Course Summary

This Microsoft Identity and Access Administrator course prepares you for the Microsoft Exam SC-300 by focusing on the knowledge  needed to configure and manage Azure AD tenants; creating, configuring, and managing Azure AD identities; implementing and managing external identities and hybrid identity; planning, implementing, and managing Azure Multifactor Authentication (MFA), self-service password reset, Azure AD user authentication, and Azure AD conditional access; managing Azure AD Identity Protection; implementing access management for Azure resources; managing and monitoring app access with Microsoft Defender for Cloud Apps; planning, implementing, and monitoring enterprise app integration; enabling app registration; planning and implementing entitlement management and privileged access; planning, implementing, and managing access reviews; and monitor Azure AD. This course focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified: Identity and Access Administrator Associate level.

The goal of this course is to provide you with all the tools you need to prepare for the SC-300 Microsoft Identity and Access Administrator exam — including text explanations, video demos, lab activities, self-assessment questions, and a practice exam— to increase your chances of passing the exam on your first try.

Methodology:

180-day access to:

  • Lessons
  • Video learning
  • MeasureUp Practice Test for Microsoft (SC-300). Practice Mode with remediation and Certification mode to simulate the test day experience.
Duration:  

34 hours of primary content. Each learner will learn at their own pace.

Audience:  

An administrator, security engineer, or other IT professional who provides, or plans to provide, secure identity and access services for an enterprise.

Prerequisites:  

IT professionals who design, implement, and operate an organization’s identity and access management systems by using Microsoft Azure Active Directory (Azure AD).

 

Course Outline:

Upon successful completion of this course, students should be able to:

  • Implement identities in Azure AD.
  • Implement an authentication and access management solution.
  • Implement Access Management for Apps.
  • Plan and implement an Identity Governance strategy.

Lesson 1: Implement identities in Azure AD (4 hours and 12 minutes)

  • Skill 1.1: Skill 1.1: Configure and manage an Azure AD tenant (1 hour).
    • Configure and manage Azure AD roles.
    • Configure delegation by using administrative units.
    • Analyze Azure AD role permissions.
    • Configure and manage custom domains.
    • Configure tenant-wide settings.
  • Skill 1.2: Create, configure, and manage Azure AD identities (48 minutes).
    • Create, configure, and manage users.
    • Create, configure, and manage groups.
  • Configure and manage device joins and registrations, including writeback.
    • Assign, modify, and report on licenses.
  • Skill 1.3: Implement and manage external identities (48 minutes).
    • Manage external collaboration settings in Azure AD.
    • Invite external users, individually or in bulk (collectively).
    • Manage external user accounts in Azure AD.
    • Configure identity providers, including SAML and WS-Fed.
  • Skill 1.4: Implement and manage external identities (1 hour and 36 minutes).
    • Implement and manage Azure Active Directory Connect.
    • Implement and manage Azure AD Connect cloud Sync.
    • Implement and manage Password Hash Synchronization (PHS).
    • Implement and manage Pass-Through Authentication (PTA).
    • Implement and mange Seamless Single Sign-On (Seamless SSO).
    • Implement and manager Federation, excluding manual ADFS.
    • Implement and manage Azure AD Connect Health.
    • Troubleshoot synchronization errors.
  • Summary
  • Case Study
  • Quiz

 

 

Lesson 2: Implement an authentication and access management solution (5 hours and 12 minutes).

  • Skill 2.1: Plan, implement, and manage Azure Multifactor Authentication (MFA) and self-service password reset (1 hour and 12 minutes).
    • Plan Azure MFA deployment, excluding MFA Server.
    • Configure and deploy self-service password reset.
    • Implement and manage Azure MFA settings.
    • Manage MFA settings for users.
    • Extend Azure AD MFA to third-party and on-premises devices.
    • Monitor Azure AD MFA activity.
  • Skill 2.2: Plan, implement, and manage Azure AD user authentication (1 hour and 12 minutes).
    • Plan for authentication.
    • Implement and manage authentication methods.
    • Implement and manage Windows Hello for Business.
    • Implement and manage password protection and smart lockout.
    • Implement certificate-based authentication in Azure AD.
    • Configure Azure AD user authentication for Windows and Linux virtual machines on Azure.
  • Skill 2.3: Plan, implement, and manage Azure AD conditional access (1 hour and 36 minutes).
    • Plan conditional access policies.
    • Implement conditional access policy assignments.
    • Implement conditional access policy controls.
    • Test and troubleshoot conditional access policies.
    • Implement session management.
    • Implement device-enforcement restrictions.
    • Implement continuous access evaluation.
    • Create a conditional access policy from a template.
  • Skill 2.4: Manage Azure AD Identity Protection (1 hour).
    • Implement and manage a user risk policy.
    • Implement and manage sign-in risk policy.
    • Implement and manage MFA registration policy.
    • Monitor, investigate, and remediate elevated risky users.
    • Implement security for workload identities.
  • Skill 2.5: Implement access management Azure resources (1 hour and 12 minutes).
    • Assign Azure roles.
    • Configure custom Azure roles.
    • Create and configure managed identities.
    • Use managed identities to access Azure resources.
    • Analyze Azure role permissions.
    • Configure Azure Key Vault RBAC and policies.

