Trainer Preparation Guide: SC-100T00A Microsoft Cybersecurity Architect February 2025

SC-100T00A Microsoft Cybersecurity

Architect
Trainer Preparation Guide
February 2025

Purpose
This document is for Microsoft Certified Trainers preparing to teach SC-100T00A Microsoft Cybersecurity
Architect. This course is designed for students who are planning to take the corresponding certification
exam, or students who are performing Cybersecurity Architect tasks in their daily job.

Microsoft Cybersecurity Architect role definition

Both the certification exam and the courseware are based on the Microsoft Cybersecurity Architect role.
The Microsoft Cybersecurity Architect has subject matter expertise in designing and evolving cybersecurity
solutions that protect an organization’s mission and business processes across all aspects of the enterprise
architecture. Responsibilities include designing reference models, integrating security into architectures,
designing security architectures, and ensuring the resiliency of the organization.
The Cybersecurity Architect gathers the client’s business and security requirements, selects appropriate
security capabilities, and translates the requirements into architectural specifications that minimize risk,
meet compliance and privacy requirements, adhere to best practices, and ensure appropriate levels of
confidentiality, integrity, availability, and safety for critical business assets. The Cybersecurity Architect
ensures successful deployments and the ongoing technical viability of solutions through assessments and
reviews of the security posture.
The Cybersecurity Architect continuously collaborates with Security Engineers, Security Operations
Analysts, Identity and Access Management Admins, Information Protection Admins, Cloud Security
(Azure/M365) Administrator/Engineers, privacy officers, governance, compliance, and risk roles, and
solution providers to plan and implement a cybersecurity strategy that meets the business needs of an
organization.
The Cybersecurity Architect must be familiar with Microsoft security and identity technologies, hybrid
cloud and workload security configurations, and cloud application development solutions. The
Cybersecurity Architect must have skills and experience in applying cybersecurity concepts and practices,

Page 1
Trainer Preparation Guide: SC-100T00A Microsoft Cybersecurity Architect February 2025

information security, application security, incident response and recovery techniques, and security
standards, policies, and governance frameworks.

Audience profile
This course is for experienced cloud security engineers who have taken a previous certification in the
security, compliance, and identity portfolio. Specifically, students should have advanced experience and
knowledge in a wide range of security engineering areas, including identity and access, platform
protection, security operations, securing data, and securing applications. They should also have
experience with hybrid and cloud implementations. Beginning students should instead take the course SC-
900: Microsoft Security, Compliance, and Identity Fundamentals.

Audience prerequisites
Before attending this course, students must have:
• Advanced experience and knowledge in identity and access, platform protection, security
operations, securing data and securing applications.
• Experience with hybrid and cloud implementations.

Certification exam
The study areas for the certification exam related to this course are based on the Job Task Analysis (JTA)
that was conducted in March 2024.
Each study area has a percentage indicating the relative weight of the area on the exam. The higher the
percentage, the more questions a candidate is likely to see in that area.

Study area Percentage

Design solutions that align with security best practices 22%
and priorities
Design security operations, identity, and compliance 37%
capabilities
Design security solutions for infrastructure 25%
Design security solutions for applications and data 25%

For exams related to non-Fundamental courses, candidates should have a minimum of six months of
hands-on experience working with the range of Microsoft Security products such as Azure Active
Directory, Microsoft Defender for Cloud, Defender for Endpoint, and Microsoft Sentinel.
To earn the Microsoft Cybersecurity Architect certification, candidates must also pass one of the following
exams: SC-200, SC-300, AZ-500, or MS-500. We strongly recommend that you do this before taking this
exam.

