A comprehensive study guide that will

provide you with great preparation tools

for the SC-300: Microsoft Identity and
Access Administrator exam

SC-300
Official
Course Study
Guide

Jordi Koenderink 12/4/2022

Introduction
Welcome to the SC-300 Study Guide. This guide will go over each topic of the skills outline, provided
by Microsoft for the SC-300: Microsoft Identity and Access Administrator exam.

The Microsoft identity and access administrator designs, implements, and operates an organization’s
identity and access management systems by using Microsoft Azure Active Directory (Azure AD), part
of Microsoft Entra. They configure and manage authentication and authorization of identities for
users, devices, Azure resources, and applications.

The identity and access administrator provides seamless experiences and self-service management
capabilities for all users. They ensure that identity is verified explicitly to support Zero Trust
principles. They automate management of Azure AD by using PowerShell and analyze events by using
Kusto Query Language (KQL). They are also responsible for troubleshooting, monitoring, and
reporting for the identity and access environment.

The identity and access administrator collaborates with many other roles in the organization to drive
strategic identity projects, to modernize identity solutions, to implement hybrid identity solutions,
and to implement identity governance. They should be familiar with Azure and Microsoft 365
services and workloads.

About the exam:

• Taking the exam will cost you $165 US dollars.

• Microsoft certification exams are scored out of 1000 points. You need 700 points or higher to
pass the SC-300 exam and gain your Identity and Access Administrator Associate badge.
• The SC-300 exam will need to be renewed every year. Microsoft will from time to time retire
certifications, however, and you may also find exam numbers when Microsoft changes the
curriculum substantially for the certification.
• The exam will have around 65 questions for which you have 3h to answer.
• As of this moment of writing, there’re no labs.

Books/e-books:

Mastering Identity and Access Management

with Microsoft Azure: Empower users by
managing and protecting identities and data,
2nd Edition
Start empowering users and protecting
corporate data, while managing identities and
access with Microsoft Azure in different
environments

• Amazon.com: Amazon.com: Mastering

Identity and Access Management with
Microsoft Azure: Empower users by
managing and protecting identities and
data, 2nd Edition eBook : Nickel, Jochen:
Kindle Store
• Amazon Canada: Mastering Identity and
Access Management with Microsoft Azure:
Empower users by managing and

Page | 1
 protecting identities and data, 2nd Edition
eBook : Nickel, Jochen: Amazon.ca: Books
• Amazon UK: Mastering Identity and Access
Management with Microsoft Azure:
Empower users by managing and
protecting identities and data, 2nd Edition
eBook : Nickel, Jochen: Amazon.co.uk:
Books
• Amazon FR: Mastering Identity and Access
Management with Microsoft Azure:
Empower users by managing and
protecting identities and data, 2nd Edition
(English Edition) eBook : Nickel, Jochen:
Amazon.fr: Boutique Kindle
• Amazon DE: Mastering Identity and Access
Management with Microsoft Azure:
Empower users by managing and
protecting identities and data, 2nd Edition
(English Edition) eBook : Nickel, Jochen:
Amazon.de: Kindle-Shop

Video training:

This course goes through all of the skills needed

to take and pass the SC-300 exam: Microsoft
Identity and Access Administrator. This course
teaches all of the requirements for the exam,
one by one. Each of the things that Microsoft
tests will be covered in this course.

SC-300 Microsoft Identity and Access

Administrator Exam Prep | Udemy
One of the key ingredients in having a secure
enterprise is controlling who is a part of it and
what level of access do they have. For those
leveraging Microsoft products, these courses
take you through what you need to know about
Identity and Access administration so you can
help create a secure enterprise.

These courses cover the objectives of the SC-

300 certification exam and can help you
prepare.

Microsoft Identity and Access Administrator

(SC-300) Path | Pluralsight

Page | 2
Microsoft Learn:

Those tutorial/paths have been combined by Microsoft and published for free. They contain a
collection of text, videos, and exercises for the exam.

SC-300 part 1: Implement an identity

management solution
Learn to create and manage your initial Azure
Active Directory (Azure AD) implementation
and configure the users, groups, and external
identities you will use to run your solution.
Aligned to SC-300 Exam.

SC-300 part 1: Implement an identity

management solution - Learn | Microsoft Docs
SC-300 part 2: Implement an Authentication
and Access Management solution
Implement and administer your access
management using Azure AD. Use MFA,
conditional access, and identity protection to
manager your identity solution. Aligned to SC-
300 exam.

