Microsoft Identity and Access Administrator Exam Guide

By Dwayne Natwick

Early Access

This is an Early Access product. Early Access chapters haven’t received a final polish from our editors yet. Every effort has been made in the preparation of these chapters to ensure the accuracy of the information presented. However, the content in this book will evolve and be updated during the development process.

Learn more
    Advance your knowledge in tech with a Packt subscription

  • Instant online access to over 7,500+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. 1 Preparing for Your Microsoft Exam

About this book

Cloud technologies have made identity and access the new control plane for securing data. Without proper planning and discipline in deploying, monitoring, and managing identity and access for users, administrators, and guests, you may be compromising your infrastructure and data. This book is a preparation guide that covers all the objectives of the SC-300 exam, while teaching you about the identity and access services that are available from Microsoft and preparing you for real-world challenges.

The book starts with an overview of the SC-300 exam and helps you understand identity and access management. As you progress to the implementation of IAM solutions, you’ll learn to deploy secure identity and access within Microsoft 365 and Azure Active Directory. The book will take you from legacy on-premises identity solutions to modern and password-less authentication solutions that provide high-level security for identity and access. You’ll focus on implementing access and authentication for cloud-only and hybrid infrastructures as well as understand how to protect them using the principles of zero trust. The book also features mock tests toward the end to help you prepare effectively for the exam.

By the end of this book, you’ll have learned how to plan, deploy, and manage identity and access solutions for Microsoft and hybrid infrastructures.

Publication date:
March 2022
Publisher
Packt
Pages
400
ISBN
9781801818049

 

1 Preparing for Your Microsoft Exam

You have decided to take the steps to get Microsoft certified. The SC-300 exam focuses on identity and access administration. This chapter will provide guidance on getting prepared for a Microsoft exam, along with resources that can assist in your learning plan. This will include helpful links, as well as steps on how to gain access to a trial Microsoft 365 subscription for hands-on practice. Once you have completed this chapter, you will have the necessary tools to know what is needed to prepare for the exam, follow along in this book, and become an Identity and Access Administrator.

In this chapter, we’re going to cover the following main topics:  

  • Preparing for a Microsoft exam
  • Resources available and accessing Microsoft Learn
  • Creating a Microsoft 365 trial subscription
  • Exam objectives
  • Who should take the SC-300 exam?
 

Technical requirements

In order to follow along and complete the exercises within this book, you will need to have access to Azure Active Directory (Azure AD). This can be accomplished through a trial subscription of Microsoft 365. Advanced identity and access services will also require an Azure AD Premium license. The steps to set up licenses will be covered later in this chapter.

 

Preparing for a Microsoft exam

There are multiple aspects to preparing for a Microsoft exam. These include the resources available to prepare for the exam, the ability to access a subscription for hands-on learning, and the manner in which you are going to take your exam. If this is your first Microsoft exam, understanding the format that most of these exams will follow is important.

Let’s take a closer look at each of these areas.

Resources available to prepare for the exam

There are many resources available to help you prepare for most Microsoft exams. This can be in the form of pre-recorded content from learning companies, live courses from Microsoft Learning Partners, and content posted by the community and Microsoft blog articles. Each of these resources is helpful, but the pre-recorded content and live courses will come at a price and may not be within your budget. Community and Microsoft blog articles generally provide a level of direction as to where you need to go for each topic but do not get into specifics.

One of the best resources is Microsoft itself. Microsoft provides detailed documentation on every one of its services with Microsoft Docs, which allows you to search freely and find the information that you need. This information is publicly available and free. Microsoft Docs is tied very closely to Microsoft Learn content, which will be discussed later in this chapter.

To access and search Microsoft Docs, simply go to https://www.docs.microsoft.com.

Access to a subscription

It is highly recommended when preparing for a Microsoft exam that you have had some level of hands-on experience with the services within the objectives. For associate- and expert-level exams (the SC-300 being an associate-level exam), this really should be a requirement. Microsoft courses have a GitHub repository for labs that are recommended and available to the public.

The lab guides can be found at this link: http://www.microsoft.com/learning.

Microsoft offers trial subscriptions for both Azure and Microsoft 365. The process to create these trials will be provided later in this chapter.

Where to take the exam

Part of the preparation process of taking an exam includes where you are going to take it. Traditionally, there has been only an option to take these exams at a proctored exam site. Some may prefer this method because it is a controlled environment. Understanding the location and setup of the site can be helpful in lowering your level of stress on the day of the exam. Making a trip to the site before your exam date can avoid any potential surprises on the day of the exam.

When the role-based exams became available, Microsoft provided an additional option of taking the exam remotely from your home or office, using a remote proctor. This may be a preferred option if you are more comfortable using your own equipment and working in a familiar environment. If you do not have the choice when scheduling your exam, then this option has not been made available to your region. If it is available, you will see an option similar to the Online from my home or office option shown in the following screenshot:

Figure 1.1 – Selecting a location when scheduling an exam

There are some important steps to prepare for the remote proctor. From an equipment standpoint, you must have a device with a webcam, microphone, and speakers. You can only use one monitor, so be sure to have a high resolution to avoid any issues with viewing the exam. It is highly recommended to test your equipment before the day of the exam to avoid any issues with anti-malware software. The location in which you are going to take the exam must be cleared of any papers, books, pens, and pencils. It must also be a quiet environment where no one will enter while you are taking the exam. You will be required to photograph the location and surrounding area when checking in. A valid form of identification is required as well. During the exam, you must remain within view of the camera. This may feel intrusive and may not be comfortable for some, but others may prefer being within their own environment to take an exam.

