Microsoft · Associate

Microsoft Identity and Access Administrator (SC-300) practice exam & study guide

The Microsoft Identity and Access Administrator (SC-300) is Microsoft’s associate certification for identity and access management. It validates the ability to implement and manage user identities, authentication and access management, workload identities, and identity governance using Microsoft Entra, following Zero Trust principles.

SC-300 is a hands-on, scenario-driven exam for identity administrators. Questions test how you configure and operate Microsoft Entra identity, authentication, Conditional Access, and governance, not just what the features are.

This free hub gives you everything you need to prepare: a syllabus breakdown by exam domain, realistic scenario-style practice questions with teacher-style explanations, a glossary of the Microsoft Entra identity services the exam relies on, and full-length timed mock exams that mirror the real testing experience.

60
Questions
100 min
Time limit
70%
Mock pass %
4
Domains

Start studying SC-300

New here? Follow the three steps below in order. Everything is free and needs no account.

  1. 1
    Learn the plan

    See all 4 domains in exam-weight order.

    Open study path
  2. 2
    Drill by domain

    Practice one topic at a time with explained answers.

    Start with the first domain
  3. 3
    Sit a timed mock

    60 questions · 100 min · 70% to pass our mock.

    Take the mock exam

All SC-300 study resources

SC-300 exam domains

The SC-300 exam is weighted across 4 domains. Pick any domain below to drill it — or read the full breakdown in the FAQ.

Exam domainExam weightPractice
Implement and manage user identities23%Practice this topic
Implement authentication and access management28%Practice this topic
Plan and implement workload identities24%Practice this topic
Plan and automate identity governance25%Practice this topic

Sample SC-300 questions

A sample of the SC-300 questions on this hub. Each links through to the full question, the correct answer, and an explanation of why every other option is wrong.

Key SC-300 terms

Start with these terms, then explore the full glossary. Each links to a plain-English definition written for the SC-300 exam.

SC-300 frequently asked questions

What is the SC-300 certification?+

Microsoft positions SC-300 as validating the skills of an administrator who designs, implements, and operates an organization’s identity and access management with Microsoft Entra — managing identity lifecycles for users, devices, resources, and applications.

It expects familiarity with Azure, Microsoft 365, Active Directory Domain Services, PowerShell, and KQL, and covers user identities, authentication and Conditional Access, workload identities, and identity governance.

What topics are on the SC-300 exam?+

The SC-300 exam is organised into four weighted domains. The percentages below are the midpoints of Microsoft’s published ranges, normalized to total 100. Authentication and access management carries the most weight.

Implement and manage user identities (23%)

Covers configuring and managing a Microsoft Entra tenant (roles, administrative units, settings), creating and managing Entra identities (users, groups, licenses), managing external users and cross-tenant access, and implementing hybrid identity with Entra Connect Sync, Cloud Sync, and password hash synchronization.

Implement authentication and access management (28%)

The heaviest domain. It covers Entra user authentication (methods including passkeys/FIDO2, MFA, SSPR, Windows Hello for Business), Conditional Access (policies, controls, continuous access evaluation), managing risk with Entra ID Protection, and Global Secure Access.

Plan and implement workload identities (24%)

Covers identities for applications and Azure workloads (managed identities, service principals), integrating enterprise applications (SSO, Application Proxy, consent), planning app registrations (authentication, API permissions, app roles), and managing app access with Microsoft Defender for Cloud Apps.

Plan and automate identity governance (25%)

Covers entitlement management (catalogs, access packages, access requests), access reviews, privileged access with Privileged Identity Management (PIM) for roles, resources, and groups, and monitoring identity activity with logs, workbooks, KQL, and Identity Secure Score.

Is the SC-300 hard?+

SC-300 is an associate exam but a focused, deep one: it expects working knowledge of Microsoft Entra configuration — Conditional Access, PIM, governance — not just recognition of features.

The difficulty comes from the breadth of Entra features and from scenario questions that hinge on the exact right policy or governance control. Practising configuration scenarios until they are automatic is the key.

How many questions are on the SC-300 exam and how long is it?+

Microsoft does not fix a single public question count for SC-300; it typically presents roughly 40–60 questions in a mix of formats — multiple choice, multiple response, and case studies — with about 100 minutes of working time.

Our full-length practice mock uses a 60-question, 100-minute session so you can rehearse pacing under realistic time pressure before test day.

What score do you need to pass the SC-300?+

Microsoft scores SC-300 on a scale of 1 to 1,000, and the passing score is 700. That is a scaled score rather than a raw 70%, because Microsoft adjusts for question difficulty, and there is no penalty for wrong answers, so you should never leave a question blank. Our practice mock uses a 70% threshold to give you a comparable target.

How much does the SC-300 exam cost?+

The SC-300 exam fee is set by Microsoft and varies by region — check the Microsoft certification page for current pricing. Microsoft associate certifications are valid for one year and can be renewed for free through an online assessment on Microsoft Learn. Everything on this hub is free.

Who should take the SC-300?+

SC-300 is aimed at identity and access administrators, security administrators, and IT professionals who manage Microsoft Entra identity for their organization.

Microsoft recommends familiarity with Azure, Microsoft 365 workloads, Active Directory Domain Services, PowerShell, and KQL, though there is no formal prerequisite.

What jobs and salaries can the SC-300 lead to?+

SC-300 maps to roles such as identity and access administrator, security administrator, and IAM engineer, where managing Microsoft Entra identity and access is the core of the job. It sits in Microsoft’s security, compliance, and identity pathway.

How much any certification affects pay depends heavily on geography, seniority, and hands-on experience, so treat any single salary figure with caution. SC-300 is best viewed as validation of identity-administration skill rather than a guaranteed raise on its own.

How long does it take to study for the SC-300?+

Candidates with Entra experience often need four to eight weeks; those newer to identity should plan longer. The most efficient path is to study each domain while practising in a Microsoft Entra tenant, then drill scenario questions.

Review every explanation, including for questions you answered correctly, because SC-300 distractors are built from plausible but incorrect Entra configurations. Use the per-domain results here to find and shore up your weakest area, then finish with full-length timed mocks.

How should you prepare for the SC-300?+

Study the four domains above, giving the most time to authentication and access management, then drill scenario questions domain by domain. Every MockAPI question reveals a full explanation and tells you why each wrong answer is wrong — essential for an exam that turns on exact identity configurations.

When you can answer scenarios comfortably, move to full-length timed mocks, ideally alongside hands-on practice with Conditional Access and PIM. Use the glossary to keep the Entra services straight, and aim to score consistently above the pass mark before you book.

Can you take the SC-300 exam online?+

Yes. Microsoft delivers SC-300 through Pearson VUE, so you can test at a physical Pearson VUE centre or online with remote proctoring (OnVUE). The online exam requires a private, quiet room, a clear workspace, a webcam and microphone, a stable connection, and government-issued photo ID, with a proctor monitoring you and a room scan before you start.

If you do not pass, Microsoft requires a 24-hour wait before a second attempt; after that, a 14-day wait applies between further attempts, with a limit of five attempts in a 12-month period, and each attempt needs its own registration.

What certification should you take after the SC-300?+

After SC-300, common next steps include the Cybersecurity Architect Expert (SC-100), the Security Operations Analyst (SC-200), or the Information Security Administrator (SC-401), depending on your focus.

For many, the real next step is owning identity for an organization. Pairing SC-300 with hands-on Microsoft Entra experience is what turns the certificate into a career.