Contents

  1. Introduction

    1. Organization of this book

    2. Preparing for the exam

    3. Microsoft certifications

    4. Quick access to online references

    5. Errata, updates, & book support

    6. Stay in touch

  2. Chapter 1 Implement identities in Azure AD

    1. Skill 1.1: Configure and manage an Azure AD tenant

      1. Configure and manage Azure AD roles

      2. Configure delegation by using administrative units

      3. Analyze Azure AD role permissions

      4. Configure and manage custom domains

      5. Configure tenant-wide settings

    2. Skill 1.2: Create, configure, and manage Azure AD identities

      1. Create, configure, and manage users

      2. Create, configure, and manage groups

      3. Configure and manage device joins and registrations, including writeback

      4. Assign, modify, and report on licenses

    3. Skill 1.3: Implement and manage external identities

      1. Manage external collaboration settings in Azure AD

      2. Invite external users, individually or in bulk (collectively)

      3. Manage external user accounts in Azure AD

      4. Configure identity providers, including SAML and WS-Fed

    4. Skill 1.4: Implement and manage hybrid identity

      1. Implement and manage Azure Active Directory Connect

      2. Implement and manage Azure AD Connect cloud sync

      3. Implement and manage Password Hash Synchronization (PHS)

      4. Implement and manage Pass-Through Authentication (PTA)

      5. Implement and manage Seamless Single Sign-On (Seamless SSO)

      6. Implement and manage Federation, excluding manual ADFS deployment

      7. Implement and manage Azure AD Connect Health

      8. Troubleshoot synchronization errors

    5. Chapter summary

    6. Thought experiment

    7. Thought experiment answers

  3. Chapter 2 Implement an authentication and access management solution

    1. Skill 2.1: Plan, implement, and manage Azure Multifactor Authentication (MFA) and self-service password reset

      1. Plan Azure MFA deployment, excluding MFA Server

      2. Configure and deploy self-service password reset

      3. Implement and manage Azure MFA settings

      4. Manage MFA settings for users

      5. Extend Azure AD MFA to third-party and on-premises devices

      6. Monitor Azure AD MFA activity

    2. Skill 2.2: Plan, implement, and manage Azure AD user authentication

      1. Plan for authentication

      2. Implement and manage authentication methods

      3. Implement and manage Windows Hello for Business

      4. Implement and manage password protection and smart lockout

      5. Implement certificate-based authentication in Azure AD

      6. Configure Azure AD user authentication for Windows and Linux virtual machines on Azure

    3. Skill 2.3: Plan, implement, and manage Azure AD conditional access

      1. Plan conditional access policies

      2. Implement conditional access policy assignments

      3. Implement conditional access policy controls

      4. Test and troubleshoot conditional access policies

      5. Implement session management

      6. Implement device-enforcement restrictions

      7. Implement continuous access evaluation

      8. Create a conditional access policy from a template

    4. Skill 2.4: Manage Azure AD Identity Protection

      1. Implement and manage a user risk policy

      2. Implement and manage sign-in risk policy

      3. Implement and manage MFA registration policy

      4. Monitor, investigate, and remediate elevated risky users

      5. Implement security for workload identities

    5. Skill 2.5: Implement access management for Azure resources

      1. Assign Azure roles

      2. Configure custom Azure roles

      3. Create and configure managed identities

      4. Use managed identities to access Azure resources

      5. Analyze Azure role permissions

      6. Configure Azure Key Vault RBAC and policies

    6. Chapter summary

    7. Thought experiment

    8. Thought experiment answers

  4. Chapter 3 Implement Access Management for Apps

    1. Skill 3.1: Plan, implement, and monitor the integration of Enterprise apps for SSO

      1. Discover apps by using Microsoft Defender for Cloud Apps or an ADFS application activity report

      2. Design and implement app management roles

      3. Understand and plan various built-in roles for application management

      4. Configure pre-integrated gallery SaaS apps for SSO and implement access management

      5. Integrate custom SaaS apps for SSO

      6. Implement Application User Provisioning

      7. Integrate on-premises apps by using the Azure AD Application Proxy

      8. Monitor and audit access/sign-ons to an Azure AD integrated Enterprise application

      9. Implement and configure consent settings

    2. Skill 3.2: Implement app registrations

      1. Plan your line-of-business application registration strategy

      2. Implement application registrations

      3. Configure application permissions and implement application authorization

    3. Skill 3.3: Manage and monitor application access by using Microsoft Defender for Cloud Apps

      1. Implement application-enforced restrictions

      2. Configure connectors to apps

      3. Deploy Conditional Access App Control for apps using Azure Active Directory

      4. Create access and session policies in Microsoft Defender for Cloud Apps

      5. Implement and manage policies for OAuth apps

    4. Chapter summary

    5. Thought experiment

    6. Thought experiment answers

  5. Chapter 4 Plan and implement an Identity Governance strategy

    1. Skill 4.1: Plan and implement entitlement management

      1. Plan entitlements

      2. Create and configure catalogs

      3. Create and configure access packages

      4. Manage access requests

      5. Implement and manage Terms of Use

      6. Manage the lifecycle of external users in Azure AD Identity Governance settings

      7. Configure and manage connected organizations

      8. Review per-user entitlement by using Azure AD entitlement management

      9. Configure separation of duties checks for an access package

    2. Skill 4.2: Plan, implement, and manage access reviews

      1. Plan for access reviews

      2. Create and configure access reviews for groups and apps

      3. Create and configure access reviews for access packages

      4. Create and configure access reviews for Azure AD and Azure resource roles

      5. Create and configure access review programs

      6. Monitor access review activity

      7. Manage licenses for access reviews

      8. Respond to access review activity, including automated and manual responses

    3. Skill 4.3: Plan and implement privileged access

      1. Plan and manage Azure roles in Privileged Identity Management (PIM), including settings and assignments

      2. Plan and manage Azure resources in PIM, including settings and assignments

      3. Plan and configure privileged access groups

      4. Analyze PIM audit history and reports

      5. Create and manage break-glass accounts

    4. Skill 4.4: Monitor Azure AD

      1. Design a strategy for monitoring Azure AD

      2. Review and analyze sign-in, audit, and provisioning logs by using the Azure AD admin center

      3. Configure diagnostic settings, including Log Analytics, storage accounts, and Event Hub

      4. Export sign-in and audit logs to a third-party SIEM

      5. Monitor Azure AD by using Log Analytics, including KQL queries

      6. Analyze Azure AD by using workbooks and reporting in the Azure Active Directory admin center

      7. Configure notifications

      8. Monitor and improve the security posture by using the Identity Secure Score

    5. Chapter summary

    6. Thought experiment

    7. Thought experiment answers

  6. Index

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset