Last week a couple of new Azure Security exams suddenly appeared on Microsoft Certifications | Microsoft Docs. There was not a lot of publicity considering the subject, so it looks like Microsoft put them out as a try out to see if there is demand for this kind of exams. If that turns out to not be the case, they can silently remove them from the document again. Our Cloud Consultant Erik Snijder will quickly walk you through the new exams.
New Azure security certifications
- SC-200: Microsoft Security Operations Analyst
- SC-300: Microsoft Identity and Access Administrator
- SC-400: Microsoft Information Protection Administrator
- SC-900: Microsoft Security, Compliance, and Identity Fundamentals
The SC-900 exam will probably be more focused on the ‘business’ user, just like the AZ-900. The other ones will be more focused on technicians, engineers and administrators. The exams will be linked to certifications as well. ‘Associate’ for SC-200, 300 and 400 and ‘Fundamentals’ for SC-900. For the time being these additional exams do not lead to ‘Expert’ certifications, but that will probably be the case after the evaluation fase.
40% growth in revenue
In my opinion these exams are a valuable addition to the current offering. Considering the ever growing Azure landscape, constant specialisation in roles and corresponding certifications are necessary to stay up to date. Microsoft is positioning itself more and more as a security company with 40% growth in revenue to $10 billion in the security business. It's a more than logical move for them to add four security specific exams to their product range.
Security incidents in Sentinel
My expectations are especially high for the exam SC-200: Microsoft Security Operations Analyst. With the arrival of Azure Sentinel it was suddenly fairly easy to introduce a SIEM to your organisation. But introduction itself is only half the job. Sentinel produces security incidents that need your attention! At this point there seems to be a gap in existing knowledge and roles. Azure engineers lack knowledge on threat hunting or for example the MITRE ATT&CK® framework, but know a lot about Azure resources. On the other hand existing security operators know a lot about threat hunting and related affairs, but had no ideawhere to find the corresponding resources in Azure or O365 environments. The existing AZ-500 security exam is not capable of filling in the gap, but the new SC-200 exam is. Azure/O365 engineers gain more insight in threat hunting and existing security operators gain more insight in Azure. This is exactly what is needed right now.
Azure security exams in beta
The exams are still in beta, which means that there is no study material available on Microsoft Learn yet and the outcome of your exam might take some more time than usual. However there is still a discount available on the exams at the moment. So if this news made you curious, now might be a good time to give it a try!