Book Image

Microsoft Identity and Access Administrator Exam Guide

By : Dwayne Natwick
Book Image

Microsoft Identity and Access Administrator Exam Guide

By: Dwayne Natwick

Overview of this book

Cloud technologies have made identity and access the new control plane for securing data. Without proper planning and discipline in deploying, monitoring, and managing identity and access for users, administrators, and guests, you may be compromising your infrastructure and data. This book is a preparation guide that covers all the objectives of the SC-300 exam, while teaching you about the identity and access services that are available from Microsoft and preparing you for real-world challenges. The book starts with an overview of the SC-300 exam and helps you understand identity and access management. As you progress to the implementation of IAM solutions, you’ll learn to deploy secure identity and access within Microsoft 365 and Azure Active Directory. The book will take you from legacy on-premises identity solutions to modern and password-less authentication solutions that provide high-level security for identity and access. You’ll focus on implementing access and authentication for cloud-only and hybrid infrastructures as well as understand how to protect them using the principles of zero trust. The book also features mock tests toward the end to help you prepare effectively for the exam. By the end of this book, you’ll have learned how to plan, deploy, and manage identity and access solutions for Microsoft and hybrid infrastructures.
Table of Contents (24 chapters)
1
Section 1 – Exam Overview and the Evolution of Identity and Access Management
4
Section 2 - Implementing an Identity Management Solution
9
Section 3 – Implementing an Authentication and Access Management Solution
13
Section 4 – Implementing Access Management for Applications
16
Section 5 – Planning and Implementing an Identity Governance Strategy
19
Section 6 – Monitoring and Maintaining Azure Active Directory

Deploying and managing password protection

Azure AD Password Protection is used to configure certain parameters to avoid brute force or dictionary attacks on user identities. These attacks are accomplished by an attacker sending multiple requests with a username and multiple passwords to attempt to find the password being used and gain access. Setting up a threshold of how many attempts can be made before lockout and then the lockout duration will stop these attacks. In addition, administrators can identify passwords that are not allowed to be used within the Azure AD tenant. Microsoft also has a list of passwords that they may also block when attempting to use as a password to protect again dictionary attacks.

Once Azure AD Password Protection is configured, it can be set to enforce across the company or simply to audit initially to gauge the effectiveness. Figure 7.28 shows the Azure AD Password protection tile and the fields that can be configured. This can be accessed in the...