SC-300 cheat sheet
A one-page reference for the Microsoft Identity and Access Administrator exam: the format, how the domains are weighted, and the glossary terms for this exam.
Exam at a glance
Vendor
Microsoft
Level
Associate
Questions
60
Time
100 min
Mock pass mark
70%
Domains
4
Practice Qs
126
Code
SC-300
Domain weightings
How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.
Key terms
- Microsoft Entra ID
- Microsoft Entra ID is Microsoft's cloud identity and access management service, formerly Azure Active Directory. SC-300 centers on administering Entra ID identities, authentication, and governance.
- Conditional Access
- Conditional Access is a Microsoft Entra capability that enforces access policies based on signals such as user, device, location, and risk. SC-300 covers planning, implementing, and troubleshooting Conditional Access policies.
- Continuous access evaluation
- Continuous access evaluation (CAE) is a mechanism that revokes access in near real time when conditions change, rather than waiting for token expiry. SC-300 covers implementing CAE within Conditional Access.
- Multifactor authentication
- Multifactor authentication (MFA) requires two or more verification factors before granting access. SC-300 covers implementing and managing tenant-wide MFA and authentication methods.
- FIDO2
- FIDO2 is a passwordless authentication standard using passkeys and security keys. SC-300 covers FIDO2 passkeys among Entra authentication methods.
- Windows Hello for Business
- Windows Hello for Business is a passwordless authentication method that replaces passwords with biometrics or a PIN bound to a device. SC-300 covers implementing and managing it.
- Privileged Identity Management
- Privileged Identity Management (PIM) is a Microsoft Entra service providing just-in-time, time-bound, and approval-based access to privileged roles. SC-300 covers PIM for Entra roles, Azure resources, and groups.
- Entitlement management
- Entitlement management is a Microsoft Entra identity-governance feature that manages access packages, catalogs, and access requests at scale. SC-300 covers planning and implementing it.
- Access review
- An access review is a Microsoft Entra governance control that periodically recertifies whether users still need their access. SC-300 covers creating, configuring, and monitoring access reviews.
- Managed identity
- A managed identity is a Microsoft Entra identity automatically managed by Azure that lets a resource authenticate without stored credentials. SC-300 covers managed identities for applications and Azure workloads.
- Service principal
- A service principal is the local representation of an application in a Microsoft Entra tenant, used to grant it access to resources. SC-300 covers selecting service principals and managed identities for workloads.
- App registration
- An app registration defines an application's identity and configuration in Microsoft Entra, including authentication, API permissions, and app roles. SC-300 covers planning and creating app registrations.
- Enterprise application
- An enterprise application is an instance of an application in a Microsoft Entra tenant configured for single sign-on and user assignment. SC-300 covers integrating and managing enterprise applications.
- Hybrid identity
- Hybrid identity connects on-premises Active Directory with Microsoft Entra ID so users have a single identity. SC-300 covers Entra Connect Sync, Cloud Sync, and password hash synchronization.