Search icon Close icon
Search icon
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Microsoft Identity and Access Administrator Exam Guide

You're reading from  Microsoft Identity and Access Administrator Exam Guide

Product type Book
Published in Mar 2022
Publisher Packt
ISBN-13 9781801818049
Pages 452 pages
Edition 1st Edition
Languages
Concepts
Author (1):
Dwayne Natwick Dwayne Natwick
Profile icon Dwayne Natwick
LinkedIn
Dwayne Natwick is a Cloud Training Architect Lead at Opsgility, a Microsoft CSP. He has been in IT, security design, and architecture for over 30 years. His love of teaching led him to become a Microsoft Certified Trainer (MCT) Regional Lead and a Microsoft Most Valuable Professional (MVP). Dwayne has a master’s degree in Business IT from Walsh College, the CISSP from ISC2, and 18 Microsoft certifications, including Identity and Access Administrator, Azure Security Engineer, and Microsoft 365 Security Administrator. Dwayne can be found providing and sharing information on social media, industry conferences, his blog site, and his YouTube channel. Originally from Maryland, Dwayne currently resides in Michigan with his wife and three children.
See other products by Dwayne Natwick

Table of Contents (24) Chapters

Preface Section 1 – Exam Overview and the Evolution of Identity and Access Management
Chapter 1: Preparing for Your Microsoft Exam Chapter 2: Defining Identity and Access Management Section 2 - Implementing an Identity Management Solution
Chapter 3: Implementing and Configuring Azure Active Directory Chapter 4: Creating, Configuring, and Managing Identities Chapter 5: Implementing and Managing External Identities and Guests Chapter 6: Implementing and Managing Hybrid Identities Section 3 – Implementing an Authentication and Access Management Solution
Chapter 7: Planning and Implementing Azure Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR) Chapter 8: Planning and Managing Password-Less Authentication Methods Chapter 9: Planning, Implementing, and Administering Conditional Access and Azure Identity Protection Section 4 – Implementing Access Management for Applications
Chapter 10: Planning and Implementing Enterprise Apps for Single Sign-On (SSO) Chapter 11: Monitoring Enterprise Apps with Microsoft Defender for Cloud Apps Section 5 – Planning and Implementing an Identity Governance Strategy
Chapter 12: Planning and Implementing Entitlement Management Chapter 13: Planning and Implementing Privileged Access and Access Reviews Section 6 – Monitoring and Maintaining Azure Active Directory
Chapter 14: Analyzing and Investigating Sign-in Logs and Elevated Risk Users Chapter 15: Enabling and Integrating Azure AD Logs with SIEM Solutions Chapter 16: Mock Test Other Books You May Enjoy

Chapter 8: Planning and Managing Password-Less Authentication Methods

The previous chapter covered protecting and managing our identity and access with multi-factor authentication, password protection, and self-service password resets. In this chapter, we are going to take modern authentication a step further by discussing how we can utilize passwordless authentication methods.

In this chapter, we're going to cover the following main topics:

  • Administering authentication methods (FIDO2/passwordless)
  • Implementing an authentication solution based on Windows Hello for Business
  • Implementing an authentication solution with the Microsoft authenticator app

Technical requirements

In this chapter, we will continue to explore configuring a tenant for use with Microsoft 365 and Azure. There will be exercises where you will require access to Azure Active Directory. If you have not created the trial licenses for Microsoft 365 yet, please follow the instructions provided in Chapter 1, Preparing for Your Microsoft Exam.

Administering authentication methods (FIDO2/passwordless)

As we continue through this book, we will expand on the ways that Azure Active Directory provides a modern approach to identity and access management. As we continue to migrate to more cloud applications and hybrid infrastructures, companies can also migrate to these newer modern authentication methods. In Chapter 7, Planning and Implementing Azure Multi-Factor Authentication and Self-Service Password Reset, we covered how MFA can provide an additional layer of verification to protect against the inherent insecurity of simply using a password for authentication. As identity and access management continues to evolve, additional solutions have become available to move away from the use of passwords. The following sections will discuss those options and how they can be used within your company's identity and access management infrastructure.

