Pass your SC-300: Microsoft Identity and Access administrator exam with the help of this highly engaging and comprehensive guide.
About This Video
In Detail
The …
Pass your SC-300: Microsoft Identity and Access administrator exam with the help of this highly engaging and comprehensive guide.
About This Video
In Detail
The Microsoft Identity and Access Administrator designs, implements, and operates an organization’s identity and access management systems by using Azure Active Directory (Azure AD). They manage tasks such as providing secure authentication and authorization access to enterprise applications. The administrator provides seamless experiences and self-service management capabilities for all users. Adaptive access and governance are core elements to the role. This role is also responsible for troubleshooting, monitoring, and reporting for the identity and access environment.
This course starts from implementing the initial configuration of Azure Active Directory. Then, create, configure, and manage identities. Followed by, implementing, and managing external identities. You will implement and manage hybrid identity, then plan and implement Azure multifactor authentication. Then manage user authentication, and plan, implement and administer conditional access. After that, you will manage Azure AD identity protection.
Plan, implement and monitor the integration of enterprise apps for SSO and app registrations. Moving ahead, you will plan, implement, and manage entitlement and access reviews.
Finally, you will see privileged access along with monitoring and maintaining Azure Active Directory.
By the end of this course, you will gain the requisite knowledge and confidence to pass the SC-300: Microsoft Identity and Access administrator exam.
Audience
This course is for security enthusiasts who want to complete the SC-300 certification.
This is designed for those who would like to look at security from the identity perspective and want to be the identity security defenders of their organization.
Basic knowledge of Azure and its components along with information security will be helpful. Work exposure to Active Directory, its usage, and its purpose is required but not mandatory.
Chapter 1 : Introduction to the Course
SC 300 - Course Introduction
Chapter 2 : Module 1 - Implement an Identify Management Solution (25-30%)
Module 1 - Introduction
Active Directory – Throw Back
What is Azure Active Directory
Who Uses Azure AD
Azure AD Roles
Differences Between Azure Roles and Azure AD Roles
Capabilities of Global Admin
Azure AD Roles - Lab Activity
Azure AD - Custom Roles
Custom Domains
Deleting Custom Domains
Bring Your Devices
Azure AD Registered Devices
Azure AD Join
Azure AD Domain Join - Lab
Azure AD - Hybrid Joined
Azure AD - Administrative Units
Administrative Units - Lab Activity
Planning and Delegation - Administrative Units
Plan for Delegation
Security Defaults
Create Configure and Manage Identities - Introduction
Azure Active Directory - Users
Azure Active Directory - Groups
Managing Licenses
License Requirements
Licensing Features
Implement and Manage External Identities - Introduction
Azure AD B2B Collaboration
Azure AD B2B - Lab Activity
Azure AD External Collaboration Settings
Dynamic Groups
Dynamic Groups - Lab
Azure AD B2B - Google Auth - Demo
Implement and Manage Hybrid Identity
Plan, Design, and Implement Azure AD Connect
Need for AD Connect
Selecting the Right Authentication Method
Azure AD Password Hash Synchronization (PHS)
Azure AD Pass Through Authentication (PTA)
Federated Authentication
Architecture diagrams
Azure AD Design Considerations
Azure AD Connect Components
PHS - How Does it Work?
Azure AD Connect - Lab
Troubleshooting Sync Errors
Data Mismatch Errors - InvalidSoftMatch
Data Mismatch Errors - ObjectTypeMismatch
Duplicate Attributes - AttributeValueMustBeUnique
Data Validation Failures - IdentityDataValidationFailed
FederatedDomainChangeError
LargeObjects Error
Azure AD Connect Health - Installation
Azure AD Connect Health
Self Remediation and Orphaned Objects
Lab 1 - Assigning Roles to User Accounts
Lab 2 - Tenant Properties
Lab 3 - Assigning Licenses to Groups
Lab 4 - External Collaboration Settings
Lab 5 - Restoring Deleted Users
Module 1 - Summary
Chapter 3 : Module 2 - Implement an Authentication and Access Management Solution (25-30%)
Module 2 - Introduction
Plan and Implement Azure Multifactor Authentication - Introduction
What is Azure AD MFA?
How Multi-Factor Authentication works
Planning the MFA
Enforcing MFA with Conditional Access
Deciding Supported Authentication Methods
Azure AD Authentication Methods
Monitoring and Usage
Manage User Authentication - Introduction
Password Less Authentication - Introduction
Security Usability Availability of Authentication - Methods
Configuring Fido Key for a User - Lab
Windows Hello for Business
Windows Hello for Business Works - Key Points
Azure AD Password - Protection
Azure AD Password Protection - Lab Activity
Multiple Forests and RODC - Considerations
Plan, Implement, and Manage Conditional Access
Security Defaults
What Policies are Enforced and to Whom?
