SC-300 cheat sheet

A one-page reference for the Microsoft Identity and Access Administrator exam: the format, how the domains are weighted, and the glossary terms for this exam.

Exam at a glance

Vendor
Microsoft
Level
Associate
Questions
60
Time
100 min
Mock pass mark
70%
Domains
4
Practice Qs
126
Code
SC-300

Domain weightings

How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.

Key terms

Microsoft Entra ID
Microsoft Entra ID is Microsoft's cloud identity and access management service, formerly Azure Active Directory. SC-300 centers on administering Entra ID identities, authentication, and governance.
Conditional Access
Conditional Access is a Microsoft Entra capability that enforces access policies based on signals such as user, device, location, and risk. SC-300 covers planning, implementing, and troubleshooting Conditional Access policies.
Continuous access evaluation
Continuous access evaluation (CAE) is a mechanism that revokes access in near real time when conditions change, rather than waiting for token expiry. SC-300 covers implementing CAE within Conditional Access.
Multifactor authentication
Multifactor authentication (MFA) requires two or more verification factors before granting access. SC-300 covers implementing and managing tenant-wide MFA and authentication methods.
FIDO2
FIDO2 is a passwordless authentication standard using passkeys and security keys. SC-300 covers FIDO2 passkeys among Entra authentication methods.
Windows Hello for Business
Windows Hello for Business is a passwordless authentication method that replaces passwords with biometrics or a PIN bound to a device. SC-300 covers implementing and managing it.
Privileged Identity Management
Privileged Identity Management (PIM) is a Microsoft Entra service providing just-in-time, time-bound, and approval-based access to privileged roles. SC-300 covers PIM for Entra roles, Azure resources, and groups.
Entitlement management
Entitlement management is a Microsoft Entra identity-governance feature that manages access packages, catalogs, and access requests at scale. SC-300 covers planning and implementing it.
Access review
An access review is a Microsoft Entra governance control that periodically recertifies whether users still need their access. SC-300 covers creating, configuring, and monitoring access reviews.
Managed identity
A managed identity is a Microsoft Entra identity automatically managed by Azure that lets a resource authenticate without stored credentials. SC-300 covers managed identities for applications and Azure workloads.
Service principal
A service principal is the local representation of an application in a Microsoft Entra tenant, used to grant it access to resources. SC-300 covers selecting service principals and managed identities for workloads.
App registration
An app registration defines an application's identity and configuration in Microsoft Entra, including authentication, API permissions, and app roles. SC-300 covers planning and creating app registrations.
Enterprise application
An enterprise application is an instance of an application in a Microsoft Entra tenant configured for single sign-on and user assignment. SC-300 covers integrating and managing enterprise applications.
Hybrid identity
Hybrid identity connects on-premises Active Directory with Microsoft Entra ID so users have a single identity. SC-300 covers Entra Connect Sync, Cloud Sync, and password hash synchronization.