SC-300T00: Microsoft Identity and Access Administrator

• Implement identities in Azure AD (20–25%)

• Implement authentication and access management (25–30%)

• Implement access management for applications (15–20%)

• Plan and implement identity governance in Azure AD (20–25%)

• Configure and manage Azure AD roles

• Configure delegation by using administrative units

• Analyze Azure AD role permissions

• Configure and manage custom domains

• Configure tenant-wide settings

• Create, configure, and manage users

• Create, configure, and manage groups

• Configure and manage device join and registration, including writeback

• Assign, modify, and report on licenses

• Manage external collaboration settings in Azure AD

• Invite external users, individually or in bulk

• Manage external user accounts in Azure AD

• Configure identity providers, including SAML or WS-Fed

• Implement and manage Azure AD Connect

• Implement and manage Azure AD Connect cloud sync

• Implement and manage Password Hash Synchronization (PHS)

• Implement and manage Pass-Through Authentication (PTA)

• Implement and manage seamless Single Sign-On (SSO)

• Implement and manage Federation, excluding manual AD FS deployments

• Implement and manage Azure AD Connect Health

• Troubleshoot synchronization errors

• Plan Azure MFA deployment, excluding MFA Server

• Configure and deploy self-service password reset

• Implement and manage Azure MFA settings

• Manage MFA settings for users

• Extend Azure AD MFA to third party and on-premises devices

• Monitor Azure AD MFA activity

• Plan for authentication

• Implement and manage authentication methods

• Implement and manage Windows Hello for Business

• Implement and manage password protection and smart lockout

• Implement certificate-based authentication in Azure AD

• Configure Azure AD user authentication for Windows and Linux virtual machines on Azure

• Plan conditional access policies

• Implement conditional access policy assignments

• Implement conditional access policy controls

• Test and troubleshoot conditional access policies

• Implement session management

• Implement device-enforced restrictions

• Implement continuous access evaluation

• Create a conditional access policy from a template

• Implement and manage a user risk policy

• Implement and manage sign-in risk policy

• Implement and manage MFA registration policy

• Monitor, investigate and remediate risky users

• Implement security for workload identities

• Assign Azure roles

• Configure custom Azure roles

• Create and configure managed identities

• Use managed identities to access Azure resources

• Analyze Azure role permissions

• Configure Azure Key Vault RBAC and policies

• Discover and manage apps by using Microsoft Defender for Cloud Apps

• Configure connectors to apps

• Implement application-enforced restrictions

• Configure conditional access app control

• Create access and session policies in Microsoft Defender for Cloud Apps

• Implement and manage policies for OAUTH apps

• Configure and manage user and admin consent

• Discover apps by using ADFS application activity reports

• Design and implement access management for apps

• Design and implement app management roles

• Monitor and audit activity in enterprise applications

• Design and implement integration for on-premises apps by using Azure AD application proxy

• Design and implement integration for SaaS apps

• Provision and manage users, groups, and roles on Enterprise applications

• Create and manage application collections

• Plan for application registrations

• Implement application registrations

• Configure application permissions

• Implement application authorization

• Plan and configure multi-tier application permissions

• Manage and monitor applications by using App governance

• Plan entitlements

• Create and configure catalogs

• Create and configure access packages

• Manage access requests

• Implement and manage terms of use

• Manage the lifecycle of external users in Azure AD Identity Governance settings

• Configure and manage connected organizations

• Review per-user entitlements by using Azure AD Entitlement management

• Plan for access reviews

• Create and configure access reviews for groups and apps

• Create and configure access review programs

• Monitor access review activity

• Respond to access review activity, including automated and manual responses

• Plan and manage Azure roles in Privileged Identity Management (PIM), including settings and assignments

• Plan and manage Azure resources in PIM, including settings and assignments

• Plan and configure Privileged Access groups

• Manage PIM requests and approval process

• Analyze PIM audit history and reports

• Create and manage break-glass accounts

• Design a strategy for monitoring Azure AD

• Review and analyze sign-in, audit, and provisioning logs by using the Azure Active Directory admin center

• Configure diagnostic settings, including Log Analytics, storage accounts, and Event Hub

• Monitor Azure AD by using Log Analytics, including KQL queries

• Analyze Azure AD by using workbooks and reporting in the Azure Active Directory admin center

• Monitor and improve the security posture by using the Identity Secure Score

Successful Azure Administrators start this role with experience in virtualization, networking, identity, and storage.

• Understanding of on-premises virtualization technologies, including: VMs, virtual networking, and virtual hard disks.

• Understanding of network configurations, including TCP/IP, Domain Name System (DNS), virtual private networks (VPNs), firewalls, and encryption technologies.

• Understanding of Active Directory concepts, including users, groups, and role-based access control.

• Understanding of resilience and disaster recovery, including backup and restore operations.