Training: Microsoft Identity and Access Administrator (SC-300)

Ref. SC-300T00

Download PDF

Duration:

jours

Exam:

Optionnel

Level:

Intermédiaire

Funding:

Eligible

Home > Trainings > IT Pro > Audit and Cybersecurity > Microsoft Identity and Access Administrator (SC-300)

Microsoft Identity and Access Administrator Training (SC-300)

Identity management is the first pillar of any Zero Trust security strategy. The Microsoft Identity and Access Administrator training (SC-300) teaches you in four days to deploy, configure, and administer Microsoft Entra ID to secure access to applications, data, and resources in your organization. You will master multi-factor authentication, conditional access, identity protection, and privileged access governance in cloud and hybrid environments.

Delivered by an MCT-certified trainer at ITTA in Geneva or Lausanne, this SC-300 training combines theoretical courses and hands-on labs on the official Microsoft cloud environment. You will work on concrete scenarios for configuring Microsoft Entra ID, managing B2B and B2C external identities, hybrid identity, and Privileged Identity Management (PIM). At the end of this intensive four-day training, you will be prepared for the SC-300 Microsoft Identity and Access Administrator exam and you will have the skills to administer identities and access in your organization’s Microsoft ecosystem.

Participant Profiles

Identity and access administrators
Cybersecurity engineers
Cloud solutions consultants
Microsoft Azure solutions architects
Access governance managers

Objectives

Configure Microsoft Entra ID: multi-factor authentication, conditional access, and identity protection
Manage privileged identities with Privileged Identity Management (PIM) and access reviews
Implement identity governance with entitlement packages and lifecycle workflows
Configure B2B and B2C external identities and Microsoft Entra verified identity
Deploy and manage hybrid identity with Microsoft Entra Connect and pass-through authentication

Prerequisites

Understand the fundamentals of Microsoft Azure and Microsoft 365
Master the basic concepts of cybersecurity
Have a basic understanding of identity and access administration

Course Content

Module 1: Implement initial configuration of Microsoft Entra ID

Configure company brand
Configure and manage Microsoft Entra roles
Configure delegation by using administrative units
Analyze Microsoft Entra role permissions
Configure and manage custom domains
Configure tenant-wide setting

Module 2: Create, configure, and manage identities

Create, configure, and manage users
Create, configure, and manage groups
Configure and manage device registration
Manage licenses
Create custom security attributes
Explore automatic user creation

Module 3: Implement and manage external identities

Describe guest access and Business to Business accounts
Manage external collaboration
Invite external users – individually and in bulk
Demo – manage guest users in Microsoft Entra ID
Manage external user accounts in Microsoft Entra ID
Manage external users in Microsoft 365 workloads
Implement and manage Microsoft Entra Verified ID
Configure identity providers
Implement cross-tenant access controls

Module 4: Implement and manage hybrid identity

Plan, design, and implement Microsoft Entra Connect
Implement manage password hash synchronization (PHS)
Implement manage pass-through authentication (PTA)
Explore pass-through authentication and seamless single sign-on (SSO)
Implement and manage federation
Trouble-shoot synchronization errors
Implement Microsoft Entra Connect Health
Manage Microsoft Entra Health

Module 5: Secure Microsoft Entra users with multifactor authentication

What is Microsoft Entra multifactor authentication?
Plan your multifactor authentication deployment
Configure multifactor authentication methods

Module 6: Manage user authentication

Administer FIDO2 and passwordless authentication methods
Explore Authenticator app and OATH tokens
Implement an authentication solution based on Windows Hello for Business
Deploy and manage password protection
Configure smart lockout thresholds
Implement Kerberos and certificate-based authentication in Microsoft Entra ID
Configure Microsoft Entra user authentication for virtual machines

Module 7: Plan, implement, and administer Conditional Access

Plan security defaults
Plan Conditional Access policies
Implement Conditional Access policy controls and assignments
Test and troubleshoot Conditional Access policies
Implement application controls
Implement session management and continuous access evaluation
Microsoft Entra Conditional Access Optimization agent

