SC-300: Microsoft Identity and Access Administrator

SC-300: Microsoft Identity and Access Administrator

by Anand Rao Nednur
Released January 2022
Publisher(s): Packt Publishing
ISBN: 9781803238043

Watch it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

The Microsoft Identity and Access Administrator designs, implements, and operates an organization’s identity and access management systems by using Azure Active Directory (Azure AD). They manage tasks such as providing secure authentication and authorization access to enterprise applications. The administrator provides seamless experiences and self-service management capabilities for all users. Adaptive access and governance are core elements to the role. This role is also responsible for troubleshooting, monitoring, and reporting for the identity and access environment.

This course starts from implementing the initial configuration of Azure Active Directory. Then, create, configure, and manage identities. Followed by, implementing, and managing external identities. You will implement and manage hybrid identity, then plan and implement Azure multifactor authentication. Then manage user authentication, and plan, implement and administer conditional access. After that, you will manage Azure AD identity protection.

Plan, implement and monitor the integration of enterprise apps for SSO and app registrations. Moving ahead, you will plan, implement, and manage entitlement and access reviews.

Finally, you will see privileged access along with monitoring and maintaining Azure Active Directory.

By the end of this course, you will gain the requisite knowledge and confidence to pass the SC-300: Microsoft Identity and Access administrator exam.

What You Will Learn

  • Implement initial configuration of Azure Active Directory (ADD)
  • Implement and manage external identities along with hybrid identity
  • Plan and implement Azure multifactor authentication and administer conditional access
  • Manage user authentication and Azure AD identity protection
  • Plan, implement and monitor the integration of enterprise apps for SSO
  • Plan, implement and manage entitlement along with access reviews

Audience

This course is for security enthusiasts who want to complete the SC-300 certification.

This is designed for those who would like to look at security from the identity perspective and want to be the identity security defenders of their organization.

Basic knowledge of Azure and its components along with information security will be helpful. Work exposure to Active Directory, its usage, and its purpose is required but not mandatory.

About The Author

Anand Rao Nednur: Anand Rao Nednur is a senior technical instructor and cloud consultant. He has worked with large enterprises for about 15 years and has a wide range of technologies in his portfolio. Anand is adept at not just cloud platforms (Azure, AWS, and GCP) but is also well-versed with IAM, security, and automation with PowerShell and Python.

In addition, he has been developing and updating the content for various courses. He has been assisting many engineers in lab examinations and securing certifications.

Anand is also a certified seasoned professional holding several certifications and has delivered instructor-led training in several states in India as well as several countries such as the USA, Bahrain, Kenya, and UAE. He has worked as a Microsoft-certified trainer globally for major corporate clients.

