Module 1 :Explore identity and Azure AD
- Define common identity terms and explain how they are used in the Microsoft Cloud
- Explore the common management tools and needs of an identity solution
- Review the goal of Zero Trust and how it is applied in the Microsoft Cloud
- Explore the available identity services in the Microsoft Cloud
Module 2 :Implement initial configuration of Azure Active Directory
- Implement initial configuration of Azure Active Directory
- Create, configure, and manage identities
- Implement and manage external identities (excluding B2C scenarios)
- Implement and manage hybrid identity
Module 3 :Create, configure, and manage identities
- Create, configure, and manage users
- Create, configure, and manage groups
- Manage licenses
- Explain custom security attributes and automatic user provisioning
Module 4 :Implement and manage external identities
- Manage external collaboration settings in Azure Active Directory
- Invite external users (individually or in bulk)
- Manage external user accounts in Azure Active Directory
- Configure identity providers (social and SAML/WS-fed)
Module 5 :Implement and manage hybrid identity
- Plan, design, and implement Azure Active Directory Connect (AADC)
- Manage Azure Active Directory Connect (AADC)
- Manage password hash synchronization (PHS)
- Manage pass-through authentication (PTA)
- Manage Seamless Single Sign-On (Seamless SSO)
- Manage federation excluding manual ADFS deployments
- Troubleshoot synchronization errors
- Implement and manage Azure Active Directory Connect Health
Module 6 :Secure Azure Active Directory users with Multi-Factor Authentication
- Learn about Azure AD Multi-Factor Authentication (Azure AD MFA)
- Create a plan to deploy Azure AD MFA
- Turn on Azure AD MFA for users and specific apps
Module 7 :Manage user authentication
- Administer authentication methods (FIDO2 / Passwordless)
- Implement an authentication solution based on Windows Hello for Business
- Configure and deploy self-service password reset
- Deploy and manage password protection
- Implement and manage tenant restrictions
Module 8 :Plan, implement, and administer Conditional Access
- Plan and implement security defaults.
- Plan conditional access policies.
- Implement conditional access policy controls and assignments (targeting, applications, and conditions).
- Test and troubleshoot conditional access policies.
- Implement application controls.
- Implement session management.
- Configure smart lockout thresholds.
Module 9 :Manage Azure AD Identity Protection
- Implement and manage a user risk policy
- Implement and manage sign-in risk policies
- Implement and manage MFA registration policy
- Monitor, investigate, and remediate elevated risky users
Module 10 :Implement access management for Azure resources
- Configure and use Azure roles within Azure AD
- Configure and managed identity and assign it to Azure resources
- Analyze the role permissions granted to or inherited by a user
- Configure access to data in Azure Key Vault using RBAC-policy
Module 11 :Plan and design the integration of enterprise apps for SSO
- Discover apps by using MCAS or ADFS app report.
- Design and implement access management for apps.
- Design and implement app management roles.
- Configure pre-integrated (gallery) SaaS apps.
Module 12 :Implement and monitor the integration of enterprise apps for SSO
- Implement token customizations
- Implement and configure consent settings
- Integrate on-premises apps by using Azure AD application proxy
- Integrate custom SaaS apps for SSO
- Implement application user provisioning
- Monitor and audit access/Sign-On to Azure Active Directory integrated enterprise applications
Module 13 :Implement app registration
- Plan your line of business application registration strategy
- Implement application registrations
- Configure application permissions
- Plan and configure multi-tier application permissions
Module 14 :Plan and implement entitlement management
- Define catalogs.
- Define access packages.
- Plan, implement and manage entitlements.
- Implement and manage terms of use.
- Manage the lifecycle of external users in Azure AD Identity Governance settings.
Module 15 :Plan, implement, and manage access review
- Define a privileged access strategy for administrative users (resources, roles, approvals, and thresholds)
- Configure Privileged Identity Management for Azure AD roles
- Configure Privileged Identity Management for Azure resources
- Assign roles
- Manage PIM requests
- Analyze PIM audit history and reports
- Create and manage emergency access accounts
Module 16 :Plan and implement privileged access
- Define a privileged access strategy for administrative users (resources, roles, approvals, and thresholds)
- Configure Privileged Identity Management for Azure AD roles
- Configure Privileged Identity Management for Azure resources
- Assign roles
- Manage PIM requests
- Analyze PIM audit history and reports
- Create and manage emergency access accounts
Module 17 :Monitor and maintain Azure Active Directory
- Analyze and investigate sign in logs to troubleshoot access issues
- Review and monitor Azure AD audit logs
- Enable and integrate Azure AD diagnostic logs with Log Analytics / Azure Sentinel
- Export sign in and audit logs to a third-party SIEM (security information and event management)
- Review Azure AD activity by using Log Analytics / Azure Sentinel, excluding KQL (Kusto Query Language) use
- Analyze Azure Active Directory workbooks / reporting
- Configure notifications