Microsoft Certified: Identity and Access Administrator Associate (SC-300) Study Guide

The Microsoft Certified: Identity and Access Administrator Associate certification enables you to learn more about the Microsoft Identity Platform and how to use Azure services to manage identity and access in your Azure and Microsoft environments. This is an associate level certification, so I would recommend you to set aside some time to study for the exam and practice using some of the services related to this exam and the labs referenced in the additional resources - ‘Practice makes perfect’

Audience Profile

This exam is for everyone looking forward to learn more about Microsoft Identity Platform and learn how to design, implement and operate a company’s identity and manage access by using Azure Active Directory. This involves performing several tasks, including configure and provide secure authentication and authorization access to users and applications, provide self-service management capabilities for the users and manage all tasks related to identity and access in those environments.

This exam may be useful to you or your team reponsible for Identity and Access management in your company.

In this study guide, I will share with you some of the useful resources you can use to guide you during your learning path to get this certification.


View my verified achievement from Microsoft!

NOTE: This study guide is aligned with the exam skills outline, but since the skills outline may be updated in the future, I would recommend you to have a look at the skills outline to understand if there are any changes identified. Please visit this link and download the exam skills outline

Certification Path

Exam Name	Link
Exam SC-300: Microsoft Identity and Access Administrator	Exam Details

Exam SC-300: Microsoft Identity and Access Administrator

The SC-300 has a length of 120 minutes and there are 40-60 questions and you need a minimum of 700 of 1000 points to pass the exam.

First place to go is the Microsoft Learn platform where a dedicated learning path is available, for free.

Note: I would recommend you to finalize all modules in the collection above, since you have relevant information there that will help you prepare for the exam.

Skills measured

Implement an Identity Management Solution (25-30%)

Implement initial configuration of Azure Active Directory

• configure and manage Azure AD directory roles
  • What is Azure Active Directory?
  • Assign administrator and non-administrator roles to users with Azure Active Directory
  • Configure and manage Azure Active Directory roles
  • Understand roles in Azure Active Directory
• configure and manage custom domains
  • Managing custom domain names in your Azure Active Directory
  • Configure and manage custom domains
  • Add custom domain name to Azure Active Directory
• configure and manage device registration options
  • Configure and manage device registration
  • What is a device identity?
• configure delegation by using administrative units
  • Administrative units in Azure Active Directory
  • Configure delegation by using administrative units
• configure tenant-wide settings
  • Introduction to Azure Active Directory Tenants
  • Configure tenant-wide setting

Create, configure and manage identities

• create, configure and manage users
  • Add or delete users using Azure Active Directory
  • Manage app and resource access using Azure Active Directory groups
  • Create and manage users
  • Create, configure, and manage users
• create, configure and manage groups
  • Create and manage groups
  • Create, configure, and manage groups
  • Create or update a dynamic group in Azure Active Directory
  • Create a basic group and add members using Azure Active Directory
• manage licenses
  • What is group-based licensing in Azure Active Directory?
  • Manage licenses

Implement and manage external identities

• manage external collaboration settings in Azure Active Directory
  • Manage external collaboration
  • Configure external collaboration settings
• invite external users (individually or in bulk)
  • Quickstart: Add guest users to your directory in the Azure portal
  • Tutorial: Bulk invite Azure AD B2B collaboration users
  • Demo - manage guest users in Azure Active Directory
  • Exercise - invite guest users bulk
  • Invite external users - individually and in bulk
• manage external user accounts in Azure Active Directory
  • Govern access for external users in Azure AD entitlement management
  • Manage external user accounts in Azure Active Directory
• configure identity providers (social and SAML/WS-fed)
  • Configure identity providers
  • Add an identity provider to your Azure Active Directory B2C tenant
  • Register a SAML application in Azure AD B2C

Implement and manage hybrid identity

• implement and manage Azure Active Directory Connect (AADC)
  • What is Azure AD Connect?
  • Getting started with Azure AD Connect using express settings
  • Plan, design, and implement Azure Active Directory Connect
• implement and manage Azure AD Connect cloud sync
  • What is Azure AD Connect cloud sync?
  • Install the Azure AD Connect provisioning agent
• implement and manage Password Hash Synchronization (PHS)
  • What is password hash synchronization with Azure AD?
  • Implement manage password hash synchronization (PHS)
  • Implement password hash synchronization with Azure AD Connect sync
  • What is hybrid identity with Azure Active Directory?
• implement and manage Pass-Through Authentication (PTA)
  • User sign-in with Azure Active Directory Pass-through Authentication
  • Implement manage pass-through authentication (PTA)
  • Azure Active Directory Pass-through Authentication: Quickstart
• implement and manage seamless Single Sign-On (SSO)
  • Azure Active Directory Seamless Single Sign-On
  • Azure Active Directory Seamless Single Sign-On: Quickstart
  • Demo - Manage pass-through authentication and seamless single sign-on
• implement and manage Federation (excluding manual ADFS deployments)
  • What is federation with Azure AD?
  • Implement and manage federation
  • Identity Providers for External Identities
• implement and manage Azure Active Directory Connect Health
  • What is Azure AD Connect?
  • Manage Azure Active Directory Connect Health
  • Implement Azure Active Directory Connect Health
• troubleshoot synchronization errors

