Change Log: SC-100T00A Microsoft Cybersecurity Architect February 2025

SC-100T00A Microsoft Cybersecurity

Architect
Change Log
February 2025

Purpose
This document highlights the significant changes to the SC-100T00A Microsoft Cybersecurity Architect
course from the previous release. This document is for Microsoft Certified Trainers and Instructors
to use before they deliver the class or during preparation for teaching the class.

This is not an error log or a supplement to the Course Materials. This document just provides
additional context so that you can understand the major changes to the course content. Most of
the course materials have been updated to fix typos, broken links, and formatting. So, we
recommend you always download the latest copies.

� Please read the Trainer Prep Guide which provides the overall strategy for implementing this
training.

Page 1
Change Log: SC-100T00A Microsoft Cybersecurity Architect February 2025

February 28, 2025 – Minor Refresh

Update: Minor
Type of change: INSTRUCTOR ASSETS

INSTRUCTOR ASSETS

This change was focused on consolidating the module-level PowerPoint decks into learning-path
level PowerPoint decks. There are now 4 PPT decks for the course. As part of this update, the sides
were also updated, as needed. These updates include removing slides, adding new slides to
provide clarity or context, and hiding slides. Hidden slides are intended as additional or back-up
information to drill into more content details on a topic.
It’s acknowledged that there is a large volume of slides, so it is not assumed nor expected that
trainers will use every slide that is provided. As such, it is important that trainers review and
familiarize themselves with the updated PowerPoint decks prior to delivery and determine which
slides to use and which ones to hide while ensuring appropriate coverage of topics in the objective
domain (study guide) document.
Some points to note in the updated PowerPoint slides:
• Towards the end of each learning path deck are a set of knowledge check questions. There
is one question per module. For additional questions refer to the module-level knowledge
unit on Microsoft Learn. The separate knowledge check Form that was previously available
and that contained the same questions already available on Microsoft Learn will no longer
be updated and is no longer included as a link in the PowerPoint deck.
• Towards the end of each learning path deck is a case study placeholder slide. The notes
section of that slide includes links to the longer case study and the individual shorter case
studies that map to modules covered in the learning path.
• Unit-level title slides have been maintained in the consolidated decks to provide visibility
on the start of a new unit/topic. This adds quite a bit to the overall number of slides in each
deck, so feel free to hide these as desired.
• In a few instances, slides for related units have been consolidated into one unit, even
though they are separate units on Microsoft Learn. In those instances, the notes section of
the slide calls it out. This is only the case for some very limited instances of unit-level
content, not module-level content.
MTTs and MCTs are encouraged to provide feedback through the existing feedback mechanisms.
The content development team will review all constructive feedback and act as needed to ensure
high quality content for trainers and learners.

Page 2
Change Log: SC-100T00A Microsoft Cybersecurity Architect February 2025

October 15, 2024 – Major Refresh

Update: Major
Type of change: INSTRUCTOR ASSETS

INSTRUCTOR ASSETS

• The trainer prep guide has been updated for guidance on newly released labs for SC-100

June 18, 2024 – Major Refresh

Update: Major
Type of change: SLIDES, INSTRUCTOR ASSETS

SLIDES

• Module 7:
o New Unit: Evaluate the security and governance of on-premises Active Directory
Domain Services (AD DS), including resilience to common attacks
o New Unit: Evaluate an access review management solution that includes Microsoft
Entra Permissions Management
• Module 8:
o Addition of discussion of SecOps capabilities of Copilot for Security under “Design
security operations capabilities in hybrid and multicloud environments”
• Module 9:
o New Unit: Security and compliance controls for Copilot for Security
• Module 13:
o New Unit: Specify requirements and priorities for a posture management process
that uses Exposure Management

Page 3
Change Log: SC-100T00A Microsoft Cybersecurity Architect February 2025

• Module 14:
o New Unit: Evaluate Windows Local Admin Password Solution (LAPS) solutions
• Module 12:
o New Unit: Evaluate solutions that include Azure AI Services Security
• Module 15: Module changed to Evaluate solutions for network security and Security Service
Edge (SSE)
o New Unit: Evaluate network designs to align with security requirements and best
practices (contains much of the materials from the old version of module 15 on
network security)
o New Unit: Evaluate solutions that use Microsoft Entra Internet Access as a secure
web gateway
o New Unit: Evaluate solutions that use Microsoft Entra Internet Access to access
Microsoft 365, including cross-tenant configurations
o New Unit: Evaluate solutions that use Microsoft Entra Private Access

