Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Microsoft Identity and Access Administrator SC-300 Exam Guide
  • Table Of Contents Toc
  • Feedback & Rating feedback
Microsoft Identity and Access Administrator SC-300 Exam Guide

Microsoft Identity and Access Administrator SC-300 Exam Guide

By : Aaron Guilmette, James Hardiman, Doug Haven, Dwayne Natwick
Buy this Book
close
close
Microsoft Identity and Access Administrator SC-300 Exam Guide

Microsoft Identity and Access Administrator SC-300 Exam Guide

By: Aaron Guilmette, James Hardiman, Doug Haven, Dwayne Natwick
Buy this Book

Overview of this book

In today’s cloud-driven environment, achieving SC-300 certification is essential for professionals looking to tackle real-world identity and access management (IAM) scenarios. SC-300 exam content has undergone significant changes, and this second edition aligns with the revised exam objectives. This updated edition gives you access to online exam prep resources such as chapter-wise practice questions, mock exams, interactive flashcards, and expert exam tips, providing you with all the tools you need for thorough exam preparation. You’ll get to grips with the creation, configuration, and management of Microsoft Entra identities, as well as understand the planning, implementation, and management of Microsoft Entra user authentication processes. You’ll learn to deploy and use new Global Secure Access features, design cloud application strategies, and manage application access and policies by using Microsoft Cloud App Security. You’ll also gain experience in configuring Privileged Identity Management for users and guests, working with the Permissions Creep Index, and mitigating associated risks. By the end of this book, you’ll have mastered the skills essential for securing Microsoft environments and be able to pass the SC-300 exam on your first attempt.
Table of Contents (21 chapters)
close
close
Preface
Preface
Who This Book Is For
What This Book Covers
How to Get the Most Out of This Book
Online Practice Resources
To Make the Most Out of This Book
Download the Example Code Files
Download the Color Images
Conventions Used
Get in Touch
Share Your Thoughts
Download a Free PDF Copy of This Book
Free Chapter
1
Chapter 1: Implementing and Configuring a Microsoft Entra Tenant
chevron up
Chapter 1: Implementing and Configuring a Microsoft Entra Tenant
In this chapter, you will explore the essential elements of planning your Microsoft 365 experience, particularly as they map to the SC-300 exam. The objectives and skills covered in this chapter include the following:
Provisioning a Tenant
Configuring and Managing Built-In and Custom Microsoft Entra Roles
Recommending When to Use Administrative Units
Configuring and Managing Administrative Units
Evaluating Effective Permissions for Microsoft Entra Roles
Configuring and Managing Custom Domains
Configuring Company Branding Settings
Configuring Tenant-Wide Settings and Properties
Summary
Exam Readiness Drill – Chapter Review Questions
2
Chapter 2: Creating, Configuring, and Managing Microsoft Entra Identities
Chapter 2: Creating, Configuring, and Managing Microsoft Entra Identities
Creating, Configuring, and Managing Users
Creating, Configuring, and Managing Groups
Managing Custom Security Attributes
Automating Bulk Operations by Using the Microsoft Entra Admin Center and PowerShell
Managing Device Join and Device Registration in Microsoft Entra ID
Assigning, Modifying, and Reporting on Licenses
Summary
Exam Readiness Drill – Chapter Review Questions
3
Chapter 3: Implementing and Managing Identities for External Users and Tenants
Chapter 3: Implementing and Managing Identities for External Users and Tenants
Managing External Collaboration Settings in Microsoft Entra ID
Inviting External Users, Individually or in Bulk
Managing External User Accounts in Microsoft Entra ID
Implementing Cross-Tenant Access Settings
Implementing and Managing Cross-Tenant Synchronization
Configuring External Identity Providers
Summary
Exam Readiness Drill – Chapter Review Questions
4
Chapter 4: Implementing and Managing Hybrid Identity
Chapter 4: Implementing and Managing Hybrid Identity
Preparing for Identity Synchronization
Implementing and Managing Microsoft Entra Connect Sync
Implementing and Managing Microsoft Entra Connect Cloud Sync
Implementing and Managing Password Hash Synchronization
Implementing and Managing Pass-Through Authentication
Implementing and Managing Seamless single sign-on
Migrating from AD FS to Other Authentication and Authorization Mechanisms
Implementing and Managing Microsoft Entra Connect Health
Summary
Exam Readiness Drill – Chapter Review Questions
5
Chapter 5: Planning, Implementing, and Managing Microsoft Entra User Authentication
Chapter 5: Planning, Implementing, and Managing Microsoft Entra User Authentication
Planning for Authentication
Implementing and Managing Authentication Methods
Implementing and Managing Tenant-Wide MFA Settings
Configuring and Deploying Self-Service Password Reset
Implementing and Managing Windows Hello for Business
Disabling Accounts and Revoking User Sessions
Deploying and Managing Entra Password Protection and Smart Lockout
Enabling Microsoft Entra Kerberos Authentication for Hybrid Identities
Implementing Certificate-Based Authentication in Microsoft Entra
Summary
Exam Readiness Drill – Chapter Review Questions
6
Chapter 6: Planning, Implementing, and Managing Microsoft Entra Conditional Access
Chapter 6: Planning, Implementing, and Managing Microsoft Entra Conditional Access
Planning Conditional Access Policies
Implementing Conditional Access Policy Assignments
Implementing Conditional Access Policy Controls
Implementing Session Management
Implementing Device-Enforced Restrictions
Implementing CAE
Creating a Conditional Access Policy from a Template
Summary
Exam Readiness Drill – Chapter Review Questions