Table of contents

  1. Chapter 1 : Introduction to the Course
    1. SC 300 - Course Introduction
  2. Chapter 2 : Module 1 - Implement an Identify Management Solution (25-30%)
    1. Module 1 - Introduction
    2. Active Directory – Throw Back
    3. What is Azure Active Directory
    4. Who Uses Azure AD
    5. Azure AD Roles
    6. Differences Between Azure Roles and Azure AD Roles
    7. Capabilities of Global Admin
    8. Azure AD Roles - Lab Activity
    9. Azure AD - Custom Roles
    10. Custom Domains
    11. Deleting Custom Domains
    12. Bring Your Devices
    13. Azure AD Registered Devices
    14. Azure AD Join
    15. Azure AD Domain Join - Lab
    16. Azure AD - Hybrid Joined
    17. Azure AD - Administrative Units
    18. Administrative Units - Lab Activity
    19. Planning and Delegation - Administrative Units
    20. Plan for Delegation
    21. Security Defaults
    22. Create Configure and Manage Identities - Introduction
    23. Azure Active Directory - Users
    24. Azure Active Directory - Groups
    25. Managing Licenses
    26. License Requirements
    27. Licensing Features
    28. Implement and Manage External Identities - Introduction
    29. Azure AD B2B Collaboration
    30. Azure AD B2B - Lab Activity
    31. Azure AD External Collaboration Settings
    32. Dynamic Groups
    33. Dynamic Groups - Lab
    34. Azure AD B2B - Google Auth - Demo
    35. Implement and Manage Hybrid Identity
    36. Plan, Design, and Implement Azure AD Connect
    37. Need for AD Connect
    38. Selecting the Right Authentication Method
    39. Azure AD Password Hash Synchronization (PHS)
    40. Azure AD Pass Through Authentication (PTA)
    41. Federated Authentication
    42. Architecture diagrams
    43. Azure AD Design Considerations
    44. Azure AD Connect Components
    45. PHS - How Does it Work?
    46. Azure AD Connect - Lab
    47. Troubleshooting Sync Errors
    48. Data Mismatch Errors - InvalidSoftMatch
    49. Data Mismatch Errors - ObjectTypeMismatch
    50. Duplicate Attributes - AttributeValueMustBeUnique
    51. Data Validation Failures - IdentityDataValidationFailed
    52. FederatedDomainChangeError
    53. LargeObjects Error
    54. Azure AD Connect Health - Installation
    55. Azure AD Connect Health
    56. Self Remediation and Orphaned Objects
    57. Lab 1 - Assigning Roles to User Accounts
    58. Lab 2 - Tenant Properties
    59. Lab 3 - Assigning Licenses to Groups
    60. Lab 4 - External Collaboration Settings
    61. Lab 5 - Restoring Deleted Users
    62. Module 1 - Summary
  3. Chapter 3 : Module 2 - Implement an Authentication and Access Management Solution (25-30%)
    1. Module 2 - Introduction
    2. Plan and Implement Azure Multifactor Authentication - Introduction
    3. What is Azure AD MFA?
    4. How Multi-Factor Authentication works
    5. Planning the MFA
    6. Enforcing MFA with Conditional Access
    7. Deciding Supported Authentication Methods
    8. Azure AD Authentication Methods
    9. Monitoring and Usage
    10. Manage User Authentication - Introduction
    11. Password Less Authentication - Introduction
    12. Security Usability Availability of Authentication - Methods
    13. Configuring Fido Key for a User - Lab
    14. Windows Hello for Business
    15. Windows Hello for Business Works - Key Points
    16. Azure AD Password - Protection
    17. Azure AD Password Protection - Lab Activity
    18. Multiple Forests and RODC - Considerations
    19. Plan, Implement, and Manage Conditional Access
    20. Security Defaults
    21. What Policies are Enforced and to Whom?
    22. Blocking legacy - Authentication
    23. Conditional Access Policies - Planning
    24. Conditional Access policies - Benefits
    25. Conditional Access policies - Components
    26. Conditional Access Policies - Best Practices
    27. Condition Access Policies - Most Common Policies
    28. Conditional Access Policies - Build and Test Policies
    29. Conditional Access Policies - Build and Test Policies - II
    30. Sign-in Risk and User Risk - Conditional Access Policy
    31. Conditional Access Policy - Blocking Locations - Lab
    32. Troubleshooting Using Sign-in Logs
    33. Device Compliance
    34. Conditional Access Policy - Device Compliance - Lab
    35. User Exclusions
    36. Conditional Access Policy - O365 Block MFA Required - Lab
    37. Test and Troubleshoot Conditional Access Policies
    38. Implement Application Controls and Application
    39. Scenario 1 - Microsoft 365 Apps Require an Approved Client
    40. Scenario 2 - Exchange Online and SharePoint Online
    41. App Protection Policies Overview
