Explore identity and Azure AD
By the end of this module, you will be able to:
- Define common identity terms and explain how they are used in the Microsoft Cloud
- Explore the common management tools and needs of an identity solution
- Review the goal of Zero Trust and how it is applied in the Microsoft Cloud
- Explore the available identity services in the Microsoft Cloud
Implement initial configuration of Azure Active Directory
By the end of this module, you will be able to:
- Implement initial configuration of Azure Active Directory
- Create, configure, and manage identities
- Implement and manage external identities (excluding B2C scenarios)
- Implement and manage hybrid identity
Create, configure, and manage identities
At the end of this module, you’ll be able to:
- Create, configure, and manage users
- Create, configure, and manage groups
- Manage licenses
- Explain custom security attributes and automatic user provisioning
Implement and manage external identities
By the end of this module, you will be able to:
- Manage external collaboration settings in Azure Active Directory
- Invite external users (individually or in bulk)
- Manage external user accounts in Azure Active Directory
- Configure identity providers (social and SAML/WS-fed)
Implement and manage hybrid identity
By the end of this module you will be able to:
- Plan, design, and implement Azure Active Directory Connect (AADC)
- Manage Azure Active Directory Connect (AADC)
- Manage password hash synchronization (PHS)
- Manage pass-through authentication (PTA)
- Manage seamless single sign-on (seamless SSO)
- Manage federation excluding manual ADFS deployments
- Troubleshoot synchronization errors
- Implement and manage Azure Active Directory Connect Health
Secure Azure Active Directory users with Multi-Factor Authentication
In this module, you will:
- Learn about Azure AD Multi-Factor Authentication (Azure AD MFA)
- Create a plan to deploy Azure AD MFA
- Turn on Azure AD MFA for users and specific apps
Manage user authentication
By the end of this module, you will be able to:
- Administer authentication methods (FIDO2 / Passwordless)
- Implement an authentication solution based on Windows Hello for Business
- Configure and deploy self-service password reset
- Deploy and manage password protection
- Implement and manage tenant restrictions
Plan, implement, and administer Conditional Access
By the end of this module, you will be able to:
- Plan and implement security defaults.
- Plan conditional access policies.
- Implement conditional access policy controls and assignments (targeting, applications, and conditions).
- Test and troubleshoot conditional access policies.
- Implement application controls.
- Implement session management.
- Configure smart lockout thresholds.
Manage Azure AD Identity Protection
By the end of this module you will be able to:
- Implement and manage a user risk policy
- Implement and manage sign-in risk policies
- Implement and manage MFA registration policy
- Monitor, investigate, and remediate elevated risky users
Implement access management for Azure resources
By the end of this module, you will be able to:
- Configure and use Azure roles within Azure AD
- Configure and managed identity and assign it to Azure resources
- Analyze the role permissions granted to or inherited by a user
- Configure access to data in Azure Key Vault using RBAC-policy
Plan and design the integration of enterprise apps for SSO
By the end of this module, you will be able to:
- Discover apps by using Microsoft Defender for Cloud Apps or Active Directory Federation Services app report.
- Design and implement access management for apps.
- Design and implement app management roles.
- Configure pre-integrated (gallery) SaaS apps.
Implement and monitor the integration of enterprise apps for SSO
By the end of this module, you will be able to:
- Implement token customizations
- Implement and configure consent settings
- Integrate on-premises apps by using Azure AD application proxy
- Integrate custom SaaS apps for SSO
- Implement application user provisioning
- Monitor and audit access/Sign-On to Azure Active Directory integrated enterprise applications
Implement app registration
By the end of this module you will be able to:
- Plan your line of business application registration strategy
- Implement application registrations
- Configure application permissions
- Plan and configure multi-tier application permissions
Plan and implement entitlement management
By the end of this module, you will be able to:
- Define catalogs.
- Define access packages.
- Plan, implement and manage entitlements.
- Implement and manage terms of use.
- Manage the lifecycle of external users in Azure AD Identity Governance settings.
Plan, implement, and manage access review
By the end of this module, you will be able to:
- Plan for access reviews
- Create access reviews for groups and apps
- Monitor the access review findings
- Manage licenses for access reviews
- Automate management tasks for access review
- Configure recurring access reviews
Plan and implement privileged access
By the end of this module, you will be able to:
- Define a privileged access strategy for administrative users (resources, roles, approvals, and thresholds)
- Configure Privileged Identity Management for Azure AD roles
- Configure Privileged Identity Management for Azure resources
- Assign roles
- Manage PIM requests
- Analyze PIM audit history and reports
- Create and manage emergency access accounts
Monitor and maintain Azure Active Directory
By the end of this module, you’ll be able to:
- Analyze and investigate sign in logs to troubleshoot access issues
- Review and monitor Azure AD audit logs
- Enable and integrate Azure AD diagnostic logs with Log Analytics / Azure Sentinel
- Export sign in and audit logs to a third-party SIEM (security information and event management)
- Review Azure AD activity by using Log Analytics / Azure Sentinel, excluding KQL (Kusto Query Language) use
- Analyze Azure Active Directory workbooks / reporting
- Configure notifications
