Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Microsoft Identity and Access Administrator SC-300 Exam Guide
  • Table Of Contents Toc
  • Feedback & Rating feedback
Microsoft Identity and Access Administrator SC-300 Exam Guide

Microsoft Identity and Access Administrator SC-300 Exam Guide

By : Aaron Guilmette, James Hardiman, Doug Haven, Dwayne Natwick
Buy this Book
close
close
Microsoft Identity and Access Administrator SC-300 Exam Guide

Microsoft Identity and Access Administrator SC-300 Exam Guide

By: Aaron Guilmette, James Hardiman, Doug Haven, Dwayne Natwick

Overview of this book

In today’s cloud-driven environment, achieving SC-300 certification is essential for professionals looking to tackle real-world identity and access management (IAM) scenarios. SC-300 exam content has undergone significant changes, and this second edition aligns with the revised exam objectives. This updated edition gives you access to online exam prep resources such as chapter-wise practice questions, mock exams, interactive flashcards, and expert exam tips, providing you with all the tools you need for thorough exam preparation. You’ll get to grips with the creation, configuration, and management of Microsoft Entra identities, as well as understand the planning, implementation, and management of Microsoft Entra user authentication processes. You’ll learn to deploy and use new Global Secure Access features, design cloud application strategies, and manage application access and policies by using Microsoft Cloud App Security. You’ll also gain experience in configuring Privileged Identity Management for users and guests, working with the Permissions Creep Index, and mitigating associated risks. By the end of this book, you’ll have mastered the skills essential for securing Microsoft environments and be able to pass the SC-300 exam on your first attempt.
Table of Contents (21 chapters)
close
close
close
Preface
Preface
Who This Book Is For
What This Book Covers
How to Get the Most Out of This Book
Online Practice Resources
To Make the Most Out of This Book
Download the Example Code Files
Download the Color Images
Conventions Used
Get in Touch
Share Your Thoughts
Download a Free PDF Copy of This Book
Free Chapter
1
Chapter 1: Implementing and Configuring a Microsoft Entra Tenant
chevron up
Chapter 1: Implementing and Configuring a Microsoft Entra Tenant
Making the Most Out of This Book – Your Certification and Beyond
Provisioning a Tenant
Configuring and Managing Built-In and Custom Microsoft Entra Roles
Recommending When to Use Administrative Units
Configuring and Managing Administrative Units
Evaluating Effective Permissions for Microsoft Entra Roles
Configuring and Managing Custom Domains
Configuring Company Branding Settings
Configuring Tenant-Wide Settings and Properties
Summary
Exam Readiness Drill – Chapter Review Questions
2
Chapter 2: Creating, Configuring, and Managing Microsoft Entra Identities
Chapter 2: Creating, Configuring, and Managing Microsoft Entra Identities
Creating, Configuring, and Managing Users
Creating, Configuring, and Managing Groups
Managing Custom Security Attributes
Automating Bulk Operations by Using the Microsoft Entra Admin Center and PowerShell
Managing Device Join and Device Registration in Microsoft Entra ID
Assigning, Modifying, and Reporting on Licenses
Summary
Exam Readiness Drill – Chapter Review Questions
3
Chapter 3: Implementing and Managing Identities for External Users and Tenants
Chapter 3: Implementing and Managing Identities for External Users and Tenants
Managing External Collaboration Settings in Microsoft Entra ID
Inviting External Users, Individually or in Bulk
Managing External User Accounts in Microsoft Entra ID
Implementing Cross-Tenant Access Settings
Implementing and Managing Cross-Tenant Synchronization
Configuring External Identity Providers
Summary
Exam Readiness Drill – Chapter Review Questions
4
Chapter 4: Implementing and Managing Hybrid Identity
Chapter 4: Implementing and Managing Hybrid Identity
Preparing for Identity Synchronization
Implementing and Managing Microsoft Entra Connect Sync
Implementing and Managing Microsoft Entra Connect Cloud Sync
Implementing and Managing Password Hash Synchronization
Implementing and Managing Pass-Through Authentication
Implementing and Managing Seamless single sign-on
