Design Enterprise Security Architecture with Zero Trust

The SC-100 is the expert-level capstone for the Microsoft Security certification path. This is not a configuration course — it is a design and strategy course. You will learn to evaluate security posture across an entire organization, design Zero Trust architectures, and specify security requirements for infrastructure, applications, and data. This is what Microsoft expects from a cybersecurity architect.

The course covers the four major domains of the SC-100 exam: designing Zero Trust strategy, evaluating GRC technical strategies, designing security for infrastructure, and designing security strategy for data and applications. Each section includes real architecture scenarios where you make design decisions — which Defender plan to deploy, how to segment networks, where to place policy enforcement points, and how to design identity governance that scales.

If you have passed the SC-200 or SC-300 and want to move into architecture, this is your path. The SC-100 requires you to think across the entire Microsoft Security stack and make decisions that balance security, cost, and operational complexity. This course prepares you to do that.

Curriculum

Zero Trust Strategy and Architecture

• Zero Trust principles and Microsoft reference architecture
• Identity as the control plane — Entra ID design decisions
• Network segmentation and micro-segmentation strategies
• Device trust and endpoint security architecture

Governance, Risk, and Compliance Strategy

• Regulatory compliance architecture with Purview
• Risk management frameworks and security baselines
• Privacy and data residency design considerations
• Security posture management across multi-cloud

Infrastructure Security Design

• Hybrid and multi-cloud security architecture
• Server, container, and serverless workload protection
• Azure landing zone security patterns
• DevSecOps integration and secure development lifecycle

Data and Application Security Strategy

• Data classification and protection architecture
• Application security design patterns
• API security and workload identity
• Security monitoring and operations architecture

Who Is This For

This course is for experienced security professionals pursuing the SC-100 expert certification. You should already hold an associate-level certification like the AZ-500, SC-200, or SC-300 and have practical experience designing security solutions. If you are a security architect, senior security engineer, or lead consultant who makes design decisions for enterprise environments, this course validates your ability to architect security at scale.