Video description
The Microsoft Identity and Access Administrator designs, implements, and operates an organization’s identity and access management systems by using Azure Active Directory (Azure AD). They manage tasks such as providing secure authentication and authorization access to enterprise applications. The administrator provides seamless experiences and self-service management capabilities for all users. Adaptive access and governance are core elements to the role. This role is also responsible for troubleshooting, monitoring, and reporting for the identity and access environment.
This course starts from implementing the initial configuration of Azure Active Directory. Then, create, configure, and manage identities. Followed by, implementing, and managing external identities. You will implement and manage hybrid identity, then plan and implement Azure multifactor authentication. Then manage user authentication, and plan, implement and administer conditional access. After that, you will manage Azure AD identity protection.
Plan, implement and monitor the integration of enterprise apps for SSO and app registrations. Moving ahead, you will plan, implement, and manage entitlement and access reviews.
Finally, you will see privileged access along with monitoring and maintaining Azure Active Directory.
By the end of this course, you will gain the requisite knowledge and confidence to pass the SC-300: Microsoft Identity and Access administrator exam.
What You Will Learn
- Implement initial configuration of Azure Active Directory (ADD)
- Implement and manage external identities along with hybrid identity
- Plan and implement Azure multifactor authentication and administer conditional access
- Manage user authentication and Azure AD identity protection
- Plan, implement and monitor the integration of enterprise apps for SSO
- Plan, implement and manage entitlement along with access reviews
Audience
This course is for security enthusiasts who want to complete the SC-300 certification.
This is designed for those who would like to look at security from the identity perspective and want to be the identity security defenders of their organization.
Basic knowledge of Azure and its components along with information security will be helpful. Work exposure to Active Directory, its usage, and its purpose is required but not mandatory.
About The Author
Anand Rao Nednur: Anand Rao Nednur is a senior technical instructor and cloud consultant. He has worked with large enterprises for about 15 years and has a wide range of technologies in his portfolio. Anand is adept at not just cloud platforms (Azure, AWS, and GCP) but is also well-versed with IAM, security, and automation with PowerShell and Python.
In addition, he has been developing and updating the content for various courses. He has been assisting many engineers in lab examinations and securing certifications.
Anand is also a certified seasoned professional holding several certifications and has delivered instructor-led training in several states in India as well as several countries such as the USA, Bahrain, Kenya, and UAE. He has worked as a Microsoft-certified trainer globally for major corporate clients.
Table of contents
- Chapter 1 : Introduction to the Course
-
Chapter 2 : Module 1 - Implement an Identify Management Solution (25-30%)
- Module 1 - Introduction
- Active Directory – Throw Back
- What is Azure Active Directory
- Who Uses Azure AD
- Azure AD Roles
- Differences Between Azure Roles and Azure AD Roles
- Capabilities of Global Admin
- Azure AD Roles - Lab Activity
- Azure AD - Custom Roles
- Custom Domains
- Deleting Custom Domains
- Bring Your Devices
- Azure AD Registered Devices
- Azure AD Join
- Azure AD Domain Join - Lab
- Azure AD - Hybrid Joined
- Azure AD - Administrative Units
- Administrative Units - Lab Activity
- Planning and Delegation - Administrative Units
- Plan for Delegation
- Security Defaults
- Create Configure and Manage Identities - Introduction
- Azure Active Directory - Users
- Azure Active Directory - Groups
- Managing Licenses
- License Requirements
- Licensing Features
- Implement and Manage External Identities - Introduction
- Azure AD B2B Collaboration
- Azure AD B2B - Lab Activity
- Azure AD External Collaboration Settings
- Dynamic Groups
- Dynamic Groups - Lab
- Azure AD B2B - Google Auth - Demo
- Implement and Manage Hybrid Identity
- Plan, Design, and Implement Azure AD Connect
- Need for AD Connect
- Selecting the Right Authentication Method
- Azure AD Password Hash Synchronization (PHS)
- Azure AD Pass Through Authentication (PTA)
- Federated Authentication
- Architecture diagrams
- Azure AD Design Considerations
- Azure AD Connect Components
- PHS - How Does it Work?
