Microsoft Identity and Access Administrator (SC-300T00)

Module 1 :Explore identity and Azure AD

• Define common identity terms and explain how they are used in the Microsoft Cloud
• Explore the common management tools and needs of an identity solution
• Review the goal of Zero Trust and how it is applied in the Microsoft Cloud
• Explore the available identity services in the Microsoft Cloud

Module 2 :Implement initial configuration of Azure Active Directory

• Implement initial configuration of Azure Active Directory
• Create, configure, and manage identities
• Implement and manage external identities (excluding B2C scenarios)
• Implement and manage hybrid identity

Module 3 :Create, configure, and manage identities

• Create, configure, and manage users
• Create, configure, and manage groups
• Manage licenses
• Explain custom security attributes and automatic user provisioning

Module 4 :Implement and manage external identities

• Manage external collaboration settings in Azure Active Directory
• Invite external users (individually or in bulk)
• Manage external user accounts in Azure Active Directory
• Configure identity providers (social and SAML/WS-fed)

Module 5 :Implement and manage hybrid identity

• Plan, design, and implement Azure Active Directory Connect (AADC)
• Manage Azure Active Directory Connect (AADC)
• Manage password hash synchronization (PHS)
• Manage pass-through authentication (PTA)
• Manage Seamless Single Sign-On (Seamless SSO)
• Manage federation excluding manual ADFS deployments
• Troubleshoot synchronization errors
• Implement and manage Azure Active Directory Connect Health

Module 6 :Secure Azure Active Directory users with Multi-Factor Authentication

• Learn about Azure AD Multi-Factor Authentication (Azure AD MFA)
• Create a plan to deploy Azure AD MFA
• Turn on Azure AD MFA for users and specific apps

Module 7 :Manage user authentication

• Administer authentication methods (FIDO2 / Passwordless)
• Implement an authentication solution based on Windows Hello for Business
• Configure and deploy self-service password reset
• Deploy and manage password protection
• Implement and manage tenant restrictions

Module 8 :Plan, implement, and administer Conditional Access

• Plan and implement security defaults.
• Plan conditional access policies.
• Implement conditional access policy controls and assignments (targeting, applications, and conditions).
• Test and troubleshoot conditional access policies.
• Implement application controls.
• Implement session management.
• Configure smart lockout thresholds.

Module 9 :Manage Azure AD Identity Protection

• Implement and manage a user risk policy
• Implement and manage sign-in risk policies
• Implement and manage MFA registration policy
• Monitor, investigate, and remediate elevated risky users

Module 10 :Implement access management for Azure resources

• Configure and use Azure roles within Azure AD
• Configure and managed identity and assign it to Azure resources
• Analyze the role permissions granted to or inherited by a user
• Configure access to data in Azure Key Vault using RBAC-policy

Module 11 :Plan and design the integration of enterprise apps for SSO

• Discover apps by using MCAS or ADFS app report.
• Design and implement access management for apps.
• Design and implement app management roles.
• Configure pre-integrated (gallery) SaaS apps.

Module 12 :Implement and monitor the integration of enterprise apps for SSO

• Implement token customizations
• Implement and configure consent settings
• Integrate on-premises apps by using Azure AD application proxy
• Integrate custom SaaS apps for SSO
• Implement application user provisioning
• Monitor and audit access/Sign-On to Azure Active Directory integrated enterprise applications

Module 13 :Implement app registration

• Plan your line of business application registration strategy
• Implement application registrations
• Configure application permissions
• Plan and configure multi-tier application permissions

Module 14 :Plan and implement entitlement management

• Define catalogs.
• Define access packages.
• Plan, implement and manage entitlements.
• Implement and manage terms of use.
• Manage the lifecycle of external users in Azure AD Identity Governance settings.

Module 15 :Plan, implement, and manage access review

• Define a privileged access strategy for administrative users (resources, roles, approvals, and thresholds)
• Configure Privileged Identity Management for Azure AD roles
• Configure Privileged Identity Management for Azure resources
• Assign roles
• Manage PIM requests
• Analyze PIM audit history and reports
• Create and manage emergency access accounts

Module 16 :Plan and implement privileged access

• Define a privileged access strategy for administrative users (resources, roles, approvals, and thresholds)
• Configure Privileged Identity Management for Azure AD roles
• Configure Privileged Identity Management for Azure resources
• Assign roles
• Manage PIM requests
• Analyze PIM audit history and reports
• Create and manage emergency access accounts

Module 17 :Monitor and maintain Azure Active Directory

• Analyze and investigate sign in logs to troubleshoot access issues
• Review and monitor Azure AD audit logs
• Enable and integrate Azure AD diagnostic logs with Log Analytics / Azure Sentinel
• Export sign in and audit logs to a third-party SIEM (security information and event management)
• Review Azure AD activity by using Log Analytics / Azure Sentinel, excluding KQL (Kusto Query Language) use
• Analyze Azure Active Directory workbooks / reporting
• Configure notifications