Implement an Authentication and Access Management Solution (25-30%)

Plan and implement Azure Multifactor Authentication (MFA)

• plan Azure MFA deployment (excluding MFA Server)
  • What is Azure AD Multi-Factor Authentication?
  • Plan your multi-factor authentication deployment
  • Plan an Azure Active Directory Multi-Factor Authentication deployment
• implement and manage Azure MFA settings
  • Configure Azure AD Multi-Factor Authentication settings
• manage MFA settings for users
  • Manage user authentication methods for Azure AD Multi-Factor Authentication

Manage user authentication

• administer authentication methods (FIDO2 / Passwordless)
  • Passwordless authentication options for Azure Active Directory
  • What authentication and verification methods are available in Azure Active Directory?
  • Administer FIDO2 and passwordless authentication methods
• implement an authentication solution based on Windows Hello for Business
  • Windows Hello for Business Deployment Prerequisite Overview
  • Windows Hello for Business and Authentication
  • Implement an authentication solution based on Windows Hello for Business
  • Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory
• configure and deploy self-service password reset
  • How it works: Azure AD self-service password reset
  • Exercise configure and deploy self-service password reset
  • Plan an Azure Active Directory self-service password reset deployment
• deploy and manage password protection
  • Deploy and manage password protection
  • Plan and deploy on-premises Azure Active Directory Password Protection
• Configure smart lockout thresholds
  • Protect user accounts from attacks with Azure Active Directory smart lockout
• implement and manage tenant restrictions
  • Restrict access to a tenant
  • Implement and manage tenant restrictions

Plan, implement and administer conditional access

• plan and implement security defaults
  • Plan security defaults
  • Security defaults in Azure AD
  • Exercise - Work with security defaults
• plan conditional access policies
  • Plan a Conditional Access deployment
  • SC-300 Microsoft Identity and Access Administrator Study Cram
• implement conditional access policy controls and assignments (targeting, applications, and conditions)
  • Configuring Azure Active Directory Conditional Access
  • Exercise - Implement Conditional Access policies roles and assignments
• testing and troubleshooting conditional access policies
  • Test and troubleshoot Conditional Access policies
• implement application controls
  • App protection policies overview
  • Implement application controls
  • Conditional Access: Require approved client apps or app protection policy
• implement session management
  • Configure authentication session management with Conditional Access
  • Implement session management

Manage Azure AD Identity Protection

• implement and manage a user risk policy
  • How To: Configure and enable risk policies
  • Implement and manage user risk policy
• implement and manage sign-in risk policy
  • Enable user risk policy
  • How To: Configure and enable risk policies
• implement and manage MFA registration policy
  • How To: Configure the Azure AD Multi-Factor Authentication registration policy
  • Exercise configure Azure Active Directory multi-factor authentication registration policy
• monitor, investigate and remediate elevated risky users
  • Monitor, investigate, and remediate elevated risky users
  • How To: Investigate risk

Implement Access Management for Apps (10-15%)

Plan, implement, and monitor the integration of Enterprise Apps for SSO

• implement and configure consent settings
  • Configure how users consent to applications
  • Manage app consent policies
  • Implement and configure consent settings
• discover apps by using MCAS or ADFS app report
  • Cloud app visibility and control
  • Discover apps by using Microsoft Defender for Cloud Apps and Active Directory Federation Services app report
  • Review the application activity report
  • Working with discovered apps
• design and implement access management for apps
  • Quickstart: Register an application with the Microsoft identity platform
  • Exercise implement access management for apps
• design and implement app management roles
  • Restrict access to a tenant
  • Design and implement app management roles
• monitor and audit access / Sign-iOns to Azure Active Directory integrated enterprise applications
  • Audit logs in Azure Active Directory
  • Usage and insights report in the Azure Active Directory portal
  • Monitor and audit access to Azure Active Directory integrated applications
• integrate on-premises apps by using Azure AD application proxy
  • Integrate on-premises apps by using Azure Active Directory application proxy
  • Remote access to on-premises applications through Azure AD Application Proxy
• integrate custom SaaS apps for SSO
  • Integrating Azure Active Directory with applications getting started guide
  • Integrate custom SaaS apps for single sign-on
• configure pre-integrated (gallery) SaaS apps
  • Configure pre-integrated gallery SaaS apps
  • Tutorials for integrating SaaS applications with Azure Active Directory
  • Quickstart: Add an enterprise application
• implement application user provisioning
  • What is app provisioning in Azure Active Directory?
  • Implement application user provisioning

