts to search through data to find threats that may have evaded automated detection. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Hunters can search for indicators of compromise, investigate user behavior anomalies, trace attack paths, and discover new attack techniques not yet covered by analytics rules. - Decision clue: A security analyst uses hunting queries to investigate potential lateral movement by searching for unusual authentication patterns and file access activities across the network.

Review Path

Review path:

1. Open Azure portal 2. Search for Hunting Queries 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Capabilities for managing security incidents throughout their lifecycle, from initial alert through investigation, response, and resolution. Incident management consolidates related alerts and provides collaboration tools.

Examples

Incidents can be automatically created from high-severity alerts, assigned to security analysts, tracked through investigation phases, and documented with evidence and resolution steps.

Key Mechanisms

- Core function: Capabilities for managing security incidents throughout their lifecycle, from initial alert through investigation, response, and resolution. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Incidents can be automatically created from high-severity alerts, assigned to security analysts, tracked through investigation phases, and documented with evidence and resolution steps. - Decision clue: When multiple alerts indicate a coordinated attack, incident management consolidates them into a single incident, assigns it to the appropriate analyst, and tracks investigation progress.

Review Path

Review path:

1. Open Azure portal 2. Search for Incident Management 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Automated workflows that orchestrate response actions across multiple systems when security incidents are detected. Playbooks can automatically contain threats, gather evidence, and notify stakeholders.

Examples

Playbooks can automatically disable compromised user accounts, isolate infected endpoints, block malicious IP addresses, and send notifications to security teams.

Key Mechanisms

- Core function: Automated workflows that orchestrate response actions across multiple systems when security incidents are detected. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Playbooks can automatically disable compromised user accounts, isolate infected endpoints, block malicious IP addresses, and send notifications to security teams. - Decision clue: When malware is detected on an endpoint, a playbook automatically isolates the machine, creates a support ticket, notifies the security team, and initiates forensic data collection.

Review Path

Review path:

1. Open Azure portal 2. Search for Playbooks and Automation 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Advanced security information and event management features in Microsoft Sentinel including threat hunting, incident management, security orchestration, and workbook visualizations. These features enable security operations teams to efficiently investigate and respond to threats.

Examples

Sentinel features include advanced hunting with KQL queries, automated playbook responses, interactive workbooks for security insights, threat intelligence integration, and machine learning-based anomaly detection for identifying sophisticated attacks.

Key Mechanisms

- Core function: Advanced security information and event management features in Microsoft Sentinel including threat hunting, incident management, security orchestration, and workbook visualizations. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Sentinel features include advanced hunting with KQL queries, automated playbook responses, interactive workbooks for security insights, threat intelligence integration, and machine learning-based anomaly detection for identifying sophisticated attacks. - Decision clue: A government agency uses Sentinel features to hunt for advanced persistent threats, automatically respond to malware incidents through playbooks, and create executive dashboards showing national security threat trends.

Review Path

Review path:

1. Open Azure portal -> Microsoft Sentinel 2. Search for Sentinel Features 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that strengthens the security posture of cloud and hybrid environments. It provides security recommendations, threat protection, and compliance assessment.

Examples

Defender for Cloud assesses Azure resources for security vulnerabilities, protects virtual machines from threats, monitors container security, and provides compliance dashboards for regulatory frameworks.

Key Mechanisms

- Core function: A cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that strengthens the security posture of cloud and hybrid environments. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Defender for Cloud assesses Azure resources for security vulnerabilities, protects virtual machines from threats, monitors container security, and provides compliance dashboards for regulatory frameworks. - Decision clue: A financial services company uses Defender for Cloud to maintain PCI DSS compliance across their Azure environment, protect cloud workloads from threats, and receive security recommendations for infrastructure improvements.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Microsoft Defender for Cloud 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Capabilities that continuously assess cloud resources for security misconfigurations, compliance violations, and security best practices. CSPM provides recommendations to improve overall security posture.

Examples

CSPM identifies open storage accounts, misconfigured network security groups, unencrypted databases, and other security gaps across cloud infrastructure.

Key Mechanisms

- Core function: Capabilities that continuously assess cloud resources for security misconfigurations, compliance violations, and security best practices. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: CSPM identifies open storage accounts, misconfigured network security groups, unencrypted databases, and other security gaps across cloud infrastructure. - Decision clue: A technology company uses CSPM to continuously monitor their multi-cloud environment, receiving alerts when storage accounts are accidentally made public or when critical security updates are needed.

Review Path

Review path:

1. Open Azure portal 2. Search for Cloud Security Posture Management (CSPM) 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Security capabilities that protect cloud workloads including virtual machines, containers, databases, and serverless functions from threats and vulnerabilities.

Examples

CWPP provides threat detection for VMs, container security monitoring, database activity monitoring, and serverless function protection across multiple cloud platforms.

Key Mechanisms

- Core function: Security capabilities that protect cloud workloads including virtual machines, containers, databases, and serverless functions from threats and vulnerabilities. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: CWPP provides threat detection for VMs, container security monitoring, database activity monitoring, and serverless function protection across multiple cloud platforms. - Decision clue: An e-commerce company uses CWPP to protect their containerized applications, monitor database access patterns, and detect threats in their serverless payment processing functions.

Review Path

Review path:

1. Open Azure portal 2. Search for Cloud Workload Protection Platform (CWPP) 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A centralized view of compliance status across various regulatory frameworks and standards. The dashboard shows compliance scores, failed assessments, and remediation guidance for regulations like PCI DSS, ISO 27001, and SOC 2.

Examples

The dashboard displays compliance status for standards like Azure Security Benchmark, PCI DSS, ISO 27001, NIST 800-53, and SOC TSP, with detailed recommendations for improvement.

Key Mechanisms

- Core function: A centralized view of compliance status across various regulatory frameworks and standards. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: The dashboard displays compliance status for standards like Azure Security Benchmark, PCI DSS, ISO 27001, NIST 800-53, and SOC TSP, with detailed recommendations for improvement. - Decision clue: A healthcare organization uses the compliance dashboard to track HIPAA compliance across their Azure environment, identify non-compliant resources, and prioritize remediation efforts.

Review Path

Review path:

1. Open Azure portal 2. Search for Regulatory Compliance Dashboard 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A numerical representation of your security posture based on security recommendations and best practices. Secure Score helps organizations understand their current security state and prioritize improvements.

Examples

Secure Score considers factors like enabled security features, configured policies, patched systems, and resolved vulnerabilities to calculate an overall security score.

Key Mechanisms

- Core function: A numerical representation of your security posture based on security recommendations and best practices. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Secure Score considers factors like enabled security features, configured policies, patched systems, and resolved vulnerabilities to calculate an overall security score. - Decision clue: A company uses Secure Score to track security improvements over time, set security targets for different teams, and demonstrate security posture improvements to stakeholders.

Review Path

Review path:

1. Open Azure portal 2. Search for Secure Score 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The comprehensive security capabilities provided by Microsoft Defender for Cloud, including Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), regulatory compliance dashboards, and Secure Score for comprehensive cloud security management.

Examples

Defender for Cloud features include security recommendations, threat protection for VMs and containers, compliance assessment dashboards, network security monitoring, and integration with Azure Security Center and Azure Policy.

Key Mechanisms

- Core function: The comprehensive security capabilities provided by Microsoft Defender for Cloud, including Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), regulatory compliance dashboards, and Secure Score for comprehensive cloud security management. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Defender for Cloud features include security recommendations, threat protection for VMs and containers, compliance assessment dashboards, network security monitoring, and integration with Azure Security Center and Azure Policy. - Decision clue: An enterprise uses Defender for Cloud features to maintain SOC 2 compliance across their Azure environment, protect cloud workloads from threats, monitor security posture with Secure Score, and receive actionable security recommendations.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Defender for Cloud Features 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A comprehensive compliance management solution that helps organizations manage compliance requirements across their Microsoft 365 environment. It provides data governance, risk management, and compliance tools in a unified portal.

Examples

Purview Compliance Portal provides data loss prevention policies, retention management, insider risk management, communication compliance, and compliance score assessments across Microsoft 365 services.

Key Mechanisms

- Core function: A comprehensive compliance management solution that helps organizations manage compliance requirements across their Microsoft 365 environment. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Purview Compliance Portal provides data loss prevention policies, retention management, insider risk management, communication compliance, and compliance score assessments across Microsoft 365 services. - Decision clue: A healthcare organization uses Microsoft Purview to ensure HIPAA compliance by implementing data loss prevention for patient information, retention policies for medical records, and communication compliance for staff interactions.

Review Path

Review path:

1. Open Microsoft Purview portal 2. Search for Microsoft Purview Compliance Portal 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The process of identifying and categorizing data based on its sensitivity and business value. Data classification helps organizations apply appropriate protection measures and comply with regulatory requirements.