- Azure AD Connect - Lab
- Troubleshooting Sync Errors
- Data Mismatch Errors - InvalidSoftMatch
- Data Mismatch Errors - ObjectTypeMismatch
- Duplicate Attributes - AttributeValueMustBeUnique
- Data Validation Failures - IdentityDataValidationFailed
- FederatedDomainChangeError
- LargeObjects Error
- Azure AD Connect Health - Installation
- Azure AD Connect Health
- Self Remediation and Orphaned Objects
- Lab 1 - Assigning Roles to User Accounts
- Lab 2 - Tenant Properties
- Lab 3 - Assigning Licenses to Groups
- Lab 4 - External Collaboration Settings
- Lab 5 - Restoring Deleted Users
- Module 1 - Summary
-
Chapter 3 : Module 2 - Implement an Authentication and Access Management Solution (25-30%)
- Module 2 - Introduction
- Plan and Implement Azure Multifactor Authentication - Introduction
- What is Azure AD MFA?
- How Multi-Factor Authentication works
- Planning the MFA
- Enforcing MFA with Conditional Access
- Deciding Supported Authentication Methods
- Azure AD Authentication Methods
- Monitoring and Usage
- Manage User Authentication - Introduction
- Password Less Authentication - Introduction
- Security Usability Availability of Authentication - Methods
- Configuring Fido Key for a User - Lab
- Windows Hello for Business
- Windows Hello for Business Works - Key Points
- Azure AD Password - Protection
- Azure AD Password Protection - Lab Activity
- Multiple Forests and RODC - Considerations
- Plan, Implement, and Manage Conditional Access
- Security Defaults
- What Policies are Enforced and to Whom?
- Blocking legacy - Authentication
- Conditional Access Policies - Planning
- Conditional Access policies - Benefits
- Conditional Access policies - Components
- Conditional Access Policies - Best Practices
- Condition Access Policies - Most Common Policies
- Conditional Access Policies - Build and Test Policies
- Conditional Access Policies - Build and Test Policies - II
- Sign-in Risk and User Risk - Conditional Access Policy
- Conditional Access Policy - Blocking Locations - Lab
- Troubleshooting Using Sign-in Logs
- Device Compliance
- Conditional Access Policy - Device Compliance - Lab
- User Exclusions
- Conditional Access Policy - O365 Block MFA Required - Lab
- Test and Troubleshoot Conditional Access Policies
- Implement Application Controls and Application
- Scenario 1 - Microsoft 365 Apps Require an Approved Client
- Scenario 2 - Exchange Online and SharePoint Online
- App Protection Policies Overview
- How Can you Protect App Data-Edited
- Manage Azure AD Identity Protection - Introduction
- Manage Azure AD Identity Protection
- Risk Detection And Remediation
- Permissions
- License Requirements
- Sign-in and User Risk Policy
- Choosing Acceptable Risk Policy
- Prerequisites of Self Remediation
- Navigating Through the Reports - Lab
- Remediate Risks and Unblock Users
- User Risk Remediation Options
- Unblocking Users
- Enable Azure AD MFA - EnterpriseWide - Lab
- Deploy SSPR - Setup
- Security Defaults - Lab
- Control User Sign-in Frequency - Lab
- Smart Lockout Values
- Configuring User and Sign-in Risk Policy
- Configure Azure AD MFA Registration Policy
- Module 2 Summary
-
Chapter 4 : Module 3 – Implement Access Management for Apps (10-15%)
- Module 3 – Introduction and Objectives
- Microsoft Cloud App Security – CASB (Cloud Access Security Broker) Solution from Microsoft
- MCAS Architecture
- Need to Migrate to ADFS (Active Directory Federation Services)
- Discover ADFS Applications - Lab
- Design and Implement App Management Roles
- Restrict Who Can Create Applications
- Configure SaaS Based Applications
- Implement and Monitor SSO Apps - Introduction