SC-300 part 2: Implement an Authentication

and Access Management solution - Learn |
Microsoft Docs
SC-300 part 3: Implement Access Management
for Apps
Explore how applications can and should be
added to your identity and access solution with
application registration in Azure AD. Aligned to
SC-300 Exam.

SC-300 part 3: Implement Access Management

for Apps - Learn | Microsoft Docs
SC-300 part 4: Plan and implement an identity
governance strategy
Design and implement identity governance for
your identity solution using entitlement, access
reviews, privileged access, and monitoring your
Azure Active Directory (Azure AD). Aligned to
SC-300 exam.

SC-300 part 4: Plan and implement an identity

governance strategy - Learn | Microsoft Docs

Page | 3
Practice exams

Those are practice exams and not dumps. I do not encourage dumps as they ruin the certification
value for everyone.

Whizlabs – Microsoft Azure Exam SC-300

Practice Tests
Exam SC-300 Microsoft Identity and Access
Administrator certification is to validate the
skills of implementing, managing, monitoring
the identity, compute, storage, virtual
networks, and governance in Azure cloud.

What’s inside:

• 3 Full-Length Mock Exams (100 Unique

Questions)
• Objective-Based Practice Tests
• Exhaustive explanation with every question
• Reports to assess strengths and weaknesses

Microsoft Identity and Access Administrator SC-

300 - Whizlabs

This guide is divided up into the following sections and is also part of the exam:

• Implement identities in Azure AD (20–25%)

• Implement authentication and access management (25-30%)
• Implement access management for applications (15-20%)
• Plan and implement an identity governance strategy (20-25%)

Feel free to join our Facebook Azure Study Group, or check out the Azure courses on Udemy. Errors
and suggestions can also be reported in the Azure Group on Facebook.

Thank you,

Software Architect Team

Jordi Koenderink

Page | 4
Contents
Introduction............................................................................................................................................. 1
Implement identities in Azure AD (20–25%) ........................................................................................... 6
Create, configure and manage Azure AD identities ............................................................................ 6
Implement and manage external identities ........................................................................................ 7
Implement and manage hybrid identity.............................................................................................. 7
Implement Authentication and Access Management Solution (25-30%) ............................................... 8
Plan, implement and administer conditional access ........................................................................... 9
Manage Azure AD Identity Protection ................................................................................................ 9
Implement Access Management for Applications (15-20%) ................................................................. 10
Manage and monitor application access by using Microsoft Defender for Cloud ............................ 10
Apps ................................................................................................................................................... 10
Plan, implement, and monitor the integration of Enterprise Apps .................................................. 11
Create and manage application collections ...................................................................................... 11
Plan and implement app registrations .............................................................................................. 11
Plan and implement identity governance in Azure AD (20–25%) ......................................................... 12
Plan and implement entitlement management ................................................................................ 12
Plan, implement and manage access reviews ................................................................................... 13
Monitor access review activity .......................................................................................................... 13
Plan and implement privileged access .............................................................................................. 13
Plan and manage Azure roles in Privileged Identity Management (PIM), including settings and .... 13
Assignments ...................................................................................................................................... 13
Plan and manage Azure resources in PIM, including settings and assignments ............................... 13
Plan and configure Privileged Access groups .................................................................................... 13
Manage PIM requests and approval process .................................................................................... 13
Analyze PIM audit history and reports .............................................................................................. 13
Create and manage break-glass accounts ......................................................................................... 14
Monitor Azure AD.............................................................................................................................. 14

Page | 5
Implement identities in Azure AD (20–25%)
Configure and manage an Azure AD tenant
Configure and manage Azure AD roles

Understand roles in Azure Active Directory

Configure and manage Azure Active Directory roles

Configure and manage custom domains

Add a custom domain name to Azure Active Directory

Configure and manage custom domains

Analyze Azure AD role permissions

About admin roles in the Microsoft 365 admin center - Microsoft 365 admin | Microsoft Learn

Configure delegation by using administrative units

Administrative units in Azure Active Directory

Configure delegation by using administrative units

Configure tenant-wide settings

Configuration in a tenant

Configure tenant-wide setting

Create, configure and manage Azure AD identities

Create, configure and manage users

Create, configure, and manage users

Create and manage users

Create, configure and manage groups

Create, configure, and manage groups

Create and manage groups

Configure and manage device join and registration, including writeback

What is device identity in Azure Active Directory? - Microsoft Entra | Microsoft Learn

