You failed the SC-900. You got a 672. The passing score is 720. You’re looking at your score report thinking: What now? How long do I wait? How much does this cost? Can I retake it tomorrow?
Let’s cut through the noise.
What Your Score Actually Means
A 672 on the Microsoft Security, Compliance & Identity Fundamentals (SC-900) is 48 points short. That’s not “you don’t know anything.” That’s “you know most of it, but you missed critical sections.”
The SC-900 scales scores from 0 to 1000. The passing threshold is 720. Microsoft doesn’t publish the exact number of questions you need correct—that varies because the exam uses adaptive testing—but you’re looking at roughly 60-65% accuracy when you needed 70%+.
Here’s what that probably means: You crushed some domains. You bombed others. Maybe you nailed Microsoft Entra and identity governance. Maybe you got destroyed on compliance and data residency questions.
The score report breaks this down by skill area. Open it. Really look at it. If you scored below 40% on “Microsoft Compliance Solutions,” that’s your problem. Not test anxiety. Not bad luck. That’s a knowledge gap.
Don’t waste time feeling bad about this. You’re close. That’s actually the worst position—close enough to feel it’s unfair, not close enough to pass.
The Real Reason You Failed Microsoft Security, Compliance & Identity Fundamentals (SC-900)
Most people fail the SC-900 for one of three reasons:
Reason 1: You studied the wrong material. You watched Microsoft Learn videos on identity and access management but skipped the compliance section. Or you crammed practice tests without understanding why the answers were right. The SC-900 tests conceptual knowledge across five domains: cloud concepts and services, security, compliance, identity and access, and applications. If you only studied three of them, you’ll fail three out of five times.
Reason 2: You confused “heard about it” with “know it.” Someone told you about Azure AD. You nodded. You think you know it. But the exam questions are specific. Example: “Your company uses Microsoft Entra ID (formerly Azure AD) and needs to enforce multi-factor authentication for all administrative accounts. Which feature should you implement?” The answer isn’t just “MFA exists.” It’s understanding where in the Entra admin center you configure it, when it applies, and what alternatives exist. You probably guessed.
Reason 3: You ran out of time or panicked. The SC-900 gives you 45 minutes for roughly 30-40 questions (the exact count varies). That’s 1 to 1.5 minutes per question. If you spent five minutes debating between two options on question 8, you had to rush through the last ten questions. Panic kills precision.
Check your score report. It shows your performance by domain. Wherever you see 40% or below, that’s where you failed. Start there on your retake.
What To Do In The Next 48 Hours
Right now: Download and save your score report as a PDF. Don’t just look at it on your Microsoft account—download it. You need this reference.
Today: Identify the two domains where you scored lowest. Ignore the rest for now. If you scored 35% on “Microsoft Compliance Solutions” and 42% on “Microsoft Identity and Access Solutions,” those are your targets. Not balance. Not “review everything.” Hunt the weak spots.
Tonight: Find three practice test questions related to your lowest-scoring domain. Don’t study general concepts. Do targeted practice. Search “SC-900 practice questions compliance” or “SC-900 exam questions data residency.” Take those questions cold, no notes. See which ones you still miss.
Day 2: Stop studying compliance. You need a break. Your brain locked up on that content. Let it sit for 24 hours. Review something totally different—maybe identity governance questions. Fresh context helps.
By end of day 2: Schedule your retake. Don’t wait. Waiting is when you lose momentum and convince yourself to study “just a little more” for another two months.
Your Retake Plan
Microsoft allows you to retake the SC-900 immediately. No waiting period. You can sit for the exam again the next day if you want.
But should you?
No.
You need 3 to 7 days minimum. Here’s why: Your brain needs time to process what you got wrong. Sitting for the exam again in 24 hours just repeats the same mistakes on different questions.
The actual retake timeline:
- Day 1-2: Identify weak domains from your score report.
- Day 3-5: Targeted study on those domains. One domain per day. Use Microsoft Learn modules (free, official), watch exam-specific video walkthrough content, and take practice tests focused on that domain.
- Day 6: Full-length practice test. Timed. No breaks. Simulate the real exam.
- Day 7: Retake the actual SC-900 exam.
This assumes you failed because of knowledge gaps, not test anxiety or bad luck. If you got a 715 and just need a handful more points, you can compress this to 3 days. If you got a 650, you need the full week and probably two weeks.
Cost: The SC-900 costs $99 USD. Each retake is another $99. That’s per exam. So your retake will cost $99. If you fail again, the next one is another $99. There’s no bulk discount or “retake package.” Each attempt is a separate $99 charge.
Schedule the retake immediately. Pay the $99. Commit to the date. Human psychology: Once you’ve paid and scheduled, you study harder.
One Thing To Do Right Now
Open your score report. Look at the five domains listed:
- Cloud Concepts and Services
- Security, Compliance, and Identity
- Cloud Application Security
- Data and Application Governance
- Privacy, Risk, and Compliance
Find the one with the lowest percentage. Write that domain name on a sticky note. Put it on your monitor.
That’s where your retake study starts. Not with what’s easiest. Not with what sounds interesting. With what you scored worst on.
Do that right now. Literally stop reading and do it.
Then tomorrow morning, open Microsoft Learn and search for that domain. Spend one hour on one Microsoft Learn module about that topic. Take a practice test question on it. See what you missed.
That’s your momentum. That’s how you get from 672 to 720.