7
Chapter 7: Managing Risk Using Microsoft Entra ID Protection
Chapter 7: Managing Risk Using Microsoft Entra ID Protection
Implementing and Managing User Risk Policies
Implementing and Managing Sign-In Risk Policies
Implementing and Managing MFA Registration Policies
Monitoring, Investigating, and Remediating Risky Users
Monitoring, Investigating, and Remediating Risky Workload Identities
Summary
Exam Readiness Drill – Chapter Review Questions
8
Chapter 8: Implementing Access Management for Azure Resources by Using Azure Roles
Chapter 8: Implementing Access Management for Azure Resources by Using Azure Roles
Creating Custom Azure Roles
Assigning Built-In and Custom Azure Roles
Evaluating Effective Permissions for a Set of Azure Roles
Assigning Azure Roles to Enable Microsoft Entra ID Login to Azure Virtual Machines
Configuring Azure Key Vault Role-Based Access Control (RBAC)
Summary
Exam Readiness Drill – Chapter Review Questions
9
Chapter 9: Implementing Global Secure Access
Chapter 9: Implementing Global Secure Access
What Is GSA?
Deploying GSA Clients
Deploying Private Access
Deploying Internet Access
Deploying Internet Access for Microsoft 365
Enhancing Global Secure Access with Conditional Access
Summary
Exam Readiness Drill – Chapter Review Questions
10
Chapter 10: Planning and Implementing Identities for Applications and Azure Workloads
Chapter 10: Planning and Implementing Identities for Applications and Azure Workloads
Selecting Appropriate Identities for Applications and Azure Workloads
Creating Managed Identities
Using a Managed Identity Assigned to an Azure Resource
Summary
Exam Readiness Drill – Chapter Review Questions
11
Chapter 11: Planning, Implementing, and Monitoring the Integration of Enterprise Applications
Chapter 11: Planning, Implementing, and Monitoring the Integration of Enterprise Applications
Planning and Implementing Settings for Enterprise Applications
Assigning Appropriate Microsoft Entra Roles to Users to Manage Enterprise Applications
Designing and Implementing Integration for On-Premises Apps by Using Microsoft Entra Application Proxy
Designing and Implementing Integration for SaaS Apps
Assigning, Classifying, and Managing Users, Groups, and App Roles for Enterprise Applications
Summary
Exam Readiness Drill – Chapter Review Questions
12
Chapter 12: Planning and Implementing App Registrations
Chapter 12: Planning and Implementing App Registrations
Planning for App Registrations
Creating App Registrations
Configuring App Authentication
Configuring API Permissions
Creating App Roles
Summary
Exam Readiness Drill – Chapter Review Questions
13
Chapter 13: Managing and Monitoring App Access Using Microsoft Defender for Cloud Apps
Chapter 13: Managing and Monitoring App Access Using Microsoft Defender for Cloud Apps
Configuring and Analyzing Cloud Discovery Results by Using Defender for Cloud Apps
Configuring Connected Apps
Implementing Application-Enforced Restrictions
Configuring Conditional Access App Control
Creating Access and Session Policies in Defender for Cloud Apps
Implementing and Managing Policies for OAuth Apps
Managing the Cloud App Catalog
Summary
Exam Readiness Drill – Chapter Review Questions
14
Chapter 14: Planning and Implementing Entitlement Management
Chapter 14: Planning and Implementing Entitlement Management
Planning Entitlements
Creating and Configuring Catalogs
Creating and Configuring Access Packages
Managing Access Requests
Implementing and Managing Terms of Use
Managing the Lifecycle of External Users
Configuring and Managing Connected Organizations
Summary
Exam Readiness Drill – Chapter Review Questions
15
Chapter 15: Planning, Implementing, and Managing Access Reviews in Microsoft Entra
Chapter 15: Planning, Implementing, and Managing Access Reviews in Microsoft Entra
Planning for Access Reviews
Creating and Configuring Access Reviews
Monitoring Access Review Activity
Manually Responding to Access Review Activity
Summary
Exam Readiness Drill – Chapter Review Questions
16
Chapter 16: Planning and Implementing Privileged Access
Chapter 16: Planning and Implementing Privileged Access
Planning and Managing Microsoft Entra Roles
Planning and Managing Azure Resources in PIM
Planning and Configuring Groups Managed by PIM
Managing the PIM Request and Approval Process
Analyzing PIM Audit History and Reports
Creating and Managing Break-Glass Accounts
Summary
Exam Readiness Drill – Chapter Review Questions
17
Chapter 17: Monitoring Identity Activity Using Logs, Workbooks, and Reports
Chapter 17: Monitoring Identity Activity Using Logs, Workbooks, and Reports
Designing a Strategy for Monitoring Microsoft Entra
Reviewing and Analyzing Sign-In, Audit, and Provisioning Logs
Configuring Diagnostic Settings
Monitoring Microsoft Entra by Using KQL Queries in Log Analytics
Using Logs, Workbooks, and Reports to Monitor Identity Activity
Monitoring and Improving the Security posture by using the Identity Secure Score
Summary
Exam Readiness Drill – Chapter Review Questions
18
Chapter 18: Planning and Implementing Microsoft Entra Permissions Management
Chapter 18: Planning and Implementing Microsoft Entra Permissions Management
Onboarding Azure Subscriptions to Permissions Management
Evaluating and Remediating Risks Relating to Azure Identities, Resources, and Tasks
Evaluating and Remediating Risks Relating to Azure’s Highly Privileged Roles
Evaluating and Remediating Risks Relating to the Permission Creep Index (PCI)
Configuring Activity Alerts and Triggers for Azure Subscriptions
Summary
Exam Readiness Drill – Chapter Review Questions
19
Chapter 19: Accessing the Online Practice Resources
Chapter 19: Accessing the Online Practice Resources
How to Access These Materials
Troubleshooting Tips
Back to the Book
Why subscribe?
20
Other Books You May Enjoy
Other Books You May Enjoy
Share Your Thoughts
Download a Free PDF Copy of This Book