- Token Customizations
- What is a consent
- User Consent Settings
- What is Azure Application Proxy
- How does Azure Application Proxy Work
- Comparison of Various Protocols Used by IDPs
- Implement Application User Provisioning
- Manual Versus Automatic Provisioning
- SCIM (System for Common Identity Management)
- SCIM Demonstration
- SCIM - Attribute Exchange
- Usage, Insights and Audit Reports for Enterprise Applications
- Application Registrations
- The Need to Integrate Applications with Azure AD
- What are Application Objects
- What are Service Principals
- Relation Between Application Objects and Services Principals
- Roles and Permissions Required
- Tenants - Who Can Sign-in to Your New App
- Azure Application Registrations
- Types of Permissions - Delegated and Application
- Requesting Individual User Consent
- Manifest File, Token, and Claims
- Integrate Applications with Azure AD - Lab Activity
- Troubleshooting SAML
- Module 3 - Summary
-
Chapter 5 : Module 4 – Plan and Implement an Identity Governance Strategy (25-30%)
- Module 4 - Introduction
- Planning and Implementing Entitlement Management - Introduction
- What is Entitlement Management
- Capabilities of Entitlement Management
- Entitlement Management - Terminology
- What Resources can I Manage with Access Packages
- How do I Control Who Gets Access
- When Should I Use Access Packages
- Plan, Implement, and Manage Access Reviews - Introduction
- Plan for Access Reviews
- What is Azure AD Identity Governance
- Access Reviews - Lab Activity
- Planning the Scope
- Components of an Access Review
- Planning Communications
- Access Reviews Lab Activity - I
- Access Reviews Lab Activity - II
- Managing Licenses for Access Reviews
- Plan and Implement Privileged Access
- Azure Active Directory Privileged Identity Management
- PIM - Stakeholders
- Principle of Least Privilege - Best Practices for PIM
- Decide the Roles that Should be Protected by PIM
- Decide What to Protect with PIM
- Assign Azure AD Roles in Privileged Identity Management - Lab Activity
- Configure PIM for Azure Resources
- Discovering Resources to Manage
- Audit History - Lab Activity
- Creating and Managing Emergency Access Accounts - I
- Creating and Managing Emergency Access Accounts - II
- Exclusions
- Validating Emergency Accounts
- Monitor and Maintain Azure AD - Introduction
- Analyze Sign-in and Troubleshoot Access Issues - Components
- Access and Licenses
- Sign-in Report - Lab Activity
- Sign in Data - More Information
- Audit Log - Users and Groups
- Exporting Logs to Third Party Security Solutions
- Integration Recommendations
- Analyze Azure AD Workbooks and Reporting
- Module 4 - Summary
Product information
- Title: SC-300: Microsoft Identity and Access Administrator
- Author(s):
- Release date: January 2022
- Publisher(s): Packt Publishing
- ISBN: 9781803238043
You might also like
book
Microsoft Identity and Access Administrator Exam Guide
This certification guide focuses on identity solutions and strategies that will help you prepare for Microsoft …
book
Exam Ref AZ-104 Microsoft Azure Administrator
Prepare for Microsoft Exam AZ-104 and help demonstrate your real-world mastery of implementing and deploying Microsoft …
book
Exam Ref AZ-104 Microsoft Azure Administrator Certification and Beyond - Second Edition
Navigate Microsoft Azure cloud services like storage, security, networking, and compute cloud capabilities with ease and …
video
Exam AZ-104 Microsoft Azure Administrator (Video), 2nd Edition
Please note: Microsoft updated Exam AZ-104 on July 28, 2022. Download the AZ-104 study guide on …