Examples

Microsoft Purview can automatically classify emails containing credit card numbers as financial data, documents with employee information as HR confidential, and contracts as legal documents.

Key Mechanisms

- Core function: The process of identifying and categorizing data based on its sensitivity and business value. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Purview can automatically classify emails containing credit card numbers as financial data, documents with employee information as HR confidential, and contracts as legal documents. - Decision clue: A law firm uses data classification to automatically identify attorney-client privileged documents, apply appropriate retention policies, and ensure proper access controls based on document sensitivity.

Review Path

Review path:

1. Open Azure portal 2. Search for Data Classification 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Labels that classify and protect organizational data based on sensitivity. Sensitivity labels can encrypt content, add watermarks, restrict access, and prevent forwarding to ensure data protection.

Examples

Labels might include Public, Internal, Confidential, and Highly Confidential, with each label applying different protection measures like encryption, access restrictions, and usage monitoring.

Key Mechanisms

- Core function: Labels that classify and protect organizational data based on sensitivity. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Labels might include Public, Internal, Confidential, and Highly Confidential, with each label applying different protection measures like encryption, access restrictions, and usage monitoring. - Decision clue: An engineering company applies "Confidential" labels to design documents, automatically encrypting them and preventing external sharing while allowing internal collaboration.

Review Path

Review path:

1. Open Microsoft Purview portal 2. Search for Sensitivity Labels 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Security capabilities that identify, monitor, and protect sensitive information to prevent its unauthorized disclosure. DLP policies can detect sensitive data like credit card numbers, social security numbers, and medical records across various services.

Examples

Microsoft Purview DLP can block emails containing credit card numbers, prevent sharing of files with social security numbers in Teams, and alert administrators when sensitive documents are accessed from unusual locations.

Key Mechanisms

- Core function: Security capabilities that identify, monitor, and protect sensitive information to prevent its unauthorized disclosure. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Purview DLP can block emails containing credit card numbers, prevent sharing of files with social security numbers in Teams, and alert administrators when sensitive documents are accessed from unusual locations. - Decision clue: A bank implements DLP policies to prevent customer financial information from being sent via email, shared in Teams chats, or uploaded to unauthorized cloud services, ensuring regulatory compliance and customer data protection.

Review Path

Review path:

1. Open Microsoft Purview portal 2. Search for Data Loss Prevention (DLP) 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Rules that automatically retain or delete content based on organizational requirements and regulatory compliance needs. Retention policies help organizations manage information lifecycle and meet legal obligations.

Examples

Policies might retain all emails for 7 years for regulatory compliance, delete Teams chat messages after 1 year for storage management, and preserve SharePoint documents indefinitely for historical records.

Key Mechanisms

- Core function: Rules that automatically retain or delete content based on organizational requirements and regulatory compliance needs. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Policies might retain all emails for 7 years for regulatory compliance, delete Teams chat messages after 1 year for storage management, and preserve SharePoint documents indefinitely for historical records. - Decision clue: A financial services company implements retention policies to keep all trading communications for 7 years as required by SEC regulations while automatically deleting non-business communication after 90 days.

Review Path

Review path:

1. Open Microsoft Purview portal 2. Search for Retention Policies 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Advanced capabilities for managing high-value business content that must be retained for legal, business, or regulatory reasons. Records management provides immutable storage and disposition processes.

Examples

Legal contracts, financial records, regulatory filings, and other critical documents can be declared as records with specific retention schedules and disposition processes.

Key Mechanisms

- Core function: Advanced capabilities for managing high-value business content that must be retained for legal, business, or regulatory reasons. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Legal contracts, financial records, regulatory filings, and other critical documents can be declared as records with specific retention schedules and disposition processes. - Decision clue: A pharmaceutical company declares clinical trial data as regulatory records with 25-year retention requirements, ensuring immutable storage and proper disposition processes for FDA compliance.

Review Path

Review path:

1. Open Azure portal 2. Search for Records Management 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Capabilities that help organizations identify, investigate, and act on risky activities by users within the organization. It uses signals from various Microsoft 365 services to detect potentially risky behavior patterns.

Examples

Microsoft Purview Insider Risk Management can detect when employees download unusual amounts of data before leaving the company, access sensitive files outside normal work patterns, or communicate about confidential projects inappropriately.

Key Mechanisms

- Core function: Capabilities that help organizations identify, investigate, and act on risky activities by users within the organization. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Purview Insider Risk Management can detect when employees download unusual amounts of data before leaving the company, access sensitive files outside normal work patterns, or communicate about confidential projects inappropriately. - Decision clue: A technology company uses Insider Risk Management to monitor for data theft by departing employees, detect unauthorized access to intellectual property, and identify potential corporate espionage activities.

Review Path

Review path:

1. Open Azure portal 2. Search for Insider Risk Management 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Capabilities that help organizations monitor and review communications for policy violations, inappropriate content, and regulatory compliance. It can detect offensive language, sensitive information sharing, and policy violations.

Examples

Communication compliance can monitor Teams chats, emails, and Yammer posts for harassment, discrimination, insider trading communications, and other policy violations.

Key Mechanisms

- Core function: Capabilities that help organizations monitor and review communications for policy violations, inappropriate content, and regulatory compliance. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Communication compliance can monitor Teams chats, emails, and Yammer posts for harassment, discrimination, insider trading communications, and other policy violations. - Decision clue: A financial services company monitors trading floor communications for potential market manipulation, insider trading discussions, and compliance with securities regulations.

Review Path

Review path:

1. Open Azure portal 2. Search for Communication Compliance 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Policies that restrict communications and file sharing between specific groups of users to prevent conflicts of interest and ensure regulatory compliance. Information barriers help organizations maintain ethical walls.

Examples

Investment banks use information barriers to prevent communication between research analysts and investment bankers to avoid conflicts of interest and comply with securities regulations.

Key Mechanisms

- Core function: Policies that restrict communications and file sharing between specific groups of users to prevent conflicts of interest and ensure regulatory compliance. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Investment banks use information barriers to prevent communication between research analysts and investment bankers to avoid conflicts of interest and comply with securities regulations. - Decision clue: A law firm implements information barriers to prevent attorneys working on opposing sides of a case from sharing information, ensuring client confidentiality and avoiding conflicts of interest.

Review Path

Review path:

1. Open Azure portal 2. Search for Information Barriers 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The advanced data governance and compliance capabilities in Microsoft Purview that go beyond basic data protection, including records management, insider risk management, communication compliance, and information barriers for comprehensive organizational compliance.

Examples

Advanced compliance features include automated records retention, insider threat detection with behavioral analytics, proactive communication monitoring for regulatory violations, and ethical walls to prevent conflicts of interest.

Key Mechanisms

- Core function: The advanced data governance and compliance capabilities in Microsoft Purview that go beyond basic data protection, including records management, insider risk management, communication compliance, and information barriers for comprehensive organizational compliance. - Category fit: This concept belongs to microsoft security solutions and should be identified by purpose, not just by name recognition. - Real signal: Advanced compliance features include automated records retention, insider threat detection with behavioral analytics, proactive communication monitoring for regulatory violations, and ethical walls to prevent conflicts of interest. - Decision clue: A multinational investment firm uses advanced compliance features to manage records retention for regulatory requirements, detect insider trading risks, monitor communications for compliance violations, and maintain information barriers between different business units.

Review Path

Review path:

1. Open Azure portal 2. Search for Advanced Compliance 3. Identify what business or security problem it solves within microsoft security solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft's public site that provides transparency about Microsoft's security, privacy, and compliance practices. It contains audit reports, compliance guides, security assessments, and other trust-related documents for Microsoft cloud services.

Examples

Service Trust Portal provides ISO 27001 certification documents, SOC 2 reports, GDPR compliance guides, FedRAMP authorization documents, and security white papers for Azure and Microsoft 365.

Key Mechanisms

- Core function: Microsoft's public site that provides transparency about Microsoft's security, privacy, and compliance practices. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Service Trust Portal provides ISO 27001 certification documents, SOC 2 reports, GDPR compliance guides, FedRAMP authorization documents, and security white papers for Azure and Microsoft 365. - Decision clue: A financial services company preparing for a regulatory audit uses the Service Trust Portal to access Microsoft's SOC 1 Type II reports, ISO 27001 certificates, and PCI DSS compliance documentation to demonstrate their cloud provider's security controls.

Review Path

Review path:

1. Open Azure portal 2. Search for Service Trust Portal 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A workflow-based risk assessment tool in Microsoft Purview that helps organizations manage regulatory compliance activities. It provides compliance score calculations, recommended actions, and progress tracking for various regulatory frameworks.

Examples

Compliance Manager provides pre-built assessments for GDPR, ISO 27001, NIST 800-53, HIPAA, and other frameworks, with recommended actions and progress tracking for compliance initiatives.

