Book Image

Microsoft Identity and Access Administrator Exam Guide

By : Dwayne Natwick

Book Image

Microsoft Identity and Access Administrator Exam Guide

By: Dwayne Natwick

Overview of this book

Cloud technologies have made identity and access the new control plane for securing data. Without proper planning and discipline in deploying, monitoring, and managing identity and access for users, administrators, and guests, you may be compromising your infrastructure and data. This book is a preparation guide that covers all the objectives of the SC-300 exam, while teaching you about the identity and access services that are available from Microsoft and preparing you for real-world challenges. The book starts with an overview of the SC-300 exam and helps you understand identity and access management. As you progress to the implementation of IAM solutions, you’ll learn to deploy secure identity and access within Microsoft 365 and Azure Active Directory. The book will take you from legacy on-premises identity solutions to modern and password-less authentication solutions that provide high-level security for identity and access. You’ll focus on implementing access and authentication for cloud-only and hybrid infrastructures as well as understand how to protect them using the principles of zero trust. The book also features mock tests toward the end to help you prepare effectively for the exam. By the end of this book, you’ll have learned how to plan, deploy, and manage identity and access solutions for Microsoft and hybrid infrastructures.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Share Your Thoughts

Section 1 – Exam Overview and the Evolution of Identity and Access Management

Section 1 – Exam Overview and the Evolution of Identity and Access Management

Free Chapter

Chapter 1: Preparing for Your Microsoft Exam

Chapter 1: Preparing for Your Microsoft Exam

Technical requirements

Preparing for a Microsoft exam

Resources available and accessing Microsoft Learn

Creating a Microsoft 365 trial subscription

Exam objectives

Who should take the SC-300 exam?

Chapter 2: Defining Identity and Access Management

Chapter 2: Defining Identity and Access Management

Understanding IAM

Learning identity and access use cases

Understanding the scope of IAM

The evolution of IAM

Section 2 - Implementing an Identity Management Solution

Section 2 - Implementing an Identity Management Solution

Chapter 3: Implementing and Configuring Azure Active Directory

Chapter 3: Implementing and Configuring Azure Active Directory

Technical requirements

Configuring and managing AAD roles

Configuring and managing custom domains

Configuring and managing device registration options

Configuring tenant-wide settings

Chapter 4: Creating, Configuring, and Managing Identities

Chapter 4: Creating, Configuring, and Managing Identities

Technical requirements

Creating, configuring, and managing users

Creating, configuring, and managing groups

Managing licenses

Chapter 5: Implementing and Managing External Identities and Guests

Chapter 5: Implementing and Managing External Identities and Guests

Technical requirements

Managing external collaboration settings in Azure AD

Inviting external users individually and in bulk

Managing external user accounts in Azure AD

Configuring identity providers

Chapter 6: Implementing and Managing Hybrid Identities

Chapter 6: Implementing and Managing Hybrid Identities

Technical requirements

Implementing and managing Azure AD Connect

Implementing and managing seamless SSO

Implementing and managing Azure AD Connect Health

Troubleshooting sync errors

Section 3 – Implementing an Authentication and Access Management Solution

Section 3 – Implementing an Authentication and Access Management Solution

Chapter 7: Planning and Implementing Azure Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR)

Chapter 7: Planning and Implementing Azure Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR)

Technical requirements

Planning an Azure MFA deployment

Implementing and managing MFA settings

Configuring and deploying SSPR

Deploying and managing password protection

Planning and implementing security defaults

Chapter 8: Planning and Managing Password-Less Authentication Methods

Chapter 8: Planning and Managing Password-Less Authentication Methods

Technical requirements

Administering authentication methods (FIDO2/passwordless)

Implementing an authentication solution based on Windows Hello for Business

Implementing an authentication solution with the Microsoft Authenticator app

Chapter 9: Planning, Implementing, and Administering Conditional Access and Azure Identity Protection

Chapter 9: Planning, Implementing, and Administering Conditional Access and Azure Identity Protection

Technical requirements

Planning and implementing Conditional Access policies and controls

Configuring Smart Lockout thresholds

Implementing and managing a user risk policy

Monitoring, investigating, and remediating elevated risky users

Section 4 – Implementing Access Management for Applications

Section 4 – Implementing Access Management for Applications

Chapter 10: Planning and Implementing Enterprise Apps for Single Sign-On (SSO)

Chapter 10: Planning and Implementing Enterprise Apps for Single Sign-On (SSO)

Technical requirements

Designing and implementing access management and SSO for apps

Integrating on-premises apps using Azure AD Application Proxy

Planning your line-of-business application registration strategy

Implementing application registrations

Planning and configuring multi-tier application permissions

Chapter 11: Monitoring Enterprise Apps with Microsoft Defender for Cloud Apps

Chapter 11: Monitoring Enterprise Apps with Microsoft Defender for Cloud Apps

Technical requirements

Planning your cloud application strategy

Implementing cloud app security policies

Planning and configuring cloud application permissions

Discovering apps by using Microsoft Defender for Cloud Apps or an ADFS app report

Using Microsoft Defender for Cloud Apps to manage application access

Section 5 – Planning and Implementing an Identity Governance Strategy

Section 5 – Planning and Implementing an Identity Governance Strategy

Chapter 12: Planning and Implementing Entitlement Management

Chapter 12: Planning and Implementing Entitlement Management

Technical requirements

Defining catalogs and access packages

Planning, implementing, and managing entitlements

Implementing and managing terms of use

Managing the life cycle of external users in Azure AD Identity Governance settings

Chapter 13: Planning and Implementing Privileged Access and Access Reviews

Chapter 13: Planning and Implementing Privileged Access and Access Reviews

Technical requirements

Defining a privileged access strategy for administrative users

Configuring PIM for Azure AD roles and Azure resources

Creating and managing break-glass accounts

Planning for and automating access reviews

Analyzing PIM audit history and reports

Section 6 – Monitoring and Maintaining Azure Active Directory

Section 6 – Monitoring and Maintaining Azure Active Directory

Chapter 14: Analyzing and Investigating Sign-in Logs and Elevated Risk Users

Chapter 14: Analyzing and Investigating Sign-in Logs and Elevated Risk Users

Technical requirements

Analyzing and investigating sign-in logs to troubleshoot access issues

Reviewing and monitoring Azure AD audit logs

Analyzing Azure Active Directory workbooks and reporting

Chapter 15: Enabling and Integrating Azure AD Logs with SIEM Solutions

Chapter 15: Enabling and Integrating Azure AD Logs with SIEM Solutions

Technical requirements

Enabling and integrating Azure AD diagnostic logs with Log Analytics and Microsoft Sentinel

Exporting sign-in and audit logs to a third-party SIEM

Reviewing Azure AD activity by using Log Analytics and Microsoft Sentinel

Chapter 16: Mock Test

Chapter 16: Mock Test

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Creating and managing break-glass accounts

As we continue to secure our identities with security and governance features, such as Multi-Factor Authentication, Conditional Access policies, Identity Governance, and PIM solutions, it is important to make sure that we do not mistakenly get locked out of Azure AD. To protect against potential lockout and to make sure that access is still available in a potential emergency situation, you should configure at least two emergency-access or break-glass accounts. These accounts are accounts of high privileges with access at the level of a global administrator. These accounts are not protected with Multi-Factor Authentication, meaning that they can gain access quickly to resources when other administrator accounts cannot gain access. They should also be excluded from all Conditional Access policies. The use of these accounts should be limited to this scenario and the credentials should be locked away and kept in a secure location, such as a password...