Professional Documents
Culture Documents
SC-300
Official
Course Study
Guide
The Microsoft identity and access administrator designs, implements, and operates an organization’s
identity and access management systems by using Microsoft Azure Active Directory (Azure AD), part
of Microsoft Entra. They configure and manage authentication and authorization of identities for
users, devices, Azure resources, and applications.
The identity and access administrator provides seamless experiences and self-service management
capabilities for all users. They ensure that identity is verified explicitly to support Zero Trust
principles. They automate management of Azure AD by using PowerShell and analyze events by using
Kusto Query Language (KQL). They are also responsible for troubleshooting, monitoring, and
reporting for the identity and access environment.
The identity and access administrator collaborates with many other roles in the organization to drive
strategic identity projects, to modernize identity solutions, to implement hybrid identity solutions,
and to implement identity governance. They should be familiar with Azure and Microsoft 365
services and workloads.
Books/e-books:
Page | 1
protecting identities and data, 2nd Edition
eBook : Nickel, Jochen: Amazon.ca: Books
• Amazon UK: Mastering Identity and Access
Management with Microsoft Azure:
Empower users by managing and
protecting identities and data, 2nd Edition
eBook : Nickel, Jochen: Amazon.co.uk:
Books
• Amazon FR: Mastering Identity and Access
Management with Microsoft Azure:
Empower users by managing and
protecting identities and data, 2nd Edition
(English Edition) eBook : Nickel, Jochen:
Amazon.fr: Boutique Kindle
• Amazon DE: Mastering Identity and Access
Management with Microsoft Azure:
Empower users by managing and
protecting identities and data, 2nd Edition
(English Edition) eBook : Nickel, Jochen:
Amazon.de: Kindle-Shop
Video training:
Page | 2
Microsoft Learn:
Those tutorial/paths have been combined by Microsoft and published for free. They contain a
collection of text, videos, and exercises for the exam.
Page | 3
Practice exams
Those are practice exams and not dumps. I do not encourage dumps as they ruin the certification
value for everyone.
What’s inside:
This guide is divided up into the following sections and is also part of the exam:
Feel free to join our Facebook Azure Study Group, or check out the Azure courses on Udemy. Errors
and suggestions can also be reported in the Azure Group on Facebook.
Thank you,
Page | 4
Contents
Introduction............................................................................................................................................. 1
Implement identities in Azure AD (20–25%) ........................................................................................... 6
Create, configure and manage Azure AD identities ............................................................................ 6
Implement and manage external identities ........................................................................................ 7
Implement and manage hybrid identity.............................................................................................. 7
Implement Authentication and Access Management Solution (25-30%) ............................................... 8
Plan, implement and administer conditional access ........................................................................... 9
Manage Azure AD Identity Protection ................................................................................................ 9
Implement Access Management for Applications (15-20%) ................................................................. 10
Manage and monitor application access by using Microsoft Defender for Cloud ............................ 10
Apps ................................................................................................................................................... 10
Plan, implement, and monitor the integration of Enterprise Apps .................................................. 11
Create and manage application collections ...................................................................................... 11
Plan and implement app registrations .............................................................................................. 11
Plan and implement identity governance in Azure AD (20–25%) ......................................................... 12
Plan and implement entitlement management ................................................................................ 12
Plan, implement and manage access reviews ................................................................................... 13
Monitor access review activity .......................................................................................................... 13
Plan and implement privileged access .............................................................................................. 13
Plan and manage Azure roles in Privileged Identity Management (PIM), including settings and .... 13
Assignments ...................................................................................................................................... 13
Plan and manage Azure resources in PIM, including settings and assignments ............................... 13
Plan and configure Privileged Access groups .................................................................................... 13
Manage PIM requests and approval process .................................................................................... 13