Module 8: Manage Microsoft Entra Identity Protection

Review identity protection basics
Implement and manage user risk policy
Monitor, investigate, and remediate elevated risky users
Implement security for workload identities
Explore Microsoft Defender for Identity
Explore the Identity Risk Management Agent

Module 9: Implement access management for Azure resources

Assign Azure roles
Configure custom Azure roles
Create and configure managed identities
Access Azure resources with managed identities
Analyze Azure role permissions
Configure Azure Key Vault RBAC policies
Retrieve objects from Azure Key Vault

Module 10: Deploy and Configure Microsoft Entra Global Secure Access

Explore Global Secure Access
Deploy and configure Microsoft Entra Internet Access
Deploy and configure Microsoft Entra Private Access
Explore how to use the Dashboard to drive Global Secure Access
Create remote networks for use with Global Secure Access
Use Conditional Access with Global Secure Access
Explore logs and monitoring options with Global Secure Access

Module 11: Plan and design the integration of enterprise apps for SSO

Discover apps by using Microsoft Defender for Cloud Apps and Active Directory Federation Services app report
Configure connectors to apps
Design and implement app management roles
Configure preintegrated gallery SaaS apps
Implement and manage policies for OAuth apps

Module 12: Implement and monitor the integration of enterprise apps for SSO

Implement token customizations
Implement and configure consent settings
Integrate on-premises apps with Microsoft Entra application proxy
Integrate custom SaaS apps for single sign-on
Implement application-based user provisioning
Monitor and audit access to Microsoft Entra integrated enterprise applications
Create and manage application collections

Module 13: Implement app registration

Plan your line of business application registration strategy
Implement application registration
Register an application
Configure permission for an application
Grant tenant-wide admin consent to applications
Implement application authorization
Manage and monitor application by using app governance

Module 14: Register apps using Microsoft Entra ID

Plan for app registration
Explore application objects and service principals
Create app registrations
Configure app authentication
Configure API permissions
Create app roles

Module 15: Plan and implement entitlement management

Define access packages
Configure entitlement management
Configure and manage connected organizations
Review per-user entitlements

Module 16: Plan, implement, and manage access review

Plan for access reviews
Create access reviews for groups and apps
Create and configure access reviews programmatically
Monitor access review findings
Automate access review management tasks
Configure recurring access reviews
Explore the Access Review Agent in Microsoft Entra

Module 17: Plan and implement privileged access

Define a privileged access strategy for administrative users
Configure Privileged Identity Management for Azure resources
Plan and configure Privileged Access Groups
Analyze Privileged Identity Management audit history and reports
Create and manage emergency access accounts

Module 18: Monitor and maintain Microsoft Entra ID

Analyze and investigate sign-in logs to troubleshoot access issues
Review and monitor Microsoft Entra audit logs
Export logs to third-party security information and event management system
Analyze Microsoft Entra workbooks and reporting
Monitor security posture with Identity Secure Score

Documentation

Access to Microsoft Learn, Microsoft’s online learning platform, offering interactive resources and educational content to deepen your knowledge and develop your technical skills.

Lab / Exercises

This course provides you with exclusive access to the official Microsoft lab, enabling you to practice your skills in a professional environment.

Exam

This course prepares you to the SC-300: Microsoft Identity and Access Administrator exam.

Complementary Courses

Eligible Funding

ITTA is a partner of a continuing education fund dedicated to temporary workers. This fund can subsidize your training, provided that you are subject to the “Service Provision” collective labor agreement (CCT) and meet certain conditions, including having worked at least 88 hours in the past 12 months.

Additional Information

Administer Microsoft Entra ID with the SC-300 certification

The SC-300 Microsoft Identity and Access Administrator exam is the reference certification for professionals in charge of identity management in the Microsoft ecosystem. With 110 monthly searches in Switzerland and 590 in France for the keyword sc-300, this certification meets a growing need from companies deploying Microsoft Entra ID (formerly Azure Active Directory) to secure access for their employees, partners, and customers.

