Microsoft Identity And Access Administrator SC300 - United States

Microsoft Identity and Access Administrator SC300 Course Outline

Module 1: Explore Identity and Azure AD

• Introduction
• Explain the Identity Landscape
• Explore Zero Trust with Identity
• Discuss Identity as a Control Plane
• Explore Why We Have Identity
• Define Identity Administration
• Contrast Decentralised Identity with Central Identity Systems
• Discuss Identity Management Solutions
• Explain Azure AD Business to Business
• Compare Microsoft Identity Providers
• Define Identity Licensing
• Explore Authentication
• Discuss Authorisation
• Explain Auditing in Identity

Module 2: Implement Initial Configuration of Azure Active Directory

• Introduction
• Configure Company Brand
• Configure and Manage Azure Active Directory Roles
• Exercise: Manage Users Roles
• Configure Delegation by Using Administrative Units
• Analyse Azure AD Role Permissions
• Configure and Manage Custom Domains
• Configure Tenant-Wide Settings
• Exercise: Setting Tenant-Wide Properties

Module 3: Create, Configure, and Manage Identities

• Introduction
• Create, Configure, and Manage Users
• Exercise: Assign Licenses to Users
• Exercise: Restore or Remove Deleted Users
• Create, Configure, and Manage Groups
• Exercise: Add Groups in Azure Active Directory
• Configure and Manage Device Registration
• Manage Licenses
• Exercise: Change Group License Assignments
• Exercise: Change User License Assignments
• Create Custom Security Attributes
• Explore Automatic User Creation

Module 4: Implement and Manage External Identities

• Introduction
• Describe Guest Access and Business to Business Accounts
• Manage External Collaboration
• Exercise: Configure External Collaboration
• Invite External Users - Individually and in Bulk
• Exercise: Add Guest Users to Directory
• Exercise: Invite Guest Users in Bulk
• Demo: Manage Guest Users in Azure Active Directory
• Manage External User Accounts in Azure Active Directory
• Manage External Users in Microsoft 365 Workloads
• Exercise: Explore Dynamic Groups
• Implement Cross-Tenant Access Controls
• Configure Identity Providers
• Implement and Manage Entra Verified ID

Module 5: Implement and Manage Hybrid Identity

• Introduction
• Plan, Design, and Implement Azure Active Directory Connect
• Implement Manage Password Hash Synchronisation (PHS)
• Implement Manage Pass-Through Authentication (PTA)
• Demo: Manage Pass-Through Authentication and Seamless Single Sign-On (SSO)
• Implement and Manage Federation
• Troubleshoot Synchronisation Errors
• Implement Azure Active Directory Connect Health
• Manage Azure Active Directory Connect Health

Module 6: Secure Azure Active Directory Users with Multi-Factor Authentication

• Introduction
• What Is Azure AD Multi-Factor Authentication?
• Plan Your Multi-Factor Authentication Deployment
• Exercise: Enable Azure AD Multi-Factor Authentication
• Configure Multi-Factor Authentication Methods

Module 7: Manage User Authentication

• Introduction
• Administer FIDO2 and Passwordless Authentication Methods
• Explore Authenticator App and OATH Tokens
• Implement an Authentication Solution Based on Windows Hello for Business
• Exercise: Configure and Deploy Self-Service Password Reset
• Deploy and Manage Password Protection
• Configure Smart Lockout Thresholds
• Exercise: Manage Azure Active Directory Smart Lockout Values
• Implement Kerberos and Certificate-Based Authentication in Azure AD
• Configure Azure AD User Authentication for Virtual Machines

Module 8: Plan, Implement, and Administer Conditional Access

• Introduction
• Plan Security Defaults
• Exercise: Work with Security Defaults
• Plan Conditional Access Policies
• Implement Conditional Access Policy Controls and Assignments
• Exercise: Implement Conditional Access Policies Roles and Assignments
• Test and Troubleshoot Conditional Access Policies
• Implement Application Controls
• Implement Session Management
• Exercise: Configure Authentication Session Controls
• Implement Continuous Access Evaluation