Analyze PIM audit history and reports .............................................................................................. 13
Create and manage break-glass accounts ......................................................................................... 14
Monitor Azure AD.............................................................................................................................. 14
Page | 5
Implement identities in Azure AD (20–25%)
Configure and manage an Azure AD tenant
Configure and manage Azure AD roles
About admin roles in the Microsoft 365 admin center - Microsoft 365 admin | Microsoft Learn
Configuration in a tenant
What is device identity in Azure Active Directory? - Microsoft Entra | Microsoft Learn
Plan your Azure Active Directory device deployment - Microsoft Entra | Microsoft Learn
Page | 6
Assign, modify, and report on licenses
Subscriptions, licenses, accounts, and tenants for Microsoft's cloud offerings - Microsoft 365
Enterprise | Microsoft Learn
Manage Microsoft 365 user accounts, licenses, and groups with PowerShell - Microsoft 365
Enterprise | Microsoft Learn
Azure AD Connect cloud sync new agent configuration - Microsoft Entra | Microsoft Learn
Page | 7
Manage pass-through authentication & seamless single sign-on
Self-service password reset deep dive - Azure Active Directory - Microsoft Entra | Microsoft Learn
Configure users
Sign-in event details for Azure AD Multi-Factor Authentication - Azure Active Directory - Microsoft
Entra | Microsoft Learn
Authentication Methods Activity - Azure Active Directory - Microsoft Entra | Microsoft Learn
Identity requirements for hybrid cloud identity design Azure - Microsoft Entra | Microsoft Learn
Page | 8
Authentication methods and features - Azure Active Directory - Microsoft Entra | Microsoft Learn
Prevent attacks using smart lockout - Azure Active Directory - Microsoft Entra | Microsoft Learn
Configure Azure AD user authentication for Windows and Linux virtual machines on Azure
Log in to a Linux virtual machine in Azure by using Azure AD and OpenSSH - Microsoft Entra |
Microsoft Learn
Log in to a Windows virtual machine in Azure by using Azure AD - Microsoft Entra | Microsoft Learn
Quickstart - Password compliance policy for Android Enterprise devices - Microsoft Intune |
Microsoft Learn
Common Conditional Access policies - Azure Active Directory - Microsoft Entra | Microsoft Learn
Page | 9
Implement & manage user risk policy
Securing workload identities with Azure AD Identity Protection (Preview) - Microsoft Entra |
Microsoft Learn
Working with discovered apps in Defender for Cloud Apps | Microsoft Learn
Integrate Microsoft Purview Information Protection with Defender for Cloud Apps | Microsoft Learn
Generic SIEM integration with Defender for Cloud Apps | Microsoft Learn
Defender for Cloud Apps external DLP integration over secure ICAP | Microsoft Learn
Integrate Microsoft Power Automate with Microsoft Defender for Cloud Apps to get custom alert
automation | Microsoft Learn
Working with discovered apps in Defender for Cloud Apps | Microsoft Learn
Cloud apps, actions, and authentication context in Conditional Access policy - Azure Active Directory -
Microsoft Entra | Microsoft Learn
Create access and session policies in Microsoft Defender for Cloud Apps
Policy template reference for Defender for Cloud Apps | Microsoft Learn
Page | 10
Control cloud app usage by creating policies | Microsoft Learn
Control which third-party cloud OAuth apps get permissions | Microsoft Learn
Design and implement integration for on-premises apps by using Azure AD Application Proxy
Quickstart: Register an app in the Microsoft identity platform - Microsoft Entra | Microsoft Learn
Page | 11
Configure application permission
Create and manage a catalog of resources in entitlement management - Azure AD - Microsoft Entra |
Microsoft Learn
Create a new access package in entitlement management - Azure AD - Microsoft Entra | Microsoft
Learn
Approve or deny access requests - Azure AD entitlement management - Microsoft Entra | Microsoft
Learn
Page | 12
Plan, implement and manage access reviews
Plan for access reviews
Preparing for an access review of users' access to an application - Azure AD - Microsoft Entra |
Microsoft Learn
Plan an Azure Active Directory access reviews deployment - Microsoft Entra | Microsoft Learn
Assign Azure AD roles in PIM - Azure Active Directory - Microsoft Entra | Microsoft Learn
Assign Azure resource roles in Privileged Identity Management - Azure Active Directory - Microsoft
Entra | Microsoft Learn
Plan and manage Azure resources in PIM, including settings and assignments
Discover Azure resources to manage in PIM - Azure AD - Microsoft Entra | Microsoft Learn
Approve requests for Azure resource roles in PIM - Azure AD - Microsoft Entra | Microsoft Learn
View audit report for Azure resource roles in Privileged Identity Management (PIM) - Azure AD -
Microsoft Entra | Microsoft Learn
Page | 13
Create and manage break-glass accounts
Manage emergency access admin accounts - Azure AD - Microsoft Entra | Microsoft Learn
Monitor Azure AD
Design a strategy for monitoring Azure AD
Review and analyze sign-in, audit, and provisioning logs by using the Azure Active Directory
admin center
Configure diagnostic settings, including Log Analytics, storage accounts, and Event Hub
Tutorial - Stream logs to an Azure event hub - Microsoft Entra | Microsoft Learn
Analyze Azure AD by using workbooks and reporting in the Azure Active Directory admin center
Monitor and improve the security posture by using the Identity Secure Score
What is identity secure score? - Azure Active Directory - Microsoft Entra | Microsoft Learn
Page | 14