 

  • Summary
  • Case Study
  • Quiz

 

Lesson 3: Implement Access Management for Apps (3 hours and 24 minutes).

  • Skill 3.1: Plan, implement, and monitor for the integration of Enterprise apps for SSO (1 hour and 48 minutes).
    • Discover apps by using Microsoft Defender for Cloud Apps or an ADFS application activity report.
    • Design and implement app management roles.
    • Understand and plan various built-in roles for application management.
    • Configure pre-integrated gallery SaaS apps for SSO and implement access management.
    • Integrate custom SaaS apps for SSO.
    • Implement Application User Provisioning.
    • Integrate on-premises apps by using the Azure AD Application Proxy.
    • Monitor and audit access/sign-ons to an Azure AD integrated Enterprise application.
    • Implement and configure consent settings.
  • Skill 3.2: Implement app registrations (36 minutes).
    • Plan your line-of-business application registration strategy.
    • Implement application registrations.
    • Configure application permissions and implement application authorization.
  • Skill 3.3: Manage and monitor application access by using Microsoft Defender for Cloud Apps (1 hour).
    • Implement application-enforced restrictions.
    • Configure connectors to apps.
    • Deploy Conditional Access App Control for apps using Azure Active Directory.
    • Create access and session policies in Microsoft Defender for Cloud Apps.
    • Implement and manage policies for OAuth apps.
  • Summary
  • Case Study
  • Quiz

Lesson 4: Plan and implement an Identity Governance strategy (6 hours).

  • Skill 4.1: Plan and implement entitlement management (1 hour and 48 minutes).
    • Plan entitlements.
    • Create and configure catalogs.
    • Create and configure access packages.
    • Manage access requests.
    • Implement and manage Terms of Use.
    • Manage the lifecycle of external users in Azure AD Identity Governance settings.
    • Configure and manage connected organizations.
    • Review per-user entitlement by using Azure AD entitlement management.
    • Configure separation of duties checks for an access package.
  • Skill 4.2: Plan, implement, and manage access reviews (1 hour and 36 minutes).
    • Plan for access reviews.
    • Create and configure access reviews for groups and apps.
    • Create and configure access reviews for access packages.
    • Create and configure access reviews for Azure AD and Azure resource roles.
    • Create and configure access review programs.
    • Monitor access review activity.
    • Manage licenses for access reviews.
    • Respond to access review activity, including automated and manual responses.
  • Skill 4.3: Plan and implement privileged access (1 hour).
    • Plan and manage Azure roles in Privileged Identity Management (PIM), including settings and assignments.
    • Plan and manage Azure resources in PIM, including settings and assignments.
    • Plan and configure privileged access groups.
    • Analyze PIM audit history and reports.
    • Create and manage break-glass accounts.
  • Skill 4.4: Monitor Azure AD (1 hour and 36 minutes).
    • Design a strategy for monitoring Azure AD.
    • Review and analyze sign-in, audit, and provisioning logs by using the Azure AD admin center.
    • Configure diagnostic settings, including Log Analytics, storage accounts, and Event Hub.
    • Export sign-in and audit logs to a third-party SIEM.
    • Monitor Azure AD by using Log Analytics, including KQL queries.
    • Analyze Azure AD by using workbooks and reporting in the Azure Active Directory admin center.
    • Configure notifications.
    • Monitor and improve the security posture by using the Identity Secure Score.
  • Summary
  • Case Study
  • Quiz