Configuring Tenant-Wide Settings and Properties

In addition to branding, there are several other common settings that can be configured and impact the availability of features and services across all users.

Services

The Services tab of the Org settings window is used to configure broad tenant-wide features. Some of these may include actual services (such as Bookings or Teams), while others may impact how features are used (such as Microsoft 365 groups).

There are currently 40 different options on this page. Most of the settings are very high-level or coarse controls; fine-tuning configurations will require navigating to the appropriate service or workload’s administrative interfaces.

Table 1.4 lists the features that can be configured on the Services page.

Option

Description

Account Linking

Allow users to connect Microsoft Entra ID to their Microsoft account to earn Bing rewards.

Adoption Score

Manage the selection criteria for whose data will be included in the adoption score as well as high-level filtering options.

Azure Speech Services

Allow Azure to process emails and documents to improve speech recognition accuracy.

Bookings

Enable or disable bookings and select Bookings features organization-wide.

Brand center

Enable Microsoft 365 to set up a SharePoint site used to store branding assets for your tenant customization.

Calendar

Manage high-level calendar sharing options.

Copilot for Sales

Enable Copilot for Sales features.

Cortana

Allow Cortana features to access Microsoft 365 data.

Directory synchronization

Link to download the Entra Connect synchronization tool.

Dynamics 365 Applications

Allow Dynamics 365 to generate insights data from Microsoft 365 users. Disabled by default.

Dynamics 365 Customer Voice

Configure Dynamics 365 Customer Voice to gather survey information.

Dynamics CRM

This links to the Dynamics CRM settings (Power Platform admin center).

Mail

This links to a page to manage various Exchange mail tasks, such as audit reports, message trace reports, and spam filtering policies.

Microsoft 365 Groups

Manage features of Microsoft 365 groups, such as allowing guests.

Microsoft 365 installation options

Select the channel for Microsoft 365 app updates.

Microsoft 365 Lighthouse

Enable management of tenants by a partner through Microsoft 365 Lighthouse.

Microsoft 365 on the web

Allow integration of Microsoft 365 files with third-party cloud services. Enabled by default.

Microsoft Azure Information Protection

Link to Azure Information Protection (AIP) configuration settings (Azure Rights Management).

Microsoft communication to users

Choose whether or not users receive emails from Microsoft about the services they’re licensed for.

Microsoft Edge site lists

Manage lists of sites that should be opened in Edge versus legacy Internet Explorer mode.

Microsoft Forms

Manage sharing and external content options for Microsoft Forms.

Microsoft Graph Data Connect

Manage the use of Graph Data Connect with Azure Data Factory and Azure Synapse Analytics. If enabled, you can choose to separately allow dataset access for Viva Insights and SharePoint Online/OneDrive for Business.

Microsoft Loop

Enable access to Loop workspaces.

Microsoft Planner

Enable iCalendar access for Planner.