Implement app registrations

• plan your line of business application registration strategy
  • How and why applications are added to Azure AD
  • Plan your line of business application registration strategy
• implement application registrations
  • Implement application registration
  • Quickstart: Register an application with the Microsoft identity platform
  • Application and service principal objects in Azure Active Directory
• configure application permissions
  • Permissions and consent in the Microsoft identity platform
  • Configure application permission
• implement application authorization
  • Application roles
  • Implement application authorization
  • Configure the role claim issued in the SAML token for enterprise applications
  • Add app roles to your application and receive them in the token
• plan and configure multi-tier application permissions
  • Sign in any Azure Active Directory user using the multi-tenant application pattern

Plan and Implement an Identity Governance Strategy (25-30%)

Plan and implement entitlement management

• define catalogs
  • What is Azure AD entitlement management?
  • Common scenarios in Azure AD entitlement management
• define access packages
  • Define access packages
  • What is Azure AD entitlement management?
• plan, implement and manage entitlements
  • Configure entitlement management
  • Common scenarios in Azure AD entitlement management
• implement and manage terms of use
  • Azure Active Directory terms of use
  • Exercise add terms of use acceptance report
• manage the lifecycle of external users in Azure AD Identity Governance settings
  • Exercise manage the lifecycle of external users with Azure AD identity governance

Plan, implement and manage access reviews

• plan for access reviews
  • Plan an Azure Active Directory access reviews deployment
  • Plan for access reviews
• create access reviews for groups and apps
  • Create access reviews for groups and apps
• monitor access review findings
  • Plan an Azure Active Directory access reviews deployment
  • Monitor access review findings
• manage licenses for access reviews
  • What are Azure AD access reviews?
• automate access review management tasks
  • Automate access review management tasks
• configure recurring access reviews
  • Configure recurring access reviews
  • Create an access review of groups and applications in Azure AD

Plan and implement privileged access

• define a privileged access strategy for administrative users (resources, roles, approvals, thresholds)
  • What is Azure AD Privileged Identity Management?
  • Define a privileged access strategy for administrative users
• configure Privileged Identity Management for Azure AD roles
  • Exercise configure Privileged Identity Management for Azure Active Directory roles
• configure Privileged Identity Management for Azure resources
  • Configure Privileged Identity Management for Azure resources
• assign roles
  • Exercise assign Azure resource roles in Privileged Identity Management
  • Exercise assign Azure Active Directory roles in Privileged Identity Management
• manage PIM requests
  • Approve or deny requests for Azure AD roles in Privileged Identity Management
• analyze PIM audit history and reports
  • Start using Privileged Identity Management
• create and manage break-glass accounts
  • Manage emergency access accounts in Azure AD
  • Create and manage emergency access accounts

Monitor and maintain Azure Active Directory

• analyze and investigate sign-in logs to troubleshoot access issues
  • Analyze and investigate sign-in logs to troubleshoot access issues
• review and monitor Azure AD audit logs
  • Review and monitor Azure Active Directory audit logs
• enable and integrate Azure AD diagnostic logs with Log Analytics / Azure Sentinel
  • Exercise connect data from Azure Active Directory to Microsoft Sentinel
• export sign-in and audit logs to a third-party SIEM
  • Export logs to third-party security information and event management system
• review Azure AD activity by using Log Analytics / Azure Sentinel, excluding KQL use
  • Exercise connect data from Azure Active Directory to Microsoft Sentinel
  • Analyze Azure AD activity logs with Azure Monitor logs
• analyze Azure Active Directory workbooks / reporting
  • How to use Azure Monitor workbooks for Azure Active Directory reports
  • Analyze Azure Active Directory workbooks and reporting
• configure notifications
  • Configure notifications
  • Configure email notifications for issues in Azure Active Directory Domain Services

Additional resources

Below follows the list of additional resources that you should consider and a quick note to the Microsoft Learn collection shared there. I tried to extend the learning paths you have available on the exam’s page with some extra modules that I consider relevant to the exam.

Best of Luck and share your results with the community once you get certified! 😊💪

Resource
Exam SC-300: Microsoft Identity and Access Administrator
Microsoft Certified: Identity and Access Administrator Associate
SC-300 Identity and Access Administrator Exam Labs
Pluralsight Learning Path - Microsoft Identity and Access Administrator (SC-300)
Book Microsoft Identity and Access Administrator Exam Guide