PaulJerimy / SecCertRoadmapHTML

Security Certification Roadmap HTML5/CSS3 version
Creative Commons Attribution Share Alike 4.0 International
590 stars 111 forks source link

Add Microsoft Security certifications #39

Closed ZubairRahimZubi closed 2 years ago

ZubairRahimZubi commented 3 years ago

Add Microsoft Certified: Security Operations Analyst Associate (SC-200) Add Microsoft Certified: Identity and Access Administrator Associate (SC-300) Add Microsoft 365 Security Administration (MS-500) Add SC-400 | Microsoft Information Protection Administrator Add SC-900 | Microsoft Security, Compliance, and Identity Fundamentals

sawft99 commented 2 years ago

Also worth mentioning:

SC-100: https://docs.microsoft.com/en-us/learn/certifications/cybersecurity-architect-expert/ AZ-500: https://docs.microsoft.com/en-us/learn/certifications/azure-security-engineer/

SC-900 might be a little basic for the list but given some of the other certs on the site it could be fitting.

sinecurelife commented 2 years ago

SC-200, SC-300, SC-900, and AZ-500 already on chart. Renamed certificate acronyms to the exam codes (I.E. MSOAA to SC-200) to help with recognition.

MS-500 not added as it is redundant with AZ-500 for the scope of this roadmap.

I'll keep an eye on SC-100, which is still in beta.

Added SC-400 to Release 8 (April 2022)

sawft99 commented 2 years ago

SC-200, SC-300, SC-900, and AZ-500 already on chart. Renamed certificate acronyms to the exam codes (I.E. MSOAA to SC-200) to help with recognition.

MS-500 not added as it is redundant with AZ-500 for the scope of this roadmap.

I'll keep an eye on SC-100, which is still in beta.

Added SC-400 to Release 8 (April 2022)

Just for the record, given the names of the exams we know one is from the 365 perspective and one is from the Azure perspective. They do seem fairly similar but a more in depth look into the objectives have some big differences. Some differences:

AZ-500 covers advanced network security (20% of the exam) where MS-500 has none of that mentioned in the objectives:

 secure the connectivity of hybrid networks  secure the connectivity of virtual networks  create and configure Azure Firewall  create and configure Azure Firewall Manager  create and configure Azure Application Gateway  create and configure Azure Front Door  create and configure Web Application Firewall (WAF)  configure a resource firewall, including storage account, Azure SQL, Azure Key Vault, or Azure App Service  configure network isolation for Web Apps and Azure Functions  implement Azure Service Endpoints  implement Azure Private Endpoints, including integrating with other services  implement Azure Private Links  implement Azure DDoS Protection

They both have sections on encryption, but MS-500 is based around Windows device encryption whereas AZ-500 is based around compute and SQL. AZ-500 has content based around SQL, serverless compute, and virtualization while MS-500 has no mention of those topics at all. MS-500 can act as a prereq to the '365 Enterprise Admin' cert where AZ-50 0 can not. I'm sure there are more differences as well.

There's a lot of crossover between 365 and Azure in other certs, but there are some significant differences between the two. At least a third of both exams don't line up with the other, and that's conservative.