INSTRUCTOR ASSETS

• Trainer Prep Guide updated with new units

February 27, 2024 – Bug Fixes

Update: Minor
Type of change: SLIDES

SLIDES

• Module 5: Clarified the use of policy scopes at the resource level in slide 20 speaker notes
• Module 6: Entra rebranding updates
• Module 12: Fixed broken link in slide 3
• Module 8: Fixed the usage of the SIEM acronym in slide 4
• Module 9: Defender for Collaboration rebrand

Page 4
Change Log: SC-100T00A Microsoft Cybersecurity Architect February 2025

• Module 13: Updated cloud provider coverages for Defender for Cloud on slide 13

November 10, 2023 – Slide reordering

Update: Major
Type of change: SLIDES, INSTRUCTOR ASSETS

SLIDES:

• Multiple units have been moved between modules to streamline the flow of course
deliveries and reduce repetition of products across different modules
• There are a few new units created out of existing units

Unit Old Location New Location Learn Content Link

Secure access for Service 10.6 6.7 Link
principles workload identities
Enterprise access model 7.2 7.1 Link
Identity governance in Azure AD 7.3 7.3 Link
(PIM and Entitlement
Management)*
Identity governance in on-prem AD 7.3 7.4 Link
DS (PAM)*
Defender for IoT for OT and ICS 14.5 13.10 Link
security
Secure remote access 14.7 15.5 Link
Securing containerized 10.3 and 12.3 10.9 Link
applications*
Evaluate infrastructure compliance 5.4 13.9 Link
by using Microsoft Defender for
Cloud
Defender for IoT for OT and ICS 14.4 13.10 Link
security
Security requirements for IoT 12.3 14.5 Link
Design posture management and 13.3 13.5 Link
workload protection in hybrid and
multicloud environments

* = New unit

INSTRUCTOR ASSETS

Page 5
Change Log: SC-100T00A Microsoft Cybersecurity Architect February 2025

• An additional course presentation order that is based on the Zero Trust technology pillars
has been included in the Trainer Prep Guide.

October 13, 2023 – Template update

Update: Minor
Type of change: SLIDES

SLIDES

• Resolved contrast issues in Module 6

September 15, 2023 – Template update

Update: Minor
Type of change: GENERAL, SLIDES, EDUCATOR ASSETS

SLIDES

• The slides have been updated to the new standard Microsoft Learn template
• Module 6 slides on identity have been updated to clarify the different identity solutions:
o AD vs Azure AD
o AD DS vs Azure AD vs Azure AD DS

July 14, 2023 – Bug fixes

Update: Minor
Type of change: GENERAL, SLIDES, EDUCATOR ASSETS

SLIDES

• The case studies in the GitHub repo have been reordered to reflect the new module order.
• The links to the case studies in the slide notes have also been updated.

Page 6
Change Log: SC-100T00A Microsoft Cybersecurity Architect February 2025

• This release contains miscellaneous bug fixes for slide titles, incorrect slide orders and
standardizing slide layout and appearance.
• The agenda has been standardized for all modules to feature the case study before the
knowledge check.
• A new link as been added on the knowledge check slide in the notes section allowing
instructors to duplicate the knowledge check questions into their own form.
• A few new slides have been added in the introduction to SecOps section in Module 8

May 5, 2023 – Refreshing course content for a new

exam objective domain
Update: MAJOR
Type of change: GENERAL, SLIDES, EDUCATOR ASSETS

SLIDES

• SC-100 underwent another Job Task Analysis in November of 2022

• There was a significant amount of change to the course functional groups, main tasks and
sub tasks at that Job Task Analysis. As a result, the self paced content on Learn and the
Instructor Led Training PowerPoint slides have been redone.
• Some new topics were added to the objective domain, and a few were removed
• Many topics were reworded to emphasize creation of solutions rather than strategy
• A mapping has been added to the trainer prep guide to show how the new ILT modules
map to the new Objective Domain (OD), the old ILT modules and the old OD.

December 12, 2022 – Linking to case studies in GitHub,

adding recommended labs for Sentinel and Defender
for Cloud
Update: MINOR
Type of change: GENERAL, SLIDES, EDUCATOR ASSETS

Page 7
Change Log: SC-100T00A Microsoft Cybersecurity Architect February 2025

SLIDES

• We have removed the slides that describe the case studies and their recommended
answers. Instructors are instead recommended to refer to the case studies hosted on
GitHub
• A new slide has been added to the 00 deck that gives some links to recommended hands
on labs for Sentinel and Defender for Cloud that are maintained by the product groups.
• The same information has been added to the trainer prep guide

November 29, 2022 – Bug Fixes

Update: MINOR
Type of change: GENERAL, SLIDES, EDUCATOR ASSETS

SLIDES

• Miscellaneous bug fixes have been implemented to maintain synchronization with the MS
Learn materials, add sections to all the PowerPoint decks and make sure that the agendas
reflect recent updates.

Page 8