SC-100 Exam Notes


Microsoft Study Guide:

John Savil’s cram video: 

Zero Trust

For a deeper understanding:

  1. Verify explicitly: For every single aspect you need to verify every access explicitly every time. The user, the device, the session.
  2. Implement least privilege: Lock down to minimum permissions and access required to limit lateral movement. Limit permissions to users for only privilege they need and only when they need to do it.
  3. Assume breach. Assume you have been or will be hacked. This means you have to validate the traffic constantly as resources are accessed.  Logs should be collected as signals and fed into systems to look for anomalies which may indicate compromise, exfiltration or abuse.


Look at MFA features for different Azure AD pricing tiers

FREE - security defaults only. Block legacy authentication. Password list options

P1 - All MFA available. Conditional Access

P2: Identity protection, Privileged Identity Management (PIM)

Defender for Identity - puts agents on on-prem domain controllers, ADDS, ADFS

Azure AD Connect - replicate ADDS to Az AD. This allows Identity protection to work if you allow hash of the hash syncing

Azure AD B2B - allows business partners Az AD access to your Az AD

Azure AD B2C - allows customers to use social identities to access apps


Mass of different devices. Computers, mobile devices, IoT.

Want the ability to register or join devices to Az AD to drive capabilities to manage.

Microsoft Endpoint Manager (MEM)

Defender for Endpoint

Defender for Servers


Clients talking to services

Services talking to endpoints


Least Privilege

Accessing VMs

Azure ARC

Defender for Cloud Apps



Protecting against Ransomware


Security Incident Event Man / Security Orchestration Automation and Response  

Onboarding a VM onto Microsoft Defender for Endpoint

Landing Zones

Microsoft Defender

Follow interactive tutorial

Know what the Azure policy effects are: