Microsoft Identity and Access Administrator Exam Guide E-Book

Microsoft Identity and Access Administrator Exam Guide

Implement IAM solutions with Azure AD, build an identity governance strategy, and pass the SC-300 exam

Dwayne Natwick

BIRMINGHAM—MUMBAI

Microsoft Identity and Access Administrator Exam Guide

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Vijin Boricha

Publishing Product Manager: Mohd Riyan Khan

Senior Editor: Shazeen Iqbal

Content Development Editor: Rafiaa Khan

Technical Editor: Arjun Varma

Copy Editor: Safis Editing

Project Coordinator: Shagun Saini

Proofreader: Safis Editing

Indexer: Pratik Shirodkar

Production Designer: Ponraj Dhandapani

First published: March 2022

Production reference: 1230222

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80181-804-9

www.packt.com

Foreword

Over the course of my career, identity has always been an important part of any technical design or architecture. When I worked on the help desk, I can remember creating user accounts, resetting passwords, and adding users to security groups. As time progressed, my skills gravitated toward solution architect scenarios involving Active Directory build outs, upgrades, and maintenance, as well as onboarding solutions such as Azure Active Directory Connect. I am currently a program manager within the identity and network access division at Microsoft. I certainly didn't know my technical foundation would evolve into identity being one of my predominant areas of focus all these years later.

The cloud is here to stay, and is reshaping the common identity scenarios of old. Organizations are extending identities into the cloud, which takes identity outside of the four walls housing any infrastructure. As a result, a different approach needs to be implemented to maintain a secure posture and ensure the right amount of governance is applied.

The focus of this book is on the Microsoft SC-300 exam. Any individual who's studying for this exam should hopefully understand the importance of identity and access management. Perhaps this exam is a requirement for a job or maybe even a way to further prove technical skills and knowledge. One thing is sure: customers need to securely protect applications and user data at the perimeter using Azure identity and access management solutions. IT departments need to defend against malicious login attempts, safeguard credentials, protect identities, and enforce strong authentication options (all without disrupting productivity). This challenge is no easy one, especially with the rate of change in both the security and identity spaces.

Passing this exam means you'll receive the Microsoft Identity and Access Administrator Associate certification. You'll be uniquely prepared to design, implement, and operate an identity and access management system using Azure Active Directory. You'll be able to manage tasks such as configuring secure authentication and authorization access to enterprise applications. This role-based cert will provide administrators with ways of implementing seamless user experiences and self-service management capabilities to avoid disturbing end users' daily activities. Identity governance is another key element you should be able to plan for and build out. Additionally, you'll also learn how to troubleshoot, monitor, and configure reporting for the identity and access environment.

After going through studying and passing the certification, you'll find yourself better equipped to handle the ever-evolving identity and security threat landscape. This area of focus and study will kickstart your skills to be a great value addition for any company you work for in the future. Good luck and make sure you give yourself plenty of time to study and prep!

I'd like to quickly thank Dwayne for asking me to write this foreword. I'm honored to be thought of in this space! Dwayne is one of my security gurus and always has a great answer or approach to any situation if a question arises. He'll help you make the most sense out of the exam in a pragmatic way that will help you pass!

Shannon Kuehn

Senior Program Manager

Identity and Network Access

Contributors

About the author

Dwayne Natwick is a Senior Product Manager at Cloudreach, an Atos company and a Microsoft Expert MSP. He has been in IT, security design, and architecture for over 30 years. His love of teaching led him to become a Microsoft Certified Trainer (MCT) Regional Lead and a Microsoft Most Valuable Professional (MVP).

Dwayne has a master's degree in business IT from Walsh College, the CISSP from ISC2, and 18 Microsoft certifications, including Identity and Access Administrator, Azure Security Engineer, and Microsoft 365 Security Administrator. Dwayne can be found providing and sharing information on social media, at industry conferences, on his blog site, and on his YouTube channel.

Originally from Maryland, Dwayne currently resides in Michigan with his wife and three children.

About the reviewers

Sathish Veerapandian is a certified microsoft infrastructure/cloud architect with 14 years of international large-scale hands-on experience in planning, designing, and executing IT management of messaging platforms such as Microsoft Teams with Telephony, Skype for Business Voice, Microsoft Exchange, Intune deployment, Microsoft Azure, and Microsoft Security implementations. His dedication to serving the technical community has earned him the title of Microsoft MVP for the past 7 years, and he shares his technical knowledge and skills through local meetups and blogs and participates in Microsoft Ignite sessions. He is well known in the community for his contributions to Office 365 and the Microsoft Teams and Security platforms.

Shabaz Darr is an infrastructure master for Netcompany, based in the United Kingdom. He is a Microsoft MVP in Enterprise Mobility, specializing in Microsoft cloud technologies including Endpoint Manager, Security & Compliance, and Azure Virtual Desktop. He has over 15 years' experience in the IT industry, with 8 of those spent working with Microsoft cloud technologies. During this period, he assisted several global organizations with designing and implementing information protection strategies. He coauthored a book on the SC-400 Information Protection Microsoft certification exam and individually authored a book on the AZ-140 Azure Virtual Desktop Specialist exam, and was also a technical reviewer for the SC-900 Security Fundamentals book. He also has his own YouTube channel called "I Am IT Geek" where he creates video series on various Microsoft cloud technologies.

I would like to thank Packt for asking me to technically review this book, as well as thanking the author, Dwayne Natwick, for asking me to be part of this project. It has been a huge honor to be part of this book.

Bart Van Vugt is a freelance workplace/security architect and owner at BVV Consult. He has over 20 years of experience in the field, acting as a security architect with broad professional experience in enterprise security, identity and access management, information protection, cybersecurity, endpoint management, and cloud security. Guiding companies on their zero trust and cloud journey, providing architecture and security advice, and delivering hands-on deployments are part of the job.

In addition to that, Bart has been a passionate MCT since 2021, holding several certifications.

Bart was also recognized by Microsoft in 2021 by receiving digital badges from their Windows Customer Connection Program and Microsoft 365 Threat Protection Program: Community Member 2021.

Marcel Molenaar is a consultant, developer, solution architect, and an MCT with more than 25 years of experience in IT. As a developer, he has experience in many object-oriented programming languages, such as C++, C#, Java, Node.js, Python, and PowerShell. As a SharePoint consultant, he started working with SharePoint 2003 and implemented SharePoint farms for larger enterprises with lots of customizations and strict security conditions.

With the transition to the Microsoft 365 platform, his field of experience moved to SharePoint Online and the Azure platform. Marcel is fascinated by the cloud and new cloud-related technologies. He also loves the data platform and AI because of his scientific background.

He has worked as an MCT for more than 10 years. He teaches lots of students about Azure, Microsoft 365, security, data, and the Power Platform.

Marcel is self-employed and is the CEO of Marcel Molenaar IT Training. He lives and works in the Netherlands.

Bill Wheeler is a security architect for Avanade, a leading provider of cloud and security solutions delivered through the Microsoft ecosystem. Bill has been working in technology for over 25 years, 20 of which was with the Volkswagen Group of America, with a focus on infrastructure and security. Bill is a U.S. Marine Corps veteran.

Table of Contents

Preface

Section 1 – Exam Overview and the Evolution of Identity and Access Management

Chapter 1: Preparing for Your Microsoft Exam

Technical requirements

Preparing for a Microsoft exam

Resources available to prepare for the exam

Access to a subscription

Where to take the exam

Exam format

Resources available and accessing Microsoft Learn

Accessing Microsoft Learn

Finding content on Microsoft Learn

Exam pages on Microsoft Learn

Creating a Microsoft 365 trial subscription

Office 365 or Microsoft 365 trial subscription

Azure AD Premium subscription

Exam objectives

Who should take the SC-300 exam?

Summary

Chapter 2: Defining Identity and Access Management

Understanding IAM

Identity

Access

Learning identity and access use cases

Shopping websites

Personal email accounts

Social media accounts

Company applications

Understanding the scope of IAM

Defining IAM

Principle of least privilege

The evolution of IAM

Traditional

Advanced

Optimal

Summary

Section 2 - Implementing an Identity Management Solution

Chapter 3: Implementing and Configuring Azure Active Directory

Technical requirements

Configuring and managing AAD roles

Azure Active Directory tenant

Azure Active Directory roles

Planning and assigning roles

Configuring and managing custom domains

Adding and verifying a custom domain to set as the primary domain

Custom domains and sub-domains

Managing DNS and deleting a custom domain

Configuring and managing device registration options

Azure AD-registered devices

Azure AD-joined devices

Hybrid AD-joined devices

Configuring tenant-wide settings

Member and guest users

Managing security defaults

Summary

Chapter 4: Creating, Configuring, and Managing Identities

Technical requirements

Creating, configuring, and managing users

Member users

Guest and external users

AD (hybrid) users

Creating, configuring, and managing groups

Microsoft 365 groups

Security groups

Specialty groups

Dynamic groups

Managing licenses

License requirements

License features

Assigning licenses

Summary

Chapter 5: Implementing and Managing External Identities and Guests

Technical requirements

Managing external collaboration settings in Azure AD

B2B

B2C

Configuring external collaboration settings

Inviting external users individually and in bulk

Inviting guest users

Managing external user accounts in Azure AD

Managing guest user licenses

Password management

Multi-factor authentication

Configuring identity providers

Google configuration

Facebook configuration

Summary

Chapter 6: Implementing and Managing Hybrid Identities

Technical requirements

Implementing and managing Azure AD Connect

Hybrid identity

Azure AD

Windows AD

Azure AD Connect

Implementing and managing seamless SSO

Implementing and managing Azure AD Connect Health

Troubleshooting sync errors

Summary

Section 3 – Implementing an Authentication and Access Management Solution

Chapter 7: Planning and Implementing Azure Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR)

Technical requirements

Planning an Azure MFA deployment

What is MFA?

How does Azure AD MFA work?

What licenses include Azure AD MFA?

Azure authentication methods

Configuring Azure AD MFA

Implementing and managing MFA settings

Configuring and deploying SSPR

Deploying and managing password protection

Planning and implementing security defaults

Summary

Chapter 8: Planning and Managing Password-Less Authentication Methods

Technical requirements

Administering authentication methods (FIDO2/passwordless)

Modern authentication for identity and access management

Implementing an authentication solution based on Windows Hello for Business

Implementing an authentication solution with the Microsoft Authenticator app

Summary

Chapter 9: Planning, Implementing, and Administering Conditional Access and Azure Identity Protection

Technical requirements

Planning and implementing Conditional Access policies and controls

Zero-trust methodology

Conditional Access policies

Configuring Smart Lockout thresholds

Implementing and managing a user risk policy

Azure AD Identity Protection

Monitoring, investigating, and remediating elevated risky users

Summary

Section 4 – Implementing Access Management for Applications

Chapter 10: Planning and Implementing Enterprise Apps for Single Sign-On (SSO)

Technical requirements

Designing and implementing access management and SSO for apps

Discovering apps with Microsoft Defender for Cloud Apps

Integrating on-premises apps using Azure AD Application Proxy

Planning your line-of-business application registration strategy

Implementing application registrations

Planning and configuring multi-tier application permissions

Summary

Chapter 11: Monitoring Enterprise Apps with Microsoft Defender for Cloud Apps

echnical requirements

Planning your cloud application strategy

Discovering apps with Microsoft Defender for Cloud Apps

Implementing cloud app security policies

Planning and configuring cloud application permissions

Discovering apps by using Microsoft Defender for Cloud Apps or an ADFS app report

Discovering apps with Microsoft Defender for Cloud Apps app report

Discovering apps with an ADFS app report

Using Microsoft Defender for Cloud Apps to manage application access

Discovered app scoring

Sanctioning and unsanctioning apps

Summary

Section 5 – Planning and Implementing an Identity Governance Strategy

Chapter 12: Planning and Implementing Entitlement Management

Technical requirements

Defining catalogs and access packages

Catalogs

Access packages

Planning, implementing, and managing entitlements

Planning entitlements

Implementing entitlements

Managing entitlements

Implementing and managing terms of use

Managing the life cycle of external users in Azure AD Identity Governance settings

Access reviews

Summary

Chapter 13: Planning and Implementing Privileged Access and Access Reviews

Technical requirements

Defining a privileged access strategy for administrative users

Configuring PIM for Azure AD roles and Azure resources

Creating and managing break-glass accounts

Planning for and automating access reviews

Analyzing PIM audit history and reports

Summary

Section 6 – Monitoring and Maintaining Azure Active Directory

Chapter 14: Analyzing and Investigating Sign-in Logs and Elevated Risk Users

Technical requirements

Analyzing and investigating sign-in logs to troubleshoot access issues

Reviewing and monitoring Azure AD audit logs

Analyzing Azure Active Directory workbooks and reporting

Summary

Chapter 15: Enabling and Integrating Azure AD Logs with SIEM Solutions

Technical requirements

Enabling and integrating Azure AD diagnostic logs with Log Analytics and Microsoft Sentinel

Exporting sign-in and audit logs to a third-party SIEM

Reviewing Azure AD activity by using Log Analytics and Microsoft Sentinel

Summary

Chapter 16: Mock Test

Other Books You May Enjoy

ii Preface

To get the most out of this book iii

iv Preface

Share Your Thoughts v

Section 1 – Exam Overview and the Evolution of Identity and Access Management

This section will focus on the objectives and an overview of what to expect in the exam and an overview of the evolution of identity and access management.

This section of the book comprises the following chapters:

Chapter 1: Preparing for Your Microsoft Exam

You have decided to take the steps to get Microsoft certified. The SC-300 exam focuses on identity and access administration. This chapter will provide guidance on getting prepared for a Microsoft exam, along with resources that can assist in your learning plan. This will include helpful links, as well as steps on how to gain access to a trial Microsoft 365 subscription for hands-on practice. Once you have completed this chapter, you will have the necessary tools to know what is needed to prepare for the exam, follow along in this book, and become an Identity and Access Administrator.

In this chapter, we're going to cover the following main topics:  

Technical requirements

In order to follow along and complete the exercises within this book, you will need to have access to Azure Active Directory (Azure AD). This can be accomplished through a trial subscription of Microsoft 365. Advanced identity and access services will also require an Azure AD Premium license. The steps to set up licenses will be covered later in this chapter.

Preparing for a Microsoft exam

There are multiple aspects to preparing for a Microsoft exam. These include the resources available to prepare for the exam, the ability to access a subscription for hands-on learning, and the manner in which you are going to take your exam. If this is your first Microsoft exam, understanding the format that most of these exams will follow is important.

Let's take a closer look at each of these areas.

Resources available to prepare for the exam

There are many resources available to help you prepare for most Microsoft exams. This can be in the form of pre-recorded content from learning companies, live courses from Microsoft Learning Partners, and content posted by the community and Microsoft blog articles. Each of these resources is helpful, but the pre-recorded content and live courses will come at a price and may not be within your budget. Community and Microsoft blog articles generally provide a level of direction as to where you need to go for each topic but do not get into specifics.

One of the best resources is Microsoft itself. Microsoft provides detailed documentation on every one of its services with Microsoft Docs, which allows you to search freely and find the information that you need. This information is publicly available and free. Microsoft Docs is tied very closely to Microsoft Learn content, which will be discussed later in this chapter.

To access and search Microsoft Docs, simply go to https://docs.microsoft.com.

Access to a subscription

It is highly recommended when preparing for a Microsoft exam that you have had some level of hands-on experience with the services within the objectives. For associate- and expert-level exams (the SC-300 being an associate-level exam), this really should be a requirement. Microsoft courses have a GitHub repository for labs that are recommended and available to the public.

The lab guides can be found at this link: http://www.microsoft.com/learning.

Microsoft offers trial subscriptions for both Azure and Microsoft 365. The process to create these trials will be provided later in this chapter.

Where to take the exam

Part of the preparation process of taking an exam includes where you are going to take it. Traditionally, there has been only an option to take these exams at a proctored exam site. Some may prefer this method because it is a controlled environment. Understanding the location and setup of the site can be helpful in lowering your level of stress on the day of the exam. Making a trip to the site before your exam date can avoid any potential surprises on the day of the exam.

