Microsoft Certs – Memory Tests With Limited Technical Value

I passed three Microsoft Associate exams this month – AZ-500, MS-500 and SC-200 – but this has led me to question their worth from a technical perspective. How much value can you really put on a cert that is achievable in a week of cramming?

I’ve never attempted this many certs in such a short timeframe, but I had plenty of incentives; there was an initiative at work to obtain all three to help the company retain Microsoft partnership status, I had a city-break coming up that motivated me to complete the exams before going away, I had time to study at work considering I was still new and not particularly busy, and there was overlap with other exam material I was already studying or had recently passed.

So, I felt I had to strike while the iron was hot. Without all these incentives I definitely wouldn’t have pushed through and doubt I would have even bothered with SC-200, as being a security analyst is not in my career plans. But as good as it was to get them all done, it’s made me reconsider my opinion on the value of IT certifications, or more specifically, the technical value of those with predominantly multiple-choice questions that don’t test hands-on experience.

The Good

I’ve always been a big advocate of achieving certs, especially for technologies/vendors you’re working with daily. I like how they provide a vendor-approved, structured syllabus as a learning path. It’s great to be able to flesh out your CV with them, especially at the early stages of your career, and there’s been a couple of certificates through the years that have given me the green light to immediately pursue a pay rise after passing.

So far, I’ve obtained about 20 IT certs, with the gold standard (at my level of experience) being Red Hat Certified System Administrator.

What I loved about this exam was that it was 100% hands-on; here’s two VMs, here’s SSH credentials for one of them, here’s 20 or so tasks, go do them…and ya better be quick about it! It felt like no mercy was shown in that exam…some of the later tasks are even reliant on you having completed the prior tasks successfully! No amount of reading books, watching video walkthroughs, or cramming practice exams will allow you to pass this exam without also having spent many, many hours in a shell. And that’s the way it should be for a technical exam. The certificate then means something. It proves beyond doubt that you put in the graft and, at the time of passing at least, had sufficient knowledge and hands on ability to be a RHEL system administrator. During and after study for the RHCSA, I felt extremely comfortable around Linux, and would confidently tell anybody that. I felt I knew what I was doing.

The CCNA was similar. Although a mixture of multiple-choice questions and “lablets”, I imagine it would be extremely difficult to pass the CCNA without plenty of CLI time. Again, at the time of passing the CCNA I felt very capable of managing Cisco switching and routing devices. I was able to input full configs quicker than I could verbalise what the hell my fingers were typing. And that was only because hours and hours of hands-on practice was absolutely required. The CCNA also went beyond vendor specific knowledge (RHCSA has this in common to some extent too), it taught me solid foundational networking theory that I feel every IT professional should know, and did so without feeling like Cisco products were being shoved down my throat. The CCNA directly resulted in my transition to a bigger company and a more senior, better paid position.

The Bad

Compare that to the Microsoft certs I completed this month. SC-200, “Microsoft Certified Security Operations Analyst Associate”. I’m not claiming that Microsoft intended this to be on the same technical level as RHCSA or CCNA, but it is marketed as a mid-level “associate” exam. Do I feel like I could slide into a Security Operations Analyst position having completed this exam, in the same way I felt I could handle RHEL after completing RHCSA? I don’t mind admitting no, not at all! The SC-200 taught me how to spot incorrect KQL statements from a dozen keywords, basic familiarisation with each Microsoft Defender product, and what needs to be present in a working Sentinel deployment. The time needed practicing in Azure was absolutely minimal.

AZ-500 and MS-500 were of a similar vein, although I admittedly got a little more value from them as they’re more aligned with my current role as a Security Engineer. Still, in reality, absolutely zero hands on knowledge was required to pass. I noticed you also begin to learn Microsoft’s baits and tricks across their exams, you notice word associations that once you spot, make the answer easier to work out. The irony is that somebody with 5 years of hands-on experience with RHEL could very likely pass the RHCSA without studying course material, while I feel the same wouldn’t hold true of somebody with 5 years of Azure experience going into AZ-500 blind. Besides the constant reshuffling of Azure products, names and terms, there are enough ridiculous Microsoft-style questions that will catch people out that aren’t familiar with the format (“user1 is a member of group1, user2 is a member of group1 and group2, user1 is the owner of group2. What time did user2 wake up at today?“)

Why can’t Microsoft exams – even just at the Expert level – be more like RHCSA? Give you an empty tenant, make you setup Sentinel, workspaces and data connectors from scratch, make you actually investigate a live issue and get to the root cause. If you can’t successfully set up Sentinel and start the investigation, tough shit, you can’t do the remaining tasks. You don’t know your stuff, go back and learn. A Microsoft cert like that would feel so much more valuable. Instead, it’s 40-ish multiple-choice questions, often completely detached from scenarios you’ll encounter in real life, with 4 possible answers you can hazard an educated guess at. The case studies, by far the most interesting section of the exams and the most life-like, unfortunately also have the easiest questions, and really are just a test of how you cope with a wall of information in front of you.

The Mugly

Of course, there’s some responsibility on the test taker’s part to study appropriately for these exams and be true to themselves that they know the material, regardless of the exam itself actually testing your technical knowledge. The incentive I had from work to complete these in a month wasn’t helpful in that regard, the irony being outside pressure from Microsoft itself to have employees certified in the first place. But still, my point is that it shouldn’t be possible to blast through these in a week, in the same way it wouldn’t be possible to do the RHCSA or CCNA in a week (I’m sure somebody has done it, but I’d confidently say 99% of people won’t be able to).

I have two more Microsoft certifications I’d like to achieve in the next couple of months, Microsoft Certified: Cybersecurity Architect Expert and Microsoft Certified: Azure Solutions Architect Expert. I know already that it’s going to be very much the same deal, but I’ll be taking my time with these, mostly because I want to truly learn the material rather than just pass the exam for another damn LinkedIn badge. I don’t want to feel like a complete charlatan having those certs on my CV, even if they are achievable through books and videos only.

After that, I am definitely done with Microsoft certs for the foreseeable future.

Leave a Reply

Your email address will not be published. Required fields are marked *