เกี่ยวกับหลักสูตรนี้
SC-300 ครอบคลุมทักษะการออกแบบและจัดการ Identity & Access Management ด้วย Microsoft Entra ตามหลัก Zero Trust ครอบคลุม User Identity, Authentication, Workload Identity และ Identity Governance
ผู้เข้าอบรมจะได้ฝึกปฏิบัติผ่าน Microsoft Entra Admin Center, PowerShell และ KQL เพื่อเตรียมพร้อมสำหรับการสอบรับรอง SC-300
เนื้อหาวิชา
Module 1: Configure and manage a Microsoft Entra tenant
- Configure and manage built-in and custom Microsoft Entra roles
- Configure and manage administrative units
- Evaluate effective permissions for Microsoft Entra roles
- Configure and manage domains in Microsoft Entra ID and Microsoft 365
- Configure Company branding, tenant properties, user settings, group settings, and device settings
Module 2: Create, configure, and manage Microsoft Entra identities
- Create, configure, and manage users and groups
- Manage custom security attributes
- Automate bulk operations by using the Microsoft Entra admin center and PowerShell
- Manage device join and device registration in Microsoft Entra ID
- Assign, modify, and report on licenses
Module 3: Implement and manage identities for external users and tenants
- Manage External collaboration settings in Microsoft Entra ID
- Invite external users individually or in bulk
- Implement Cross-tenant access settings and cross-tenant synchronization
- Configure external identity providers, including SAML and WS-Fed
Module 4: Implement and manage hybrid identity
- Implement and manage Microsoft Entra Connect Sync and Cloud Sync
- Implement and manage password hash synchronization and pass-through authentication
- Implement and manage seamless single sign-on (SSO)
- Migrate from AD FS to other authentication mechanisms
- Implement and manage Microsoft Entra Connect Health
Module 5: Plan, implement, and manage Microsoft Entra user authentication
- Implement and manage authentication methods including certificate-based auth, Temporary Access Pass, OAuth 2.0, Microsoft Authenticator, and FIDO2
- Implement and manage tenant-wide MFA settings
- Configure and deploy self-service password reset (SSPR)
- Implement and manage Windows Hello for Business and Microsoft Entra Password Protection
- Enable Microsoft Entra Kerberos authentication for hybrid identities
Module 6: Plan, implement, and manage Microsoft Entra Conditional Access
- Plan, implement, and test Conditional Access policy assignments and controls
- Implement session management and device-enforced restrictions
- Implement continuous access evaluation and authentication context
- Implement protected actions and create Conditional Access policies from templates
Module 7: Manage risk by using Microsoft Entra ID Protection
- Implement and manage user risk and sign-in risk using ID Protection or Conditional Access
- Implement and manage MFA registration using authentication methods and registration campaigns
- Monitor, investigate, and remediate risky users, risky sign-ins, and risky workload identities
Module 8: Implement Global Secure Access
- Deploy Global Secure Access clients
- Deploy and manage Private Access
- Deploy and manage Internet Access and Internet Access for Microsoft 365
Module 9: Plan and implement identities for applications and Azure workloads
- Select appropriate identities for applications and Azure workloads (managed identities, service principals, user accounts)
- Create managed identities and assign them to Azure resources
- Use a managed identity to access other Azure resources
Module 10: Plan, implement, and monitor the integration of enterprise applications
- Plan and implement settings for enterprise applications at application and tenant level
- Design and implement integration for on-premises apps using Microsoft Entra Application Proxy
- Design and implement integration for SaaS apps
- Assign, classify, and manage users, groups, and app roles for enterprise applications
- Configure and manage user and admin consent and create application collections
Module 11: Plan and implement app registrations
- Plan for and create app registrations
- Configure app authentication and API permissions
- Create app roles
Module 12: Manage and monitor app access by using Microsoft Defender for Cloud Apps
- Configure and analyze cloud discovery results
- Configure connected apps and implement application-enforced restrictions
- Configure Conditional Access app control and create access and session policies
- Implement and manage policies for OAuth apps and manage the Cloud app catalog
Module 13: Plan and implement entitlement management in Microsoft Entra
- Plan entitlements and create and configure catalogs and access packages
- Manage access requests and implement terms of use (ToU)
- Manage the lifecycle of external users and configure connected organizations
Module 14: Plan, implement, and manage access reviews in Microsoft Entra
- Plan for access reviews
- Create and configure access reviews
- Monitor and manually respond to access review activity
Module 15: Plan and implement privileged access
- Plan and manage Microsoft Entra roles in PIM including settings and assignments
- Plan and manage Azure resources in PIM and configure PIM for Groups
- Manage the PIM request and approval process
- Analyze PIM audit history and reports and create break-glass accounts
Module 16: Monitor identity activity by using logs, workbooks, and reports
- Review and analyze sign-in, audit, and provisioning logs by using the Microsoft Entra admin center
- Configure diagnostic settings to Log Analytics, storage accounts, and Azure Event Hubs
- Monitor Microsoft Entra ID by using KQL queries in Log Analytics
- Analyze Microsoft Entra ID by using workbooks and reporting
- Monitor and improve the security posture by using Identity Secure Score