Blocking legacy - Authentication
Conditional Access Policies - Planning
Conditional Access policies - Benefits
Conditional Access policies - Components
Conditional Access Policies - Best Practices
Condition Access Policies - Most Common Policies
Conditional Access Policies - Build and Test Policies
Conditional Access Policies - Build and Test Policies - II
Sign-in Risk and User Risk - Conditional Access Policy
Conditional Access Policy - Blocking Locations - Lab
Troubleshooting Using Sign-in Logs
Device Compliance
Conditional Access Policy - Device Compliance - Lab
User Exclusions
Conditional Access Policy - O365 Block MFA Required - Lab
Test and Troubleshoot Conditional Access Policies
Implement Application Controls and Application
Scenario 1 - Microsoft 365 Apps Require an Approved Client
Scenario 2 - Exchange Online and SharePoint Online
App Protection Policies Overview
How Can you Protect App Data-Edited
Manage Azure AD Identity Protection - Introduction
Manage Azure AD Identity Protection
Risk Detection And Remediation
Permissions
License Requirements
Sign-in and User Risk Policy
Choosing Acceptable Risk Policy
Prerequisites of Self Remediation
Navigating Through the Reports - Lab
Remediate Risks and Unblock Users
User Risk Remediation Options
Unblocking Users
Enable Azure AD MFA - EnterpriseWide - Lab
Deploy SSPR - Setup
Security Defaults - Lab
Control User Sign-in Frequency - Lab
Smart Lockout Values
Configuring User and Sign-in Risk Policy
Configure Azure AD MFA Registration Policy
Module 2 Summary
Chapter 4 : Module 3 – Implement Access Management for Apps (10-15%)
Module 3 – Introduction and Objectives
Microsoft Cloud App Security – CASB (Cloud Access Security Broker) Solution from Microsoft
MCAS Architecture
Need to Migrate to ADFS (Active Directory Federation Services)
Discover ADFS Applications - Lab
Design and Implement App Management Roles
Restrict Who Can Create Applications
Configure SaaS Based Applications
Implement and Monitor SSO Apps - Introduction
Token Customizations
What is a consent
User Consent Settings
What is Azure Application Proxy
How does Azure Application Proxy Work
Comparison of Various Protocols Used by IDPs
Implement Application User Provisioning
Manual Versus Automatic Provisioning
SCIM (System for Common Identity Management)
SCIM Demonstration
SCIM - Attribute Exchange
Usage, Insights and Audit Reports for Enterprise Applications
Application Registrations
The Need to Integrate Applications with Azure AD
What are Application Objects
What are Service Principals
Relation Between Application Objects and Services Principals
Roles and Permissions Required
Tenants - Who Can Sign-in to Your New App
Azure Application Registrations
Types of Permissions - Delegated and Application
Requesting Individual User Consent
Manifest File, Token, and Claims
Integrate Applications with Azure AD - Lab Activity
Troubleshooting SAML
Module 3 - Summary
Chapter 5 : Module 4 – Plan and Implement an Identity Governance Strategy (25-30%)
Module 4 - Introduction
Planning and Implementing Entitlement Management - Introduction
What is Entitlement Management
Capabilities of Entitlement Management
Entitlement Management - Terminology
What Resources can I Manage with Access Packages
How do I Control Who Gets Access
When Should I Use Access Packages
Plan, Implement, and Manage Access Reviews - Introduction
Plan for Access Reviews
What is Azure AD Identity Governance
Access Reviews - Lab Activity
Planning the Scope
Components of an Access Review
Planning Communications
Access Reviews Lab Activity - I
Access Reviews Lab Activity - II
Managing Licenses for Access Reviews
Plan and Implement Privileged Access
Azure Active Directory Privileged Identity Management
PIM - Stakeholders
Principle of Least Privilege - Best Practices for PIM
Decide the Roles that Should be Protected by PIM
Decide What to Protect with PIM
Assign Azure AD Roles in Privileged Identity Management - Lab Activity
Configure PIM for Azure Resources
Discovering Resources to Manage
Audit History - Lab Activity
Creating and Managing Emergency Access Accounts - I
Creating and Managing Emergency Access Accounts - II
Exclusions
Validating Emergency Accounts
Monitor and Maintain Azure AD - Introduction
Analyze Sign-in and Troubleshoot Access Issues - Components
Access and Licenses
Sign-in Report - Lab Activity
Sign in Data - More Information
Audit Log - Users and Groups
Exporting Logs to Third Party Security Solutions
Integration Recommendations
Analyze Azure AD Workbooks and Reporting
Module 4 - Summary