SC-300: Microsoft Identity and Access Administrator

Explore the five cloud computing properties—on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service—and how they enable fast provisioning and scalable usage in cloud environments.

Define public, private, hybrid, and multi-cloud concepts and explain how Azure, AWS, and GCP, with Azure Stack, AWS Outposts, and Google Anthos, combine to form enterprise cloud strategies.

Explore the Azure global backbone, detailing data centers, regions, fiber, subsea cables, edge sites, partners, and peering connections, to deliver high performance, fault tolerance, and disaster recovery for users.

Explore the shared responsibility model across on premises, IaaS, PaaS, and SaaS in Azure, and compare with AWS and GCP to see who bears which duties.

Explore the Azure resource hierarchy, from management groups to subscriptions and resource groups, and learn how grouping by location, department, or lifecycle supports governance and cost tracking.

Explore Azure subscription types, including free and student options with credits, pay-as-you-go for usage-based billing, and enterprise agreements, with the course focusing on the free and student options for demos.

Demystify the relationship between Entra ID tenants and Azure subscriptions by showing that identities in the Entra ID tenant access resources inside subscriptions and resource groups.

Create your free azure subscription via the resources link, choose between free and pay-as-you-go, provide your details, then log in at portal.azure.com to start building in azure.

Explore authorization, or auth, and how it determines user permissions after authentication, using role based access control and attribute based access control (RBAC and ABAC), including Azure RBAC.

Authentication verifies a user's identity to grant system access using passwords, biometrics, or one-time passwords, and precedes authorization as the first step in access control with Kerberos and SAML.

Learn how identity providers centralize user identities—including managed, external, and on premises—into a cloud repository, enabling single sign-on across thousands of applications with multi-factor authentication and conditional access.

Zero trust is a security strategy and mindset, not a product. Verify explicitly by always authenticating and authorizing based on identity, location, device, health, and data, while enforcing just-in-time access and assume breach.

Discover Microsoft security cosmos focused on cloud security, SOC, and CTI, exploring Defender XDR and its components—Defender for Identity, Endpoint, Cloud Apps, and Office 365—plus Sentinel and Copilot for security.

Block phishing emails and malicious attachments with defender for office to filter URLs. Use defender for endpoint, identity protection, and cloud apps to detect exploits and prevent data exfiltration.

Explore Microsoft Entra's four pillars—zero trust identity, secure employee, customer and partner access, and cloud-based access—along with licensing options and key products like verified ID and external ID.

Explore Microsoft Entra ID, the cloud-based identity and access management service formerly known as Azure Active Directory, covering conditional access, B2B/B2C, device management, hybrid identity, MFA, identity protection, and licensing.

Understand built-in and custom Microsoft Entra roles, including entry ID roles like Teams administrator, security administrator, and global reader, and how they differ from Azure RBAC across the Microsoft ecosystem.

Cluster your Entra ID identities into administrative units to restrict permissions to defined regions, delegate regional help desk roles, and manage memberships across multiple units.

Configure administrative units in intra ID to logically cluster users, groups, devices, and roles. Create and populate a Europe administrative unit with members and groups to simplify tenant administration.

Explore built-in Microsoft Intra ID roles in Azure AD, focusing on the security administrator, and roles bundle permissions, such as creating conditional access policies, with assignments, activation controls, and approvals.

Configure tenant properties and user settings in the azure portal for the android tenant, including default permissions for application registration, group creation, and guest access options.

Understand intra ID user identities for humans, including synchronized on-premises identities via Intra Connect. Learn about cloud and guest identities, and support for username/password, MFA, and passwordless authentication.

Learn to create and manage users in Azure AD by configuring user principal name, display name, auto-generated passwords, account status, and role and group assignments.

Organize access at scale by using groups in intra id to assign roles, differentiating security groups and M365 groups with dynamic and assigned memberships.

Create a security group in intra ID, name and describe it, and decide on role assignment. Set owner and member, then create, and configure Azure role assignments.

Navigate the M365 admin center to manage licenses, view subscriptions, and approve license requests; configure an auto-claim policy and manually assign E5 licenses to active users, then save changes.

Learn how to perform bulk operations in Android, including bulk create, bulk invite, and bulk delete, by uploading CSV templates with version number, column headings, and rows per Microsoft requirements.

Enable external identities outside your intra ID tenant to collaborate on resources like Azure and SharePoint. Explore B2B collaboration, B2B direct connect, and B2C with cross-tenant trust.

Configure external collaboration settings in Entra ID to govern guest access and invitations. Enable self-service sign-up, external user leave, and domain-based collaboration restrictions to fit your security requirements.

Configure cross-tenant access settings in Android, including inbound/outbound B2B collaboration, external identities, and tenant restrictions across Microsoft cloud environments.

Configure external identity providers, including Saml, in enter ID, and onboard custom providers via domain and metadata options.

Create and configure an Azure hybrid identity lab by provisioning a resource group, a vnet named identity, and two virtual machines for a domain controller and an interconnect.

Purchase a domain to work with Azure Active Directory. Add it as a custom domain via App Service domains or intra ID and verify ownership with a txt record.

Install and configure Active Directory on an Azure domain controller by using Server Manager to add Active Directory Domain Services, promote to a new forest with Azure demos.org.

Enable identity with Entra Connect by syncing on premises AD to intra ID using password hash synchronization or pass through authentication, and monitor health via Microsoft Entra Connect Health.

Install Intra Connect on an Azure virtual machine, join the domain, and enable password hash synchronization with single sign-on using Microsoft Entra Connect Sync.

Navigate a hybrid authentication flow to decide between password hash sync and pass-through authentication for cloud sign-in or on-premises Active Directory requirements.

Explore Android authentication options from passwords to passwordless methods like Windows Hello for business and Fido2 keys, including MFA and self-service password reset implications.

Explore how multi-factor authentication protects access by combining something you know with something you have or are, and highlight passwordless options like Windows Hello, FIDO2 keys, or the Microsoft Authenticator.

Configure and manage tenant-wide multi-factor authentication in Entra ID by enabling and customizing authentication methods, including passkeys (Fido2) and SMS, with per-user MFA settings.

Explore passwordless authentication with intra ID using the Microsoft Authenticator app, number matching, and policy controls for all users or selected groups, plus Windows Hello for Business.

Self-service password reset lets users reset passwords, reducing help desk calls, and one-time registration enables access from any device, while password writeback syncs cloud and on-premises Active Directory.

Enable self-service password reset (SSPR) in intra ID for all users or a selected group, and set a converged policy with one or two authentication methods.

Learn to disable user accounts and revoke all sessions during security incidents, using the revoke sessions feature and account-enabled settings across all data sources, with optional MFA and self-service reset.

Configure password protection in Microsoft Entra to apply policies to cloud identities and on-premises Active Directory, including logout thresholds, banned passwords, and audit or enforced modes (case-insensitive and variations).

Plan conditional access policies to enforce access control based on user and device signals. Apply multifactor authentication when needed and limit remote access to support a zero trust model.

Create and test Azure conditional access policies for Office 365, including assignments, named locations, risk levels, and grants requiring MFA, device compliance, and hybrid join.

Explore session management in conditional access by configuring session controls, including app enforced restrictions, monitor and block downloads, and settings for re-authentication and persistent browser sessions.

Test and troubleshoot conditional access policies with the what-if tool, simulating users, cloud apps, devices, and risks; view policy names, grant controls, and session states to diagnose failures.

Learn to create a conditional access policy from pre-populated templates, applying secure foundation and zero trust controls, including multifactor authentication for administrators and broad user coverage, with report-only testing.