Page 2
Trainer Preparation Guide: SC-100T00A Microsoft Cybersecurity Architect February 2025

Prerequisite knowledge to teach this course

To successfully teach these courses, instructors must have advanced knowledge and experience with
identity and access, platform protection, security operations, securing data and securing applications.
Instructors should also have experience with hybrid and cloud implementations.
Instructors should also have a working knowledge of:
• Best practices including:
• Microsoft Cybersecurity Reference Architecture (MCRA)
• Cloud Adoption Framework
• Ransomware protection strategies
• Zero Trust methodology
• Governance and Risk Compliance (GRC)
• Infrastructure security
• Data and application security

Note: These guidelines are not inclusive of the requirements to become a Microsoft Certified Trainer
(MCT).

Page 3
Trainer Preparation Guide: SC-100T00A Microsoft Cybersecurity Architect February 2025

Required materials to prepare for and teach this course

You need the following materials to prepare for and teach this course:

Resource Description
Microsoft PowerPoint files Download the SC-100T00A-ENU-PowerPoint.zip from the MCT
Download Center. The PowerPoint files for each Learning Path
and module map to corresponding learning path and modules on
Microsoft Learn. Generally, units within the PowerPoint slides
map to corresponding units on Microsoft Learn. In a few
instances, slides for related units have been consolidated into
one unit, even though they are separate units on Microsoft Learn.
In those instances, the notes section of the slide calls it out.

Change Log Download the SC-100T00A-ENU-Change-Log.pdf from the MCT

Download Center.
Shorter, per-module case studies To facilitate classroom discussion, the SC-100 course includes
case study scenarios. The case study scenarios are included in the
SC-100 Microsoft Learning GitHub repository.
Longer, learning path case studies There is one longer case study associated with each learning
path.
Labs Labs are available for this course but are intended for student to
consume on their own time as there is not sufficient time during
classroom delivery. Instructions are available in the lab
environment provided by the authorized lab hoster and also on
GitHub at SC-100-Microsoft-Cybersecurity-Architect Labs.
Student training content See the following section for a detailed breakdown of each
learning path covered in the course.

Student training content

The student training content for this course is on Microsoft Learn. The following table provides a
breakdown of the learning paths, the modules covered in each one, and the link to each LP in Microsoft
Learn.
The student training content includes links to additional reading material to help you prepare for specific
topic areas.
Learning path Module Online training in Microsoft
Learn
Course introduction N/A Slides only

Page 4
Trainer Preparation Guide: SC-100T00A Microsoft Cybersecurity Architect February 2025

Learning path 1: Module 1 LP 1: Introduction to LP1

Zero Trust and best practice
SC-100: Design solutions that
frameworks
align with security best
practices and priorities Module 2 LP 1: Design solutions
that align with the Cloud
Adoption Framework (CAF) and
Well-Architected Framework
(WAF)
Module 3 LP 1: Design solutions
that align with the Microsoft
Cybersecurity Reference
Architecture (MCRA) and
Microsoft cloud security
benchmark (MCSB)
Module 4 LP 1: Design a
resiliency strategy for common
cyberthreats like ransomware
Case study 1
Learning path 2: Module 1 LP 2: Design solutions LP2
for regulatory compliance
SC-100: Design security
operations, identity, and Module 2 LP 2: Design solutions
compliance capabilities for identity and access
management
Module 3 LP 2: Design solutions
for securing privileged access
Module 4 LP 2: Design solutions
for security operations
Case study 2
Learning path 3: Module 1 LP 3: Design solutions LP3
for securing Microsoft 365
SC-100: Design security
solutions for applications and Module 2 LP 3: Design solutions
data for securing applications
Module 3 LP 3: Design solutions
for securing an organization's
data
Case study 3
Learning path 4: Module 1 LP 4: Specify LP4
requirements for securing SaaS,
SC-100: Design security
PaaS, and IaaS services
solutions for infrastructure
Module 2 LP 4: Design solutions
for security posture

Page 5
Trainer Preparation Guide: SC-100T00A Microsoft Cybersecurity Architect February 2025

management in hybrid and

multicloud environments
Module 3 LP 4: Design solutions
for securing server and client
endpoints
Module 4 LP 4: Evaluate
solutions for network security
and Security Service Edge (SSE)
Case study 4

Interactive labs
There is now a set of interactive labs that match up with three of the four learning paths for the course.
The labs are intended to be done by learners primarily as supplemental learning outside of class hours.
Each lab consists of two parts:
• A design activity where the student is asked to analyze a business scenario and come up with a
solution that will address the business and technical requirements.
• A technical walkthrough of the solution that consists of guided steps to configure and deploy the
aspects of the solution design
The table below the mapping of labs to topics, the associated module on Microsoft Learn, and the day on
which that topic is assumed to be covered as part of the ITL.

