SC-300 Course: Microsoft Identity and Access Administrator

Navigate to exam lab practice.com/i download to access the Microsoft Windows Server 2022 ISO. Save the ISO to your desktop by right-clicking the link and choosing save link as.

Create an external virtual switch in Hyper-V to give a guest VM internet access by selecting a network adapter and confirming the switch.

Create and configure a Windows Server 2022 virtual machine with Hyper-V, including generation two, 4 GB RAM, a 127 GB dynamic disk, and ISO-based installation.

Download the Windows 11 iso to set up a virtual machine by navigating to the iso download page, selecting English United States 64-bit, and clicking download.

Set up a Windows 11 VM in Hyper-V, choosing generation two, 4 GB RAM, TPM, and at least two processors; attach the ISO and complete domain join and renaming.

Set up a Microsoft Active Directory domain on Windows Server 2022 by installing AD DS, promoting a domain controller for a new forest, and configuring DNS.

join Windows 11 to a domain by configuring the DNS server to the domain controller's IP, renaming the computer, and signing in with the administrator to access domain resources.

Explore Azure RBAC and Entra ID roles across Azure resources and Microsoft 365, applying least privilege with scope levels from management group to resource, using owner, contributor, and reader examples.

Understand administrative units in Microsoft Entra ID as departmental silos that enable delegated admin control. Learn when to use static versus dynamic membership and the licensing requirements.

Create and manage administrative units in Azure AD and Entra, apply restricted management, and use dynamic membership with unit-scoped roles for targeted users.

Evaluate the effective permissions of Microsoft Entra roles by reviewing a role's description and permission list, and consulting official articles on admin.microsoft.com and the Azure portal.

Register and verify a custom domain in Microsoft Entra ID and Microsoft 365, using text records in GoDaddy DNS, then link the domain to Exchange Online and other services.

Configure company branding to personalize Azure and Microsoft 365 experiences, including background images, favicon, headers, footers, and sign-in text. Save and review changes in portal.azure.com to tailor visuals.

Configure tenant properties, user settings, group settings, and device settings in Microsoft Entra to manage access across Azure and Microsoft 365, including security defaults, MFA, and device controls.

Before your first assignment, don't skip this video; learn how to fix check-off issues, refresh the browser, and complete the course with a certificate, with Udemy support if needed.

Learn how to redo simulations after completing an assignment by navigating to summary, returning to the assignment, and opening the instructions to access the simulation link anytime.

Create, configure, and manage users across Microsoft Entra ID, Azure portal, and Microsoft 365 admin centers by setting user principal names, licenses, groups, and roles.

Explore the four Azure and Microsoft 365 group types—Microsoft 365 groups, distribution groups, mail-enabled security groups, and security groups—highlighting their access, email, and dynamic versus assigned membership.

Create and manage Microsoft 365 groups in the admin center, including choosing group types (Microsoft 365, distribution, security, mail-enabled), setting owners, adding members, and configuring privacy, email, and shared workspace.

Learn to create and manage Azure AD groups in the Azure portal, including Microsoft 365 and security groups, with dynamic and manual membership rules using expressions.

Automate user creation in bulk with the Microsoft Entra portal by downloading a CSV template from portal.azure.com, populating tenant and domain details, and importing for bulk enrollment.

Differentiate Entra ID registered devices (BYOD) from joined and hybrid joined devices, and show how Intune enables single sign-on, conditional access, and app protection for company resources.

Join a Windows 11 device to Microsoft Entra ID during the out-of-box experience by signing in with an organization account and verifying the device shows as Entra joined in portal.azure.com.

Learn how to register a personal device with Microsoft Entra ID, distinguish between registered and joined devices, apply company policies, and view device status in the Azure portal.

Learn to manage and monitor Microsoft 365 licenses, assign to individuals or groups, explore marketplace options, compare plans, and view usage reports for active users.

Explore foundation concepts of PowerShell for administration, including verb-noun syntax, cmdlets like get service, parameters, piping, intellisense, remote sessions, and basic scripting.

Install the Microsoft Graph PowerShell module from the PowerShell Gallery, set bypass execution policy, and connect to Graph with scopes for users and groups.

Learn to manage users and groups with PowerShell using Graph and Microsoft Entra, including viewing, creating, bulk enrolling from csv, and assigning licenses.

