
Explore security, compliance, and identity fundamentals, including encryption, hashing, authentication, and authorization, while previewing Azure Active Directory capabilities and Microsoft security and compliance solutions for the SC-900 prep.
Master Udemy video navigation and playback controls, including speed, volume, subtitles, and quality, access course content, resources, notes, and Q&A, track updates, rate the course, and download your certificate.
Explore SC-900 prep course on Microsoft security, compliance, and identity fundamentals, covering exam skills outline, defence in depth, four-part structure, and zero-trust methodology, with quizzes and a practice test.
Define defense-in-depth as multiple layers of protection—physical, technical, and administrative—that cover data centers, identity and access, networks, devices, apps, and data, guided by confidentiality, integrity, and availability.
Describe zero-trust by verifying explicitly, enforcing least-privileged access, and assuming breach, with data encryption and continuous threat detection, enabling anywhere work and cloud migration via policy-based access.
Compare on-prem and cloud deployments by examining IaaS, PaaS, and SaaS in Azure, highlighting data location, latency implications, and cost differences between capital and operational expenditures.
Explore the shared responsibility model across IaaS, PaaS, and SaaS in Azure, detailing what you manage—data, apps, OS, backups, and identities—and what cloud providers handle.
Protect data in transit with tls and https, guard data at rest with BitLocker or tde, use symmetric and asymmetric keys, and hashing for digital signatures with certificate authorities.
Describe Microsoft's six privacy principles, including you control your data and data is used to benefit you. Highlight security, encryption, legal disclosures, and respect for local privacy laws.
Explore the service trust portal to access compliance manager, audit reports, data protection resources, GDPR guidance, industry and regional solutions, and your library with update notifications.
Describe common threats to data security under GDPR, including data breaches, password attacks, malware, ransomware, phishing, and DDoS, with real-world consequences.
Explore compliance concepts from GDPR and data subject rights to cross-border transfers and penalties, and see how ISO and HIPAA standards shape data protection.
Describe governance as a framework of rules guiding decision making and operations toward a desired state, identify risk to data, IP, and finances, and plan disaster recovery and business continuity.
Position identity as the primary security perimeter as remote users and devices access systems via SaaS and IoT, demanding authentication, authorization, auditing, and automated administration for continuous availability.
Learn how authentication proves who you are (AuthN) and authorization determines what you may access (AuthZ) using RBAC in Azure, with examples like Microsoft Authenticator and Windows Hello.
Explore what identity providers are and how tokens enable single sign-on across servers. Learn token structure, claims like aud, idp, iat, nbf, and how tokens expire and refresh.
Describe active directory as a directory service on Windows Server, using AD DS domain controllers to authenticate users and devices and access DNS, DHCP, Wi-Fi, and VPN with single identity.
Explain federated services where one identity provider trusts another, letting a user access a second server without extra credentials, as with on-premises Active Directory and Azure Active Directory.
Identify common identity attacks, including dictionary attacks, password spraying, keystroke logging malware, and targeted phishing such as spear phishing, whaling, and clone phishing.
Explore Azure Active Directory, a cloud identity service for Microsoft Azure that enables sign-in, groups, and app access, plus self-service password reset, SSO, and conditional access.
Describe Azure AD identities including users, groups, devices (BYOD and three registration types), service principals, and managed identities, with system assigned and user assigned variants for cloud app authentication.
Explore hybrid identity concepts, connecting on-prem AD DS with Azure Active Directory via Azure AD Connect. Learn managed authentication options—password hash synchronization and pass-through authentication—versus federated authentication with ADFS.
Describe how b2b and b2c external identities in Azure AD use federated identity providers for single sign-on. Compare their directory structures, use cases for partners vs customers, and pricing.
Explore azure active directory authentication methods—from username and password to certificates and security keys—plus windows hello for business, and how multi-factor authentication uses something you know, have, or are.
Explore Azure Active Directory password protection, global and custom banned password lists, and lockout policies, with self-service password reset and premium P1 or P2 requirements for customization.
Describe how conditional access uses if-this-then-that rules in Azure Active Directory Premium P1/P2 to block or grant access, requiring multi-factor authentication or devices based on location, device, and risk signals.
Describe built-in roles, custom roles, and role assignments within Azure Active Directory's RBAC, assign least privilege, and scope custom roles to tenant or smaller scopes with premium licenses.
Describe Microsoft Entra role-based access control by showing how to grant and deny role assignments across management groups, subscriptions, resource groups, and resources, using common roles like owner and contributor.
Use Windows Hello for Business to sign in with a pin or biometric on-device, secured by TPM, for Microsoft, on-prem, Azure AD accounts, and FIDO two authentication providers.
Explain how Azure Active Directory identity governance automates onboarding, assigns roles, uses groups and dynamic groups for permissions, and deprovisions access while enabling auditing and balancing security and productivity.
Access reviews ensure least privileged permissions by re-certifying and auditing user access. Use managers or group owners or self reviews as reviewers and set semi-annually or quarterly cadences.
Discover how Microsoft Entra ID Privileged Identity Management enables just-in-time access to Azure AD and Azure resources through eligible or active roles, time-bound permissions, approvals, and auditable access reviews.
Explains Azure Active Directory Identity Protection, an Azure AD Premium P2 feature that automates detection and remediation of sign-in and user risks, and enables risk reports, investigations, and exports.
Describe how Azure network security groups filter traffic in a virtual network with inbound and outbound rules, using priority to determine precedence, and add custom rules that supersede default rules.
Explain Azure DDoS protection, contrast free basic with always-on monitoring and the standard plan at about $3,000 per month for 100 IPs, with metrics, alerts, rapid response, and service credits.
Azure Firewall is a managed cloud-based, stateful network security service that enables VMs to communicate securely with the internet and on-premises, with configurable application, network, and net rules.
Learn how Azure Bastion provides secure, browser-based SSH and RDP access to virtual machines over port 443 without exposing public IPs, by deploying Azure Bastion to a virtual network.
Explain how a web application firewall sits between your web app and the internet to protect against SQL injection, cross sites scrapes, crawlers, and bots, using managed and custom rules.
Segment networks with Azure Virtual Networks (VNets) to group related assets and isolate them from others, using Network Security Groups (NSGs), subnets, VPN gateways, and Azure Firewall.
Explore how Azure Key Vault centralizes secrets—keys, passwords, certificates, and API keys—while controlling access with permissions and offering standard or premium tiers and optional hardware security modules.
Microsoft Defender for Cloud monitors on-premises and cloud resources, offers free basics with paid upgrades, and was renamed from Azure Security Centre in 2021.
Explore Azure Secure Score in Microsoft Defender Cloud, a measure of your security posture. Review recommendations like enabling multi-factor authentication and remediating vulnerabilities with the Log Analytics agent.
Explore the enhanced security features of Microsoft Defender for Cloud, formerly Cloud Workload Protection Platform. Benefit from alerts, vulnerability assessment, threat protection for VM and PaaS services, and just-in-time access.
Explore cloud security posture management (CSPM) as a set of security philosophies and practices, emphasizing zero trust access, real-time risk scoring, TVM, attack surface, threat modelling, and policy safeguards.
Explore Azure policy to control or audit resources with deny or audit effects, set scope (management group, subscription, resource group), and use initiatives to group policies, distinguishing policies from RBAC.
Explain how SIEM aggregates data from networks, security, servers, databases, and applications to alert on correlated events and support compliance, and SOAR and XDR integrate with Defender and Azure Sentinel.
Explore Microsoft Sentinel, a siem and soar that collects data at cloud scale and shows how it detects threats with AI, minimizes false positives, and responds with built-in orchestration.
Describe how Microsoft 365 Defender unifies endpoint, identity, Office 365, and cloud app protections into a coordinated, automated security stack with AIR and a centralized dashboard.
Describe Microsoft Defender for Identity, which uses on-premises Active Directory data to detect threats, monitor user behavior with machine-learned analytics, and protect identities while safeguarding ADFS in hybrid environments.
Defender for Office 365 guards against email threats, malicious links, and collaboration risks, with threat policies, reports, and automated investigation and response across plan 1 and plan 2.
Describe Microsoft Defender for Endpoint's threat and vulnerability management, attack surface reduction, and use of endpoint behavioural sensors and threat intelligence to prevent, detect, and respond to threats.
Microsoft Defender for Cloud Apps, a cloud access security broker, provides visibility, shadow IT discovery, risk ratings, and access control for cloud apps via logs, API connectors, and reverse proxy.
Discover how Microsoft Defender Vulnerability Management reduces threats with a risk-based approach, enabling asset discovery, vulnerability assessments, baselines like CIS and STIG, and remediation across devices and networks.
Discover Microsoft Defender Threat Intelligence (Defender TI), which integrates incident data from Microsoft Sentinel and Microsoft 365 Defender with external threat intelligence to map threat actors, CVEs, indicators, and actions.
This course covers the content required for the SC-900 certification exam, current as per the SC-900 exam updates of 18 July 2025 and 7 November 2025.
Please note: This course is not affiliated with, endorsed by, or sponsored by Microsoft.
What do people like you say about this course?
Syed says: "I have cleared with 813. Your Explanations where informative and detailed. Thank you!"
Deepthi says: "Topics are explained clearly and they are easy to understand. For SC-900 this is one of the best course in Udemy."
Kunjar says: "The short quiz between chapters is helpful. Practice test at the end of the course is a confidence booster."
This course is the foundation for the Microsoft Certificate SC-900 "Microsoft Security, Compliance, and Identity Fundamentals" across cloud-based and related Microsoft services.
We'll start off with looking at the concepts of Security, Compliance and Identity (SCI). We'll look at security methodologies, security concepts and Microsoft Security and compliance principles.
We'll then look at Microsoft Identity and Access Management Solutions. We'll look at identity principles and concepts, basic identity and identity types, and authentication, access management and identity protection and governance capabilities of Microsoft Entra ID.
Next up is Microsoft Security Solutions. This includes basic security capabilities and security management capabilities of Azure, and also Azure Sentinel, Microsoft 365 Defender, InTune and Microsoft 365.
The final item is Microsoft Compliance Solutions. In this section, we'll largely concentrate on Microsoft Purview compliance (previously known as Microsoft 365 compliance). We'll look at information protection and data lifecycle management capabilities, and inside risk. We'll end with looking at the resource governance capabilities in Azure.
No prior knowledge is required - we'll even see how to get a free Microsoft Azure and Microsoft 365 and Purview compliance trial!
There are regular quizzes to help you remember the information, so you can be sure that you are learning.
Once you have completed this course, you will have a good introductory knowledge of security, compliance, and identity (SCI) across cloud-based and related Microsoft services. And with some practice, you could even go for the official Microsoft certification SC-900 - wouldn't that look good on your CV or resume? And if you are an American college student, you might even get college credit for passing that exam.
So, without any further ado, let's have a look at how you can use the Udemy interface, and then we'll have a look at the objectives for the exam and therefore the syllabus for this course. And if you are an American college student, you might even get college credit for passing that exam.