Microsoft Identity and Access Administrator

Introduction

The Microsoft Identity and Access Administrator course explores how to design, implement, and operate identity and access management systems for an organization using Azure AD. Learn how to manage tasks such as providing secure authentication and authorization access to business applications, delivering seamless experiences and self-service management capabilities for all users, and create adaptive access and governance for identity and access management solutions.

The identity and access administrator can be a single individual or a member of a larger team. Discover how this role collaborates with many others in the organization to drive strategic identity projects. The ultimate goal is to provide the knowledge to modernize identity solutions, implement hybrid identity solutions, and implement identity governance.

Objectives

After completing this course, participants will be able to:

• Implement an identity management solution.
• Implement an access management and authentication solution.
• Implement access management for applications.
• Plan and implement an identity governance strategy.

Participant Profile

This course is aimed at identity and access administrators who plan to take the associated certification exam or who are currently performing identity and access administration tasks in their daily work. This course is also useful for administrators or engineers who want to specialize in providing identity solutions and access management systems for Azure-based solutions, playing a key role in protecting an organization.

Prerequisites

It is recommended that participants have prior knowledge and understanding of:

• Industry security practices and security requirements, such as defense in depth, least privilege access, shared responsibility, and zero trust model.
• Identity concepts such as authentication, authorization, and active directory.
• Implementation of Azure workloads. This course does not cover the basic concepts of Azure administration; instead, it builds on that knowledge by adding specific security-related information.
• Some experience with Windows and Linux operating systems and scripting languages is helpful, but not required. Course labs may use PowerShell and the CLI.

Course Materials

Participants will receive a digital copy of each course related to this exam.

Certifications and Evaluation

This course is certified by Microsoft®.

The terms of additional certification services are subject to those established by the license owner or the authorized certification body.

Accreditation

A Certificate of Attendance for course SC-300 will be issued only to participants with an attendance above 75%.

Content

Module 1: Implement an identity management solution: learn how to create and manage your initial Azure Active Directory (Azure AD) deployment and configure the users, groups, and external identities you will use to run your solution.

1. Implement the initial Azure AD configuration
2. Create, configure, and manage identities
3. Implement and manage external identities
4. Implement and manage hybrid identity

• • Lab: Manage user roles
  • Lab: Configure tenant-wide properties
  • Lab: Assign licenses to users
  • Lab: Restore or eliminate deleted users
  • Lab: Add groups in Azure AD
  • Lab: Modify group license assignments
  • Lab: Modify user license assignments
  • Lab: Configure external collaboration
  • Lab: Add guest users to the directory
  • Lab: Explore dynamic groups

After completing this module, participants will be able to:

• Implement an initial Azure AD with customized configurations.
• Manage both internal and external identities.
• Implement a hybrid identity solution.

Module 2: Implement an authentication and access management solution: implement and manage access management with Azure AD. Use MFA, conditional access, and identity protection to manage your identity solution.

1. Protect Azure AD users with MFA
2. Manage user authentication
3. Plan, implement, and manage conditional access
4. Manage Azure AD identity protection

• • Lab: Enable Azure AD MFA
  • Lab: Configure and implement Self-Service Password Reset (SSPR)
  • Lab: Work with default security settings
  • Lab: Implement conditional access policies, roles, and assignments
  • Lab: Configure authentication session controls
  • Lab: Manage Azure AD smart lockout settings
  • Lab: Enable log-in risk policy
  • Lab: Configure Azure AD MFA authentication registration policy

After completing this module, participants will be able to:

• Configure and manage user authentication, including MFA.
• Control access to resources through conditional access.
• Use Azure AD Identity Protection to protect the organization.

Module 3: Implement Application Access Management: explore how applications can and should be added to your identity and access solution using application registration in Azure AD.

1. Plan and design business application integration for SSO
2. Implement and monitor business application integration for SSO
3. Implement application registration

• • Lab: Implement Application Access Management
  • Lab: Create a custom role to manage application registration
  • Lab: Register an application
  • Lab: Grant tenant-wide administrator consent to an application
  • Lab: Add application roles to apps and receive tokens

After completing this module, participants will be able to:

• Register a new application in Azure AD.
• Plan and implement SSO for business applications.
• Monitor and maintain business applications.

Module 4: Plan and implement an identity governance strategy: design and implement identity governance for your identity solution using entitlements, access reviews, privileged access, and monitoring in Azure Active Directory (Azure AD).

1. Plan and implement entitlement management
2. Plan, implement, and manage access reviews
3. Plan and implement privileged access
4. Monitor and maintain Azure AD

• • Lab: Create and manage an Azure AD entitlement management resource catalog
  • Lab: Add a terms of use acceptance report
  • Lab: Manage the lifecycle of external users with Azure AD identity governance
  • Lab: Create access reviews for groups and applications
  • Lab: Configure PIM for Azure AD roles
  • Lab: Assign Azure AD roles in PIM
  • Lab: Assign Azure resource roles in PIM
  • Lab: Connect Azure AD data to Azure Sentinel

After completing this module, participants will be able to:

• Manage and maintain Azure AD from creation to resolution.
• Use access reviews to maintain Azure AD.
• Grant access to users using entitlement management.

 

SC 300