Key Mechanisms

- Core function: A workflow-based risk assessment tool in Microsoft Purview that helps organizations manage regulatory compliance activities. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Compliance Manager provides pre-built assessments for GDPR, ISO 27001, NIST 800-53, HIPAA, and other frameworks, with recommended actions and progress tracking for compliance initiatives. - Decision clue: A healthcare organization uses Compliance Manager to track their HIPAA compliance progress, assign remediation tasks to appropriate teams, and generate compliance reports for regulatory audits.

Review Path

Review path:

1. Open Azure portal 2. Search for Compliance Manager 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Official documentation that provides evidence of Microsoft's security, privacy, and compliance practices. Trust documents include audit reports, certifications, assessment reports, and compliance guides.

Examples

Trust documents include SOC 1/2/3 reports, ISO 27001 certificates, FedRAMP P-ATO documents, PCI DSS attestations, and GDPR compliance documentation.

Key Mechanisms

- Core function: Official documentation that provides evidence of Microsoft's security, privacy, and compliance practices. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Trust documents include SOC 1/2/3 reports, ISO 27001 certificates, FedRAMP P-ATO documents, PCI DSS attestations, and GDPR compliance documentation. - Decision clue: During a vendor assessment process, an enterprise downloads Microsoft's ISO 27001 certificate and SOC 2 Type II report to verify security controls for their cloud adoption project.

Review Path

Review path:

1. Open Azure portal 2. Search for Trust Documents 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Purview capabilities that help organizations understand and manage personal data, respond to data subject requests, and maintain privacy compliance. These solutions provide visibility into personal data across Microsoft 365 services.

Examples

Microsoft Purview Privacy Management can discover personal data across Microsoft 365, automate data subject request responses, identify data transfers to third parties, and provide privacy risk assessments.

Key Mechanisms

- Core function: Microsoft Purview capabilities that help organizations understand and manage personal data, respond to data subject requests, and maintain privacy compliance. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Purview Privacy Management can discover personal data across Microsoft 365, automate data subject request responses, identify data transfers to third parties, and provide privacy risk assessments. - Decision clue: A retail company uses Privacy Management Solutions to comply with GDPR by automatically discovering customer personal data, processing data deletion requests, and maintaining records of data processing activities.

Review Path

Review path:

1. Open Azure portal 2. Search for Privacy Management Solutions 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Systematic evaluations of how personal data is collected, used, shared, and maintained to identify and mitigate privacy risks. PIAs help organizations comply with privacy regulations and protect individual rights.

Examples

PIAs evaluate new projects or systems that process personal data, assess privacy risks, identify mitigation measures, and document compliance with privacy requirements.

Key Mechanisms

- Core function: Systematic evaluations of how personal data is collected, used, shared, and maintained to identify and mitigate privacy risks. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: PIAs evaluate new projects or systems that process personal data, assess privacy risks, identify mitigation measures, and document compliance with privacy requirements. - Decision clue: Before launching a new customer loyalty program, a retailer conducts a PIA to evaluate privacy risks associated with collecting customer purchase history and implement appropriate safeguards.

Review Path

Review path:

1. Open Azure portal 2. Search for Privacy Impact Assessments (PIA) 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Requests from individuals to exercise their privacy rights regarding their personal data, including the right to access, rectify, erase, or port their data. Organizations must respond to these requests in compliance with privacy regulations.

Examples

Common requests include access to personal data, deletion of personal information, correction of inaccurate data, and data portability to move information to another service.

Key Mechanisms

- Core function: Requests from individuals to exercise their privacy rights regarding their personal data, including the right to access, rectify, erase, or port their data. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Common requests include access to personal data, deletion of personal information, correction of inaccurate data, and data portability to move information to another service. - Decision clue: A customer requests deletion of their personal data from an e-commerce site, and the company uses automated tools to identify and delete all personal information while maintaining necessary business records.

Review Path

Review path:

1. Open Azure portal 2. Search for Subject Rights Requests 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Systems and processes for obtaining, recording, and managing user consent for data processing activities. Consent management ensures organizations have proper legal basis for processing personal data.

Examples

Consent management includes cookie consent banners, privacy preference centers, consent withdrawal mechanisms, and audit trails of consent decisions.

Key Mechanisms

- Core function: Systems and processes for obtaining, recording, and managing user consent for data processing activities. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Consent management includes cookie consent banners, privacy preference centers, consent withdrawal mechanisms, and audit trails of consent decisions. - Decision clue: A website implements consent management to allow visitors to choose which cookies to accept, provides easy consent withdrawal options, and maintains records of all consent decisions for compliance auditing.

Review Path

Review path:

1. Open Azure portal 2. Search for Consent Management 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft's comprehensive privacy management solution that helps organizations understand personal data risks, automate privacy operations, and scale privacy management across their Microsoft 365 environment. Priva provides privacy risk management and subject rights request automation.

Examples

Microsoft Priva automatically discovers personal data across Microsoft 365, identifies privacy risks through behavioral analysis, automates subject rights request responses, and provides privacy insights dashboards for organizational visibility.

Key Mechanisms

- Core function: Microsoft's comprehensive privacy management solution that helps organizations understand personal data risks, automate privacy operations, and scale privacy management across their Microsoft 365 environment. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Priva automatically discovers personal data across Microsoft 365, identifies privacy risks through behavioral analysis, automates subject rights request responses, and provides privacy insights dashboards for organizational visibility. - Decision clue: A global retail company uses Microsoft Priva to automatically discover customer personal data across Teams, SharePoint, and Exchange, manage GDPR data subject requests, and monitor privacy risks across their entire Microsoft 365 environment.

Review Path

Review path:

1. Open Azure portal 2. Search for Microsoft Priva 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Priva's capability to automatically identify and assess privacy risks related to personal data across Microsoft 365 services. It uses machine learning to detect data handling practices that may pose privacy risks and provides recommendations for risk mitigation.

Examples

Privacy risk management detects overexposed personal data, identifies unusual data transfers, monitors data retention practices, flags excessive data collection, and provides privacy risk scores for different departments and data types.

Key Mechanisms

- Core function: Microsoft Priva's capability to automatically identify and assess privacy risks related to personal data across Microsoft 365 services. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Privacy risk management detects overexposed personal data, identifies unusual data transfers, monitors data retention practices, flags excessive data collection, and provides privacy risk scores for different departments and data types. - Decision clue: A healthcare organization uses privacy risk management to automatically detect when patient information is being stored in inappropriate locations, identify departments with high privacy risk scores, and receive recommendations for improving data handling practices.

Review Path

Review path:

1. Open Azure portal 2. Search for Privacy Risk Management 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

This domain covers fundamental security and compliance concepts including shared responsibility, defense in depth, Zero Trust methodology, encryption, hashing, and compliance frameworks. Understanding these concepts is essential for implementing Microsoft security solutions effectively.

Key Mechanisms

- Core function: This domain covers fundamental security and compliance concepts including shared responsibility, defense in depth, Zero Trust methodology, encryption, hashing, and compliance frameworks. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition.

Review Path

Review path:

1. Open Azure portal 2. Search for Security & Compliance Concepts Overview 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

This domain focuses on identity as the primary security perimeter, covering authentication vs authorization, identity types, and federation concepts. Modern identity management is crucial for securing cloud and hybrid environments.

Key Mechanisms

- Core function: This domain focuses on identity as the primary security perimeter, covering authentication vs authorization, identity types, and federation concepts. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Identity Concepts Overview 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

This domain covers Microsoft's cloud identity platform capabilities including authentication methods, conditional access, identity governance, and identity protection. Entra ID is the foundation of Microsoft's identity security.

Key Mechanisms

- Core function: This domain covers Microsoft's cloud identity platform capabilities including authentication methods, conditional access, identity governance, and identity protection. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Microsoft Entra Capabilities Overview 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

This domain covers Microsoft's comprehensive security solution portfolio including Defender family, Sentinel, Purview, and compliance tools. These solutions provide end-to-end security across modern environments.

Key Mechanisms

- Core function: This domain covers Microsoft's comprehensive security solution portfolio including Defender family, Sentinel, Purview, and compliance tools. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition.

Review Path

Review path:

1. Open Azure portal 2. Search for Microsoft Security Solutions Overview 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Input data that Conditional Access policies use to make access decisions. Signals include user identity, location, device state, application being accessed, risk detection, and session characteristics. These signals are evaluated in real-time to determine whether access should be granted, denied, or require additional authentication.

Examples

Common signals include user group membership (Finance team), location (corporate network vs. home), device compliance state (managed vs. unmanaged), application sensitivity (Office 365 vs. custom app), sign-in risk (impossible travel detected), and time of access (business hours vs. after hours).