    42. How Can you Protect App Data-Edited
    43. Manage Azure AD Identity Protection - Introduction
    44. Manage Azure AD Identity Protection
    45. Risk Detection And Remediation
    46. Permissions
    47. License Requirements
    48. Sign-in and User Risk Policy
    49. Choosing Acceptable Risk Policy
    50. Prerequisites of Self Remediation
    51. Navigating Through the Reports - Lab
    52. Remediate Risks and Unblock Users
    53. User Risk Remediation Options
    54. Unblocking Users
    55. Enable Azure AD MFA - EnterpriseWide - Lab
    56. Deploy SSPR - Setup
    57. Security Defaults - Lab
    58. Control User Sign-in Frequency - Lab
    59. Smart Lockout Values
    60. Configuring User and Sign-in Risk Policy
    61. Configure Azure AD MFA Registration Policy
    62. Module 2 Summary
  4. Chapter 4 : Module 3 – Implement Access Management for Apps (10-15%)
    1. Module 3 – Introduction and Objectives
    2. Microsoft Cloud App Security – CASB (Cloud Access Security Broker) Solution from Microsoft
    3. MCAS Architecture
    4. Need to Migrate to ADFS (Active Directory Federation Services)
    5. Discover ADFS Applications - Lab
    6. Design and Implement App Management Roles
    7. Restrict Who Can Create Applications
    8. Configure SaaS Based Applications
    9. Implement and Monitor SSO Apps - Introduction
    10. Token Customizations
    11. What is a consent
    12. User Consent Settings
    13. What is Azure Application Proxy
    14. How does Azure Application Proxy Work
    15. Comparison of Various Protocols Used by IDPs
    16. Implement Application User Provisioning
    17. Manual Versus Automatic Provisioning
    18. SCIM (System for Common Identity Management)
    19. SCIM Demonstration
    20. SCIM - Attribute Exchange
    21. Usage, Insights and Audit Reports for Enterprise Applications
    22. Application Registrations
    23. The Need to Integrate Applications with Azure AD
    24. What are Application Objects
    25. What are Service Principals
    26. Relation Between Application Objects and Services Principals
    27. Roles and Permissions Required
    28. Tenants - Who Can Sign-in to Your New App
    29. Azure Application Registrations
    30. Types of Permissions - Delegated and Application
    31. Requesting Individual User Consent
    32. Manifest File, Token, and Claims
    33. Integrate Applications with Azure AD - Lab Activity
    34. Troubleshooting SAML
    35. Module 3 - Summary
  5. Chapter 5 : Module 4 – Plan and Implement an Identity Governance Strategy (25-30%)
    1. Module 4 - Introduction
    2. Planning and Implementing Entitlement Management - Introduction
    3. What is Entitlement Management
    4. Capabilities of Entitlement Management
    5. Entitlement Management - Terminology
    6. What Resources can I Manage with Access Packages
    7. How do I Control Who Gets Access
    8. When Should I Use Access Packages
    9. Plan, Implement, and Manage Access Reviews - Introduction
    10. Plan for Access Reviews
    11. What is Azure AD Identity Governance
    12. Access Reviews - Lab Activity
    13. Planning the Scope
    14. Components of an Access Review
    15. Planning Communications
    16. Access Reviews Lab Activity - I
    17. Access Reviews Lab Activity - II
    18. Managing Licenses for Access Reviews
    19. Plan and Implement Privileged Access
    20. Azure Active Directory Privileged Identity Management
    21. PIM - Stakeholders
    22. Principle of Least Privilege - Best Practices for PIM
    23. Decide the Roles that Should be Protected by PIM
    24. Decide What to Protect with PIM
    25. Assign Azure AD Roles in Privileged Identity Management - Lab Activity
    26. Configure PIM for Azure Resources
    27. Discovering Resources to Manage
    28. Audit History - Lab Activity
    29. Creating and Managing Emergency Access Accounts - I
    30. Creating and Managing Emergency Access Accounts - II
    31. Exclusions
    32. Validating Emergency Accounts
    33. Monitor and Maintain Azure AD - Introduction
    34. Analyze Sign-in and Troubleshoot Access Issues - Components
    35. Access and Licenses
    36. Sign-in Report - Lab Activity
    37. Sign in Data - More Information
    38. Audit Log - Users and Groups
    39. Exporting Logs to Third Party Security Solutions
    40. Integration Recommendations
    41. Analyze Azure AD Workbooks and Reporting
    42. Module 4 - Summary

Product information

  • Title: SC-300: Microsoft Identity and Access Administrator
  • Author(s): Anand Rao Nednur
  • Release date: January 2022
  • Publisher(s): Packt Publishing
  • ISBN: 9781803238043