Study Plan

Microsoft Cybersecurity Architect (SC-100) – Study Plan

A 10-week expert‑level plan for SC-100. Design Zero Trust, security operations, and compliance strategies across Microsoft 365, Azure, and hybrid environments.

MicrosoftSC-100Security architects with 3+ years experience, SC-300 and AZ-500 recommended11-Apr-2026

10 WeeksDuration

~80 hrsTotal Study Time

3 ModesRookie·Challenger·Legend

Stay consistent by setting a target date for this certification.

Set target

How to use this plan

1Start each week by reading Microsoft Learn modules and reviewing reference architectures.
2Take ExamOS quizzes in the recommended mode:
3Repeat the weekly Challenger quiz until you pass it 2–3 times in a row.
4Only move to Legend mode after you have consistent Challenger passes.

Rookie ModeChallenger ModeLegend Mode

Week-by-Week Breakdown

Week 1

Foundation & Self‑Assessment

Topics

SC-100 exam domains (Zero Trust, security posture, incident response, compliance)
Microsoft Security portfolio (Defender, Sentinel, Entra ID, Purview)
Zero Trust principles (verify explicitly, least privilege, assume breach)

Activities

Review the official SC-100 study guide.
Explore Microsoft’s Zero Trust maturity model.
Take ExamOS Rookie mode quiz (30 questions) on foundational concepts.
Note weak domains.

Week 2

Zero Trust Identity & Access

Topics

Microsoft Entra ID (Azure AD) – identity governance, Conditional Access
Privileged Identity Management (PIM) and Identity Protection
External identities (B2B, B2C)
Zero Trust identity posture assessment

Activities

Design a Conditional Access policy for a remote workforce.
Configure PIM for a sample admin role.
Take ExamOS Challenger mode quiz on Identity & Zero Trust.

Week 3

Zero Trust Endpoints & Data

Topics

Microsoft Defender for Endpoint (MDE) – attack surface reduction, EDR
Defender for Cloud Apps (CASB)
Microsoft Purview (data classification, DLP, insider risk)
Information protection and encryption

Activities

Create a data loss prevention (DLP) policy in Purview.
Review Defender for Endpoint threat analytics.
Take ExamOS Challenger mode quiz on Endpoint & Data.

Week 4

Zero Trust Network & Infrastructure

Topics

Azure network security (NSGs, Azure Firewall, DDoS protection)
Private access (Azure Private Link, VPN, ExpressRoute)
Microsegmentation and just‑in‑time access
Defender for Cloud workload protection

Activities

Design a hub‑and‑spoke network with security controls.
Implement just‑in‑time VM access in Defender for Cloud.
Take ExamOS Challenger mode quiz on Network & Infrastructure.

Week 5

Security Operations (SecOps)

Topics

Microsoft Sentinel (SIEM/SOAR) – data ingestion, analytics rules, playbooks
Incident response lifecycle (detect, investigate, respond, recover)
Threat hunting with KQL (Kusto Query Language)
Integration with Microsoft 365 Defender

Activities

Create a custom analytics rule in Sentinel.
Build a playbook using Logic Apps.
Take ExamOS Challenger mode quiz on SecOps.

Week 6

Compliance, Governance & Risk

Topics

Microsoft Purview compliance (Compliance Manager, Insider Risk)
Azure Policy, Blueprints, and Management Groups
Regulatory standards (GDPR, ISO 27001, NIST)
Compliance score and improvement actions

Activities

Assess a sample environment’s compliance posture.
Apply an Azure Policy initiative.
Take ExamOS Challenger mode quiz on Compliance & Governance.

Week 7

Threat Modelling & Architecture Review

Topics

STRIDE and OCTAVE methodologies
Architecture threat modelling for Azure and Microsoft 365
Reviewing security controls (preventive, detective, corrective)
Security recommendations from Microsoft (Well‑Architected Framework)

Activities

Perform a threat model for a sample web application.
Map mitigations to Microsoft security services.
Take ExamOS Challenger mode quiz on Threat Modelling.

Week 8

Migration & Hybrid Scenarios

Topics

Cloud adoption framework (CAF) security
Migrating workloads with Azure Migrate, Defender for Cloud
Hybrid identity (Entra AD Connect, PTA, federation)
Extending security to on‑premises and other clouds

Activities

Design a hybrid identity solution for a merger.
Plan a security migration from on‑prem to Azure.
Take ExamOS Challenger mode quiz on Migration & Hybrid.

Week 9

Full‑Domain Practice & Weak Area Review

Topics

Full syllabus review (all domains)
Time management for 60 questions (120 minutes)

Activities

Take ExamOS Challenger mode full quizzes (at least 3).
Review every incorrect answer; study the explanation.
Identify weak domains and retake targeted quizzes (premium “Focus mode”).
Repeat until you pass 3 Challenger quizzes in a row.

Consistent >70% on Challenger mode.

Week 10

Legend Mode & Exam Simulation

Topics

Realistic exam simulation (60 questions, 120 minutes)
Case study design questions

Activities

Take ExamOS Legend mode full quizzes (at least 3).
Simulate the full 120‑minute exam.
Review every incorrect answer.
Once you pass Legend mode twice in a row, schedule your real exam.

Consistent >80% on Legend mode.

Daily Study Routine

Suggested 2–3 Hour Day

Time	Activity
15 min	Review weak questions
60 min	Microsoft Learn modules
30 min	Hands‑on lab (Azure portal, Sentinel, Purview)
30 min	ExamOS quiz
15 min	Review explanations

Stay consistent by setting a target date for this certification.

Set target

Share your feedback

Microsoft Cybersecurity Architect (SC-100) – Study Plan

Foundation & Self‑Assessment

Zero Trust Identity & Access

Zero Trust Endpoints & Data

Zero Trust Network & Infrastructure

Security Operations (SecOps)

Compliance, Governance & Risk

Threat Modelling & Architecture Review

Migration & Hybrid Scenarios

Full‑Domain Practice & Weak Area Review

Legend Mode & Exam Simulation