When the role-based exams became available, Microsoft provided an additional option of taking the exam remotely from your home or office, using a remote proctor. This may be a preferred option if you are more comfortable using your own equipment and working in a familiar environment. If you do not have the choice when scheduling your exam, then this option has not been made available in your region. If it is available, you will see an option similar to the Online from my home or office option shown in the following screenshot:

Figure 1.1 – Selecting a location when scheduling an exam

There are some important steps to prepare for the remote proctor. From an equipment standpoint, you must have a device with a webcam, microphone, and speakers. You can only use one monitor, so be sure to have a high resolution to avoid any issues with viewing the exam. It is highly recommended to test your equipment before the day of the exam to avoid any issues with anti-malware software. The location in which you are going to take the exam must be cleared of any papers, books, pens, and pencils. It must also be a quiet environment where no one will enter while you are taking the exam. You will be required to photograph the location and surrounding area when checking in. A valid form of identification is required as well. During the exam, you must remain within view of the camera. This may feel intrusive and may not be comfortable for some, but others may prefer being within their own environment to take an exam.

Exam format

Microsoft exams are typically made up of four to six question types. These are case studies, multiple-choice, drag and drop, modified true/false, drop-down fill-in, and best-answer scenarios. Let's provide some additional detail on what each of these means, as follows:

Each of these exam question types tests your level of understanding in different ways, and all go into the weighted exam objectives that will be discussed later in this chapter.

We have covered how to determine an exam location and the types of questions that you may expect. The next sections will cover resources that will help in the process of learning the topics covered within the exam and how to gain access to the solutions to follow along with the exercises in this guide.

Resources available and accessing Microsoft Learn

Earlier in this chapter, some of the resources available for preparing for the exam were mentioned. Microsoft Learn was mentioned along with Microsoft Docs, but it requires its own section due to the amount of free content that it provides to help you prepare for an exam.

Accessing Microsoft Learn

Microsoft Learn is a great resource to get your learning path started. All the content on Microsoft Learn is free. When you create an account on Microsoft, learning progress is tracked and you can acquire badges along the way. In addition, Microsoft creates learning challenges periodically with prizes, such as free exam vouchers. Creating a free account is accomplished by selecting the icon on the top right of the page and selecting Sign in, as shown in the following screenshot:

Figure 1.2 – Microsoft Learn site profile sign-in

You can sign in with an existing Microsoft account or create one to get started, as indicated here:

Figure 1.3 – Creating an account or signing in with a Microsoft account

You can get to Microsoft Learn through the following link: https://www.microsoft.com/learn.

Finding content on Microsoft Learn

Content on Microsoft Learn can be found in various ways. You can run a search on specific products, roles, or certifications. These options can be found on the selection ribbon at the top of the Learn home page, as shown in the following screenshot. The home page also has several recommendations to start your learning:

Figure 1.4 – Learn content navigation

From the Learn content navigation tabs, select a drop-down arrow to filter for content in the specific Products, Roles, or Certifications areas, as shown in the following screenshot:

Figure 1.5 – Filtering categories under the Products drop-down arrow

Once you have selected an area of interest or simply chosen to browse all paths, you can then search specific topics and filter even further on individual courses or learning paths, as shown in the following screenshot:

Figure 1.6 – Browsing all content in Microsoft Learn

This section provided the information needed to access Microsoft Learn and browse for modules and learning paths. The next section will assist you in finding content specific to the SC-300 exam.

Exam pages on Microsoft Learn

Another common area within Microsoft Learn is the exam pages. For any exam provided by Microsoft, there is an exam page and a certification page that is located within Microsoft Learn. These pages provide an overview of an exam or a certification, the roles of individuals that may be interested in a particular exam, the objective areas for an exam, scheduling an exam, and the Microsoft Learn learning path to prepare for an exam. These pages are extremely helpful when you are preparing specifically for an exam rather than just acquiring general technical knowledge. The following screenshot shows a search for the SC-300 exam:

Figure 1.7 – Browsing for the SC-300 exam

This screenshot shows the exam page for the SC-300 exam:

Figure 1.8 – SC-300 exam page

As you continue to prepare for the SC-300 exam, it is recommended that you use this exam page as a reference.

You should now have access to log in and browse the content on Microsoft Learn. The next section will provide guidance on signing up for a trial subscription to Microsoft 365 services.

Creating a Microsoft 365 trial subscription

If you are new to Microsoft 365 and Azure, getting hands-on experience is important not just for exam preparation, but also for professional development. If you are getting certified to open doors to new job opportunities, you must understand the administration portals and how to work within them. This book will provide some exercises that will get you familiar with how to work within Microsoft 365 and Azure AD. In order to follow along with the steps, it is recommended that you have a subscription to Microsoft 365 and Azure AD Premium. The steps to create these in a 30-day trial are provided in the next sections.

