An associate with Microsoft Identity and Access provides secure access and authorization for enterprise applications. They are responsible for adaptive access, governance, self service management capabilities, and managing tasks like troubleshooting and reporting. The associate works with others to develop and implement identity governance.
You must pass the sc300 exam to become a Microsoft Identity & Access Administrator Associate. This exam will enable you to manage and implement solutions as an administrator, and provide seamless end-user experiences. This exam validates your ability to:
Plan and implement an identity management system
Implement an authentication and access management system
App access management can be implemented
Plan and implement an identity governance plan
The SC-300 certificate is valid for one-year. This certification can be renewed at no cost at Microsoft Learn.
SC-300 Exam Prerequisites
These are some of the prerequisite courses to the exam:
You should also have:
Understanding of industry-level security practices. This includes requirements such as defense, least privileged, shared responsibility and zero trust model.
Familiarity and familiarity with concepts like authorization, authentication, or active directory
Experience with Windows, Linux and any scripting language, Powershell or CLI.
sc 300 Exam curriculum
The exam curriculum is made up of four learning paths that can be further subdivided into modules.
SC-300 Part 1
Module 1: Initial configuration of Azure Active Directory (AD).
Configure and manage Azure AD Directory roles, custom domains, device registration options, and more
Configure delegation by using administrative units
Configure tenant-wide settings
Module 2: Create, Configure, and Manage IdentityIdentities
Configure, create, and manage users
Manage, design, and configure groups
Module 3: Manage and implement external identities
Azure AD allows you to manage external collaboration settings
Invite other users (individually, or in bulk).
Azure AD administrator for external user accounts
Configure identity providers (social, SAML/WSF-fed)
Module 4: Implementing and managing hybrid identity
Azure Active Directory Connect (AADC), and Azure AD Connect cloud synchronization
Configure Password Hash Synchronization, Pass-Through Authentication and seamless Single Sign-On (SSO), Federation (excluding manual ADFS deployments), as well as Azure Active Directory Connect Health.
Troubleshoot synchronization errors
SC-300 Part 2
Module 1: Plan and Implement Azure Multi-Factor Authentication. (MFA).
Plan Azure MFA deployment (excluding MFA Server)
Azure MFA settings can be implemented and managed
Set MFA settings for users
Module 2: Manage user authentication
Administer authentication methods (FIDO2 / Passwordless)
Configure and implement an authentication solution that uses Windows Hello for Business
Configure and deploy self service password reset
Manage and deploy password protection
Tenant restrictions should be implemented and kept in place
Module 3: Implement, plan, and manage conditional access
Plan and implement security defaults
Plan conditional access policies
Configure and administer conditional access policy controls.
Troubleshoot and test conditional access policies
Implement session management and application controls
Configure smart lockout thresholds
Module 4: Manage Azure AD identity security
Implement and manage a sign-in risk policy, user risk policy, and MFA registration policy
Monitor, investigate, and correct high-risk users
SC-300 Part 3
Module 1: Plan, Implement and Monitor the Integration of Enterprise Apps for SSO (modules 1+2)
Configure consent settings and implement them
Report on apps that are based on MCAS and ADFS
Design and implement access management systems for apps and app management roles
Audit and monitor Azure AD integrated applications
Integrate enterprise applications on-premises using Azure AD proxy and custom SaaS app for SSO
Configure pre-integrated (gallery), SaaS apps
Implement application user provisioning
Module 2: Implement app registrations
Plan your registration strategy for your business line
Implement application registrations.
Configure application permissions
Multi-tier permissions for applications should be planned and configured
SC-300 Part 4
Module 1: Plan and Implement entitlement Management
Define access packages and catalogs
Manage entitlements by planning, implementing, and managing
Use the terms and conditions to be implemented and governed
Azure AD Identity Governance settings allow you to manage external users’ lifecycles
Module 2: Manage, plan, and implement access reviews
Plan for access reviews
Review access to groups and apps