Microsoft Certified: Cybersecurity Architect Expert (AZ500-SC100)

This eight-day certification track training is composed of two parts:

This four-day Microsoft certified course provides IT Security Professionals with the knowledge and skills needed to implement security controls, maintain an organization’s security posture, and identify and remediate security vulnerabilities. This course includes security for identity and access, platform protection, data and applications, and security operations.

This four-day Microsoft certified course prepares students with the background to design and evaluate cybersecurity strategies in the following areas: Zero Trust, Governance Risk Compliance (GRC), security operations (SecOps), and data and applications. Students will also learn how to design and architect solutions using zero trust principles and specify security requirements for cloud infrastructure in different service models (SaaS, PaaS, IaaS).

This training is a comprehensive preparation to the AZ-500 and SC-100 exams for obtaining the Microsoft Certified: Cybersecurity Architect Expert certification.

Module 1: Manage Identity and Access

This module covers Microsoft Entra ID, Azure Identity Protection, Enterprise Governance, Azure AD PIM, and Hybrid Identity.

• Microsoft Entra ID
• Azure Identity Protection
• Enterprise Governance
• Azure AD Privileged Identity Management
• Hybrid Identity

Module 2: Implement Platform Protection

This module covers perimeter, network, host, and container security.

• Perimeter Security
• Network Security
• Host Security
• Container Security

Module 3: Secure Data and Applications

This module covers Azure Key Vault, application security, storage security, and SQL database security.

• Azure Key Vault
• Application Security
• Storage Security
• SQL Database Security

Module 4: Manage Security Operations

This module covers Azure Monitor, Azure Security Center, and Azure Sentinel.

• Azure Monitor
• Azure Security Center
• Azure Sentinel

Microsoft Cybersecurity Architect (SC-100T00)

Module 1: Introduction to Zero Trust and best practice frameworks

• Introduction to Zero Trust
• Zero Trust initiatives
• Zero Trust technology pillars part 1
• Zero Trust technology pillars part 2
• Design solutions that align with the Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF)
• Define a security strategy
• Introduction to the Cloud Adoption Framework
• Cloud Adoption Framework secure methodology
• Introduction to Azure Landing Zones
• Design security with Azure Landing Zones
• Introduction to the Well-Architected Framework
• The Well-Architected Framework security pillar

Module 2: Design solutions that align with the Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF)

• Introduction to the Cloud Adoption Framework
• Cloud Adoption Framework secure methodology
• Introduction to Azure Landing Zones
• Design security with Azure Landing Zones
• Introduction to the Well-Architected Framework
• The Well-Architected Framework security pillar

Module 3: Design solutions that align with the Microsoft Cybersecurity Reference Architecture (MCRA) and Microsoft cloud security benchmark (MCSB)

• Design a resiliency strategy for common cyberthreats like ransomware
• Common cyberthreats and attack patterns
• Support business resiliency
• Ransomware protection
• Configurations for secure backup and restore
• Security updates
• Case study: Design solutions that align with security best practices and priorities
• Case study description
• Case study answers
• Conceptual walkthrough
• Technical walkthrough

Module 4: Design a resiliency strategy for common cyberthreats like ransomware

• Common cyberthreats and attack patterns
• Support business resiliency
• Ransomware protection
• Configurations for secure backup and restore
• Security updates

Module 5: Case study: Design solutions that align with security best practices and priorities

• Case study description
• Case study answers
• Conceptual walkthrough
• Technical walkthrough

Module 6: Design solutions for regulatory compliance

• Translate compliance requirements into a security solution
• Address compliance requirements with Microsoft Purview
• Address privacy requirements with Microsoft Priva
• Address security and compliance requirements with Azure policy
• Evaluate infrastructure compliance with Defender for Cloud

Module 7: Design solutions for identity and access management

• Design cloud, hybrid and multicloud access strategies (including Microsoft Entra ID)
• Design a solution for external identities
• Design modern authentication and authorization strategies
• Align conditional access and Zero Trust
• Specify requirements to secure Active Directory Domain Services (AD DS)
• Design solutions for securing privileged access
• Design a solution to manage secrets, keys, and certificates

Module 8: Design solutions for securing privileged access

• The enterprise access model
• Design identity governance solutions
• Design a solution to secure tenant administration
• Design a solution for cloud infrastructure entitlement management (CIEM)
• Design a solution for privileged access workstations and bastion services

Module 9: Design solutions for security operations

• Design security operations capabilities in hybrid and multicloud environments
• Design centralized logging and auditing
• Design security information and event management (SIEM) solutions
• Design solutions for detection and response
• Design a solution for security orchestration, automation, and response (SOAR)
• Design security workflows
• Design threat detection coverage

Module 10: Case study: Design security operations, identity and compliance capabilities

• Case study description
• Case study answers
• Conceptual walkthrough
• Technical walkthrough

Module 11: Design solutions for securing Microsoft 365

• Evaluate security posture for collaboration and productivity workloads
• Design a Microsoft 365 Defender solution
• Design configurations and operational practices for Microsoft 365

Module 12: Design solutions for securing applications

• Design and implement standards to secure application development
• Evaluate security posture of existing application portfolios
• Evaluate application threats with threat modeling
• Design security lifecycle strategy for applications
• Secure access for workload identities
• Design a solution for API management and security
• Design a solution for secure access to applications

Module 13: Design solutions for securing an organization's data

• Design a solution for data discovery and classification using Microsoft Purview
• Design a solution for data protection
• Design data security for Azure workloads
• Design security for Azure Storage
• Design a security solution with Microsoft Defender for SQL and Microsoft Defender for Storage

Module 14: Case study: Design security solutions for applications and data

• Case study description
• Case study answers
• Conceptual walkthrough
• Technical walkthrough

Module 15: Specify requirements for securing SaaS, PaaS, and IaaS services

• Specify security baselines for SaaS, PaaS, and IaaS services
• Specify security requirements for web workloads
• Specify security requirements for containers and container orchestration

Module 16: Design solutions for security posture management in hybrid and multicloud environments

• Evaluate security posture by using Microsoft Cloud Security Benchmark
• Design integrated posture management and workload protection
• Evaluate security posture by using Microsoft Defender for Cloud
• Posture evaluation with Microsoft Defender for Cloud secure score
• Design cloud workload protection with Microsoft Defender for Cloud
• Integrate hybrid and multicloud environments with Azure Arc
• Design a solution for external attack surface management

Module 17: Design solutions for securing server and client endpoints

• Specify server security requirements
• Specify requirements for mobile devices and clients
• Specify internet of things (IoT) and embedded device security requirements
• Secure operational technology (OT) and industrial control systems (ICS) with Microsoft Defender for IoT
• Specify security baselines for server and client endpoints
• Design a solution for secure remote access

Module 18: Design solutions for network security

• Design solutions for network segmentation
• Design solutions for traffic filtering with network security groups
• Design solutions for network posture management
• Design solutions for network monitoring

Module 19: Case study: Design security solutions for infrastructure

• Case study description
• Case study answers
• Conceptual walkthrough
• Technical walkthrough