Course Description

The Microsoft Identity and Access Administrator course explores how to design, implement, and operate an organization's identity and access management systems using Azure AD. Learn how to manage tasks, such as providing secure access with authentication and authorization to business applications. You'll also learn how to provide simple experiences and self-service management capabilities for all users. Finally, learn how to create adaptive access and governance for identity and access management solutions, ensuring you can troubleshoot, monitor, and report on your environment. The identity and access administrator can be a single person or a member of a larger team. Learn how this role collaborates with many other roles in the organization to drive strategic identity projects. The ultimate goal is to provide insights to modernize identity solutions, implement hybrid identity solutions, and implement identity governance.

Audience profile

This course is intended for identity and access administrators who plan to take the associated certification exam or who perform identity and access management tasks in their daily work. This course would also be useful for an administrator or engineer who wants to specialize in providing identity solutions and access management systems for Azure-based solutions; playing an integral role in protecting an organization.

Items in this collection

• Identity and Azure AD exploration (16 Units)
• Deploy initial Azure Active Directory configuration (11 Units)
• Create, configure and manage identities (14 Units)
• Implementation and administration of external identities (16 Units)
• Implementation and administration of a hybrid identity (11 Units)
• Protecting Azure Active Directory users with Multi-Factor Authentication (6 Units)
• Manage user authentication (12 Units)
• Planning, implementation and administration of conditional access (13 Units)
• Azure AD Identity Protection Administration (10 Units)
• Implementation of access management for Azure resources (11 Units)
• Planning and design of the integration of business applications for SSO (10 Units)
• Implementation and supervision of the integration of business applications for single sign-on (10 Units)
• Implementation of application registration (11 Units)
• Planning and implementation of rights administration (10 Units)
• Planning, implementation and administration of access review (9 Units)
• Planning and implementation of privileged access (11 Units)
• Monitoring and maintenance of Azure Active Directory (9 Units)

Course outline

Module 1: Implement an identity management solution

• Implement Initial configuration of Azure AD
• Create, configure, and manage identities
• Implement and manage external identities
• Implement and manage hybrid identity

Lab: Manage user roles

Lab: Setting tenant-wide properties

Lab: Assign licenses to users

Lab: Restore or remove deleted users

Lab: Add groups in Azure AD

Lab: Change group license assignments

Lab: Change user license assignments

Lab: Configure external collaboration

Lab: Add guest users to the directory

Lab: Explore dynamic groups

Module 2: Implement an authentication and access management solution

• Secure Azure AD user with MFA
• Manage user authentication
• Plan, implement, and administer conditional access
• Manage Azure AD identity protection

Lab: Enable Azure AD MFA

Lab: Configure and deploy self-service password reset (SSPR)

Lab: Work with security defaults

Lab: Implement conditional access policies, roles, and assignments

Lab: Configure authentication session controls

Lab: Manage Azure AD smart lockout values

Lab: Enable sign-in risk policy

Lab: Configure Azure AD MFA authentication registration policy

Module 3: Implement access management for Apps

• Plan and design the integration of enterprise for SSO
• Implement and monitor the integration of enterprise apps for SSO
• Implement app registration

Lab: Implement access management for apps

Lab: Create a custom role to manage app registration

Lab: Register an application

Lab: Grant tenant-wide admin consent to an application

Lab: Add app roles to applications and receive tokens

Module 4: Plan and implement an identity governance strategy

• Plan and implement entitlement management
• Plan, implement, and manage access reviews
• Plan and implement privileged access
• Monitor and maintain Azure AD

Lab: Create and manage a resource catalog with Azure AD entitlement

Lab: Add terms of use acceptance report

Lab: Manage the lifecycle of external users with Azure AD identity governance

Lab: Create access reviews for groups and apps

Lab: Configure PIM for Azure AD roles

Lab: Assign Azure AD role in PIM

Lab: Assign Azure resource roles in PIM

Lab: Connect data from Azure AD to Azure Sentinel

Previous requirements

Before attending this course, students must have knowledge of:

• Security best practices and industry security requirements, such as defense in depth, least privilege access, shared responsibility, and zero trust
• Become familiar with identity concepts such as authentication, authorization, and Active Directory
• Have some experience deploying Azure workloads This course does not cover the basics of Azure administration, rather the course content builds on that knowledge by adding specific security information.
• Some experience with Windows and Linux operating systems and scripting languages ​​is helpful, but not necessary. Course labs can use PowerShell and the CLI.

Language

• English course
• Labs: English