Azure Mastery
Download
Azure Mastery
Microsoft Certification SC-900
On-device AI scores your readiness, builds an adaptive study plan, and flags topics fading from memory — before they cost you the exam.
Get exam-ready for SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) on iPhone or iPad. Azure Mastery uses on-device AI to predict your readiness score, build a personalised study plan, and surface topics you're forgetting — all without sending a single byte off your device.
The exam
SC-900 is the Microsoft Certified: Security, Compliance, and Identity Fundamentals credential — the entry-level exam for anyone working with (or making decisions about) Microsoft's security stack across both Azure and Microsoft 365. It's pitched at business stakeholders, new and existing IT professionals, and students who want a credible foundation in Microsoft SCI solutions. Common audiences include security analysts about to step into SC-200, identity administrators heading toward SC-300, and architects on the path to SC-100 (Cybersecurity Architect Expert).
The exam doesn't ask you to configure a Conditional Access policy or write a KQL query. It expects you to recognise scenarios across the SCI surface: the shared responsibility model, defence-in-depth, Zero Trust, encryption vs hashing, identity vs authentication vs authorization, the role of Microsoft Entra ID and its identity types, the capabilities of Microsoft Defender products and Microsoft Sentinel, and Microsoft's compliance solutions including Microsoft Purview.
Microsoft updated the SC-900 skills outline on 7 November 2025. Every question in Azure Mastery's SC-900 bank is mapped to the current outline — no leftover questions on retired services. Read the official outline at learn.microsoft.com.
Skills measured · November 2025
Four domains, with weights set by Microsoft's November 2025 update. Every domain summary below is paraphrased from the official skills outline; the bullet-level objectives in Azure Mastery are tagged so you always know which domain you're being tested on.
The smallest domain by weight, the foundation everything else builds on. Covers the shared responsibility model, defence-in-depth, the Zero Trust model, encryption vs hashing, GRC concepts; plus identity-as-perimeter, authentication vs authorization, identity providers, directory services and Active Directory, and federation. Around 4–9 questions per sitting.
The identity surface. Microsoft Entra ID functions and identity types (member, guest, hybrid); authentication methods (passwords, MFA, passwordless, password protection); access management (Conditional Access, Microsoft Entra roles and RBAC); identity protection and governance (Identity Protection, PIM, entitlement management). Around 11–18 questions.
The largest domain. Core Azure security services (Azure Network Security Groups, Azure Firewall, Azure DDoS Protection, Web Application Firewall); the Microsoft Defender product family (for Cloud, for Endpoint, for Office 365, for Identity, Defender XDR); SIEM and SOAR via Microsoft Sentinel; and Microsoft Defender Threat Intelligence. Around 16–24 questions per sitting.
The compliance surface. Microsoft Purview (compliance portal, Compliance Manager, compliance score); information protection and data lifecycle management (sensitivity labels, retention policies, records management, DLP); insider risk capabilities (Insider Risk Management, Communication Compliance); and Microsoft Priva for privacy management. Around 9–14 questions.
Designed for SC-900
Azure Mastery ships with 322 SC-900 practice questions, every one written specifically against the current (November 2025) skills outline — not generic security trivia. Each question carries a domain tag mapped to the official four domains (SCI concepts, Microsoft Entra, security solutions, compliance solutions), so you always know which area you're being tested on and where your weak spots are clustered.
The on-device Exam IQ engine predicts your SC-900 score before you sit the exam. After roughly 30 questions it has enough signal to give a confidence-scored prediction (e.g. "708 ±60, 68% confidence") — and tells you the specific topics that are dragging your readiness down. No vague "study more" advice; just a ranked list of objectives where improvement would move your score the furthest.
The adaptive study plan rebuilds itself from your answer history. Get a Conditional Access scenario wrong? You'll see another Entra access-management question in the next session. Master "Defender for Cloud vs Defender for Endpoint" three sessions running and the engine backs off, surfacing fresh Sentinel or Purview scenarios. The plan optimises for the gap between where you are and the 700 pass score, not for blind volume.
Knowledge decay tracking is the secret weapon for foundational exams like SC-900. The same domain you mastered six weeks ago is the domain you'll forget by exam day if you stop revising. Azure Mastery tracks every topic's decay curve and flags topics approaching expiry — the padlock icon on the Today screen is your "revisit before you forget" cue.