The keyword entra id generates 3,600 monthly searches, which demonstrates the massive interest in this technology. In French-speaking Switzerland, where compliance and data protection requirements are high, mastering Microsoft Entra ID has become an essential skill for IT administrators and security engineers.

At ITTA, a Microsoft Learning Partner based in Geneva and Lausanne, the SC-300 training is delivered over four days by an MCT certified trainer with labs on the official Microsoft cloud environment.

Microsoft Entra ID: identity and access management

Microsoft Entra ID is Microsoft’s cloud identity service that centralizes authentication and authorization for all applications and resources in an organization. The SC-300 training teaches you to configure and administer the key features of this platform.

Multi-factor authentication (MFA) strengthens connection security by requiring additional verification. Conditional Access allows you to define granular policies that adapt authentication requirements based on context (location, device, risk level). Identity protection automatically detects risky sign-ins and compromised accounts, triggering remediation actions.

Identity governance and privileged access

The training covers identity governance in depth with Microsoft Entra ID Governance. Privileged Identity Management (PIM) allows you to control and audit the use of privileged roles, activating permissions only when needed (just-in-time). Access reviews automate periodic verification of rights assigned to users and groups.

Entitlement management packages define sets of resources accessible to employees and partners, with approval workflows and expiration policies. These mechanisms ensure the principle of least privilege and reduce the attack surface related to excessive rights.

Hybrid and external identities

Many organizations maintain a hybrid environment with on-premises Active Directory and Microsoft Entra ID in the cloud. The SC-300 training teaches you to deploy Microsoft Entra Connect to synchronize identities, configure pass-through authentication (PTA) and password hash synchronization (PHS), and resolve synchronization errors.

External identities are also covered: B2B collaboration for partners, external identity provider configuration, and cross-tenant access controls. Microsoft Entra Verified ID adds an additional layer of trust for scenarios requiring strong user identity validation.

Enterprise applications and single sign-on

You will learn to integrate enterprise applications with Microsoft Entra ID for single sign-on (SSO). The training covers SaaS application configuration from the gallery, Application Proxy for on-premises applications, application registration, consent management, and automatic user provisioning. Application access monitoring and auditing complete the program, giving you a complete overview of identity administration in the Microsoft ecosystem.

Career opportunities and value of the SC-300 certification in Switzerland

SC-300 certified identity administrators are sought after in all sectors in French-speaking Switzerland. Identity management is a prerequisite for regulatory compliance (DPA, GDPR) and access security in cloud environments. The SC-300 certification validates directly operational skills and constitutes, together with SC-200, the recommended foundation for accessing the SC-100 Cybersecurity Architect expert certification.

FAQ

What are the prerequisites for the SC-300 training?

Experience in IT administration, knowledge of Microsoft Azure, and IT security basics are recommended. The SC-900 certification can be a good starting point.

Is the SC-300, in the training?

The training prepares you for the official Microsoft certification exam, which can be taken after completing the course

What is the difference between SC-300 and SC-200?

SC-300 focuses on identity and access management with Microsoft Entra ID. SC-200 covers security operations with Microsoft Sentinel and Defender XDR. These two certifications are complementary and constitute the recommended prerequisites for SC-100.

Is the training available as a virtual class?

Yes, in-person in Geneva or Lausanne, or as a virtual class with the same MCT certified trainer and the same Microsoft cloud labs.

What is Microsoft Entra ID compared to Azure Active Directory?

Microsoft Entra ID is the new name for Azure Active Directory (Azure AD). The service remains identical, but Microsoft has unified its identity range under the Entra brand, which now includes Entra ID, Entra External ID, Entra Permissions Management, and Entra Verified ID.

How does SC-300 fit into a security certification path?

SC-300 is an associate-level certification that validates identity management expertise. Combined with SC-200, it constitutes the ideal prerequisite for taking SC-100 (Cybersecurity Architect). SC-401 (information security) completes the trio of associate-level certifications in the Microsoft security path.