Following on from an earlier post, this post covers the Security and Compliance area of Microsoft certifications and how they may be of relevance from a security perspective.
Security and Compliance
The SC line of certifications are the newest from Microsoft, only launched in 2021.
As such, the exams have been refreshed since then but no certifications have been retired.
The topics here are focused on securing customer assets using Microsoft security technologies (Sentinel, Defender for X, MCAS (now Defender for Cloud Apps)), data loss prevention and data governance using Microsoft data technologies, and coverage of AzureAD users and service principals.
The available certifications are the five listed below:
- Microsoft Certified: Security, Compliance, and Identity Fundamentals
- Microsoft Certified: Security Operations Analyst Associate
- Microsoft Certified: Identity and Access Administrator Associate
- Microsoft Certified: Information Protection and Compliance Administrator Associate
- Microsoft Certified: Cybersecurity Architect Expert
Analysis
The overall Security and Compliance area is highly focused, each certification is about a different set of Microsoft technologies and there's little overlap.
The Fundamentals offering is as expected a quick introduction to the topics and is generally useful if you have limited experience or not sure on which area is of most relevance.
Security Operations Analyst is popular with MSSPs/consultancies that specialise in Sentinel and Defender work due to its focus on these technologies.
It's a good base however note the study breakdown focused very heavily on Sentinel - if you primarily just work with one of the Defender products, the certification material may not be enough and you'll need to read additional documentation on the specific Defender solution.
Identity and Access Administrator is an excellent offering, chiefly as it covers users and related topics in AzureAD (Entra ID), which is essential to securing Microsoft cloud offerings, whether user or customer facing.
Conversely, Information Protection and Compliance Administrator is a very bespoke study path - it's all about data loss prevention, data lifecycle, labelling, and similar - while important, this is an area of work that is typically well established in most organisations.
At the Expert tier, the Cybersecurity Architect covers design of security solutions, rather than business as usual administration - this is in contrast to the Associate level certifications as these are task-focused. As such, it is a good knowledge supplement once you're experienced enough to consider implementing security solutions yourself, but it is considerably less hands-on in focus, rather being about Zero Trust architecture and design.