Modern authentication for identity and access management

In Chapter 2, Defining...

Implementing an authentication solution based on Windows Hello for Business

In the previous section on passwordless authentication, we discussed how Windows Hello can be used by Windows 10 users for authentication by utilizing facial recognition. Windows Hello for Business allows the company to require users of Windows 10 devices to use this as the required authentication and monitor users. In this section, you will learn how to implement Windows Hello for Business as the authentication solution. Windows Hello for Business is configured within the Windows Active Directory domain controller, not Azure AD.

To implement Windows Hello for Business, multiple security groups are required. These security groups are the KeyCredential Admins security group and the Windows Hello for Business Users security group. If you are in a hybrid architecture with Windows Server 2016 domain controllers, the KeyCredential Admins group is created when you install the domain controller.

If your hybrid...

Implementing an authentication solution with the Microsoft Authenticator app

Where Windows Hello for Business and FIDO/2 are passwordless authentication options for Windows 10, the Microsoft Authenticator app provides more flexibility across all apps and devices. As a recap, Windows Hello for Business utilizes biometric facial recognition as the primary factor for verification, while FIDO/2 utilizes a USB key that the user has in their possession to authenticate with a private encrypted key. The requirement of providing all users or a group of users with a separate FIDO/2 token device adds additional cost to the passwordless implementation. Authenticator app authentication utilizes something that most likely all users have: a smartphone. Let's go through the steps to set up the Microsoft Authenticator app for passwordless authentication:

  1. Log into https://portal.azure.com.
  2. Navigate to Azure Active Directory from the search bar:

Figure 8.14...

Summary

In this chapter, we described the next steps in identity protection with passwordless authentication. We discussed the different options that Microsoft provides to allow users to move away from the use of passwords as the primary authentication method. Then, we learned how those options can be configured and utilized within Azure AD and hybrid architectures. In the next chapter, Chapter 9, Planning, Implementing, and Administering Conditional Access and Azure Identity Protection, we will discuss advanced solutions that protect a person's identity and enforce the zero trust model with conditional access policies and Azure Identity Protection.

lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 24
Next Chapter arrow right
You have been reading a chapter from
Microsoft Identity and Access Administrator Exam Guide
Published in: Mar 2022 Publisher: Packt ISBN-13: 9781801818049
© 2022 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Authors (1)

Profile icon Dwayne Natwick
LinkedIn
Dwayne Natwick is a Cloud Training Architect Lead at Opsgility, a Microsoft CSP. He has been in IT, security design, and architecture for over 30 years. His love of teaching led him to become a Microsoft Certified Trainer (MCT) Regional Lead and a Microsoft Most Valuable Professional (MVP). Dwayne has a master’s degree in Business IT from Walsh College, the CISSP from ISC2, and 18 Microsoft certifications, including Identity and Access Administrator, Azure Security Engineer, and Microsoft 365 Security Administrator. Dwayne can be found providing and sharing information on social media, industry conferences, his blog site, and his YouTube channel. Originally from Maryland, Dwayne currently resides in Michigan with his wife and three children.
Read more
See other products by Dwayne Natwick

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Et al.
Et al.
Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.
Aug 2023 7 hours 40 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Mastering Tableau 2023
Mastering Tableau 2023
This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.
Aug 2023 22 hours 48 minutes
Building AI Applications with ChatGPT APIs
Building AI Applications with ChatGPT APIs
This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.
Sep 2023 8 hours 36 minutes
Building AI Applications with ChatGPT APIs
Building AI Applications with ChatGPT APIs
This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.
Sep 2023 8 hours 36 minutes
Data Engineering with AWS
Data Engineering with AWS
Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.
Oct 2023 21 hours 12 minutes
Modern Data Architecture on AWS
Modern Data Architecture on AWS
Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.
Aug 2023 14 hours 0 minutes
Practical Guide to Applied Conformal Prediction in Python
Practical Guide to Applied Conformal Prediction in Python
Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.
Dec 2023 8 hours 0 minutes
TinyML Cookbook
TinyML Cookbook
With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.
Nov 2023 22 hours 8 minutes
Right arrow icon