Table of Contents

Preface

Section 1 – Exam Overview and the Evolution of Identity and Access Management

Chapter 1: Preparing for Your Microsoft Exam

Technical requirements

Preparing for a Microsoft exam

Resources available to prepare for the exam

Access to a subscription

Where to take the exam

Exam format

Resources available and accessing Microsoft Learn

Accessing Microsoft Learn

Finding content on Microsoft Learn

Exam pages on Microsoft Learn

Creating a Microsoft 365 trial subscription

Office 365 or Microsoft 365 trial subscription

Azure AD Premium subscription

Exam objectives

Who should take the SC-300 exam?

Summary

Chapter 2: Defining Identity and Access Management

Understanding IAM

Identity

Access

Learning identity and access use cases

Shopping websites

Personal email accounts

Social media accounts

Company applications

Understanding the scope of IAM

Defining IAM

Principle of least privilege

The evolution of IAM

Traditional

Advanced

Optimal

Summary

Section 2 - Implementing an Identity Management Solution

Chapter 3: Implementing and Configuring Azure Active Directory

Technical requirements

Configuring and managing AAD roles

Azure Active Directory tenant

Azure Active Directory roles

Planning and assigning roles

Configuring and managing custom domains

Adding and verifying a custom domain to set as the primary domain

Custom domains and sub-domains

Managing DNS and deleting a custom domain

Configuring and managing device registration options

Azure AD-registered devices

Azure AD-joined devices

Hybrid AD-joined devices

Configuring tenant-wide settings

Member and guest users

Managing security defaults

Summary

Chapter 4: Creating, Configuring, and Managing Identities

Technical requirements

Creating, configuring, and managing users

Member users

Guest and external users

AD (hybrid) users

Creating, configuring, and managing groups

Microsoft 365 groups

Security groups

Specialty groups

Dynamic groups

Managing licenses

License requirements

License features

Assigning licenses

Summary

Chapter 5: Implementing and Managing External Identities and Guests

Technical requirements

Managing external collaboration settings in Azure AD

B2B

B2C

Configuring external collaboration settings

Inviting external users individually and in bulk

Inviting guest users

Managing external user accounts in Azure AD

Managing guest user licenses

Password management

Multi-factor authentication

Configuring identity providers

Google configuration

Facebook configuration

Summary

Chapter 6: Implementing and Managing Hybrid Identities

Technical requirements

Implementing and managing Azure AD Connect

Hybrid identity

Azure AD

Windows AD

Azure AD Connect

Implementing and managing seamless SSO

Implementing and managing Azure AD Connect Health

Troubleshooting sync errors

Summary

Section 3 – Implementing an Authentication and Access Management Solution

Chapter 7: Planning and Implementing Azure Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR)

Technical requirements

Planning an Azure MFA deployment

What is MFA?

How does Azure AD MFA work?

What licenses include Azure AD MFA?

Azure authentication methods

Configuring Azure AD MFA

Implementing and managing MFA settings

Configuring and deploying SSPR

Deploying and managing password protection

Planning and implementing security defaults

Summary

Chapter 8: Planning and Managing Password-Less Authentication Methods

Technical requirements

Administering authentication methods (FIDO2/passwordless)

Modern authentication for identity and access management

Implementing an authentication solution based on Windows Hello for Business

Implementing an authentication solution with the Microsoft Authenticator app

Summary

Chapter 9: Planning, Implementing, and Administering Conditional Access and Azure Identity Protection

Technical requirements

Planning and implementing Conditional Access policies and controls

Zero-trust methodology

Conditional Access policies

Configuring Smart Lockout thresholds

Implementing and managing a user risk policy

Azure AD Identity Protection

Monitoring, investigating, and remediating elevated risky users

Summary

Section 4 – Implementing Access Management for Applications

Chapter 10: Planning and Implementing Enterprise Apps for Single Sign-On (SSO)

Technical requirements

Designing and implementing access management and SSO for apps

Discovering apps with Microsoft Defender for Cloud Apps

Integrating on-premises apps using Azure AD Application Proxy

Planning your line-of-business application registration strategy

Implementing application registrations

Planning and configuring multi-tier application permissions

Summary

Chapter 11: Monitoring Enterprise Apps with Microsoft Defender for Cloud Apps

echnical requirements

Planning your cloud application strategy

Discovering apps with Microsoft Defender for Cloud Apps

Implementing cloud app security policies

Planning and configuring cloud application permissions

Discovering apps by using Microsoft Defender for Cloud Apps or an ADFS app report

Discovering apps with Microsoft Defender for Cloud Apps app report

Discovering apps with an ADFS app report

Using Microsoft Defender for Cloud Apps to manage application access

Discovered app scoring

Sanctioning and unsanctioning apps

Summary

Section 5 – Planning and Implementing an Identity Governance Strategy

Chapter 12: Planning and Implementing Entitlement Management

Technical requirements

Defining catalogs and access packages

Catalogs

Access packages

Planning, implementing, and managing entitlements

Planning entitlements

Implementing entitlements

Managing entitlements

Implementing and managing terms of use

Managing the life cycle of external users in Azure AD Identity Governance settings

Access reviews

Summary

Chapter 13: Planning and Implementing Privileged Access and Access Reviews

Technical requirements

Defining a privileged access strategy for administrative users

Configuring PIM for Azure AD roles and Azure resources

Creating and managing break-glass accounts

Planning for and automating access reviews

Analyzing PIM audit history and reports

Summary

Section 6 – Monitoring and Maintaining Azure Active Directory

Chapter 14: Analyzing and Investigating Sign-in Logs and Elevated Risk Users

Technical requirements

Analyzing and investigating sign-in logs to troubleshoot access issues

Reviewing and monitoring Azure AD audit logs

Analyzing Azure Active Directory workbooks and reporting

Summary

Chapter 15: Enabling and Integrating Azure AD Logs with SIEM Solutions

Technical requirements

Enabling and integrating Azure AD diagnostic logs with Log Analytics and Microsoft Sentinel

Exporting sign-in and audit logs to a third-party SIEM

Reviewing Azure AD activity by using Log Analytics and Microsoft Sentinel

Summary

Chapter 16: Mock Test

Other Books You May Enjoy