Office 365 or Microsoft 365 trial subscription

Many of the features and capabilities discussed within the exam objectives require an enterprise-level license within Microsoft 365. The enterprise licenses are the E3 and E5licenses. Microsoft offers 30-day trial licenses of these, so as you prepare for the exam, you can create a trial subscription and will then be able to follow along with the exercises.

To get started, navigate to https://www.microsoft.com/en-us/microsoft-365/enterprise/compare-office-365-plans and select Try for free under the Office 365 E5 plan, as illustrated in the following screenshot:

Figure 1.9 – Office 365 trial subscription sign-up

Follow the steps to create an account, as shown in the following screenshot. If you have already created an account previously, you may need to use a different email address to obtain a free trial:

Figure 1.10 – Office 365 E5 subscription sign-up form

After completing the form and creating your Microsoft 365 tenant, you will have access to Microsoft 365 services and the administration panel. The next section will guide you through signing up for an additional add-on service that will be required to follow along with the exercises within this book and to provide full hands-on preparation for your exam.

Azure AD Premium subscription

In addition to the Office 365 E5 trial subscription, you will need access to an Azure AD Premium license for many of the advanced identity and access features that are discussed within the exam objectives. The best way to obtain these features is through an Enterprise Mobility + Security (EMS) E5 license. Microsoft also offers this as a 30-day free trial. Follow these steps to set this up:

Figure 1.11 – EMS E5 trial subscription sign-up

This is an add-on license to Microsoft 365, so you should enter the same email address that you used to sign up for the Office 365 E5 subscription in the box shown in the following screenshot:

Figure 1.12 – EMS E5 subscription sign-up form

You should now have everything you need for your hands-on exam preparation and to follow along with the exercises within this book. The next section will provide an overview of the objectives that are covered in the exam and throughout this book.

Exam objectives

This book will cover the specific objectives of the SC-300 Microsoft Identity and Access Administrator exam. The structure of the book follows these objectives closely within the main sections. However, there is an added section on monitoring and management to provide additional emphasis as you move forward in a career as an Identity and Access Administrator.

As is the case with all Microsoft exams, each objective area is weighted differently. The weight of each objective is meant to be used as a guide to understanding the potential number of questions to expect in these areas of the exam. The objectives covered within the SC-300 exam are listed here:

Table 1.1 – Exam objectives

Additional details on the topics that make up these objectives can be found at this link: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Myp5.

Understand that the weights do not mean that if an objective is weighted at 10%, you will only get 5 questions out of 50 in this area. Microsoft exams use a scoring scale of 1,000 based on the type of question and the objectives covered within the question. Many questions may have elements of multiple objectives and therefore be split into percentages. The weights of the objectives can help to understand the level of importance that is being placed on the objective.

Now that you know the objective areas being covered for this exam, you may be wondering how this exam and certification can assist in professional development and career advancement. The next section provides some insight into the types of roles that this exam highlights.

Who should take the SC-300 exam?

Now that you understand more about Microsoft exams, paths to learning, and the specific areas covered in the SC-300 exam, it is important to think about the roles that someone should have or want before preparing for this exam. The SC-300 exam is the Microsoft Identity and Access Administrator exam, so the focus is on the areas of protecting identities and implementing proper access roles for services within Microsoft 365, Azure, and hybrid infrastructures. The next chapter will go further into the importance of identity and access within cloud infrastructures. Anyone that has the goal of working with Microsoft cloud technologies will benefit from learning the objectives of this exam. This exam could also prepare you for an Identity and Access Administrator role as a career, as more organizations are requiring this role as they adopt more cloud-native applications within their environment. 

Summary

In this chapter, we covered the areas that will prepare you for the Identity and Access Administrator exam and the setup required to follow along with the exercises covered within this book. We also provided an overview of what to expect when taking a Microsoft exam.

The next chapter will discuss the importance of identity and access management (IAM) and how it has evolved as cloud technologies have become more prevalent.

Chapter 2: Defining Identity and Access Management

Now that you have had an overview of the SC-300 Identity and Access Administrator exam and what you need to prepare for the exam, it is important to understand Identity and Access Management (IAM