What are Azure AD registered devices? - Microsoft Entra | Microsoft Learn

Plan your Azure Active Directory device deployment - Microsoft Entra | Microsoft Learn

What is an Azure AD joined device? - Microsoft Entra | Microsoft Learn

What is a hybrid Azure AD joined device? - Microsoft Entra | Microsoft Learn

Page | 6
Assign, modify, and report on licenses

Subscriptions, licenses, accounts, and tenants for Microsoft's cloud offerings - Microsoft 365
Enterprise | Microsoft Learn

Manage Microsoft 365 user accounts, licenses, and groups with PowerShell - Microsoft 365
Enterprise | Microsoft Learn

Implement and manage external identities

Manage external collaboration settings in Azure AD

Manage external collaboration

Manage external collaboration settings in Azure AD

Invite external users, individually or in bulk

Invite external users – individually and in bulk

Exercise: Invite guest users bulk

Demo: Invite guest users to the app

Manage external user accounts in Azure AD

Manage external user accounts in Azure AD

Configure identity providers, including SAML or WS-fed

Configure identity providers

Implement and manage hybrid identity

Implement and manage Azure AD Connect

Plan, design, and implement Azure Active Directory Connect (AADC)

Getting started with Azure AD Connect using express settings

Implement and manage Azure AD Connect cloud sync

What is Azure AD Connect cloud sync? - Microsoft Entra | Microsoft Learn

Azure AD Connect cloud sync new agent configuration - Microsoft Entra | Microsoft Learn

Implement and manage Password Hash Synchronization (PHS)

What is password hash synchronization with Azure AD?

Implement & manage password hash synchronization (PHS)

Implement and manage Pass-Through Authentication (PTA)

What is Azure AD Pass-through Authentication?

Implement manage pass-through authentication (PTA)

Implement and manage seamless Single Sign-On (SSO)

Azure Active Directory Seamless Single Sign-On

Page | 7
Manage pass-through authentication & seamless single sign-on

Implement and manage Federation excluding manual ADFS deployments

Implement and manage federation

Implement and manage Azure Active Directory Connect Health

Implement Azure Active Directory Connect Health

Manage Azure Active Directory Connect Health

Troubleshoot synchronization errors

Trouble-shoot synchronization errors

Implement Authentication and Access Management Solution (25-30%)

Plan, implement, and manage Azure Multifactor Authentication (MFA) and self-service
password reset
Plan Azure MFA deployment, excluding MFA Server

What is Azure AD Multi-Factor Authentication?

Plan your multi-factor authentication deployment

Configure and deploy self-service password reset

Self-service password reset deep dive - Azure Active Directory - Microsoft Entra | Microsoft Learn

Implement and manage Azure MFA settings

Configure Azure AD MFA settings

Manage MFA settings for users

Configure users

Extend Azure AD MFA to third party and on-premises devices

Deployment considerations for Azure AD Multi-Factor Authentication - Microsoft Entra | Microsoft

Learn

Monitor Azure AD MFA activity

Sign-in event details for Azure AD Multi-Factor Authentication - Azure Active Directory - Microsoft
Entra | Microsoft Learn

Authentication Methods Activity - Azure Active Directory - Microsoft Entra | Microsoft Learn

Plan, implement, and manage Azure AD user authentication

Plan for authentication

Deployment plans - Azure Active Directory - Microsoft Entra | Microsoft Learn

Identity requirements for hybrid cloud identity design Azure - Microsoft Entra | Microsoft Learn

Implement and manage authentication methods

Page | 8
Authentication methods and features - Azure Active Directory - Microsoft Entra | Microsoft Learn

Implement and manage Windows Hello for Business

Windows Hello for Business Deployment Overview | Microsoft Learn

Implement and manage password protection and smart lockout

Password protection in Azure Active Directory - Microsoft Entra | Microsoft Learn

Prevent attacks using smart lockout - Azure Active Directory - Microsoft Entra | Microsoft Learn

Implement certificate-based authentication in Azure AD

Overview of Azure AD certificate-based authentication - Azure Active Directory - Microsoft Entra |

Microsoft Learn

Configure Azure AD user authentication for Windows and Linux virtual machines on Azure

Log in to a Linux virtual machine in Azure by using Azure AD and OpenSSH - Microsoft Entra |
Microsoft Learn

