I am currently studying for my SC-300: Microsoft Identity and Access Administrator exam. I am studying the content using John Christophers course on Udemy: https://www.udemy.com/course/sc-300-course-microsoft-identity-and-access-administrator/ On the following posts I will be uploading some of my study notes. This keeps me honest with making sure I keep have decent notes and hopefully they will be of help to other…
Category: Technology
12. Managing Azure AD Protection
Understanding Azure Identity Protection with User and Sign in Risk policies Azure Identity Protection helps with the following tasks: Automate the detection and remediation of identity based risks (compromised accounts, phishing attacks etc…) Investigate risks using easy to find data Export risk data to third part tools for further analysis Identity Risk Detection Engines: Heuristics: the system monitors how the…
11. Planning, Implementing and Administering Conditional Access
Understanding Security Defaults When you first setup your M365 tenant there are number of security defaults put in place automatically. This is a set of basic identity security mechanisms recommended by Microsoft. EG: turn on MFA for Global Administrators These security defaults are in: Azure AD -> Properties At the bottom of the page there is a link that…
10. Managing User Authentication
Administering Authentication Methods (FIDO2/Passwordless) Issues with passwords: People get phished People use the same password for many systems Passwordless Based Authentication Passwordless authentication methods are more convenient because the password is removed and replaced with something you have, plus something you are or something you know. Azure and Azure Government offer the following three Passwordless authentication options: Windows Hello for…
9. Planning and Implementing Azure Multifactor Authentication (MFA)
Understanding the Concepts of Multifactor Authentication What is MFA? Authentication methods: Something you know: password, pin etc… Something you have: smart card, key fob, mobile phone etc… Something you are: biometrics MFA is using a combination of these methods. No single step authentication is strong enough on its own in today’s cyber security climate. Two step verification significantly…
8. Implementing & Managing Hybrid Identity
Migration of On Premise Users and Groups You don’t have to sync your whole domain to the cloud. You can select which users to sync using OU’s and Groups. You can include and exclude specific OU’s and Groups Understanding SSO, PHS, PTA and ADFS Federation Concepts Azure AD Auth uses different languages to AD on premise. Azure…
7. Understanding SSO, PHS, PTA & ADFS SAML Identity Strategies and Concepts
Evaluating Requirements and Solutions – Sync for PHS, PTA and ADFS SAML Federation Authentication for Hybrid Identity Managed Authentication: Azure AD will handle the authentication locally by using a locally stored hashed version of the password or sends the credentials to an on-premise software agent to be authenticated on the premise by AD DS Federated Authentication: Azure AD redirects…
6. Managing Domains for Hybrid Configuration with On-Premise
Configuring On-Premise Active Directory to Support Additional Domains Seamless SSO The goal with this is for users to logon to the local domain and be automatically logged in to Microsoft 365 Adding another UPN (User Principal Name) To allow your users to be associated with another domain you need to add a UPN for that domain in Active Directory. To…
5. Planning for Hybrid Identity Management
Planning for Azure AD/Microsoft 365 Hybrid On-Premise Infrastructure You can integrate M365 with existing directory services and on premises Exchange Server etc…. You can synchronise and manage user accounts for both environments. You can add password hash synchronisation or SSO so users can logon to both environments with their on premise credentials When integrating with on premise server products…
4. Implementing and Managing External Identities
Managing External Collaboration Settings in Azure Active Directory Business to Business collaboration is about sharing resources Go to Azure AD -> Users -> Users Settings Scroll down and click on “Manage External Users Collaboration settings” From here you can set Guest user settings such as: – Access restrictions: which level of access to resources they have – Guest Invite…