SC-300 Microsoft Certified Identity and Access Administrator Associate Exam Prep

Topic 1 Explore identity in Microsoft Entra ID

• Explain the identity landscape
• Explore zero trust with identity
• Discuss identity as a control plane
• Explore why we have identity
• Define identity administration
• Contrast decentralized identity with central identity systems
• Discuss identity management solutions
• Explain Microsoft Entra Business to Business
• Compare Microsoft identity providers
• Define identity licensing
• Explore authentication
• Discuss authorization
• Explain auditing in identity

Topic 2 Implement initial configuration of Microsoft Entra ID

• Configure company brand
• Configure and manage Microsoft Entra roles
• Exercise manage users roles
• Configure delegation by using administrative units
• Analyze Microsoft Entra role permissions
• Configure and manage custom domains
• Configure tenant-wide setting

Topic 3 Create, configure, and manage identities

• Create, configure, and manage users
• Create, configure, and manage groups
• Configure and manage device registration
• Manage licenses
• Create custom security attributes
• Explore automatic user creation

Topic 4 Implement and manage external identities

• Describe guest access and Business to Business accounts
• Manage external collaboration
• Invite external users - individually and in bulk
• Manage external user accounts in Microsoft Entra ID
• Manage external users in Microsoft 365 workloads
• Implement and manage Microsoft Entra Verified ID
• Configure identity providers
• Implement cross-tenant access controls

Topic 5 Implement and manage hybrid identity

• Plan, design, and implement Microsoft Entra Connect
• Implement manage password hash synchronization (PHS)
• Implement manage pass-through authentication (PTA)
• Implement and manage federation
• Trouble-shoot synchronization errors
• Implement Microsoft Entra Connect Health
• Manage Microsoft Entra Health

Topic 6 Secure Microsoft Entra users with multifactor authentication

• What is Microsoft Entra multifactor authentication?
• Plan your multifactor authentication deployment
• Configure multi-factor authentication methods

Topic 7 Manage user authentication

• Administer FIDO2 and passwordless authentication methods
• Explore Authenticator app and OATH tokens
• Implement an authentication solution based on Windows Hello for Business
• Deploy and manage password protection
• Configure smart lockout thresholds
• Implement Kerberos and certificate-based authentication in Microsoft Entra ID
• Configure Microsoft Entra user authentication for virtual machines

Topic 8 Plan, implement, and administer Conditional Access

• Plan security defaults
• Plan Conditional Access policies
• Implement Conditional Access policy controls and assignments
• Test and troubleshoot Conditional Access policies
• Implement application controls
• Implement session management
• Implement continuous access evaluation

Topic 9 Manage Microsoft Entra Identity Protection

• Review identity protection basics
• Implement and manage user risk policy
• Monitor, investigate, and remediate elevated risky users
• Implement security for workload identities
• Explore Microsoft Defender for Identity

Topic 10 Implement access management for Azure resources

• Assign Azure roles
• Configure custom Azure roles
• Create and configure managed identities
• Access Azure resources with managed identities
• Analyze Azure role permissions
• Configure Azure Key Vault RBAC policies
• Retrieve objects from Azure Key Vault
• Explore Microsoft Entra Permissions Management

Topic 11 Plan and design the integration of enterprise apps for SSO

• Discover apps by using Microsoft Defender for Cloud Apps and Active Directory Federation Services app report
• Configure connectors to apps
• Design and implement app management roles
• Configure preintegrated gallery SaaS apps
• Implement and manage policies for OAuth apps

Topic 12 Implement and monitor the integration of enterprise apps for SSO

• Implement token customizations
• Implement and configure consent settings
• Integrate on-premises apps with Microsoft Entra application proxy
• Integrate custom SaaS apps for single sign-on
• Implement application-based user provisioning
• Monitor and audit access to Microsoft Entra integrated enterprise applications
• Create and manage application collections

Topic 13 Implement app registration

• Plan your line of business application registration strategy
• Implement application registration
• Register an application
• Configure permission for an application
• Grant tenant-wide admin consent to applications
• Implement application authorization
• Manage and monitor application by using app governance

Topic 14 Plan and implement entitlement management

• Define access packages
• Configure entitlement management
• Configure and manage connected organizations
• Review per-user entitlements

Topic 15 Plan, implement, and manage access review

• Plan for access reviews
• Create access reviews for groups and apps
• Create and configure access review programs
• Monitor access review findings
• Automate access review management tasks
• Configure recurring access reviews

Topic 16 Plan and implement privileged access

• Define a privileged access strategy for administrative users
• Configure Privileged Identity Management for Azure resources
• Plan and configure Privileged Access Groups
• Analyze Privileged Identity Management audit history and reports
• Create and manage emergency access accounts

Topic 17 Monitor and maintain Microsoft Entra ID

• Analyze and investigate sign-in logs to troubleshoot access issues
• Review and monitor Microsoft Entra audit logs
• Export logs to third-party security information and event management system
• Analyze Microsoft Entra workbooks and reporting
• Monitor security posture with Identity Secure Score

Prerequisite:

HRDF Funding

Please refer to this video https://youtu.be/Kzpd-V1F9Xs

1-     HRD Corp Grant Helper

How to submit grant applications for HRD Corp Claimable Courses

2-     Employers are required to apply for the grant at least one week before training commences.

Employers must submit their applications with supporting documents, including invoices/quotations, trainer profiles, training schedule and course content.

3-     First, Login to Employer’s e-TRIS account -https://etris.hrdcorp.gov.my

Second, Click Application

4-     Click Grant on the left side under Applications

5-     Click Apply Grant on the left side under Applications

6-     Click Apply

7-     Choose a Scheme Code and select HRD Corp Claimable Courses: Skim Bantuan Latihan Khas. Then, click Apply

8-     Scheme Code represents all types of training that suit the requirements provided by HRD Corp. Below are the list of schemes offered by HRD Corp:

9-     Select your Immediate Officer and click Next

10-  Select a Training Provider, then click Next

11-  Please select a training programme from the list, then key in all the required details and click Next

Select your desired training programme.

Give an explanation on why the participant is required to attend the training. E.g., related to their tasks/ career development, etc.

Explain the background and objective of this training.

Select a relevant focus area. For Employer-Specific Courses, select ‘Not Applicable’.

12-  If the training programme is a micro-credential programme, you are required to complete these 3 fields. Save and click Next

Insert MiCAS Application number

13-  Based on the nine (9) pillars listed below, HRD Corp Focus Area Courses are closely tied to support government initiatives towards nation building. As such, courses offered through the HRD Corp Focus Areas are designed to provide the workforce with skills required for current and future demands. Details of the focus areas are as follows:

14-  Please select a Course Title and Type of Training

15-  Select the correct type of training according to the actual type of training, or as mentioned in the training brochure:

16-  Please key in the Training Location and click Next

17-  Please select the Level of Certification and click Next

18-  Please follow the instructions and key in trainee details

19-  Click Add Batch, then click Save

20-  Click Add Trainee Details

21-  Please key in all the required details, then click Add

22-  Click Add if there are more participants. Once done, click Save

23-  Click Next

24-  Please key in the course fees and allowance details, then click Save

25-  Estimated cost includes the course fees/external trainer fees, allowances, and consumable training materials. Please comply with the HRD Corp Allowable Cost Matrix.

26-  Select Upfront Payment to Training Provider and key in the percentage from 0% to 30%. Then, click Save and Next

27-  Complete the declaration form and select a desired officer

28-  Add all the required documents, then click Add Attachment. Then, click Save and Submit Application

29-  Once the New Grant Application is successfully submitted, the Grant Officer will evaluate the application accordingly. The application may be queried if additional information is required.

The application status will be updated via the employer’s dashboard, email, and the e-TRiS inbox.

• Identity and Access Administrator
• Cybersecurity Analyst
• Systems Administrator
• IT Security Specialist
• Network Administrator
• Cloud Security Engineer
• Compliance and Security Manager
• IT Consultant specializing in Microsoft Technologies
• Azure AD Specialist
• Risk Management Officer
• Security Operations Center (SOC) Analyst
• IT Project Manager
• Technical Support Engineer
• IT Auditor focusing on security and compliance
• Cloud Solutions Architect
• Information Security Officer
• Network Security Engineer
• Data Protection Specialist
• Incident Response Coordinator
• Enterprise Architect focusing on security

Agus Salim is a professional with more than 10 years of experience in Project Management, IT Solutions Management, and Systems Integration both in waterfall and agile methodology. He started out his career as a Web Developer before moving on to Business Analyst/Project Manager. He has strong leadership and the capability of leading a team with a proven ability to deliver projects with tight timelines. Besides his experiences in managing projects, he has good knowledge in Cybersecurity and hands-on experience in Next Generation Firewall such as Check Point. During his free time, he likes to explore Cloud Technology, especially on Microsoft Azure. Agus has obtained AZ-104, AZ-500 and other Microsoft certifications. I am also a ALCP certified trainer.