Log in to a Windows virtual machine in Azure by using Azure AD - Microsoft Entra | Microsoft Learn

Plan, implement and administer conditional access

Plan conditional access policies

Conditional access policy

Implement conditional access policy assignments

Create Exchange Conditional Access policy - Microsoft Intune | Microsoft Learn

Implement conditional access policy controls

Create Exchange Conditional Access policy - Microsoft Intune | Microsoft Learn

Test and troubleshooting conditional access policies

Test & troubleshoot conditional access policies

Implement session management

Implement session management

Implement device-enforced restrictions

Quickstart - Password compliance policy for Android Enterprise devices - Microsoft Intune |
Microsoft Learn

Implement continuous access evaluation

Continuous access evaluation in Azure AD - Microsoft Entra | Microsoft Learn

Create a conditional access policy from a template

Common Conditional Access policies - Azure Active Directory - Microsoft Entra | Microsoft Learn

Manage Azure AD Identity Protection

Implement and manage a user risk policy

Page | 9
Implement & manage user risk policy

Enable user risk policy

Implement and manage sign-in risk policies

Enable sign-in risk policy

Implement and manage MFA registration policy

Azure AD Multi-Factor Authentication registration policy

Configure Azure AD MFA registration policy

Monitor, investigate, and remediate elevated risky users

Monitor, investigate, & remediate elevated risky users

Implement security for workload identities

Securing workload identities with Azure AD Identity Protection (Preview) - Microsoft Entra |
Microsoft Learn

Implement Access Management for Applications (15-20%)

Manage and monitor application access by using Microsoft Defender for Cloud
Apps
Discover and manage apps by using Microsoft Defender for Cloud Apps

Discover and manage Shadow IT tutorial | Microsoft Learn

Working with discovered apps in Defender for Cloud Apps | Microsoft Learn

Configure connectors to apps

Integrate Microsoft Purview Information Protection with Defender for Cloud Apps | Microsoft Learn

Generic SIEM integration with Defender for Cloud Apps | Microsoft Learn

Defender for Cloud Apps external DLP integration over secure ICAP | Microsoft Learn

Integrate Microsoft Power Automate with Microsoft Defender for Cloud Apps to get custom alert
automation | Microsoft Learn

Managing API tokens | Microsoft Learn

Implement application-enforced restrictions

Working with discovered apps in Defender for Cloud Apps | Microsoft Learn

Configure conditional access app control

Cloud apps, actions, and authentication context in Conditional Access policy - Azure Active Directory -
Microsoft Entra | Microsoft Learn

Create access and session policies in Microsoft Defender for Cloud Apps

Policy template reference for Defender for Cloud Apps | Microsoft Learn

Page | 10
Control cloud app usage by creating policies | Microsoft Learn

Implement and manage policies for OAUTH apps

Control which third-party cloud OAuth apps get permissions | Microsoft Learn

Plan, implement, and monitor the integration of Enterprise Apps

Configure and manage user and admin consent

Configure how end-users consent to applications

Implement and configure consent settings

Discover apps by using ADFS application activity reports

Discover apps by using MCAS & ADFS report

Design and implement access management for apps

Exercise: Implement access management for apps

Design and implement app management roles

Design & implement app management roles

Monitor and audit activity in enterprise applications

Monitor & audit access to Azure AD integrated apps

Design and implement integration for on-premises apps by using Azure AD Application Proxy

Add an on-premises app through Application Proxy in Azure AD

Integrate on-premises apps by using Azure AD app proxy

Design and implement integration for SaaS apps

Integrate custom SaaS apps for single sign-on

Integrate Azure AD SSO with SaaS apps

Provision and manage users, groups, and roles on Enterprise applications

Configure pre-integrated gallery SaaS apps

Create and manage application collections

Create collections for My Apps portals - Microsoft Entra | Microsoft Learn

Plan and implement app registrations

Plan for application registrations

Quickstart: Register an app in the Microsoft identity platform - Microsoft Entra | Microsoft Learn

Implement application registrations

Implement app registration

Exercise: register an application

Configure application permissions

Page | 11
Configure application permission

Implement application authorization

Implement application authorization

Plan and configure multi-tier application permissions

Sign in an Azure AD user using the multi-tenant application pattern

Manage and monitor applications by using App governance

App governance in Microsoft 365 | Microsoft Learn

Plan and implement identity governance in Azure AD (20–25%)