Microsoft Search on Bing homepage

Manage curated items to show up on Bing’s home page for users.

Microsoft Teams

Enable automatic enablement of Teams, and configure guest access enablement.

Microsoft To Do

Enable push notifications for To Do.

Microsoft Viva Insights

Enable Insights features for users.

Modern authentication

Enable modern authentication and SMTP authentication for Exchange Online.

Multi-factor authentication

Link to administer legacy per-user multi-factor authentication settings.

News

Configure News settings for the organization. News is a feature of the Bing/Edge product that displays content related to the organization’s industry and selected keywords.

Office Scripts

Enable Office Scripts within the Microsoft 365 tenant.

Reports

Manage privacy settings for reports displayed in the admin center and make usage analytics report data available to Power BI.

Search & intelligence usage analytics

Configure Microsoft search settings and digest email.

SharePoint

Manage high-level external sharing settings with a link to the SharePoint admin center for advanced sharing settings.

Sway

Enable external sharing and content integration options for Sway.

User owned apps and services

Grant users access to the Office Store as well as the ability to start trials and auto-claim licenses.

Viva Learning

Configure privacy and diagnostic data settings for Viva Learning.

What’s new in Microsoft 365

Temporarily deprecated; redirects to Microsoft Learn.

Whiteboard

Enable the Whiteboard app in Microsoft Teams.

Table 1.4: Organization-wide services and features in Microsoft 365

While you won’t be required to memorize this table for the exam, you should at least be broadly familiar with the items. As a rule, services and features are enabled through licenses—the only exception at this time is Bookings (controlled through this Services page toggle).

Security and Privacy

The security and privacy options are geared toward high-level administration or global settings of your tenant, not specifically toward content or data security. For example, Customer Lockbox doesn’t have configurable features outside of enabling it based on licensing.

Table 1.5 depicts the items currently configurable on the Security & privacy page.

Option

Description

Customer Lockbox

Enable Customer Lockbox (if licensed). Custom Lockbox enables a workflow for authorizing support personnel’s access to the tenant during incidents.

Help & support query collection

Choose whether Microsoft can collect information on the support requests made in the admin center.

Idle session timeout

Sign users out of Microsoft 365 web apps after a period of inactivity. This does not impact mobile or desktop client applications. This setting overrides session timeout policies configured in the Outlook web app and SharePoint.

Microsoft Graph Data Connect applications

Manage apps that use Microsoft Graph Data Connect.

Password expiration policy

Enable the Password Never Expire option for accounts. Does not affect synchronized accounts.

Privacy profile

Configure a privacy link and contact for your organization. This link is shown during the Teams meeting join experience.

Privileged access

Enable privileged access at the task level (separate from Entra Privileged Identity Management).

Pronouns

Enable users to display personal pronoun information in Microsoft 365 apps such as Teams and Outlook.

Self-service password reset

Link to the Azure portal to configure self-service password reset.

Sharing

Enable users to invite guests.

Table 1.5: Security and privacy settings

While you won’t be required to memorize this table, you should at least be broadly familiar with the items available—primarily enabling Customer Lockbox and setting the tenant-wide idle session timeout and the tenant-wide setting for non-expiring passwords.

Organization Profile

The Organization profile settings (Microsoft 365 admin center | Settings | Org settings) are largely informational or used to manage certain tenant-wide aspects of the user experience. On this tab, you’ll find the following settings:

Setting

Description

Custom themes

Create and apply themes to the Microsoft 365 portal for end users. You can also mandate specific themes, organization logos, and colors.

Custom tiles for apps

Configure additional tiles to display on the Microsoft 365 app launcher (sometimes referred to as the Launcher or the Waffle).

Data location

View the regional information where your tenants’ data is stored.

Help desk information

Choose whether custom help desk support information for end users needs to be added to the Office 365 help pane.

Keyboard shortcuts

View the shortcuts available for use in the Microsoft 365 admin center.

Multitenant collaboration

These settings enable you to link multiple tenants together. Multitenant organizations support cross-tenant user synchronization and provisioning (through Microsoft Entra B2B collaboration).

Organization information

Update your organization’s name and other contact information.

Release preferences

Choose the release settings for Office 365 features (excluding Microsoft 365 Apps). The available options are Standard release for everyone, Targeted release for everyone, and Targeted release for select users. The default setting is Standard release for everyone.

Send email notifications from your domain

Send system notification messages from an address linked to one of your verified domains instead of a Microsoft external address.

Support integration

Configure integration with third-party support tools, such as ServiceNow.

Table 1.6: Organization profile settings

Like the other Organization settings tabs, the settings on this page will be used infrequently—typically when just setting up your tenant and customizing the experience. As with the other Organization profile setting areas, you should spend some time in a test environment navigating the tenant to view these settings and updating them to see their effects.

End of Section 10
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY