Book Image

Microsoft Identity and Access Administrator Exam Guide

By : Dwayne Natwick
Book Image

Microsoft Identity and Access Administrator Exam Guide

By: Dwayne Natwick

Overview of this book

Cloud technologies have made identity and access the new control plane for securing data. Without proper planning and discipline in deploying, monitoring, and managing identity and access for users, administrators, and guests, you may be compromising your infrastructure and data. This book is a preparation guide that covers all the objectives of the SC-300 exam, while teaching you about the identity and access services that are available from Microsoft and preparing you for real-world challenges. The book starts with an overview of the SC-300 exam and helps you understand identity and access management. As you progress to the implementation of IAM solutions, you’ll learn to deploy secure identity and access within Microsoft 365 and Azure Active Directory. The book will take you from legacy on-premises identity solutions to modern and password-less authentication solutions that provide high-level security for identity and access. You’ll focus on implementing access and authentication for cloud-only and hybrid infrastructures as well as understand how to protect them using the principles of zero trust. The book also features mock tests toward the end to help you prepare effectively for the exam. By the end of this book, you’ll have learned how to plan, deploy, and manage identity and access solutions for Microsoft and hybrid infrastructures.

Related Content you might be interested in

Current Title:

Small book image
Microsoft Identity and Access Administrator Exam Guide
Dwayne Natwick
Mar, 2022 | 452 pages
Small book image
Microsoft Cybersecurity Architect Exam Ref SC-100
Dwayne Natwick
Jan, 2023 | 272 pages
Small book image
Microsoft 365 Identity and Services Exam Guide MS-100
Aaron Guilmette
Jun, 2023 | 462 pages
Small book image
Microsoft 365 Security, Compliance, and Identity Administration
Peter Rising
Aug, 2023 | 630 pages
Table of Contents (24 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1 – Exam Overview and the Evolution of Identity and Access Management
Section 1 – Exam Overview and the Evolution of Identity and Access Management
Free Chapter
2
Chapter 1: Preparing for Your Microsoft Exam
Chapter 1: Preparing for Your Microsoft Exam
Technical requirements
Preparing for a Microsoft exam
Resources available and accessing Microsoft Learn
Creating a Microsoft 365 trial subscription
Exam objectives
Who should take the SC-300 exam?
Summary
3
Chapter 2: Defining Identity and Access Management
Chapter 2: Defining Identity and Access Management
Understanding IAM
Learning identity and access use cases
Understanding the scope of IAM
The evolution of IAM
Summary
4
Section 2 - Implementing an Identity Management Solution
Section 2 - Implementing an Identity Management Solution
5
Chapter 3: Implementing and Configuring Azure Active Directory
Chapter 3: Implementing and Configuring Azure Active Directory
Technical requirements
Configuring and managing AAD roles
Configuring and managing custom domains
Configuring and managing device registration options
Configuring tenant-wide settings
Summary
6
Chapter 4: Creating, Configuring, and Managing Identities
Chapter 4: Creating, Configuring, and Managing Identities
Technical requirements
Creating, configuring, and managing users
Creating, configuring, and managing groups
Managing licenses
Summary
7
Chapter 5: Implementing and Managing External Identities and Guests
Chapter 5: Implementing and Managing External Identities and Guests
Technical requirements
Managing external collaboration settings in Azure AD
Inviting external users individually and in bulk
Managing external user accounts in Azure AD
Configuring identity providers
Summary
8
Chapter 6: Implementing and Managing Hybrid Identities
Chapter 6: Implementing and Managing Hybrid Identities
Technical requirements
Implementing and managing Azure AD Connect
Implementing and managing seamless SSO
Implementing and managing Azure AD Connect Health
Troubleshooting sync errors
Summary
9
Section 3 – Implementing an Authentication and Access Management Solution
Section 3 – Implementing an Authentication and Access Management Solution
10
Chapter 7: Planning and Implementing Azure Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR)
Chapter 7: Planning and Implementing Azure Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR)
Technical requirements
Planning an Azure MFA deployment
Implementing and managing MFA settings
Configuring and deploying SSPR
Deploying and managing password protection
Planning and implementing security defaults
Summary
11
Chapter 8: Planning and Managing Password-Less Authentication Methods
Chapter 8: Planning and Managing Password-Less Authentication Methods
Technical requirements
Administering authentication methods (FIDO2/passwordless)
Implementing an authentication solution based on Windows Hello for Business
Implementing an authentication solution with the Microsoft Authenticator app
Summary
12
Chapter 9: Planning, Implementing, and Administering Conditional Access and Azure Identity Protection
Chapter 9: Planning, Implementing, and Administering Conditional Access and Azure Identity Protection
Technical requirements
Planning and implementing Conditional Access policies and controls
Configuring Smart Lockout thresholds
Implementing and managing a user risk policy
Monitoring, investigating, and remediating elevated risky users
Summary
13
Section 4 – Implementing Access Management for Applications
Section 4 – Implementing Access Management for Applications
14
Chapter 10: Planning and Implementing Enterprise Apps for Single Sign-On (SSO)
Chapter 10: Planning and Implementing Enterprise Apps for Single Sign-On (SSO)
Technical requirements
Designing and implementing access management and SSO for apps
Integrating on-premises apps using Azure AD Application Proxy
Planning your line-of-business application registration strategy
Implementing application registrations
Planning and configuring multi-tier application permissions
Summary
15
Chapter 11: Monitoring Enterprise Apps with Microsoft Defender for Cloud Apps
Chapter 11: Monitoring Enterprise Apps with Microsoft Defender for Cloud Apps
Technical requirements
Planning your cloud application strategy
Implementing cloud app security policies
Planning and configuring cloud application permissions
Discovering apps by using Microsoft Defender for Cloud Apps or an ADFS app report
Using Microsoft Defender for Cloud Apps to manage application access
Summary
16
Section 5 – Planning and Implementing an Identity Governance Strategy
Section 5 – Planning and Implementing an Identity Governance Strategy
17
Chapter 12: Planning and Implementing Entitlement Management
Chapter 12: Planning and Implementing Entitlement Management
Technical requirements
Defining catalogs and access packages
Planning, implementing, and managing entitlements
Implementing and managing terms of use
Managing the life cycle of external users in Azure AD Identity Governance settings
Summary
18
Chapter 13: Planning and Implementing Privileged Access and Access Reviews
Chapter 13: Planning and Implementing Privileged Access and Access Reviews
Technical requirements
Defining a privileged access strategy for administrative users
Configuring PIM for Azure AD roles and Azure resources
Creating and managing break-glass accounts
Planning for and automating access reviews
Analyzing PIM audit history and reports
Summary
19
Section 6 – Monitoring and Maintaining Azure Active Directory
Section 6 – Monitoring and Maintaining Azure Active Directory
20
Chapter 14: Analyzing and Investigating Sign-in Logs and Elevated Risk Users
Chapter 14: Analyzing and Investigating Sign-in Logs and Elevated Risk Users
Technical requirements
Analyzing and investigating sign-in logs to troubleshoot access issues
Reviewing and monitoring Azure AD audit logs
Analyzing Azure Active Directory workbooks and reporting
Summary
21
Chapter 15: Enabling and Integrating Azure AD Logs with SIEM Solutions
Chapter 15: Enabling and Integrating Azure AD Logs with SIEM Solutions
Technical requirements
Enabling and integrating Azure AD diagnostic logs with Log Analytics and Microsoft Sentinel
Exporting sign-in and audit logs to a third-party SIEM
Reviewing Azure AD activity by using Log Analytics and Microsoft Sentinel
Summary
22
Chapter 16: Mock Test
Chapter 16: Mock Test
Questions
Answers
Summary
Why subscribe?
23
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Creating a Microsoft 365 trial subscription