Plan and implement entitlement management
Plan entitlements

Configure entitlement management

Create and configure catalogs

Create and manage a catalog of resources in entitlement management - Azure AD - Microsoft Entra |
Microsoft Learn

Create and configure access packages

Create a new access package in entitlement management - Azure AD - Microsoft Entra | Microsoft
Learn

Manage access requests

Approve or deny access requests - Azure AD entitlement management - Microsoft Entra | Microsoft
Learn

Implement and manage terms of use

Exercise: Add terms of use acceptance report

Manage the lifecycle of external users in Azure AD Identity Governance settings

Manage the lifecycle of external users with Azure AD identity governance

Configure and manage connected organizations

Add a connected organization in Azure AD entitlement management - Azure Active Directory -

Microsoft Entra | Microsoft Learn

Review per-user entitlements by using Azure AD Entitlement management

What is entitlement management? - Azure AD - Microsoft Entra | Microsoft Learn

Page | 12
Plan, implement and manage access reviews
Plan for access reviews

Plan for access reviews

Planning Azure AD access reviews deployment

Create and configure access reviews for groups and apps

Create access reviews for groups and apps

Create and configure access review programs

Preparing for an access review of users' access to an application - Azure AD - Microsoft Entra |
Microsoft Learn

Monitor access review activity

Review access of an access package in Azure AD entitlement management - Microsoft Entra |
Microsoft Learn

Respond to access review activity, including automated and manual responses

Azure AD access reviews - Microsoft Graph beta | Microsoft Learn

Plan an Azure Active Directory access reviews deployment - Microsoft Entra | Microsoft Learn

Plan and implement privileged access

Plan and manage Azure roles in Privileged Identity Management (PIM), including settings and
Assignments
Plan a Privileged Identity Management deployment - Azure AD - Microsoft Entra | Microsoft Learn

Assign Azure AD roles in PIM - Azure Active Directory - Microsoft Entra | Microsoft Learn

Assign Azure resource roles in Privileged Identity Management - Azure Active Directory - Microsoft
Entra | Microsoft Learn

What is Privileged Identity Management? - Azure AD - Microsoft Entra | Microsoft Learn

Plan and manage Azure resources in PIM, including settings and assignments
Discover Azure resources to manage in PIM - Azure AD - Microsoft Entra | Microsoft Learn

Plan and configure Privileged Access groups

Managing Privileged Access groups in Privileged Identity Management (PIM) - Microsoft Entra |
Microsoft Learn

Manage PIM requests and approval process

Approve or deny requests for Azure AD roles in PIM - Azure AD - Microsoft Entra | Microsoft Learn

Approve requests for Azure resource roles in PIM - Azure AD - Microsoft Entra | Microsoft Learn

Analyze PIM audit history and reports

View audit log report for Azure AD roles in Azure AD PIM - Microsoft Entra | Microsoft Learn

View audit report for Azure resource roles in Privileged Identity Management (PIM) - Azure AD -
Microsoft Entra | Microsoft Learn

Page | 13
Create and manage break-glass accounts
Manage emergency access admin accounts - Azure AD - Microsoft Entra | Microsoft Learn

Monitor Azure AD
Design a strategy for monitoring Azure AD

What is Azure Active Directory monitoring? - Microsoft Entra | Microsoft Learn

Review and analyze sign-in, audit, and provisioning logs by using the Azure Active Directory

admin center

Sign-in logs in Azure Active Directory - Microsoft Entra | Microsoft Learn

Audit logs in Azure Active Directory - Microsoft Entra | Microsoft Learn

Configure diagnostic settings, including Log Analytics, storage accounts, and Event Hub

Configure a log analytics workspace in Azure AD - Microsoft Entra | Microsoft Learn

Tutorial - Stream logs to an Azure event hub - Microsoft Entra | Microsoft Learn

Monitor Azure AD by using Log Analytics, including KQL queries

Transition from View Designer to workbooks - Azure Monitor | Microsoft Learn

Connect Azure Active Directory data to Microsoft Sentinel | Microsoft Learn

Create Azure Monitor alert rules - Azure Monitor | Microsoft Learn

Analyze Azure AD by using workbooks and reporting in the Azure Active Directory admin center

Azure Monitor workbooks for reports - Microsoft Entra | Microsoft Learn

Monitor and improve the security posture by using the Identity Secure Score

What is identity secure score? - Azure Active Directory - Microsoft Entra | Microsoft Learn

Page | 14