Module 9: Manage Azure AD Identity Protection

• Introduction
• Review Identity Protection Basics
• Implement and Manage User Risk Policy
• Exercise: Enable Sign-In Risk Policy
• Exercise: Configure Azure Active Directory Multi-Factor Authentication Registration Policy
• Monitor, Investigate, and Remediate Elevated Risky Users
• Implement Security for Workload Identities
• Explore Microsoft Defender for Identity

Module 10: Implement Access Management for Azure Resources

• Introduction
• Assign Azure Roles
• Configure Custom Azure Roles
• Create and Configure Managed Identities
• Access Azure Resources with Managed Identities
• Analyse Azure Role Permissions
• Configure Azure Key Vault RBAC Policies
• Retrieve Objects from Azure Key Vault
• Explore Entra Permissions Management (CloudKnox)

Module 11: Plan and Design the Integration of Enterprise Apps for SSO

• Introduction
• Discover Apps by Using Microsoft Defender for Cloud Apps and Active Directory Federation Services App Report
• Configure Connectors to Apps
• Exercise: Implement Access Management for Apps
• Design and Implement App Management Roles
• Exercise: Create a Custom Role to Manage App Registration
• Configure Pre-Integrated Gallery SaaS Apps
• Implement and Manage Policies for OAuth Apps

Module 12: Implement and Monitor the Integration of Enterprise Apps for SSO

• Introduction
• Implement Token Customisations
• Implement and Configure Consent Settings
• Integrate On-Premises Apps by Using Azure Active Directory Application Proxy
• Integrate Custom SaaS Apps for Single Sign-On
• Implement Application User Provisioning
• Monitor and Audit Access to Azure Active Directory Integrated Applications
• Create and Manage Application Collections

Module 13: Implement App Registration

• Introduction
• Plan Your Line of Business Application Registration Strategy
• Implement Application Registration
• Exercise: Register an Application
• Configure Application Permission
• Exercise: Grant Tenant-Wide Admin Consent to an Application
• Implement Application Authorisation
• Exercise: Add App Roles to Application and Receive Tokens
• Manage and Monitor Applications with App Governance

Module 14: Plan and Implement Entitlement Management

• Introduction
• Define Access Packages
• Exercise: Create and Manage a Resource Catalog with Azure AD Entitlement
• Configure Entitlement Management
• Exercise: Add Terms of Use Acceptance Report
• Exercise: Manage the Lifecycle of External Users with Azure AD Identity Governance
• Configure and Manage Connected Organisations
• Review Per-User Entitlements

Module 15: Plan, Implement, and Manage Access Review

• Introduction
• Plan for Access Reviews
• Create Access Reviews for Groups and Apps
• Create and Configure Access Review Programs
• Monitor Access Review Findings
• Automate Access Review Management Tasks
• Configure Recurring Access Reviews

Module 16: Plan and Implement Privileged Access

• Introduction
• Define a Privileged Access Strategy for Administrative Users
• Configure Privileged Identity Management for Azure Resources
• Exercise: Configure Privileged Identity Management for Azure Active Directory Roles
• Exercise: Assign Azure Active Directory Roles in Privileged Identity Management
• Exercise: Assign Azure Resource Roles in Privileged Identity Management
• Plan and Configure Privileged Access Groups
• Analyse Privileged Identity Management Audit History and Reports
• Create and Manage Emergency Access Accounts

Module 17: Monitor and Maintain Azure Active Directory

• Introduction
• Analyse and Investigate Sign-In Logs to Troubleshoot Access Issues
• Review and Monitor Azure Active Directory Audit Logs
• Exercise: Connect Data from Azure Active Directory to Microsoft Sentinel
• Export Logs to Third-Party Security Information and Event Management System
• Analyse Azure Active Directory Workbooks and Reporting
• Monitor Security Posture with Identity Secure Score