Book Image

Microsoft Identity and Access Administrator Exam Guide

By : Dwayne Natwick
Book Image

Microsoft Identity and Access Administrator Exam Guide

By: Dwayne Natwick

Overview of this book

Cloud technologies have made identity and access the new control plane for securing data. Without proper planning and discipline in deploying, monitoring, and managing identity and access for users, administrators, and guests, you may be compromising your infrastructure and data. This book is a preparation guide that covers all the objectives of the SC-300 exam, while teaching you about the identity and access services that are available from Microsoft and preparing you for real-world challenges. The book starts with an overview of the SC-300 exam and helps you understand identity and access management. As you progress to the implementation of IAM solutions, you’ll learn to deploy secure identity and access within Microsoft 365 and Azure Active Directory. The book will take you from legacy on-premises identity solutions to modern and password-less authentication solutions that provide high-level security for identity and access. You’ll focus on implementing access and authentication for cloud-only and hybrid infrastructures as well as understand how to protect them using the principles of zero trust. The book also features mock tests toward the end to help you prepare effectively for the exam. By the end of this book, you’ll have learned how to plan, deploy, and manage identity and access solutions for Microsoft and hybrid infrastructures.

Related Content you might be interested in

Current Title:

Small book image
Microsoft Identity and Access Administrator Exam Guide
Dwayne Natwick
Mar, 2022 | 452 pages
Small book image
Microsoft Cybersecurity Architect Exam Ref SC-100
Dwayne Natwick
Jan, 2023 | 272 pages
Small book image
Microsoft 365 Identity and Services Exam Guide MS-100
Aaron Guilmette
Jun, 2023 | 462 pages
Small book image
Microsoft 365 Security, Compliance, and Identity Administration
Peter Rising
Aug, 2023 | 630 pages
Table of Contents (24 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1 – Exam Overview and the Evolution of Identity and Access Management
Section 1 – Exam Overview and the Evolution of Identity and Access Management
Free Chapter
2
Chapter 1: Preparing for Your Microsoft Exam
Chapter 1: Preparing for Your Microsoft Exam
Technical requirements
Preparing for a Microsoft exam
Resources available and accessing Microsoft Learn
Creating a Microsoft 365 trial subscription
Exam objectives
Who should take the SC-300 exam?
Summary
3
Chapter 2: Defining Identity and Access Management
Chapter 2: Defining Identity and Access Management
Understanding IAM
Learning identity and access use cases
Understanding the scope of IAM
The evolution of IAM
Summary
4
Section 2 - Implementing an Identity Management Solution
Section 2 - Implementing an Identity Management Solution
5
Chapter 3: Implementing and Configuring Azure Active Directory
Chapter 3: Implementing and Configuring Azure Active Directory
Technical requirements
Configuring and managing AAD roles
Configuring and managing custom domains
Configuring and managing device registration options
Configuring tenant-wide settings
Summary
6
Chapter 4: Creating, Configuring, and Managing Identities
Chapter 4: Creating, Configuring, and Managing Identities
Technical requirements
Creating, configuring, and managing users
Creating, configuring, and managing groups
Managing licenses
Summary
7
Chapter 5: Implementing and Managing External Identities and Guests
Chapter 5: Implementing and Managing External Identities and Guests
Technical requirements
Managing external collaboration settings in Azure AD
Inviting external users individually and in bulk
Managing external user accounts in Azure AD
Configuring identity providers
Summary
8
Chapter 6: Implementing and Managing Hybrid Identities
Chapter 6: Implementing and Managing Hybrid Identities
Technical requirements
Implementing and managing Azure AD Connect
Implementing and managing seamless SSO
Implementing and managing Azure AD Connect Health
Troubleshooting sync errors
Summary
9
Section 3 – Implementing an Authentication and Access Management Solution
Section 3 – Implementing an Authentication and Access Management Solution
10
Chapter 7: Planning and Implementing Azure Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR)
Chapter 7: Planning and Implementing Azure Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR)
Technical requirements
Planning an Azure MFA deployment
Implementing and managing MFA settings
Configuring and deploying SSPR
Deploying and managing password protection
Planning and implementing security defaults
Summary
11
Chapter 8: Planning and Managing Password-Less Authentication Methods
Chapter 8: Planning and Managing Password-Less Authentication Methods
Technical requirements
Administering authentication methods (FIDO2/passwordless)
Implementing an authentication solution based on Windows Hello for Business
Implementing an authentication solution with the Microsoft Authenticator app
Summary
12
Chapter 9: Planning, Implementing, and Administering Conditional Access and Azure Identity Protection
Chapter 9: Planning, Implementing, and Administering Conditional Access and Azure Identity Protection
Technical requirements
Planning and implementing Conditional Access policies and controls
Configuring Smart Lockout thresholds
Implementing and managing a user risk policy
Monitoring, investigating, and remediating elevated risky users
Summary
13
Section 4 – Implementing Access Management for Applications
Section 4 – Implementing Access Management for Applications
14
Chapter 10: Planning and Implementing Enterprise Apps for Single Sign-On (SSO)
Chapter 10: Planning and Implementing Enterprise Apps for Single Sign-On (SSO)
Technical requirements
Designing and implementing access management and SSO for apps
Integrating on-premises apps using Azure AD Application Proxy
Planning your line-of-business application registration strategy
Implementing application registrations
Planning and configuring multi-tier application permissions
Summary
15
Chapter 11: Monitoring Enterprise Apps with Microsoft Defender for Cloud Apps
Chapter 11: Monitoring Enterprise Apps with Microsoft Defender for Cloud Apps
Technical requirements
Planning your cloud application strategy
Implementing cloud app security policies
Planning and configuring cloud application permissions
Discovering apps by using Microsoft Defender for Cloud Apps or an ADFS app report
Using Microsoft Defender for Cloud Apps to manage application access
Summary
16
Section 5 – Planning and Implementing an Identity Governance Strategy
Section 5 – Planning and Implementing an Identity Governance Strategy
17
Chapter 12: Planning and Implementing Entitlement Management
Chapter 12: Planning and Implementing Entitlement Management
Technical requirements
Defining catalogs and access packages
Planning, implementing, and managing entitlements
Implementing and managing terms of use
Managing the life cycle of external users in Azure AD Identity Governance settings
Summary
18
Chapter 13: Planning and Implementing Privileged Access and Access Reviews
Chapter 13: Planning and Implementing Privileged Access and Access Reviews
Technical requirements
Defining a privileged access strategy for administrative users
Configuring PIM for Azure AD roles and Azure resources
Creating and managing break-glass accounts
Planning for and automating access reviews
Analyzing PIM audit history and reports
Summary
19
Section 6 – Monitoring and Maintaining Azure Active Directory
Section 6 – Monitoring and Maintaining Azure Active Directory
20
Chapter 14: Analyzing and Investigating Sign-in Logs and Elevated Risk Users
Chapter 14: Analyzing and Investigating Sign-in Logs and Elevated Risk Users
Technical requirements
Analyzing and investigating sign-in logs to troubleshoot access issues
Reviewing and monitoring Azure AD audit logs
Analyzing Azure Active Directory workbooks and reporting
Summary
21
Chapter 15: Enabling and Integrating Azure AD Logs with SIEM Solutions
Chapter 15: Enabling and Integrating Azure AD Logs with SIEM Solutions
Technical requirements
Enabling and integrating Azure AD diagnostic logs with Log Analytics and Microsoft Sentinel
Exporting sign-in and audit logs to a third-party SIEM
Reviewing Azure AD activity by using Log Analytics and Microsoft Sentinel
Summary
22
Chapter 16: Mock Test
Chapter 16: Mock Test
Questions
Answers
Summary
Why subscribe?
23
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

What this book covers

Chapter 1, Preparing for Your Microsoft Exam, provides guidance on getting prepared for a Microsoft exam along with resources that can assist in your learning plan. This will include helpful links along with steps for gaining access to a trial Microsoft 365 subscription for hands-on practice.

Chapter 2, Defining Identity and Access Management, provides an overview of what IAM is and why it is important. This chapter will also discuss the evolution of IAM as cloud technologies have become more prevalent.

Chapter 3, Implementing and Configuring Azure Active Directory, focuses on the implementation and configuration of Azure Active Directory for cloud identities. This will include how to configure and verify custom domains and tenant-wide settings.

Chapter 4, Creating, Configuring, and Managing Identities, discusses how to plan, create, configure, and manage users, groups, and licenses within Azure Active Directory. This will include the bulk creation of users and dynamic group creation.

Chapter 5, Implementing and Managing External Identities and Guests, discusses how to plan and provide guest user access to Azure Active Directory. This will include how to invite guest users and how to manage access. The chapter will also discuss utilizing existing user identities with B2B and B2C access.

Chapter 6, Implementing and Managing Hybrid Identities, focuses on the planning and implementation of hybrid identity. This will include configuration of Azure Active Directory Connect for Windows Active Directory to Azure Active Directory and determining which synchronization type is the best fit for an organization.

Chapter 7, Planning and Implementing Azure Multi-Factor Authentication and Self-Service Password Reset, discusses the planning and implementation of Azure MFA and SSPR for users and groups. This will include deploying, managing, and configuring MFA for users and groups. This chapter will also cover the differences between verifying identity with MFA and SSPR.

Chapter 8, Planning and Managing Password-Less Authentication Methods, discusses how to plan and utilize password-less authentication methods. It will cover the various methods and how they can be deployed within Azure Active Directory.

Chapter 9, Planning, Implementing, and Administering Conditional Access and Azure Identity Protection, covers conditional access policies. This will include planning for these policies and testing them to verify that they are working correctly and providing the proper controls. In addition, we will discuss Azure Identity Protection and using sign-in and user risk conditions with policies.

Chapter 10, Planning and Implementing Enterprise Apps for Single Sign-On (SSO), focuses on enterprise applications and how to plan and implement SSO. This will include setting up an application proxy for connecting on-premises applications to Azure Active Directory.

Chapter 11, Monitoring Enterprise Apps with Microsoft Defender for Cloud Apps, discusses how Microsoft Defender for Cloud Apps is used to manage and monitor enterprise cloud applications. This includes how to utilize conditional access policies for cloud application access.

Chapter 12, Planning and Implementing Entitlement Management, discusses the planning and implementation process for entitlement management. This includes life cycle management for external users and managing the terms of use.

Chapter 13, Planning and Implementing Privileged Access and Access Reviews, discusses the planning and implementation for user privileged access. This will include how to determine and assign users with privileged access rights on a just-in-time basis. This chapter will also cover planning for access reviews.

Chapter 14, Analyzing and Investigating Sign-in Logs and Elevated Risk Users, discusses how to analyze and investigate sign-in logs and determine risks to elevated users.

Chapter 15, Enabling and Integrating Azure AD Logs with SIEM Solutions, discusses how Azure Active Directory logs can be integrated into SIEM solutions. This will include Azure Sentinel and third-party SIEM.

Chapter 16, Mock Test, provides a final assessment and mock exam questions to complete the final preparations to take the SC-300 exam.

Previous Section
Next Section