Day Lab Link Topic Online training in Microsoft

Learn
1 Instead of labs on day 1, ask students to review the case study at the end of Learning Path 1: Case
study: Design solutions that align with security best practices and priorities - Training | Microsoft
Learn
01- Compliance assessment
LP2 M1 – Design solutions for
2 LAB_SC_100_Lab3_Ex1_Complia
regulatory compliance
nce_Assessment.md
02- Configure Entra ID
LP2 M2 – Design solutions for
LAB_SC_100_Lab2_Ex1_Entra_ID
identity and access management
_policies.md
03- Conditional Access
LP2 M2 – Design solutions for
LAB_SC_100_Lab2_Ex2_Conditio
identity and access management
nal_Access.md

04- Cross-tenant
Synchronization LP2 M2 – Design solutions for
LAB_SC_100_Lab2_Ex3_B2B_coll
identity and access management
aboration.md

Page 6
Trainer Preparation Guide: SC-100T00A Microsoft Cybersecurity Architect February 2025

05- Security Operations

LP2 M4 – Design solutions for
LAB_SC_100_Lab1_Ex1_Sentinel. Center
security operations
md
06- Shadow-IT
LP3 M2 – Design solutions for
3 LAB_SC_100_Lab2_Ex4_Shadow
securing applications
_IT.md
Data classification
07-LAB_SC_100_Lab3_Ex2_Data framework LP3 M3 – Design solutions for
classification framework.md securing an organizations data

08- Retention policies

LP3 M3 – Design solutions for
LAB_SC_100_Lab3_Ex3_Retentio
securing an organizations data
n_policies.md
Managing External LP4 M2 – Design solutions for
09-
Attack Surface security posture management in
4 LAB_SC_100_Lab1_Ex2_DfEASM.
hybrid and multicloud
md
environments
Secure Infrastructure LP4 M2 – Design solutions for
10-
security posture management in
LAB_SC_100_Lab1_Ex3_Secure_I
hybrid and multicloud
nfrastructure.md
environments
Security Posture LP4 M2 – Design solutions for
11-
Management security posture management in
LAB_SC_100_Lab4_Ex1_SecureSc
hybrid and multicloud
ore.md
environments
12- Endpoint Security LP4 M3 – Design solutions for
LAB_SC_100_Lab4_Ex4_Endpoint securing server and client
_Security.md endpoints

Case studies
There are two types of case studies available for the Microsoft Cybersecurity Architect course.
1. Shorter case studies that match with module topics.
2. Longer case studies that match with learning path topics and are available as the last module of
each learning path, on Microsoft Learn.
The shorter case studies are hosted in the course GitHub repository and contain the following elements:
• Background scenario.
• Technical questions.
Each learning path PowerPoint deck has a case study placeholder slide that is included towards the end of
the deck, before the learning path summary slide. The notes section of that slide includes links to the
longer case study and the individual shorter case studies that map to modules covered in the learning
path. This list gives the instructor options for case studies which can be used as part classroom delivery. It
is highly recommended that instructors incorporate whiteboarding of at least one case study per learning