Migrating from AD FS to Other Authentication and Authorization Mechanisms
Implementing and Managing Microsoft Entra Connect Health
Summary
Exam Readiness Drill – Chapter Review Questions
5
Chapter 5: Planning, Implementing, and Managing Microsoft Entra User Authentication
Chapter 5: Planning, Implementing, and Managing Microsoft Entra User Authentication
Planning for Authentication
Implementing and Managing Authentication Methods
Implementing and Managing Tenant-Wide MFA Settings
Configuring and Deploying Self-Service Password Reset
Implementing and Managing Windows Hello for Business
Disabling Accounts and Revoking User Sessions
Deploying and Managing Entra Password Protection and Smart Lockout
Enabling Microsoft Entra Kerberos Authentication for Hybrid Identities
Implementing Certificate-Based Authentication in Microsoft Entra
Summary
Exam Readiness Drill – Chapter Review Questions
6
Chapter 6: Planning, Implementing, and Managing Microsoft Entra Conditional Access
Chapter 6: Planning, Implementing, and Managing Microsoft Entra Conditional Access
Planning Conditional Access Policies
Implementing Conditional Access Policy Assignments
Implementing Conditional Access Policy Controls
Implementing Session Management
Implementing Device-Enforced Restrictions
Implementing CAE
Creating a Conditional Access Policy from a Template
Summary
Exam Readiness Drill – Chapter Review Questions
7
Chapter 7: Managing Risk Using Microsoft Entra ID Protection
Chapter 7: Managing Risk Using Microsoft Entra ID Protection
Implementing and Managing User Risk Policies
Implementing and Managing Sign-In Risk Policies
Implementing and Managing MFA Registration Policies
Monitoring, Investigating, and Remediating Risky Users
Monitoring, Investigating, and Remediating Risky Workload Identities
Summary
Exam Readiness Drill – Chapter Review Questions
8
Chapter 8: Implementing Access Management for Azure Resources by Using Azure Roles
Chapter 8: Implementing Access Management for Azure Resources by Using Azure Roles
Creating Custom Azure Roles
Assigning Built-In and Custom Azure Roles
Evaluating Effective Permissions for a Set of Azure Roles
Assigning Azure Roles to Enable Microsoft Entra ID Login to Azure Virtual Machines
Configuring Azure Key Vault Role-Based Access Control (RBAC)
Summary
Exam Readiness Drill – Chapter Review Questions
9
Chapter 9: Implementing Global Secure Access
Chapter 9: Implementing Global Secure Access
What Is GSA?
Deploying GSA Clients
Deploying Private Access
Deploying Internet Access
Deploying Internet Access for Microsoft 365
Enhancing Global Secure Access with Conditional Access
Summary
Exam Readiness Drill – Chapter Review Questions
10
Chapter 10: Planning and Implementing Identities for Applications and Azure Workloads
Chapter 10: Planning and Implementing Identities for Applications and Azure Workloads
Selecting Appropriate Identities for Applications and Azure Workloads
Creating Managed Identities
Using a Managed Identity Assigned to an Azure Resource
Summary
Exam Readiness Drill – Chapter Review Questions
11
Chapter 11: Planning, Implementing, and Monitoring the Integration of Enterprise Applications
Chapter 11: Planning, Implementing, and Monitoring the Integration of Enterprise Applications
Planning and Implementing Settings for Enterprise Applications
Assigning Appropriate Microsoft Entra Roles to Users to Manage Enterprise Applications
Designing and Implementing Integration for On-Premises Apps by Using Microsoft Entra Application Proxy
Designing and Implementing Integration for SaaS Apps
Assigning, Classifying, and Managing Users, Groups, and App Roles for Enterprise Applications
Summary
Exam Readiness Drill – Chapter Review Questions
12
Chapter 12: Planning and Implementing App Registrations
Chapter 12: Planning and Implementing App Registrations
Planning for App Registrations
Creating App Registrations
Configuring App Authentication
Configuring API Permissions
Creating App Roles
Summary
Exam Readiness Drill – Chapter Review Questions
13
Chapter 13: Managing and Monitoring App Access Using Microsoft Defender for Cloud Apps
Chapter 13: Managing and Monitoring App Access Using Microsoft Defender for Cloud Apps
Configuring and Analyzing Cloud Discovery Results by Using Defender for Cloud Apps
Configuring Connected Apps
Implementing Application-Enforced Restrictions
Configuring Conditional Access App Control
Creating Access and Session Policies in Defender for Cloud Apps
Implementing and Managing Policies for OAuth Apps
Managing the Cloud App Catalog
Summary
Exam Readiness Drill – Chapter Review Questions
14
Chapter 14: Planning and Implementing Entitlement Management
Chapter 14: Planning and Implementing Entitlement Management
Planning Entitlements
Creating and Configuring Catalogs
Creating and Configuring Access Packages
Managing Access Requests
Implementing and Managing Terms of Use
Managing the Lifecycle of External Users
Configuring and Managing Connected Organizations
Summary
Exam Readiness Drill – Chapter Review Questions
15
Chapter 15: Planning, Implementing, and Managing Access Reviews in Microsoft Entra
Chapter 15: Planning, Implementing, and Managing Access Reviews in Microsoft Entra
Planning for Access Reviews
Creating and Configuring Access Reviews
Monitoring Access Review Activity
Manually Responding to Access Review Activity
Summary
Exam Readiness Drill – Chapter Review Questions
16
Chapter 16: Planning and Implementing Privileged Access
Chapter 16: Planning and Implementing Privileged Access
Planning and Managing Microsoft Entra Roles
Planning and Managing Azure Resources in PIM
Planning and Configuring Groups Managed by PIM
Managing the PIM Request and Approval Process
Analyzing PIM Audit History and Reports
Creating and Managing Break-Glass Accounts
Summary
Exam Readiness Drill – Chapter Review Questions
17
Chapter 17: Monitoring Identity Activity Using Logs, Workbooks, and Reports
Chapter 17: Monitoring Identity Activity Using Logs, Workbooks, and Reports
Designing a Strategy for Monitoring Microsoft Entra
Reviewing and Analyzing Sign-In, Audit, and Provisioning Logs
Configuring Diagnostic Settings
Monitoring Microsoft Entra by Using KQL Queries in Log Analytics
Using Logs, Workbooks, and Reports to Monitor Identity Activity
Monitoring and Improving the Security posture by using the Identity Secure Score
Summary
Exam Readiness Drill – Chapter Review Questions
18
Chapter 18: Planning and Implementing Microsoft Entra Permissions Management
Chapter 18: Planning and Implementing Microsoft Entra Permissions Management
Onboarding Azure Subscriptions to Permissions Management
Evaluating and Remediating Risks Relating to Azure Identities, Resources, and Tasks
Evaluating and Remediating Risks Relating to Azure’s Highly Privileged Roles
Evaluating and Remediating Risks Relating to the Permission Creep Index (PCI)
Configuring Activity Alerts and Triggers for Azure Subscriptions
Summary
Exam Readiness Drill – Chapter Review Questions
19
Chapter 19: Accessing the Online Practice Resources
Chapter 19: Accessing the Online Practice Resources
How to Access These Materials
Troubleshooting Tips
Back to the Book
Why subscribe?
20
Other Books You May Enjoy
Other Books You May Enjoy
Share Your Thoughts
Download a Free PDF Copy of This Book

Evaluating Effective Permissions for Microsoft Entra Roles

When it comes to managing permissions and roles in Entra ID, it’s important to understand that Entra role assignments are based on an additive model. This means that your effective permissions are the sum of all your role assignments.

You can explore the output of all role assignments (including privileged assignment escalations) in the Entra admin center (https://entra.microsoft.com) by expanding Identity, selecting Roles & admins, and then clicking Download assignments.

Figure 1.25: Downloading role assignment data

Figure 1.24: Downloading role assignment data

You can also explore the Entra admin center on a per-role basis and look for groups with memberships. The Assignments column only shows active roles, so it’s recommended to periodically review them.

Further reading

The Microsoft 365 admin center and Entra admin center don’t provide a great interface to be able to see all role assignments at a glance. To get this information, you’ll have to resort to either PowerShell or the Microsoft Graph API. To make this task a little easier, you can use a tool such as Vasil Michev’s role reporting script: https://github.com/michevnew/PowerShell/blob/master/AADRolesInventory-Graph.ps1.

Next, we’ll shift gears to configuring a tenant to support custom (sometimes called vanity) domains.

End of Section 7
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY