microsoft partner logo color
8621  Reviews star_rate star_rate star_rate star_rate star_half

Microsoft Cybersecurity Architect

This is an advanced, expert-level course. Although not required to attend, students are strongly encouraged to have taken and passed another associate level certification in the security, compliance...

Read More
View Full Schedule Train Your Team
$2,495 USD
Duration 4 days
Course Code SC-100T00
Available Formats Classroom, Virtual

Upcoming Course Dates

  • Jun 15, 2026 - Jun 18, 2026 (4 days)
    Live Virtual | 9:00AM 5:00PM EDT
    Language English
    Select from 1 option(s) below
    Live Virtual |9:00AM 5:00PM EDT
    Live Virtual | 9:00AM 5:00PM EDT
    Enroll
    Enroll Add to quote
Ask a Question Request Other Date Request On-site Course

Overview

This is an advanced, expert-level course. Although not required to attend, students are strongly encouraged to have taken and passed another associate level certification in the security, compliance and identity portfolio (such as AZ-500, SC-200 or SC-300) before attending this class. This course prepares students with the expertise to design and evaluate cybersecurity strategies in the following areas: Zero Trust, Governance Risk Compliance (GRC), security operations (SecOps), and data and applications. Students will also learn how to design and architect solutions using zero trust principles and specify security requirements for cloud infrastructure in different service models (SaaS, PaaS, IaaS).

Audience Profile

This course is for experienced cloud security engineers who have taken a previous certification in the security, compliance and identity portfolio. Specifically, students should have advanced experience and knowledge in a wide range of security engineering areas, including identity and access, platform protection, security operations, securing data, and securing applications. They should also have experience with hybrid and cloud implementations. Beginning students should instead take the course SC-900: Microsoft Security, Compliance, and Identity Fundamentals.

Skills Gained

After completing this course, students will be able to:

  • Design a Zero Trust strategy and architecture
  • Evaluate Governance Risk Compliance (GRC) technical strategies and security operations strategies
  • Design security for infrastructure
  • Design a strategy for data and applications

Prerequisites

Before attending this course, students must have:

  • Highly recommended to have attended and passed one of the associate level certifications in the security, compliance and identity portfolio (such as AZ-500, SC-200 or SC-300)
  • Advanced experience and knowledge in identity and access, platform protection, security operations, securing data and securing applications.
  • Experience with hybrid and cloud implementations.

