Module 1: Explore identity in Microsoft Entra ID
- Define common identity terms and explain how they’re used in the Microsoft Cloud
- Explore the common management tools and needs of an identity solution
- Review the goal of Zero Trust and how it’s applied in the Microsoft Cloud
- Explore the available identity services in the Microsoft Cloud
Module 2: Implement initial configuration of Microsoft Entra ID
- Implement initial configuration of Azure Active Directory
- Create, configure, and manage identities
- Implement and manage external identities (excluding B2C scenarios)
- Implement and manage hybrid identity
Module 3: Create, configure, and manage identities
- Create, configure, and manage users
- Create, configure, and manage groups
- Manage licenses
- Explain custom security attributes and automatic user provisioning
Module 4: Implement and manage external identities
- Manage external collaboration settings in Microsoft Entra ID
- Invite external users (individually or in bulk)
- Manage external user accounts in Microsoft Entra ID
- Configure identity providers (social and SAML/WS-fed)
Module 5: Implement and manage hybrid identity
- Plan, design, and implement Microsoft Entra Connect
- Manage Microsoft Entra Connect
- Manage password hash synchronization (PHS)
- Manage pass-through authentication (PTA)
- Manage seamless single sign-on (seamless SSO)
- Manage federation excluding manual ADFS deployments
- Troubleshoot synchronization errors
- Implement and manage Microsoft Entra Connect Health
Module 6: Secure Microsoft Entra users with multifactor authentication
- Learn about Microsoft Entra multifactor authentication
- Create a plan to deploy Microsoft Entra multifactor authentication
- Turn on Microsoft Entra multifactor authentication for users and specific apps
Module 7: Manage user authentication
- Administer authentication methods (FIDO2 / Passwordless)
- Implement an authentication solution based on Windows Hello for Business
- Configure and deploy self-service password reset
- Deploy and manage password protection
- Implement and manage tenant restrictions
Module 8: Plan, implement, and administer Conditional Access
- Plan and implement security defaults.
- Plan conditional access policies.
- Implement conditional access policy controls and assignments (targeting, applications, and conditions).
- Test and troubleshoot conditional access policies.
- Implement application controls.
- Implement session management.
- Configure smart lockout thresholds.
Module 9: Manage Microsoft Entra Identity Protection
- Implement and manage a user risk policy
- Implement and manage sign-in risk policies
- Implement and manage MFA registration policy
- Monitor, investigate, and remediate elevated risky users
Module 10: Implement access management for Azure resources
- Configure and use Azure roles within Microsoft Entra ID
- Configure and manage identity and assign it to Azure resources
- Analyze the role permissions granted to or inherited by a user
- Configure access to data in Azure Key Vault using RBAC-policy
Module 11: Plan and design the integration of enterprise apps for SSO
- Discover apps by using Defender for Cloud Apps or ADFS app report.
- Design and implement access management for apps.
- Design and implement app management roles.
- Configure preintegrated (gallery) SaaS apps.
Module 12: Implement and monitor the integration of enterprise apps for SSO
- Implement token customizations
- Implement and configure consent settings
- Integrate on-premises apps by using Microsoft Entra application proxy
- Integrate custom SaaS apps for SSO
- Implement application user provisioning
- Monitor and audit access/Sign-On to Microsoft Entra ID integrated enterprise applications
Module 13: Implement app registration
- Plan your line of business application registration strategy
- Implement application registrations
- Configure application permissions
- Plan and configure multi-tier application permissions
Module 14: Plan and implement entitlement management
- Define catalogs.
- Define access packages.
- Plan, implement, and manage entitlements.
- Implement and manage terms of use.
- Manage the lifecycle of external users in Microsoft Entra Identity Governance settings.
Module 15: Plan, implement, and manage access review
- Plan for access reviews
- Create access reviews for groups and apps
- Monitor the access review findings
- Manage licenses for access reviews
- Automate management tasks for access review
- Configure recurring access reviews
Module 16: Plan and implement privileged access
- Define a privileged access strategy for administrative users (resources, roles, approvals, and thresholds)
- Configure Privileged Identity Management for Microsoft Entra roles
- Configure Privileged Identity Management for Azure resources
- Assign roles
- Manage PIM requests
- Analyze PIM audit history and reports
- Create and manage emergency access accounts
Module 17: Monitor and maintain Microsoft Entra ID
- Analyze and investigate sign-in logs to troubleshoot access issues
- Review and monitor Microsoft Entra audit logs
- Enable and integrate Microsoft Entra diagnostic logs with Log Analytics / Azure Sentinel
- Export sign-in and audit logs to a third-party SIEM (security information and event management)
- Review Microsoft Entra activity by using Log Analytics / Azure Sentinel, excluding KQL (Kusto Query Language) use
- Analyze Microsoft Entra workbooks/reporting
- Configure notifications