Page 7
Trainer Preparation Guide: SC-100T00A Microsoft Cybersecurity Architect February 2025

path, during the delivery. Instructors may choose to use their own case-studies, provided they cover the
topics identified in the module and objective domain.
Note: Modules 7 and 9 currently do not have shorter case studies that match their topics.
The longer case studies are present on MS Learn at the end of each learning path. Each one consists of the
following elements:
• Description―a background scenario, conceptual questions, design questions, an initial
architecture diagram.
• Answers―answers to all of the conceptual questions and technical questions, a final proposed
architecture diagram.
• A conceptual walkthrough video―showing how the different technical pieces fit together to solve
the problems from the case study.
• A technical walkthrough video―showing some of the inspection and verification tasks that an
architect might go through to examine the proposed solution in the cloud.
The links to the four longer case studies are as follows:
• Learning path 1: Case study: Design solutions that align with security best practices and priorities -
Training | Microsoft Learn
• Learning path 2: Case study: Design security operations, identity and compliance capabilities -
Training | Microsoft Learn
• Learning path 3: Case study: Design security solutions for applications and data - Training |
Microsoft Learn
• Learning path 4: Case study: Design security solutions for infrastructure - Training | Microsoft
Learn

Knowledge check questions

Each learning path deck has a knowledge check section, at the end of the deck, which provides a question
per module. For more questions, refer to the content on Microsoft Learn, as each module has 3-5
questions.

Preparation tasks
Instructors should complete the following tasks to prepare for teaching this course:
• If you have previously taught this class, refer to the course’s Change Log. It provides detailed
information on how the course has changed over time. The Change Log is updated for each course
release.
• Review all topics in the student training material in Microsoft Learn (see the link in the Required
materials section above). You should be well-versed in every topic. If you have previously taught the
course and are comfortable with your knowledge of each topic, focus primarily on the new or updated
material as outlined in the Change Log.
• Review the PowerPoint slides.
• Be able to speak to each of the talking points on the slides. Some slides include a graphic from
the associated Learn content for the topic. These graphics are provided on the slide so that
you can speak to them to help explain the key talking points in the topic.

Page 8
Trainer Preparation Guide: SC-100T00A Microsoft Cybersecurity Architect February 2025

• The bulleted items on each slide should not be read verbatim to the students. The students
can read the slides themselves. Rather, the bullet points reflect the key information that you
should focus on when discussing each topic. You should use your experience as a subject
matter expert to explain the what, the why, and the how of each topic. This is your
opportunity to provide a real value-add above and beyond the bulleted talking points.
• Review the Additional Reading links and other linked resources provided in the student training
material. It’s recommended that you present key points from this material to supplement the value-
add you provide as an instructor.
• As you prepare for the class, you should review each unit and determine which ones you want to
perform demonstrations of the corresponding product functionality. It’s up to you to decide which
product features you want to demonstrate to the class. You should use your experience to identify key
points during the demonstration process. This is an area where you should rely on your experience
as a subject matter expert to provide additional value-add for the students.
• You should review each knowledge check (KC) question so that you know which answers are correct
and why. Students may challenge some of the questions, so you must be able to address any of those
concerns.

Course timing
General timing guidance
We advise that you divide your time roughly along the lines of the functional group exam weightings:
• Day 1: Learning Path 1 ~ 6 hours
• Day 2: Learning Path 2 ~ 6 hours
• Day 3: Learning Path 3 ~ 6 hours
• Day 4: Learning Path 4 ~ 6 hours

We suggest covering the smaller case studies in either breakout sessions of 45-60 minutes or in class
discussions of 15-30 minutes, depending on the complexity of the material and your students’ comfort
with it. We also recommend limiting sessions to 40-50 minutes after which students can have a short
break to maintain their attention span and focus.
The larger case studies may take up to an hour if you plan to have a discussion about them and the
answers. If you plan to use the larger case studies encourage students to do them as homework, after you
cover the content from the related learning path and discuss it the morning of the next day’s session,
before covering the learning path content for the day.

Feedback
In this course, we have provided a framework for you to work with. Take time to prepare and think about
the value that only an instructor can bring to training. We hope to partner with you to provide an
exceptional student experience, and we welcome your feedback.

Page 9