Course Details

Outline

  • Introduction to Zero Trust and best practice frameworks
    • Describe antipatterns and best practices
    • Describe the concept of Zero Trust
    • Describe the frameworks
    • Describe the Zero Trust adoption framework and rapid modernization plan
    • Describe how the frameworks relate to each other
    • Module assessment
  • Design security solutions that align with the Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF)
    • Understand the Cloud Adoption Framework
    • Understand the Cloud Adoption Framework secure methodology
    • Understand Azure landing zones
    • Design security with Azure landing zones
    • Understand the Well-Architected Framework
    • Understand the Well-Architected Framework security pillar
    • Evaluate a security strategy
    • Define a security strategy
    • Recommend solutions for security and governance
    • Design secure DevSecOps processes
    • Design a strategy for secure AI adoption
    • Module assessment
  • Design solutions that align with the Microsoft Cybersecurity Reference Architecture (MCRA) and Microsoft cloud security benchmark (MCSB)
    • Describe the Microsoft Cybersecurity Reference Architecture
    • Describe the Microsoft Cloud Security Benchmark
    • Design solutions with best practices for capabilities and controls
    • Design solutions with best practices for protecting against insider, external and supply chain attacks.
    • Design AI solutions that align to the Microsoft Cloud Security Benchmark
    • Design solutions that align with the Zero Trust adoption framework
    • Module assessment
  • Design a resiliency strategy for ransomware and other attacks based on Microsoft Security Best Practices
    • Common cyberthreats and attack patterns
    • Support business resiliency
    • Design solutions for mitigating ransomware attacks, including prioritization of BCDR and privileged access
    • Design solutions for business continuity and disaster recovery (BCDR), including secure backup and restore
    • Evaluate solutions for security updates
    • Module assessment
  • Design solutions for regulatory compliance
    • AI compliance considerations
    • Translate compliance requirements into security controls
    • Design a solution to address compliance requirements by using Microsoft Purview
    • Address privacy requirements with Microsoft Priva
    • Address security and compliance requirements with Azure Policy
    • Evaluate and validate alignment with regulatory standards and benchmarks by using Microsoft Defender for Cloud
    • Module assessment
  • Design solutions for identity and access management
    • Design a solution for access to SaaS, PaaS, IaaS, hybrid, and multicloud resources
    • Design a solution for Microsoft Entra ID, including hybrid and multicloud environments
    • Design a solution for external identities
    • Design modern authentication and authorization strategies
    • Validate alignment of Conditional Access policies with a Zero Trust strategy
    • Specify requirements for securing Active Directory Domain Services
    • Design a solution to manage secrets, keys, and certificates
    • Knowledge check
  • Design solutions for securing privileged access
    • Secure privileged access
    • Design privileged role assignment using the Enterprise Access Model
    • Evaluate the security and governance of Microsoft Entra ID solutions
    • Design a solution to secure tenant administration
    • Design a solution for cloud infrastructure entitlement management
    • Design a solution for privileged access workstations and remote access
    • Evaluate an access review management solution
    • Evaluate the security of Active Directory Domain Services (AD DS)
    • Module assessment
  • Design solutions for security operations
    • Describe the function of Security operations (SecOps)
    • Design monitoring to support hybrid and multicloud environments
    • Design solutions to support centralized logging and auditing
    • Design solutions for detection and response that includes extended detection and response (XDR) and security information and event management (SIEM)
    • Design a solution for security orchestration, automation, and response (SOAR)
    • Design and evaluate security workflows, including incident response, threat hunting, and incident management
    • Design and evaluate threat detection coverage by using MITRE ATT&CK matrices, including Cloud, Enterprise, Mobile, and ICS
    • Module assessment
  • Interactive case study: Modernizing identity and data security
    • Interactive case study
    • Interactive case study highlights
    • Knowledge check
  • Interactive case study: Modernizing user access control and threat resilience
    • Interactive case study
    • Interactive case study highlights
    • Knowledge check
  • Evaluate solutions for securing Microsoft 365
    • Evaluate security posture for productivity and collaboration workloads by using metrics
    • Evaluate solutions that include Microsoft Defender for Office 365 and Microsoft Defender for Cloud Apps
    • Evaluate device management solutions that include Microsoft Intune
    • Evaluate solutions for securing data in Microsoft 365 using Microsoft Purview
    • Evaluate data security and compliance controls in Microsoft Copilot for Microsoft 365 services
    • Module assessment
  • Design solutions for securing applications
    • Design and implement standards to secure application development
    • Design a full lifecycle strategy for application security
    • Evaluate security posture of existing application portfolios
    • Evaluate application threats with threat modeling
    • Secure access for workload identities
    • Design a solution for API management and security
    • Design a solution for secure access to applications
    • Map technologies to application security requirements
    • Module assessment
  • Design solutions for securing an organization's data
    • Data security design principles and frameworks
    • Evaluate solutions for data discovery and classification
    • Evaluate solutions for encryption of data at rest and in transit, including Azure KeyVault and infrastructure encryption
    • Design data security for Azure workloads
    • Design security for data used in AI workloads
    • Design security for Azure Storage
    • Design a security solution with Microsoft Defender for SQL and Microsoft Defender for Storage
    • Module assessment
  • Interactive case study: Securing apps and data
    • Interactive case study
    • Interactive case study highlights
    • Knowledge check
  • Specify requirements for securing SaaS, PaaS, and IaaS services
    • Specify security baselines for SaaS, PaaS, and IaaS services
    • Specify security requirements for IoT workloads
    • Specify security requirements for web workloads
    • Specify security requirements for containers and container orchestration
    • Specify security requirements for AI workloads
    • Module assessment
  • Design solutions for security posture management in hybrid and multicloud environments
    • Use the Microsoft Cloud Security Benchmark to design and evaluate security posture
    • Design integrated posture management solutions that include Microsoft Defender for Cloud in hybrid and multicloud environments
    • Evaluate security posture by using Microsoft Defender for Cloud, including Secure Score
    • Design cloud workload protection with Microsoft Defender for Cloud
    • Design a solution for integrating hybrid and multicloud environments by using Azure Arc
    • Design a solution for external attack surface management
    • Posture management using Exposure management attack paths
    • Module assessment
  • Design solutions for securing server and client endpoints
    • Introduction to endpoint security
    • Specify security requirements for servers
    • Specify security requirements for mobile devices and clients
    • Specify security requirements for IoT devices and embedded systems
    • Evaluate solutions for securing operational technology (OT) and industrial control systems (ICS) by using Microsoft Defender for IoT
    • Specify security baselines for server and client endpoints
    • Design a solution for secure remote access
    • Evaluate Windows Local Admin Password Solution (LAPS) solutions
    • Module assessment
  • Design solutions for network security
    • Evaluate network designs to align with security requirements and best practices
    • Design solutions for network segmentation
    • Design solutions for traffic filtering with network security groups
    • Design solutions for network posture management
    • Design solutions for network monitoring
    • Evaluate solutions that use Microsoft Entra Internet Access
    • Evaluate solutions that use Microsoft Entra Private Access
    • Module assessment
  • Interactive case study: Securing endpoints and infrastructure
    • Interactive case study
    • Interactive case study highlights
    • Knowledge check
Read Less
|
View Full Schedule

Schedule

1 options available

  • Jun 15, 2026 - Jun 18, 2026 (4 days)
    Live Virtual | 9:00AM 5:00PM EDT
    Language English
    Select from 1 option(s) below
    Live Virtual |9:00AM 5:00PM EDT
    Live Virtual | 9:00AM 5:00PM EDT
    Enroll
    Enroll Add to quote

FAQ

How do I get a Microsoft exam voucher?

Pearson Vue Exam vouchers can be requested and ordered with your course purchase or can be ordered separately by clicking here.

  • Vouchers are non-refundable and non-returnable. Vouchers expire 12 months from the date they are issued unless otherwise specified in the terms and conditions.
  • Voucher expiration dates cannot be extended. The exam must be taken by the expiration date printed on the voucher.

Do Microsoft courses come with post lab access?

Most Microsoft official courses will include post-lab access ranging from 30 to 180 calendar days after instructor led course delivery. A lab training key in class will be provided that can be leveraged to continue connecting to a remote lab environment for the individual course attendee.

Does the course schedule include a Lunchbreak?

Lunch is normally an hour-long after 3-3.5 hours of the class day.

What languages are used to deliver training?

Microsoft courses are conducted in English unless otherwise specified.

Reviews

Labs and the study materials provided for Architecting on AWS course are very easy to understand and explains all the topics required to pass the Associate certification.

ExitCertified provided great learning material and the instructor was great.

The class was very vast paced however the teacher was very good at checking in on us while giving us time to complete the labs.

Quick to sign-up to course, and was able to garner some information from the course.

I think the platform is very good and look forward to taking my next course in early October.