SC-100
Microsoft Cybersecurity Architect
The Microsoft Certified: Cybersecurity Architect Expert (SC-100) is Microsoft's highest security certification and targets experienced professionals who design security architectures for hybrid and cloud-native environments based on the Microsoft platform. It requires at least one associate-level security certification (e.g., AZ-500, SC-200, or SC-300) and builds on that knowledge. The certification addresses zero-trust architectures, compliance requirements, identity governance, and infrastructure protection from a strategic perspective. For organizations heavily invested in Microsoft 365 and Azure, SC-100 is valuable proof of expertise; outside the Microsoft ecosystem, its relevance is more limited. The exam will be updated in April 2026.
› Quality score
Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.
› Exam format
40–60 questions (multiple-choice + case studies + drag-and-drop), 120 minutes. Proctored via Pearson VUE. Passing score: 700/1000.
24h wait after first fail; 14 days between subsequent. Max 5/year. Prerequisite: AZ-500, MS-500, SC-200, or SC-300.
› Recertification
Valid for 1 year. Free online renewal assessment on Microsoft Learn.
› NICE Framework work roles
The NIST NICE work-role IDs this cert maps to. NICCS lookup.
› Core domains covered
The 3 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.
Reference architectures, control frameworks (NIST SP 800-53, CIS Controls), secure-by-design patterns, threat modeling, trust-boundary design, technology standards.
Zero trust principles, micro-segmentation, NIST SP 800-207, ZTNA, continuous verification, BeyondCorp.
AWS/Azure/GCP security controls, IAM policies, CSPM, container security, shared responsibility model.
› Prerequisites
Recommended: Experience with SC-200, SC-300, or SC-400 + broad security architecture knowledge.
› Progression
requiredrecommendedWhere this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.
No vendor-gated prereqs.
No certs require this one.
No follow-on certs reference this one yet.
› Study materials
Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.
- Microsoft Learn SC-100 Learning Path (FREE) — Microsoft
- Exam Ref SC-100 Microsoft Cybersecurity Architect — Microsoft Press
- Microsoft Learn (free)
- John Savill SC-100 Study Cram (YouTube)
- MeasureUp Official SC-100 Practice Test
› Version & lifecycle
Aligns to Microsoft Zero Trust + Cybersecurity Reference Architecture (MCRA).
› Salary signal
Cybersecurity architect (Microsoft-stack focus), US, 7+ years.
Robert Half Salary Guide + Glassdoor 'Cybersecurity Architect' aggregations · 2024 · US base only · p25–p75 range
› How it compares
Vendor-neutral architecture (ISSAP) vs Microsoft-stack architecture (SC-100).
↔ Compare side-by-sideCCSP is broader cloud architect; SC-100 is Microsoft-deep with Zero Trust strategy.
↔ Compare side-by-side› Careers that commonly pursue this cert
Design, build, and maintain security infrastructure. The architects of an organization's defensive posture.
Senior design role — defines how pillar A components fit together across identity, crypto, network, cloud, and data — and, increasingly, how pillar C bolts into it.
› Common exam traps to study
Cybersecurity cert exams reuse the same 25 distractor patterns over and over — category confusion, RTO vs RPO, IDS vs IPS, MD5 vs SHA-256, and more. Once you can name the trap, you stop falling for it. Each archetype page covers what it is, the specific pairs candidates confuse, and how to avoid it.
See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.