Microsoft Certified: Identity and Access Administrator Associate (SC300)

Microsoft Identity and Access Administrator (SC-300T00)

Module 1: Explore identity and Azure AD

• Explain the identity landscape
• Explore zero trust with identity
• Discuss identity as a control plane
• Explore why we have identity
• Define identity administration
• Contrast decentralized identity with central identity systems
• Discuss identity management solutions
• Explain Azure AD Business to Business
• Compare Microsoft identity providers
• Define identity licensing
• Explore authentication
• Discuss authorization
• Explain auditing in identity

Module 2: Implement initial configuration of Azure Active Directory

• Configure company brand
• Configure and manage Azure Active Directory roles
• Configure delegation by using administrative units
• Analyze Azure AD role permissions
• Configure and manage custom domains
• Configure tenant-wide setting

Module 3: Create, configure, and manage identities

• Create, configure, and manage users
• Create, configure, and manage groups
• Configure and manage device registration
• Manage licenses
• Create custom security attributes
• Explore automatic user creation

Module 4: Implement and manage external identities

• Describe guest access and Business to Business accounts
• Manage external collaboration
• Invite external users - individually and in bulk
• Manage external user accounts in Azure Active Directory
• Manage external users in Microsoft 365 workloads
• Implement cross-tenant access controls
• Configure identity providers
• Implement and manage Entra Verified ID

Module 5: Implement and manage hybrid identity

• Plan, design, and implement Azure Active Directory Connect
• Implement manage password hash synchronization (PHS)
• Implement manage pass-through authentication (PTA)
• Implement and manage federation
• Trouble-shoot synchronization errors
• Implement Azure Active Directory Connect Health
• Manage Azure Active Directory Connect Health

Module 6: Secure Microsoft Entra users with multifactor authentication

• What is Microsoft Entra multifactor authentication?
• Plan your multifactor authentication deployment
• Exercise - Enable Microsoft Entra multifactor authentication
• Configure multi-factor authentication methods

Module 7: Manage user authentication

• Administer FIDO2 and passwordless authentication methods
• Explore Authenticator app and OATH tokens
• Implement an authentication solution based on Windows Hello for Business
• Deploy and manage password protection
• Configure smart lockout thresholds
• Implement Kerberos and certificate-based authentication in Azure AD
• Configure Azure AD user authentication for virtual machines

Module 8: Plan, implement, and administer Conditional Access

• Plan security defaults
• Plan Conditional Access policies
• Implement Conditional Access policy controls and assignments
• Implement application controls
• Implement session management
• Implement continuous access evaluation

Module 9: Manage Azure AD Identity Protection

• Review identity protection basics
• Implement and manage user risk policy
• Monitor, investigate, and remediate elevated risky users
• Implement security for workload identities
• Explore Microsoft Defender for Identity

Module 10: Implement access management for Azure resources

• Assign Azure roles
• Configure custom Azure roles
• Create and configure managed identities
• Access Azure resources with managed identities
• Analyze Azure role permissions
• Configure Azure Key Vault RBAC policies
• Retrieve objects from Azure Key Vault
• Explore Entra Permissions Management (CloudKnox)

Module 11: Plan and design the integration of enterprise apps for SSO

• Discover apps by using Microsoft Defender for Cloud Apps and Active Directory Federation Services app report
• Configure connectors to apps
• Design and implement app management roles
• Configure pre-integrated gallery SaaS apps
• Implement and manage policies for OAuth apps

Module 12: Implement and monitor the integration of enterprise apps for SSO

• Implement token customizations
• Implement and configure consent settings
• Integrate on-premises apps by using Azure Active Directory application proxy
• Integrate custom SaaS apps for single-sign-on
• Implement application user provisioning
• Monitor and audit access to Azure Active Directory integrated applications
• Create and manage application collections

Module 13: Implement app registration

• Plan your line of business application registration strategy
• Implement application registration
• Configure application permission
• Implement application authorization
• Manage and monitor application with App governance

Module 14: Plan and implement entitlement management

• Define access packages
• Configure entitlement management
• Configure and manage connected organizations
• Review per-user entitlements

Module 15: Plan, implement, and manage access review

• Plan for access reviews
• Create access reviews for groups and apps
• Create and configure access review programs
• Monitor access review findings
• Automate access review management tasks
• Configure recurring access reviews

Module 16: Plan and implement privileged access

• Define a privileged access strategy for administrative users
• Configure Privileged Identity Management for Azure resources
• Plan and configure Privileged Access Groups
• Analyze Privileged Identity Management audit history and reports
• Create and manage emergency access accounts

Module 17: Monitor and maintain Azure Active Directory

• Analyze and investigate sign-in logs to troubleshoot access issues
• Review and monitor Azure Active Directory audit logs
• Export logs to third-party security information and event management system
• Analyze Azure Active Directory workbooks and reporting
• Monitor security posture with Identity Secure Score