This 4-day course provides IT Identity and Access Professional, along with IT Security Professional, with the knowledge and skills needed to implement identity management solutions based on Microsoft Azure AD, and it connected identity technologies. This course includes identity content for Azure AD, enterprise application registration, conditional access, identity governance, and other identity tools.
Prerequisites:
The knowledge and skills that a learner should have before attending this course are as follows:
- Security best practices and industry security requirements such as defense in depth, least privileged access, shared responsibility, and zero trust model.
- Be familiar with identity concepts such as authentication, authorization, and active directory.
- Have some experience deploying Azure workloads. This course does not cover the basics of Azure administration, instead the course content builds on that knowledge by adding security specific information.
- Some experience with Windows and Linux operating systems and scripting languages is helpful but not required. Course labs may use PowerShell and the CLI.
Course Objectives:
Upon completing this course, the learner will be able to meet these overall objectives:
- Implement an identity management solution
- Implement an authentication and access management solutions
- Implement access management for apps
- Plan and implement an identity governancy strategy
Module 1: Implement an Identity Management Solution
- Implement Initial configuration of Azure AD
- Create, configure, and manage identities
- Implement and manage external identities
- Implement and manage hybrid identity
Module 2: Implement an Authentication and Access Management Solution
- Secure Azure AD user with MFA
- Manage user authentication
- Plan, implement, and administer conditional access
- Manage Azure AD identity protection
Module 3: Implement Access Management for Apps
- Plan and design the integration of enterprise for SSO
- Implement and monitor the integration of enterprise apps for SSO
- Implement app registration
Module 4: Plan and Implement an Identity Governancy Strategy
- Plan and implement entitlement management
- Plan, implement, and manage access reviews
- Plan and implement privileged access
- Monitor and maintain Azure AD
Lab Outline:
Labs are designed to assure learners a whole practical experience, through the following practical activities:
- Lab 1: Manage user roles
- Lab 2: Setting tenant-wide properties
- Lab 3: Assign licenses to users
- Lab 4: Restore or remove deleted users
- Lab 5: Add groups in Azure AD
- Lab 6: Change group license assignments
- Lab 7: Change user license assignments
- Lab 8: Configure external collaboration
- Lab 9: Add guest users to the directory
- Lab 10: Explore dynamic groups
- Lab 11: Enable Azure AD MFA
- Lab 12: Configure and deploy self-service password reset (SSPR)
- Lab 13: Work with security defaults
- Lab 14: Implement conditional access policies, roles, and assignments
- Lab 15: Configure authentication session controls
- Lab 16: Manage Azure AD smart lockout values
- Lab 17: Enable sign-in risk policy
- Lab 18: Configure Azure AD MFA authentication registration policy
- Lab 19: Implement access management for apps
- Lab 20: Create a custom role to management app registration
- Lab 21: Register an application
- Lab 22: Grant tenant-wide admin consent to an application
- Lab 23: Add app roles to applications and receive tokens
- Lab 24: Create and manage a resource catalog with Azure AD entitlement
- Lab 25: Add terms of use acceptance report
- Lab 26: Manage the lifecycle of external users with Azure AD identity governance
- Lab 27: Create access reviews for groups and apps
- Lab 28: Configure PIM for Azure AD roles
- Lab 29: Assign Azure AD role in PIM
- Lab 30: Assign Azure resource roles in PIM
- Lab 31: Connect data from Azure AD to Azure Sentinel
This course is for the Identity and Access Administrators who are planning to take the associated certification exam, or who are performing identity and access administration tasks in their day-to-day job. This course would also be helpful to an administrator or engineer that wants to specialize in providing identity solutions and access management systems for Azure-based solutions; playing an integral role in protecting an organization.