Configure external collaboration in Microsoft Entra ID to manage guest access, invite permissions, guest self-service sign up, and domain restrictions for secure cross-tenant collaboration.

Invite external users to authenticate in your Microsoft environment by sending individual or bulk invitations via portal.azure.com, configuring redirect URLs, guest roles, and CSV-based bulk import.

Manage external users in Microsoft Entra ID as regular users, filter by invitation state, edit properties, deactivate or delete accounts, and assign licenses through the Microsoft 365 admin center.

Enable cross tenant synchronization to share user accounts across partner or acquired tenants, automating identity lifecycle with Microsoft Entra and choosing manual or automatic provisioning.

Configure external identity providers in Azure Entra by adding custom providers that support OpenID Connect, SAML, or WS-Fed, linking third-party or non-Microsoft identities and importing metadata to enable authentication.

Compare intra connect sync and intra cloud sync for linking on-premises Active Directory with Entra ID, detailing authentication options, writebacks, high availability, and deployment footprint to choose the right approach.

Evaluate intra connect sync and intra cloud sync as hybrid solutions for Azure and Microsoft 365, detailing password hash synchronization, PTA, and ADFS or Ping Federate, plus write-back and redundancy.

Prepare on-premises Active Directory for cloud synchronization by using the IdFix tool to identify and fix spaces in user principal names before connecting to Microsoft inter ID.

Configure Microsoft Entra Connect Sync with password hash synchronization and seamless single sign-on. Select an organizational unit to sync, create sample on premises users, and customize synchronization settings.

Configure a quick Azure domain with a Windows Server domain controller, install AD DS, and set up Microsoft Entra Cloud Sync with password hash sync to synchronize a test user.

Learn how to monitor and troubleshoot Microsoft Entra Connect Health for Interconnect Sync, view health analytics, install health agents on domain controllers and federated servers, and review sync errors.

Learn how Microsoft Entra ID authenticates users for Azure and Microsoft 365 using primary and secondary methods, including passwordless options like Windows Hello, FIDO2, and Microsoft Authenticator app for MFA.

Explore the core concepts of multi-factor authentication (MFA), its factors, and how risk-based adaptive MFA with conditional access protects Entra ID and Microsoft 365 from phishing and credential stuffing.

Learn to implement and manage tenant-wide multi-factor authentication in Microsoft 365 and Azure by configuring security defaults, authentication methods, and conditional access policies to enforce MFA for users.

Enable self-service password reset (SSPR) for all users and configure authentication methods, including MFA and password write back for synced hybrid environments.

Configure Microsoft Entra password protection, including lockout thresholds, banned passwords, and expiration, for cloud identities. Understand how on-premises policies interact with synchronized accounts.

Explore Microsoft azure conditional access, using signals from identities, devices, apps, and data under a zero-trust model, to enforce access decisions such as block, MFA, or device compliance.

Create conditional access policies in the azure portal linked to Azure AD, assign to users or groups, target cloud apps and devices, and set risk- and MFA-based conditions.

Learn to test and troubleshoot conditional access policies in Azure or Microsoft Entra portals by creating a test policy and using the what-if tool to simulate blocks and logon issues.

Create a conditional access policy from a Microsoft template, choose templates like block legacy authentication, enable report-only mode, and review sign-in reports to monitor risk.

Explore how Microsoft Entra Identity Protection detects, investigates, and remediates identity-based risks. Focus on risky users and sign-ins, auto remediation, MFA, and SIEM integration with Azure Monitor and Sentinel.

Explore configuring intra-identity protection with risk-based conditional access, focusing on user and sign-in risk levels (low, medium, high) and enforcing MFA for medium and high risk.

Create custom azure roles using the IAM blade, distinguishing the control plane and data plane, and assign read, write, and delete permissions to resources in a resource group.

Assign built-in and custom Azure roles to users or service principals via the Azure portal's access control IAM blade, review permissions, and complete the role assignment in a resource group.

Explore how to view effective permissions in Azure via access control (IAM), check access for users, review role assignments and deny assignments, and navigate resource groups and resources.

Learn how to assign Azure roles to enable Microsoft Entra ID login to an Azure virtual machine, using the virtual machine administrator login or virtual machine user login roles.