Key Mechanisms

- Core function: Input data that Conditional Access policies use to make access decisions. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Common signals include user group membership (Finance team), location (corporate network vs. - Decision clue: A financial services company uses location signals to require MFA for users accessing sensitive applications from outside corporate networks, device compliance signals to block access from unmanaged devices, and risk signals to block high-risk sign-ins.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Conditional Access Signals 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The evaluation results made by Conditional Access policies based on analyzed signals. Decisions include Block (deny access completely), Grant (allow access with optional conditions), or Require (additional authentication or compliance before granting access). These decisions are made in real-time during the authentication process.

Examples

Decision examples: Block access from untrusted locations, Grant access for compliant devices, Require MFA for admin roles, Require approved client apps for mobile access, Require device compliance for corporate data, and Require terms of use acceptance.

Key Mechanisms

- Core function: The evaluation results made by Conditional Access policies based on analyzed signals. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Decision examples: Block access from untrusted locations, Grant access for compliant devices, Require MFA for admin roles, Require approved client apps for mobile access, Require device compliance for corporate data, and Require terms of use acceptance. - Decision clue: A healthcare organization configures decisions to block access to patient data from personal devices, require MFA for access outside clinic networks, and grant full access only to compliant devices within trusted locations.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Conditional Access Decisions 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The action taken to implement Conditional Access policy decisions during user authentication. Enforcement occurs at the authentication endpoint and can block access, challenge for additional authentication, require device compliance, or apply session controls. Enforcement happens in real-time and is transparent to applications.

Examples

Enforcement actions include redirecting users to MFA enrollment, blocking sign-in with error messages, requiring device registration, prompting for app protection policies, enforcing session timeouts, and restricting copy/paste functionality in web applications.

Key Mechanisms

- Core function: The action taken to implement Conditional Access policy decisions during user authentication. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Enforcement actions include redirecting users to MFA enrollment, blocking sign-in with error messages, requiring device registration, prompting for app protection policies, enforcing session timeouts, and restricting copy/paste functionality in web applications. - Decision clue: A law firm enforces conditional access by requiring partners to use MFA when accessing case files remotely, blocking access from non-compliant devices, and applying session controls that prevent downloading sensitive documents on personal devices.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Conditional Access Enforcement 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Identity objects in Microsoft Entra ID that represent people who need access to organizational resources. Users can be employees, contractors, partners, or guests with different types of accounts including work accounts, personal Microsoft accounts, and social identities. Each user has attributes, group memberships, and assigned roles and permissions.

Examples

User types include internal employees (john@company.com), external partners (partner@external.com), guest users invited via email, service accounts for applications, and emergency access accounts for break-glass scenarios. Users can be created manually, synchronized from on-premises Active Directory, or provisioned automatically.

Key Mechanisms

- Core function: Identity objects in Microsoft Entra ID that represent people who need access to organizational resources. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: User types include internal employees (john@company.com), external partners (partner@external.com), guest users invited via email, service accounts for applications, and emergency access accounts for break-glass scenarios. - Decision clue: A consulting firm manages different user types: full-time consultants with complete access, client users with limited project access, contractor accounts with temporary permissions, and service accounts for automated systems, all centrally managed through Entra ID.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Entra ID Users 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Collections of users, devices, or other groups in Microsoft Entra ID that simplify permission management and access control. Groups can be security groups for access control, Microsoft 365 groups for collaboration, distribution groups for email, or mail-enabled security groups. Groups can be assigned to applications, resources, and policies.

Examples

Common groups include department groups (Finance, HR, IT), project teams (ProjectAlpha), security groups (ServerAdmins), Microsoft 365 groups with Teams and SharePoint sites, and dynamic groups that automatically update membership based on user attributes.

Key Mechanisms

- Core function: Collections of users, devices, or other groups in Microsoft Entra ID that simplify permission management and access control. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Common groups include department groups (Finance, HR, IT), project teams (ProjectAlpha), security groups (ServerAdmins), Microsoft 365 groups with Teams and SharePoint sites, and dynamic groups that automatically update membership based on user attributes. - Decision clue: A manufacturing company creates security groups for different factory locations, project groups for product development teams, and dynamic groups that automatically add users to relevant access groups based on their department and job title attributes.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Entra ID Groups 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Physical or virtual devices that are registered or joined to Microsoft Entra ID for identity and access management. Devices can be Azure AD joined, hybrid joined, or registered, each providing different levels of organizational control and user experience. Device identity enables conditional access, compliance policies, and single sign-on.

Examples

Device types include corporate laptops (Azure AD joined), personal phones (registered), on-premises domain computers (hybrid joined), virtual machines, and IoT devices. Each device gets a certificate and can be managed through Intune with compliance policies.

Key Mechanisms

- Core function: Physical or virtual devices that are registered or joined to Microsoft Entra ID for identity and access management. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Device types include corporate laptops (Azure AD joined), personal phones (registered), on-premises domain computers (hybrid joined), virtual machines, and IoT devices. - Decision clue: A technology company manages corporate laptops as Azure AD joined devices with full management, allows BYOD phones as registered devices with limited access, and maintains hybrid joined devices for users who need on-premises resources while enabling cloud authentication.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Entra ID Devices 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Defender feature that reduces potential entry points for attackers by limiting application permissions, controlling access to resources, and implementing security rules to prevent malicious activities. ASR rules block specific behaviors commonly used by malware and ransomware.

Examples

ASR rules block Office macros from creating executable files, prevent JavaScript from launching executables, block credential stealing from Windows subsystems, and stop processes from creating child processes unless signed by Microsoft.

Key Mechanisms

- Core function: Microsoft Defender feature that reduces potential entry points for attackers by limiting application permissions, controlling access to resources, and implementing security rules to prevent malicious activities. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: ASR rules block Office macros from creating executable files, prevent JavaScript from launching executables, block credential stealing from Windows subsystems, and stop processes from creating child processes unless signed by Microsoft. - Decision clue: A healthcare organization enables ASR rules to prevent ransomware attacks by blocking Office documents from executing PowerShell, preventing email attachments from launching executables, and restricting access to Windows credential stores.

Review Path

Review path:

1. Open Azure portal 2. Search for Attack Surface Reduction 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Extended Detection and Response (XDR) platform that provides unified security operations across endpoints, identities, email, and cloud applications. XDR correlates threat data across multiple security domains to provide comprehensive attack visibility and automated response capabilities.

Examples

XDR automatically correlates a suspicious email with endpoint activity and identity anomalies, creates unified incidents from multiple alerts, provides attack timeline visualization, and enables coordinated response actions across all security tools.

Key Mechanisms

- Core function: Extended Detection and Response (XDR) platform that provides unified security operations across endpoints, identities, email, and cloud applications. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: XDR automatically correlates a suspicious email with endpoint activity and identity anomalies, creates unified incidents from multiple alerts, provides attack timeline visualization, and enables coordinated response actions across all security tools. - Decision clue: A multinational corporation uses Defender XDR to investigate a phishing campaign that resulted in compromised credentials, lateral movement, and data exfiltration, with XDR providing a complete attack story and automated remediation across all affected systems.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Microsoft Defender XDR 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Sentinel interactive reporting and visualization tool that combines data queries, analytics, and visual elements into comprehensive security dashboards. Workbooks provide customizable views of security data, metrics, and investigation insights using Azure Monitor Workbooks framework.

Examples

Security overview dashboards showing incident trends, threat intelligence workbooks displaying IOC matches, compliance workbooks tracking regulatory requirements, and custom investigation workbooks for specific threat hunting scenarios.

Key Mechanisms

- Core function: Microsoft Sentinel interactive reporting and visualization tool that combines data queries, analytics, and visual elements into comprehensive security dashboards. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Security overview dashboards showing incident trends, threat intelligence workbooks displaying IOC matches, compliance workbooks tracking regulatory requirements, and custom investigation workbooks for specific threat hunting scenarios. - Decision clue: A financial services firm creates executive dashboards showing security posture metrics, SOC analyst workbooks for daily operations, and compliance workbooks demonstrating PCI-DSS monitoring coverage to auditors.

Review Path

Review path:

1. Open Azure portal 2. Search for Workbooks (Dashboards) 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Sentinel capability to consume, correlate, and act upon threat intelligence data from multiple sources including Microsoft, third-party feeds, and custom indicators. Integration enables automatic enrichment of security events with threat context and proactive threat hunting.

Examples

Automatic IOC matching against network traffic, email attachment hash verification, domain reputation checks during DNS queries, IP address correlation with known threat actor infrastructure, and custom threat feed integration.

Key Mechanisms

- Core function: Microsoft Sentinel capability to consume, correlate, and act upon threat intelligence data from multiple sources including Microsoft, third-party feeds, and custom indicators. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Automatic IOC matching against network traffic, email attachment hash verification, domain reputation checks during DNS queries, IP address correlation with known threat actor infrastructure, and custom threat feed integration. - Decision clue: A government agency integrates classified threat feeds with Sentinel to automatically flag traffic matching nation-state indicators, enrich alerts with campaign attribution, and trigger immediate isolation of affected systems.

Review Path

Review path:

1. Open Azure portal 2. Search for Threat Intelligence Integration 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Defender for Cloud capability that provides advanced threat protection for cloud workloads including virtual machines, containers, databases, and serverless resources. CWPP offers runtime protection, vulnerability assessment, and behavioral analysis across multi-cloud environments.

Examples

CWPP protects Azure VMs from malware, monitors Kubernetes containers for suspicious activities, detects SQL injection attempts on databases, and provides security recommendations for serverless functions running unusual code patterns.

Key Mechanisms

- Core function: Microsoft Defender for Cloud capability that provides advanced threat protection for cloud workloads including virtual machines, containers, databases, and serverless resources. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: CWPP protects Azure VMs from malware, monitors Kubernetes containers for suspicious activities, detects SQL injection attempts on databases, and provides security recommendations for serverless functions running unusual code patterns. - Decision clue: An e-commerce company uses CWPP to protect their multi-cloud infrastructure, monitoring Docker containers for cryptocurrency mining malware, securing database workloads against data exfiltration, and providing real-time alerts for compromised virtual machines.

Review Path

Review path:

1. Open Azure portal 2. Search for Cloud Workload Protection Platform (CWPP) 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Foundational Microsoft Defender for Cloud capabilities that provide cloud security posture management and basic security recommendations. Core features include secure score, regulatory compliance dashboard, and fundamental cloud security assessments available in the free tier.

Examples

Core capabilities include tracking security recommendations like enabling disk encryption, monitoring network security groups, assessing resource configurations against Azure Security Benchmark, and providing compliance status for basic regulations.

Key Mechanisms

- Core function: Foundational Microsoft Defender for Cloud capabilities that provide cloud security posture management and basic security recommendations. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Core capabilities include tracking security recommendations like enabling disk encryption, monitoring network security groups, assessing resource configurations against Azure Security Benchmark, and providing compliance status for basic regulations. - Decision clue: A startup uses Defender for Cloud Core to establish baseline cloud security hygiene, monitor their secure score improvements, and ensure basic compliance requirements are met before expanding to premium features.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Defender for Cloud Core 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Advanced Microsoft Defender for Cloud capabilities including workload-specific protections, advanced threat protection, cloud security explorer, and attack path analysis. These premium features provide deep security insights and proactive threat hunting across cloud environments.

Examples

Advanced features include just-in-time VM access, adaptive application controls, file integrity monitoring, container security assessments, and integration with Microsoft Sentinel for centralized security operations.

Key Mechanisms

- Core function: Advanced Microsoft Defender for Cloud capabilities including workload-specific protections, advanced threat protection, cloud security explorer, and attack path analysis. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Advanced features include just-in-time VM access, adaptive application controls, file integrity monitoring, container security assessments, and integration with Microsoft Sentinel for centralized security operations. - Decision clue: A financial institution leverages advanced Defender features for regulatory compliance, using attack path analysis to identify critical security gaps and implementing adaptive controls to prevent unauthorized application execution.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Defender for Cloud Features 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Defender for Cloud capability that provides actionable security recommendations and real-time security alerts. Recommendations guide security improvements while alerts notify of active threats, suspicious activities, and security incidents requiring immediate attention.

Examples

Recommendations include enabling disk encryption, configuring network security groups, and updating vulnerable software. Security alerts detect malware infections, brute force attacks, suspicious PowerShell usage, and unusual network traffic patterns.

Key Mechanisms

- Core function: Microsoft Defender for Cloud capability that provides actionable security recommendations and real-time security alerts. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Recommendations include enabling disk encryption, configuring network security groups, and updating vulnerable software. - Decision clue: A healthcare organization uses recommendations to maintain HIPAA compliance by ensuring patient data encryption and network segmentation, while security alerts provide immediate notification of potential data breach attempts.

Review Path

Review path:

1. Open Azure portal 2. Search for Recommendations & Security Alerts 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Sentinel foundational capabilities that provide Security Information and Event Management (SIEM) and Security Orchestration Automated Response (SOAR) functionality. Core features include data collection, log analytics, threat detection, and incident management across cloud and on-premises environments.

Examples

Core capabilities include collecting security logs from Azure AD, Windows Event Logs, firewall data, and cloud applications, then applying machine learning analytics to detect suspicious patterns and create security incidents for investigation.

Key Mechanisms

- Core function: Microsoft Sentinel foundational capabilities that provide Security Information and Event Management (SIEM) and Security Orchestration Automated Response (SOAR) functionality. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Core capabilities include collecting security logs from Azure AD, Windows Event Logs, firewall data, and cloud applications, then applying machine learning analytics to detect suspicious patterns and create security incidents for investigation. - Decision clue: A multinational corporation uses Sentinel Core to centralize security monitoring across 50+ offices, automatically correlating failed login attempts with network anomalies to detect coordinated attacks and trigger automated response playbooks.

Review Path

Review path:

1. Open Azure portal -> Microsoft Sentinel 2. Search for Sentinel Core 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Purview eDiscovery solutions for legal content search, preservation, and export. Core provides basic search and export capabilities while Premium offers advanced features like predictive coding, conversation threading, and custodian management for complex legal investigations.

Examples

Core eDiscovery enables keyword searches across Exchange, SharePoint, and Teams. Premium adds machine learning for document relevance, communication analysis for threading email conversations, and advanced analytics for large-scale legal reviews.

Key Mechanisms

- Core function: Microsoft Purview eDiscovery solutions for legal content search, preservation, and export. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Core eDiscovery enables keyword searches across Exchange, SharePoint, and Teams. - Decision clue: A law firm uses eDiscovery Premium during merger investigations, employing AI to identify relevant documents from millions of files, preserve custodian data across multiple systems, and export privileged communications for legal review.

Review Path

Review path:

1. Open Microsoft Purview portal 2. Search for eDiscovery (Core & Premium) 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Purview audit capabilities that provide comprehensive activity logging and investigation tools. Standard Audit captures basic user and admin activities while Premium Audit offers extended retention, advanced hunting, and intelligent insights for security investigations.

Examples

Standard Audit logs file access, mailbox changes, and admin actions. Premium extends retention to 10 years, enables advanced hunting queries, provides priority alerts for high-value user activities, and offers bandwidth throttling for large exports.

Key Mechanisms

- Core function: Microsoft Purview audit capabilities that provide comprehensive activity logging and investigation tools. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Standard Audit logs file access, mailbox changes, and admin actions. - Decision clue: A financial institution uses Premium Audit to investigate potential insider trading by tracking executive email access patterns, file downloads during blackout periods, and correlating activities with market events for regulatory reporting.

Review Path

Review path:

1. Open Azure portal 2. Search for Audit (Standard & Premium) 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft Priva foundational privacy management capabilities that help organizations discover, monitor, and manage personal data across their Microsoft 365 environment. Core features include privacy risk assessment, data minimization guidance, and privacy impact analysis.

Examples

Priva Core automatically discovers personal data in emails, documents, and databases, assesses privacy risks like over-collection or retention policy violations, and provides recommendations for data minimization and privacy protection.

Key Mechanisms

- Core function: Microsoft Priva foundational privacy management capabilities that help organizations discover, monitor, and manage personal data across their Microsoft 365 environment. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Priva Core automatically discovers personal data in emails, documents, and databases, assesses privacy risks like over-collection or retention policy violations, and provides recommendations for data minimization and privacy protection. - Decision clue: A retail company uses Priva Core to identify customer personal data across their organization, monitor for GDPR compliance violations, and implement automated policies to minimize personal data collection and retention.

Review Path

Review path:

1. Open Azure portal 2. Search for Priva Core 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Microsoft's comprehensive suite of security products that work together to provide unified threat protection across endpoints, email, applications, and identity. The Defender family includes specialized solutions for different attack surfaces, all integrated through Microsoft Defender XDR for coordinated response.

Examples

The Defender family includes Defender for Office 365 (email protection), Defender for Endpoint (device security), Defender for Identity (identity protection), and Defender for Cloud Apps (cloud application security), all providing telemetry to Defender XDR.

Key Mechanisms

- Core function: Microsoft's comprehensive suite of security products that work together to provide unified threat protection across endpoints, email, applications, and identity. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: The Defender family includes Defender for Office 365 (email protection), Defender for Endpoint (device security), Defender for Identity (identity protection), and Defender for Cloud Apps (cloud application security), all providing telemetry to Defender XDR. - Decision clue: An enterprise deploys the complete Defender family to protect against sophisticated attacks that span multiple systems, enabling automatic correlation of threats detected across email, endpoints, and cloud applications.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Defender Products 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The foundational compliance and data protection capabilities in Microsoft Purview including data classification, sensitivity labeling, data loss prevention, and retention management. These core capabilities form the foundation for comprehensive information protection and compliance management.

Examples

Core capabilities include automatic data classification using machine learning, sensitivity labels for protecting confidential information, DLP policies to prevent data leaks, and retention policies to meet regulatory requirements for data lifecycle management.

Key Mechanisms

- Core function: The foundational compliance and data protection capabilities in Microsoft Purview including data classification, sensitivity labeling, data loss prevention, and retention management. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Core capabilities include automatic data classification using machine learning, sensitivity labels for protecting confidential information, DLP policies to prevent data leaks, and retention policies to meet regulatory requirements for data lifecycle management. - Decision clue: A law firm uses core Purview capabilities to automatically classify legal documents, apply confidential labels to client files, prevent accidental sharing of privileged information, and retain case documents according to legal requirements.

Review Path

Review path:

1. Open Azure portal 2. Search for Core Capabilities 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Sophisticated compliance capabilities in Microsoft Purview that go beyond basic data protection including records management, insider risk management, communication compliance, and advanced eDiscovery. These capabilities address complex regulatory and governance requirements.

Examples

Advanced compliance includes automated records management for regulatory retention, insider risk detection using machine learning, communication compliance for monitoring inappropriate conduct, information barriers to prevent conflicts of interest, and Premium eDiscovery for complex legal matters.

Key Mechanisms

- Core function: Sophisticated compliance capabilities in Microsoft Purview that go beyond basic data protection including records management, insider risk management, communication compliance, and advanced eDiscovery. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Advanced compliance includes automated records management for regulatory retention, insider risk detection using machine learning, communication compliance for monitoring inappropriate conduct, information barriers to prevent conflicts of interest, and Premium eDiscovery for complex legal matters. - Decision clue: A pharmaceutical company uses advanced compliance to manage clinical trial records, detect potential insider trading by employees, monitor communications for regulatory violations, and conduct complex eDiscovery for FDA investigations.

Review Path

Review path:

1. Open Azure portal 2. Search for Advanced Compliance 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The core identity objects in Microsoft Entra ID that represent the fundamental entities for identity and access management. These objects include users, groups, devices, applications, and service principals that form the foundation of organizational identity infrastructure.

Examples

Entra ID objects include user accounts for employees, security groups for access control, device objects for endpoint management, application registrations for SSO, and service principals for automated authentication.

Key Mechanisms

- Core function: The core identity objects in Microsoft Entra ID that represent the fundamental entities for identity and access management. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Entra ID objects include user accounts for employees, security groups for access control, device objects for endpoint management, application registrations for SSO, and service principals for automated authentication. - Decision clue: A multinational corporation manages thousands of Entra ID objects including employee user accounts across regions, security groups for different business units, registered devices for BYOD programs, and service principals for automated business applications.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Entra ID Objects 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A cloud-based network security service that protects Azure resources from Distributed Denial of Service (DDoS) attacks. Azure DDoS Protection provides always-on traffic monitoring and automatic attack mitigation, with two tiers: Basic (free, automatic) and Standard (paid, with advanced features, adaptive tuning, and attack analytics).

Examples

Azure DDoS Protection Standard detects and mitigates volumetric attacks (overwhelming bandwidth), protocol attacks (exploiting layer 3/4 vulnerabilities), and resource layer attacks. Features include real-time attack metrics, diagnostic logs, adaptive tuning based on application traffic patterns, and DDoS Rapid Response (DRR) support for critical attacks.

Key Mechanisms

- Core function: A cloud-based network security service that protects Azure resources from Distributed Denial of Service (DDoS) attacks. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Azure DDoS Protection Standard detects and mitigates volumetric attacks (overwhelming bandwidth), protocol attacks (exploiting layer 3/4 vulnerabilities), and resource layer attacks. - Decision clue: An e-commerce company uses Azure DDoS Protection Standard to safeguard their public-facing web application.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure DDoS Protection 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A cloud-native, intelligent network firewall security service that provides threat protection for cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability, unrestricted cloud scalability, and integration with Azure Monitor for logging and analytics.

Examples

Azure Firewall supports application FQDN filtering rules, network traffic filtering rules, FQDN tags for Microsoft services, threat intelligence-based filtering to block known malicious IPs, outbound SNAT and inbound DNAT for connectivity, integration with Azure Sentinel for advanced threat detection, and forced tunneling for on-premises security appliances.

Key Mechanisms

- Core function: A cloud-native, intelligent network firewall security service that provides threat protection for cloud workloads running in Azure. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Azure Firewall supports application FQDN filtering rules, network traffic filtering rules, FQDN tags for Microsoft services, threat intelligence-based filtering to block known malicious IPs, outbound SNAT and inbound DNAT for connectivity, integration with Azure Sentinel for advanced threat detection, and forced tunneling for on-premises security appliances. - Decision clue: A healthcare provider deploys Azure Firewall as the central security control point for their Azure hub-and-spoke network.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Firewall 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A security service that provides centralized protection of web applications from common web exploits and vulnerabilities. Azure WAF can be deployed with Azure Application Gateway, Azure Front Door, or Azure CDN, using OWASP Core Rule Sets (CRS) to protect against attacks like SQL injection, cross-site scripting (XSS), and other web attacks.

Examples

Azure WAF provides managed rule sets including OWASP Top 10 protections, bot protection rules, custom rule creation, geo-filtering to block/allow specific countries, rate limiting to prevent abuse, exclusion lists for false positive handling, and detailed logging with Azure Monitor integration for security analytics.

Key Mechanisms

- Core function: A security service that provides centralized protection of web applications from common web exploits and vulnerabilities. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Azure WAF provides managed rule sets including OWASP Top 10 protections, bot protection rules, custom rule creation, geo-filtering to block/allow specific countries, rate limiting to prevent abuse, exclusion lists for false positive handling, and detailed logging with Azure Monitor integration for security analytics. - Decision clue: An online banking portal uses Azure WAF with Application Gateway to protect customer-facing web applications.

Review Path

Review path:

1. Open Azure portal 2. Search for Web Application Firewall (WAF) 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The practice of dividing a network into multiple segments or subnets to improve security, performance, and management. Azure Virtual Networks (VNets) enable network segmentation in the cloud, allowing you to isolate resources, control traffic flow between segments, and implement defense-in-depth by creating security boundaries within your Azure environment.

Examples

Network segmentation strategies include creating separate subnets for web tier, application tier, and database tier; using Network Security Groups (NSGs) to control traffic between subnets; implementing hub-and-spoke topology for centralized security controls; deploying Azure Firewall in the hub for traffic inspection; and using VNet peering with custom routes to control inter-VNet communication.

Key Mechanisms

- Core function: The practice of dividing a network into multiple segments or subnets to improve security, performance, and management. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Network segmentation strategies include creating separate subnets for web tier, application tier, and database tier; using Network Security Groups (NSGs) to control traffic between subnets; implementing hub-and-spoke topology for centralized security controls; deploying Azure Firewall in the hub for traffic inspection; and using VNet peering with custom routes to control inter-VNet communication. - Decision clue: A financial services company implements network segmentation using Azure VNets with a three-tier architecture: a DMZ subnet for internet-facing load balancers with public IPs, an application subnet for web servers (no public IPs), and a data subnet for SQL databases (completely isolated).

Review Path

Review path:

1. Open Azure portal 2. Search for Network Segmentation with Azure Virtual Networks 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Azure network filters that contain security rules to allow or deny inbound and outbound network traffic to Azure resources within a virtual network. NSGs act as distributed firewalls that can be associated with subnets or individual network interfaces, using 5-tuple information (source IP, source port, destination IP, destination port, protocol) to evaluate traffic.

Examples

NSG rules include priority-based evaluation (lower numbers processed first), default rules for VNet traffic and load balancer health probes, service tags for predefined IP groups (like AzureCloud, Internet, SQL), application security groups (ASGs) for grouping resources, flow logs for traffic analytics, and diagnostic logging. Common rules: allow HTTPS (443) inbound from Internet, allow SQL (1433) from app subnet only, deny all other inbound traffic.

Key Mechanisms

- Core function: Azure network filters that contain security rules to allow or deny inbound and outbound network traffic to Azure resources within a virtual network. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: NSG rules include priority-based evaluation (lower numbers processed first), default rules for VNet traffic and load balancer health probes, service tags for predefined IP groups (like AzureCloud, Internet, SQL), application security groups (ASGs) for grouping resources, flow logs for traffic analytics, and diagnostic logging. - Decision clue: A SaaS company uses NSGs to secure their Azure infrastructure: web subnet NSG allows inbound 443 from Internet using 'Internet' service tag and outbound 443 to app subnet using ASG; app subnet NSG allows inbound 443 only from web ASG, outbound 1433 to database ASG; database subnet NSG allows inbound 1433 only from app ASG, denies all other traffic.

Review Path

Review path:

1. Open Azure portal 2. Search for Network Security Groups (NSGs) 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A fully managed platform-as-a-service (PaaS) that provides secure and seamless RDP and SSH connectivity to virtual machines directly from the Azure portal over TLS. Azure Bastion eliminates the need for public IP addresses on VMs, jump boxes, or VPN connections, reducing the attack surface while providing secure remote access.

Examples

Azure Bastion features include browser-based access to VMs without RDP/SSH clients, connections over port 443 using TLS for firewall traversal, protection against port scanning and zero-day exploits, integration with Azure RBAC for access control, native support for copy/paste operations, session recording for audit compliance, and support for native RDP/SSH clients in Standard SKU.

Key Mechanisms

- Core function: A fully managed platform-as-a-service (PaaS) that provides secure and seamless RDP and SSH connectivity to virtual machines directly from the Azure portal over TLS. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Azure Bastion features include browser-based access to VMs without RDP/SSH clients, connections over port 443 using TLS for firewall traversal, protection against port scanning and zero-day exploits, integration with Azure RBAC for access control, native support for copy/paste operations, session recording for audit compliance, and support for native RDP/SSH clients in Standard SKU. - Decision clue: A managed service provider (MSP) uses Azure Bastion to provide secure access to customer VMs.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Bastion 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A cloud service for securely storing and accessing secrets, encryption keys, and certificates. Azure Key Vault helps solve the problem of securely managing application secrets, cryptographic keys for encryption operations, and SSL/TLS certificates, providing centralized secret management with access logging, RBAC integration, and hardware security module (HSM) protection options.

Examples

Azure Key Vault capabilities include secret management (API keys, passwords, connection strings), key management with HSM-backed keys for encryption operations, certificate management with auto-renewal from certificate authorities, soft-delete and purge protection for recovery, access policies and RBAC for granular permissions, virtual network service endpoints for network isolation, and integration with Azure services like App Service, VMs, and Storage for managed identities to retrieve secrets.

Key Mechanisms

- Core function: A cloud service for securely storing and accessing secrets, encryption keys, and certificates. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Azure Key Vault capabilities include secret management (API keys, passwords, connection strings), key management with HSM-backed keys for encryption operations, certificate management with auto-renewal from certificate authorities, soft-delete and purge protection for recovery, access policies and RBAC for granular permissions, virtual network service endpoints for network isolation, and integration with Azure services like App Service, VMs, and Storage for managed identities to retrieve secrets. - Decision clue: A software company stores database connection strings, API keys for third-party services, and encryption keys in Azure Key Vault.

Review Path

Review path:

1. Open Azure portal 2. Search for Azure Key Vault 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A threat intelligence solution that provides security teams with comprehensive insights into threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IoCs), and vulnerability intelligence. Formerly known as RiskIQ, Defender Threat Intelligence helps organizations understand their internet-facing attack surface and proactively defend against threats.

Examples

Defender Threat Intelligence features include threat actor profiles with detailed intelligence on adversaries, indicators of compromise (IP addresses, domains, file hashes) linked to campaigns, infrastructure analysis showing relationships between malicious entities, vulnerability intelligence prioritized by exploitation activity, attack surface insights for internet-facing assets, intel articles about emerging threats, and integration with Microsoft Defender products for automated protection.

Key Mechanisms

- Core function: A threat intelligence solution that provides security teams with comprehensive insights into threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IoCs), and vulnerability intelligence. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Defender Threat Intelligence features include threat actor profiles with detailed intelligence on adversaries, indicators of compromise (IP addresses, domains, file hashes) linked to campaigns, infrastructure analysis showing relationships between malicious entities, vulnerability intelligence prioritized by exploitation activity, attack surface insights for internet-facing assets, intel articles about emerging threats, and integration with Microsoft Defender products for automated protection. - Decision clue: A retail company's security team uses Defender Threat Intelligence to investigate a phishing campaign targeting employees.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Microsoft Defender Threat Intelligence 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The unified security portal (security.microsoft.com) that brings together security capabilities from Microsoft Defender XDR, Microsoft Defender for Cloud, and Microsoft Sentinel. The portal provides a centralized location for security teams to monitor threats, investigate incidents, hunt for threats, and manage security posture across endpoints, identities, email, applications, and cloud workloads.

Examples

Microsoft Defender Portal features include a unified incidents queue consolidating alerts across products, investigation pages with attack timeline and entity details, threat analytics showing global threat intelligence, advanced hunting for custom threat queries using Kusto Query Language (KQL), automated investigation and response (AIR) capabilities, secure score for posture management, reports and dashboards, and integration with Microsoft Sentinel for SIEM capabilities.

Key Mechanisms

- Core function: The unified security portal (security.microsoft.com) that brings together security capabilities from Microsoft Defender XDR, Microsoft Defender for Cloud, and Microsoft Sentinel. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Defender Portal features include a unified incidents queue consolidating alerts across products, investigation pages with attack timeline and entity details, threat analytics showing global threat intelligence, advanced hunting for custom threat queries using Kusto Query Language (KQL), automated investigation and response (AIR) capabilities, secure score for posture management, reports and dashboards, and integration with Microsoft Sentinel for SIEM capabilities. - Decision clue: A security operations center (SOC) uses Microsoft Defender Portal as their primary workspace.

Review Path

Review path:

1. Open Microsoft Defender portal 2. Search for Microsoft Defender Portal 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The unified compliance portal (compliance.microsoft.com, now integrated into purview.microsoft.com) that serves as the central hub for managing data governance, compliance, and risk solutions across Microsoft 365 and Azure. The portal provides access to compliance tools including data classification, sensitivity labels, DLP, retention, eDiscovery, insider risk management, and compliance score.

Examples

Microsoft Purview Portal features include a compliance score dashboard showing regulatory compliance posture, data classification explorer showing sensitive data distribution, solution catalog for deploying compliance capabilities, alerts and reports for policy violations, data connectors for third-party data ingestion, role-based access control for compliance admins, and integration with Microsoft 365, Azure, and third-party services.

Key Mechanisms

- Core function: The unified compliance portal (compliance.microsoft.com, now integrated into purview.microsoft.com) that serves as the central hub for managing data governance, compliance, and risk solutions across Microsoft 365 and Azure. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Microsoft Purview Portal features include a compliance score dashboard showing regulatory compliance posture, data classification explorer showing sensitive data distribution, solution catalog for deploying compliance capabilities, alerts and reports for policy violations, data connectors for third-party data ingestion, role-based access control for compliance admins, and integration with Microsoft 365, Azure, and third-party services. - Decision clue: A compliance officer uses Microsoft Purview Portal daily to monitor organizational compliance.

Review Path

Review path:

1. Open Microsoft Purview portal 2. Search for Microsoft Purview Portal 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A tool within Microsoft Purview that provides visibility into where sensitive information and labeled content exists across the organization. Content Explorer allows administrators to view actual content containing sensitive information types or carrying sensitivity labels, enabling them to verify data classification accuracy and understand data distribution for compliance purposes.

Examples

Content Explorer capabilities include viewing items by sensitivity label or sensitive information type, filtering by location (SharePoint, OneDrive, Exchange, Teams), exporting lists of classified content for reporting, drilling down to see actual document content (with appropriate permissions), tracking label adoption across the organization, identifying unlabeled sensitive content, and integrating with Content Search for further investigation.

Key Mechanisms

- Core function: A tool within Microsoft Purview that provides visibility into where sensitive information and labeled content exists across the organization. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Content Explorer capabilities include viewing items by sensitivity label or sensitive information type, filtering by location (SharePoint, OneDrive, Exchange, Teams), exporting lists of classified content for reporting, drilling down to see actual document content (with appropriate permissions), tracking label adoption across the organization, identifying unlabeled sensitive content, and integrating with Content Search for further investigation. - Decision clue: A data governance team uses Content Explorer to audit PII data.

Review Path

Review path:

1. Open Azure portal 2. Search for Content Explorer 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

A monitoring tool in Microsoft Purview that tracks and reports on activities related to labeled content and sensitive information across Microsoft 365 services. Activity Explorer provides insights into how users are interacting with sensitive data, what label changes are occurring, and where potential compliance risks exist based on user behavior patterns.

Examples

Activity Explorer tracks activities including label applied/changed/removed on documents, files accessed/downloaded/shared/deleted, sensitive info detected in content, DLP policy matches, retention label events, and user activities across Exchange, SharePoint, OneDrive, Teams, and third-party apps. Filters include date range, users, labels, sensitive info types, locations, and activity types. Data can be exported for extended reporting and analysis.

Key Mechanisms

- Core function: A monitoring tool in Microsoft Purview that tracks and reports on activities related to labeled content and sensitive information across Microsoft 365 services. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Activity Explorer tracks activities including label applied/changed/removed on documents, files accessed/downloaded/shared/deleted, sensitive info detected in content, DLP policy matches, retention label events, and user activities across Exchange, SharePoint, OneDrive, Teams, and third-party apps. - Decision clue: A security team investigates a potential data leak using Activity Explorer.

Review Path

Review path:

1. Open Azure portal 2. Search for Activity Explorer 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Metadata tags in Microsoft Purview that can be applied to individual documents and emails to manage their lifecycle, specifying how long content should be retained, when retention starts, and what happens at the end of the retention period (delete or review). Unlike retention policies that apply broadly, retention labels provide item-level control and can be applied manually by users or automatically.

Examples

Retention labels can specify retention periods (7 years for tax records), start retention based on events (employee termination, contract end), classify content as records or regulatory records (preventing deletion or modification), trigger disposition review at retention end, apply automatically based on keywords/sensitive info types/trainable classifiers, or be published for manual application by users. Labels travel with content if moved between locations.

Key Mechanisms

- Core function: Metadata tags in Microsoft Purview that can be applied to individual documents and emails to manage their lifecycle, specifying how long content should be retained, when retention starts, and what happens at the end of the retention period (delete or review). - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Retention labels can specify retention periods (7 years for tax records), start retention based on events (employee termination, contract end), classify content as records or regulatory records (preventing deletion or modification), trigger disposition review at retention end, apply automatically based on keywords/sensitive info types/trainable classifiers, or be published for manual application by users. - Decision clue: A law firm creates retention labels for different document types: 'Client Matter' label retains documents for 7 years after matter closes (event-based retention), 'Legal Brief - Record' marks documents as regulatory records that cannot be edited or deleted, 'Discovery Material' retains for 10 years then triggers disposition review, and 'Internal Memo' retains for 3 years then auto-deletes.

Review Path

Review path:

1. Open Microsoft Purview portal 2. Search for Retention Labels 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Configurations in Microsoft Purview that determine where retention labels are available for use and how they're applied to content. Label policies publish labels to specific locations (SharePoint sites, Microsoft 365 Groups, mailboxes) making them available for manual application by users, set default labels for locations, or configure auto-apply conditions to automatically label content based on keywords, sensitive information types, trainable classifiers, or metadata properties.

Examples

Retention label policy types include publish policies (make labels available in Outlook, Word, Excel, SharePoint for manual user application), auto-apply policies based on keywords (label documents containing 'confidential' or 'proprietary'), auto-apply based on sensitive info types (label any document with credit card numbers), auto-apply using trainable classifiers (label contracts, source code, resumes), and auto-apply for cloud attachments in Teams and Yammer.

Key Mechanisms

- Core function: Configurations in Microsoft Purview that determine where retention labels are available for use and how they're applied to content. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Retention label policy types include publish policies (make labels available in Outlook, Word, Excel, SharePoint for manual user application), auto-apply policies based on keywords (label documents containing 'confidential' or 'proprietary'), auto-apply based on sensitive info types (label any document with credit card numbers), auto-apply using trainable classifiers (label contracts, source code, resumes), and auto-apply for cloud attachments in Teams and Yammer. - Decision clue: A manufacturing company creates retention label policies: (1) Publish policy makes 'Engineering Specs' and 'Manufacturing Records' labels available to Engineering SharePoint sites and Teams, allowing engineers to manually classify documents.

Review Path

Review path:

1. Open Microsoft Purview portal 2. Search for Retention Label Policies 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Built-in role-based access control (RBAC) roles in Microsoft Entra ID that define administrative permissions for managing identity and access resources. Entra ID roles are separate from Azure RBAC roles and are specifically designed for identity management tasks. These roles follow the principle of least privilege, allowing organizations to grant only the permissions necessary for administrators to perform their jobs.

Examples

Key Entra ID roles include Global Administrator (full access to all features), User Administrator (create/manage users and groups), Security Administrator (manage security features, read reports), Privileged Role Administrator (manage role assignments), Conditional Access Administrator (manage conditional access policies), Authentication Administrator (reset passwords, configure auth methods), Groups Administrator (manage group creation and settings), and Application Administrator (manage app registrations and enterprise apps). Roles can be assigned permanently or using Privileged Identity Management (PIM) for time-limited, approval-based elevation.

Key Mechanisms

- Core function: Built-in role-based access control (RBAC) roles in Microsoft Entra ID that define administrative permissions for managing identity and access resources. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Key Entra ID roles include Global Administrator (full access to all features), User Administrator (create/manage users and groups), Security Administrator (manage security features, read reports), Privileged Role Administrator (manage role assignments), Conditional Access Administrator (manage conditional access policies), Authentication Administrator (reset passwords, configure auth methods), Groups Administrator (manage group creation and settings), and Application Administrator (manage app registrations and enterprise apps). - Decision clue: An IT department follows least privilege by assigning specific Entra ID roles: Service desk receives Authentication Administrator to reset user passwords only (not full User Administrator).

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Microsoft Entra ID Roles 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

The authorization system for Microsoft Entra ID that controls access to identity resources based on assigned roles. RBAC enables delegation of administrative tasks by granting specific permissions through role assignments, which consist of three elements: security principal (who), role definition (what permissions), and scope (where the permissions apply - directory level, administrative unit, or specific objects).

Examples

RBAC concepts include built-in roles with predefined permissions, custom roles for specific organizational needs, role assignments linking principals to roles at specific scopes, administrative units for delegating management of specific groups/users (like regional admins for regional offices), eligible vs active assignments in PIM, time-bound assignments with start/end dates, and role assignment conditions using attributes for fine-grained control.

Key Mechanisms

- Core function: The authorization system for Microsoft Entra ID that controls access to identity resources based on assigned roles. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: RBAC concepts include built-in roles with predefined permissions, custom roles for specific organizational needs, role assignments linking principals to roles at specific scopes, administrative units for delegating management of specific groups/users (like regional admins for regional offices), eligible vs active assignments in PIM, time-bound assignments with start/end dates, and role assignment conditions using attributes for fine-grained control. - Decision clue: A multinational corporation uses Entra ID RBAC with administrative units for regional delegation.

Review Path

Review path:

1. Open Microsoft Entra admin center 2. Search for Role-Based Access Control (RBAC) for Entra ID 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Directory services are specialized databases that store and organize information about network resources such as users, computers, and applications. Active Directory (AD) is Microsoft's on-premises directory service, while Microsoft Entra ID (formerly Azure AD) is the cloud-based directory and identity service. Understanding these concepts is crucial for hybrid identity scenarios where organizations synchronize on-premises AD with Entra ID using Entra Connect.

Examples

Key directory concepts include domains (security boundaries), organizational units (OUs) for logical grouping and Group Policy application, domain controllers (servers hosting AD), forests and trees (hierarchical structures), LDAP (Lightweight Directory Access Protocol) for directory queries, Kerberos authentication in AD, group policies for centralized configuration management, Active Directory Domain Services (AD DS) as the core service, and Entra Connect for synchronizing identities between on-premises AD and cloud Entra ID.

Key Mechanisms

- Core function: Directory services are specialized databases that store and organize information about network resources such as users, computers, and applications. - Category fit: This concept belongs to microsoft compliance solutions and should be identified by purpose, not just by name recognition. - Real signal: Key directory concepts include domains (security boundaries), organizational units (OUs) for logical grouping and Group Policy application, domain controllers (servers hosting AD), forests and trees (hierarchical structures), LDAP (Lightweight Directory Access Protocol) for directory queries, Kerberos authentication in AD, group policies for centralized configuration management, Active Directory Domain Services (AD DS) as the core service, and Entra Connect for synchronizing identities between on-premises AD and cloud Entra ID. - Decision clue: A traditional enterprise maintains on-premises Active Directory with domain controllers, OUs for different departments, and group policies for security settings.

Review Path

Review path:

1. Open Azure portal 2. Search for Directory Services and Active Directory Concepts 3. Identify what business or security problem it solves within microsoft compliance solutions 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.

Explanation

Multi-factor authentication requires users to present more than one type of verification, such as something they know, have, or are. It reduces the risk of password-only compromise and is a core identity protection concept for SC-900.

Examples

include a password plus an authenticator app approval, password plus FIDO2 security key, or password plus a biometric verification.

Key Mechanisms

- Core function: Multi-factor authentication requires users to present more than one type of verification, such as something they know, have, or are. - Category fit: This concept belongs to microsoft entra identity and access and should be identified by purpose, not just by name recognition. - Real signal: Examples include a password plus an authenticator app approval, password plus FIDO2 security key, or password plus a biometric verification. - Decision clue: An organization enables MFA for all administrators and high-risk sign-ins so that stolen passwords alone are not enough to access sensitive systems.

Review Path

Review path:

1. Open Azure portal 2. Search for Multi-Factor Authentication Basics 3. Identify what business or security problem it solves within microsoft entra identity and access 4. Compare it with the nearest related Microsoft feature so the boundary is clear 5. Capture one exam note: when this is the right answer and when it is not

Study focus: Keep this at SC-900 fundamentals depth. You should know purpose, scope, and best-fit usage before learning deep implementation steps.