Having worked for Microsoft partners, and with Microsoft technologies, getting certified by Microsoft can be useful - however, like so many other vendors, Microsoft offers a large selection of certifications, and retires and launches new certifications on a regular basis.
Following on from an earlier post, this post is the first in a series of articles covering the overall MS certification offering and how it may be of relevance from a security perspective.
More details have been added for specific areas in the MS365, Azure, and Security and Compliance pages.
Short Summary / TLDR
Based on my experience, there are three MS certifications that are valued much higher than others:
- Base: AZ-900 Azure Fundamentals
- Partner relevant: AZ-500 Azure Security Engineer + SC-200 Security Operations Analyst (or the no-longer offered MS-500 Security Administrator)
Other certifications have their value and the training material can be quite relevant, but above three have overall highest recognition and topic coverage for security roles.
Disclaimer
I have an inherent bias as I have a number of Microsoft certifications due to working for Microsoft partners.
This doesn't make MS certifications necessarily better.
Nor will a certification land you a job - I didn't have my first Azure certification until I was already employed by a partner.
Certification streams
Microsoft offers various certifications, split along either:
- experience level (Fundamentals, Associate, Expert and Specialty), and
- area: MS365, Azure, Security and Compliance, Data, AI, Power Platform, Dynamics365
Exam codes generally match the subject area: MS (MS365), AZ (Azure), SC (Security and Compliance), DP (Data), AI (AI), PL (Power Platform) and MB (Dynamics 365).
There are also MS Office - related certifications and exams however these are generally not helpful for security goals.
Experience Level
While the are four levels listed (Fundamentals, Associate, Expert and Specialty), the way the certification program is structured means that the main difference is at Fundamentals vs everything else.
Specifically:
- Fundamentals certifications have a (usually) predictable exam code of 900 (e.g. AZ-900)
- Fundamentals exams are a one time fee, and are lifetime - no renewal is required.
- Fundamentals exams are short with few questions
- Fundamentals exam assume limited experience
- Fundamentals certifications are not a pre-requisite for any other
Conversely, all the other tiers have:
- Longer and more difficult exams
- Annual renewal required via a free online assessment
- Most Specialty and Associate certifications have no pre-requisites; all Expert certifications have an Associate as a pre-requisite.
Subject Areas
In the general case, the most relevant streams are the big three of MS365, Azure, and Security and Compliance.
Naturally this varies - e.g. it is helpful to get familiar with Power Platform fundamentals to understand the security implications, if you are looking at how to secure it.
MS365
MS365 is the evolution of traditional IT - what MS calls "Modern Workplace". Security concerns are all about users and the cloud services coverage focuses on the MS365 SaaS offerings.
There is a wealth of learning material here for securing AzureAD (Entra ID) and endpoints, as well as messaging-related materials.
Azure
The AZ line of certifications is centred on running Cloud workloads - specifically, in Azure cloud.
Administering these is the focus, as is securing them.
All coverage of Platform as a Service / Infrastructure as a Service is in this subject area.
Security and Compliance
The SC line of certifications are all about Microsoft security solutions.
That is, these cover various Defender for X products, the Sentinel SIEM/SOAR, Microsoft DLP and data governance solutions, and AzureAD (Entra ID) identity model.