If you are new to Microsoft 365 and Azure, getting hands-on experience is important not just for exam preparation, but also for professional development. If you are getting certified to open doors to new job opportunities, you must understand the administration portals and how to work within them. This book will provide some exercises that will get you familiar with how to work within Microsoft 365 and Azure AD. In order to follow along with the steps, it is recommended that you have a subscription to Microsoft 365 and Azure AD Premium. The steps to create these in a 30-day trial are provided in the next sections.

Office 365 or Microsoft 365 trial subscription

Many of the features and capabilities discussed within the exam objectives require an enterprise-level license within Microsoft 365. The enterprise licenses are the E3 and E5 licenses. Microsoft offers 30-day trial licenses of these, so as you prepare for the exam, you can create a trial subscription and will then be able to follow along with the exercises.

To get started, navigate to https://www.microsoft.com/en-us/microsoft-365/enterprise/compare-office-365-plans and select Try for free under the Office 365 E5 plan, as illustrated in the following screenshot:

Figure 1.9 – Office 365 trial subscription sign-up

Figure 1.9 – Office 365 trial subscription sign-up

Follow the steps to create an account, as shown in the following screenshot. If you have already created an account previously, you may need to use a different email address to obtain a free trial:

Figure 1.10 – Office 365 E5 subscription sign-up form

Figure 1.10 – Office 365 E5 subscription sign-up form

After completing the form and creating your Microsoft 365 tenant, you will have access to Microsoft 365 services and the administration panel. The next section will guide you through signing up for an additional add-on service that will be required to follow along with the exercises within this book and to provide full hands-on preparation for your exam.

Azure AD Premium subscription

In addition to the Office 365 E5 trial subscription, you will need access to an Azure AD Premium license for many of the advanced identity and access features that are discussed within the exam objectives. The best way to obtain these features is through an Enterprise Mobility + Security (EMS) E5 license. Microsoft also offers this as a 30-day free trial. Follow these steps to set this up:

  1. To get started, navigate to this link: https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing.
  2. Then, select Try now under the Enterprise Mobility + Security E5 plan, as shown in the following screenshot:
Figure 1.11 – EMS E5 trial subscription sign-up

Figure 1.11 – EMS E5 trial subscription sign-up

This is an add-on license to Microsoft 365, so you should enter the same email address that you used to sign up for the Office 365 E5 subscription in the box shown in the following screenshot:

Figure 1.12 – EMS E5 subscription sign-up form

Figure 1.12 – EMS E5 subscription sign-up form

You should now have everything you need for your hands-on exam preparation and to follow along with the exercises within this book. The next section will provide an overview of the objectives that are covered in the exam and throughout this book.

Previous Section
End of Section 5
Next Section