Real exam simulation mode runs at SC-900's actual length and time pressure: a randomised question set drawn from the full 322-question bank, 45-minute timer, no jumping back to flag-and-review. It's the closest you can get to the test centre experience without sitting the exam.
Everything runs on-device. Your answer history, your readiness gauge, your decay alerts — none of it leaves your iPhone or iPad. No account required to start, no tracking, no sync server. Privacy-first by design.
2-week revision plan
Most candidates with prior IT experience pass SC-900 after one to two weeks of focused revision. Below is a two-week plan that maps onto Azure Mastery's domains, simulator, and decay alerts. Adjust pace to taste — the readiness gauge tells you when you're done, not the calendar.
Inside the app
SC-900's question bank uses the same formats Microsoft puts on the live exam — not just multiple choice. Each visualisation below is a faithful mock of how the type renders inside Azure Mastery on iPhone and iPad. Exam-simulator mode runs all of them at full 45-minute length with no flag-and-review jumps, mirroring Pearson VUE.
One correct answer from four to six options. The most common type on every Azure exam — practical recall of services, settings, and limits.
~50% of questionsPick two or more correct answers from a list. Microsoft tells you exactly how many to choose. Partial credit not awarded — you need every selection right.
All-or-nothingArrange items into the correct sequence — deployment steps, the order operations occur in a pipeline, troubleshooting flows. Long-press to drag on touch.
Order mattersTap the correct area of an image — the right setting in a portal screenshot, the right resource in a topology diagram. Practical visual recall under time pressure.
Tap targetA multi-paragraph scenario followed by 4–6 linked questions. Common on SC-900 in the storage and identity domains; dominant on AZ-305 and AZ-400.
Multi-questionAn Azure Mastery exclusive. When you answer incorrectly, an on-device Apple Foundation Model writes a targeted explanation grounded in the correct rationale. Never leaves your device.
App exclusiveFrequently asked
The SC-900 voucher is USD $99 in the United States. Pricing varies by region — in the UK it's typically around £77. Microsoft sometimes runs free-voucher promotions for events such as Microsoft Build or Microsoft Ignite, so check your Microsoft Learn profile for any active offers before booking.
No. Microsoft Fundamentals certifications — including AZ-900, DP-900, AI-900, SC-900, MS-900, and PL-900 — do not expire. Once you pass, the certification is yours for life. (This is different from Associate and Expert certifications such as SC-200 or SC-300, which require an annual free renewal assessment on Microsoft Learn.)
The first retake is allowed after 24 hours. Second and third retakes each require a 14-day wait. Microsoft caps retakes at five attempts per 12-month rolling period. Each attempt requires a new voucher purchase.
Most candidates with prior IT experience pass after one to two weeks of focused revision. If cloud computing is genuinely new to you, plan for three to four weeks. Azure Mastery's readiness gauge will tell you when you're at exam-ready — don't book until it shows roughly 720 or higher predicted score with reasonable confidence.
SC-900 first if security isn't already your day job. SC-900 teaches you the SCI vocabulary — Zero Trust, defence-in-depth, the Microsoft Defender product family, Microsoft Sentinel, Purview compliance — without expecting you to triage incidents. SC-200 (Security Operations Analyst Associate) is the role-based exam — it expects you to investigate incidents in Sentinel, configure Defender XDR, and write KQL queries. Most candidates pass SC-900 in a few weeks, then spend two to three months on SC-200.
Yes — Microsoft positions SC-900 for both technical and non-technical candidates. Business stakeholders evaluating Microsoft security procurement, IT generalists adjacent to security, and students entering the field all sit SC-900. The exam doesn't ask you to configure Conditional Access or write KQL. It asks you to recognise scenarios — "which Microsoft Defender product covers this surface?" or "which Purview tool addresses this compliance requirement?" — and pick the correct option.
Where SC-900 fits
SC-900 is the foundational entry point for Microsoft's Security, Compliance, and Identity role-based tracks. It's optional but strongly recommended — Microsoft markets it as preparation for the SC-200, SC-300, and downstream SC-100 paths, even though it's not a formal prerequisite. If your interest is general Azure infrastructure, look at AZ-900 (Azure Fundamentals) instead.
Download Azure Mastery free. 322 SC-900 practice questions, AI score prediction, and a personalised study plan that adapts to your weak spots. iPhone & iPad.
Download Azure Mastery — free iPhone & iPad · Free to start · No account required