Microsoft Identity and Access Administrator (SC-300)

The Microsoft Identity and Access Administrator (SC-300) is Microsoft's specialist credential for Microsoft Entra ID (formerly Azure Active Directory) administration. It validates that you can plan, implement, and operate identity solutions at enterprise scale — workforce and external identities, authentication methods, Conditional Access, application access, and the full identity-governance lifecycle.

This practice test gives you 250 scenario-style multiple-choice questions with detailed, multi-sentence explanations. Where AZ-500 covers the broader Azure security engineer's view and SC-200 covers the SOC analyst's view, SC-300 is the identity administrator's depth — Conditional Access design at scale, hybrid identity, application onboarding, lifecycle workflows, Entitlement Management, Access Reviews, PIM, and the day-to-day work of running an Entra ID tenant for thousands of users.

What the SC-300 exam covers

• Implement identities in Microsoft Entra ID (20–25%) — Microsoft Entra tenant configuration (custom domain names, branding, default settings), user identity lifecycle (cloud-only, B2B guest, External ID), bulk user operations, groups (security, Microsoft 365, dynamic membership rules, group writeback), Administrative Units, Microsoft Entra Connect Sync and Cloud Sync (filtering, password hash sync, pass-through authentication, password writeback, group writeback), federation troubleshooting and AD FS to cloud authentication migration via Staged Rollout, Entra Domain Services for legacy LDAP / Kerberos workloads, device join scenarios (Entra-joined, Hybrid-joined, Entra-registered), SSPR configuration, license assignment with group-based licensing.
• Implement authentication and access management (25–30%) — authentication methods (Microsoft Authenticator with number matching, FIDO2 security keys, Windows Hello for Business, certificate-based, OATH hardware tokens, voice / SMS / email, Temporary Access Pass), Authentication Methods policy migration from legacy MFA / SSPR settings, Conditional Access (signals — user, sign-in risk, location, device platform, app, client app type; grant controls — MFA, compliant device, hybrid join, app protection policy, Authentication Strengths; session controls — sign-in frequency, persistent browser, app-enforced restrictions, Conditional Access App Control), Microsoft Entra ID Protection (risk policies, risky users / sign-ins, identity-protection signals), Privileged Identity Management for Entra and Azure roles (eligible assignments, activation settings, approvals, alerts), Continuous Access Evaluation, Cross-Tenant Access Settings, B2B collaboration trust settings.
• Plan and implement access management for apps (20–25%) — Enterprise applications (gallery + non-gallery), single sign-on (SAML 2.0, OAuth 2.0, OpenID Connect, password-based, header-based, linked), application proxy for publishing on-prem web apps without VPN, Microsoft Entra Application Gallery, custom SAML applications (claim issuance, signing certificate rollover), application registrations (manifest, redirect URIs, scopes, API permissions delegated vs application, consent framework — admin consent workflow, restrict user consent, verified publisher), service principals, OAuth permissions and consent attacks defense, OAuth permission scopes (Microsoft Graph), Conditional Access for Workload Identities, app risk in Microsoft Defender for Cloud Apps.
• Plan and implement identity governance in Microsoft Entra (20–25%) — Entitlement Management (catalogs, access packages, policies, requestors, approvers, separation of duties, custom extensions), Access Reviews (group, app role, PIM role, inactive users, recurrence, decisions, auto-apply), Privileged Identity Management governance (recurring access reviews on Global Admin and other Tier-0 roles, alerts), Lifecycle Workflows (joiner / mover / leaver automation, scheduled and on-demand, tasks), Terms of Use, audit logs and Microsoft Entra monitoring (Sign-in / Audit / Provisioning logs → Log Analytics → Microsoft Sentinel), Microsoft Entra Identity Governance license requirements (Microsoft Entra ID P2 / Microsoft Entra ID Governance).

Exam format on Microsoft Learn

The live SC-300 has 40–60 questions over roughly 120 minutes of seat time (about 150 minutes total including instructions). It uses multiple-choice, multiple-response, drag-and-drop ordering, hot-area, and case studies (long scenarios with multiple linked questions). Passing score is 700 / 1000 (~70%). The exam is available in English, Japanese, Simplified Chinese, Korean, German, French, Spanish, Portuguese, Italian, Arabic, Indonesian, and Russian, at Pearson VUE test centers or online proctored. Recertification is annual via free renewal assessment on Microsoft Learn.

Who should take this?

Working identity administrators, IAM engineers, Microsoft 365 administrators, and security engineers who own Microsoft Entra ID day-to-day. Microsoft recommends familiarity with Microsoft 365 services, basic networking, hybrid identity, and the Azure portal. Many candidates pair SC-300 with SC-200 (Security Operations Analyst) for SOC-side coverage, SC-100 (Cybersecurity Architect Expert) for architecture-tier breadth, SC-400 (Information Protection and Compliance Administrator) for data-protection depth, AZ-500 (Azure Security Engineer) for the broader Azure security engineering view, and MS-102 (Microsoft 365 Administrator Expert) for full M365 ops. SC-300 is also a strong differentiator for IAM-focused roles alongside vendor-neutral certs like CIAM credentials.

Free to attempt with a TestsWorld account. No card required.