Exam format

Microsoft exams are typically made up of four to six question types. These are case studies, multiple-choice, drag and drop, modified true/false, drop-down fill-in, and best-answer scenarios. Let’s provide some additional detail on what each of these means, as follows:

  1. Case-study questions provide a hypothetical company setting with the current environment, proposed future environment, and technical and business requirements. From this scenario, six to eight questions are asked that may cover multiple objective areas of the exam. On most associate-level exams, you could see one to three of these case studies.
  2. Multiple-choice questions are straightforward questions. Some multiple-choice questions may have more than one answer. Microsoft is generally transparent on how many correct answers need to be chosen for the question, and you will get alerted if you do not choose the correct number of selections.
  3. Drag-and-drop questions are usually based on the steps of a process to test your knowledge of the order of operations to deploy a service. You are given more selections than required and need to move the steps that apply to the question over to the right column, in the proper sequence.
  4. The next type of question is a modified type of true/false question. In these questions, you are usually provided some exhibits or screenshots from within the Microsoft portals or tables that show what has been configured. There are then three to four statements about this information, and you need to select Yes or No for each statement based on whether the statement is correct in terms of the information provided.
  5. Drop-down fill-in questions are usually where you will find PowerShell or Azure command-line interface (CLI) code. You will be asked to complete certain steps within a string of code where the blank sections provide drop-down selections to choose from.
  6. Best-answer scenario questions are the best test on a pure understanding of an objective area. Microsoft will warn you when getting to this section that you no longer have an option to navigate back on these questions. You will be provided a specific scenario that needs to be solved, along with a proposed solution. You will need to determine whether that solution is the best solution to solve the scenario requirements. After selecting yes or no, you may see the same scenario again with a different solution on the next yes-or-no question.

Each of these exam question types tests your level of understanding in different ways, and all go into the weighted exam objectives that will be discussed later in this chapter.

We have covered how to determine an exam location and the types of questions that you may expect. The next sections will cover resources that will help in the process of learning the topics covered within the exam and how to gain access to the solutions to follow along with the exercises in this guide.

 

Resources available and accessing Microsoft Learn

Earlier in this chapter, some of the resources available for preparing for the exam were mentioned. Microsoft Learn was mentioned along with Microsoft Docs, but it requires its own section due to the amount of free content that it provides to help you prepare for an exam.

Accessing Microsoft Learn

Microsoft Learn is a great resource to get your learning path started. All the content on Microsoft Learn is free. When you create an account on Microsoft, learning progress is tracked and you can acquire badges along the way. In addition, Microsoft creates learning challenges periodically with prizes, such as free exam vouchers. Creating a free account is accomplished by selecting the icon on the top right of the page and selecting Sign in, as shown in the following screenshot:

Figure 1.2 – Microsoft Learn site profile sign-in

You can sign in with an existing Microsoft account or create one to get started, as indicated here:

Figure 1.3 – Creating an account or signing in with a Microsoft account

You can get to Microsoft Learn through the following link: https://www.microsoft.com/learn.

Finding content on Microsoft Learn

Content on Microsoft Learn can be found in various ways. You can run a search on specific products, roles, or certifications. These options can be found on the selection ribbon at the top of the Learn home page, as shown in the following screenshot. The home page also has several recommendations to start your learning as well:

Figure 1.4 – Learn content navigation

From the Learn content navigation tabs, select a drop-down arrow to filter for content in the specific Products, Roles, or Certifications areas, as shown in the following screenshot:

Figure 1.5 – Filtering categories under Products drop-down arrow

Once you have selected an area of interest or simply chosen to browse all paths, you can then search specific topics and filter even further on individual courses or learning paths, as shown in the following screenshot:

Figure 1.6 – Browsing all content in Microsoft Learn

This section provided the information needed to access Microsoft Learn and browse for modules and learning paths. The next section will assist you in finding content specific to the SC-300 exam.

Exam pages on Microsoft Learn

Another common area within Microsoft Learn is the exam pages. For any exam provided by Microsoft, there is an exam page and a certification page that is located within Microsoft Learn. These pages provide an overview of an exam or a certification, the roles of individuals that may be interested in a particular exam, the objective areas for an exam, scheduling an exam, and the Microsoft Learn learning path to prepare for an exam. These pages are extremely helpful when you are preparing specifically for an exam rather than just acquiring general technical knowledge. The following screenshot shows a search for the SC-300 exam:

Figure 1.7 – Browsing for the SC-300 exam

This screenshot shows the exam page for the SC-300 exam:

Figure 1.8 – SC-300 exam page

As you continue to prepare for the SC-300 exam, it is recommended that you use this exam page as a reference.

You should now have access to log in and browse the content on Microsoft Learn. The next section will provide guidance on signing up for a trial subscription to Microsoft 365 services.

 

Creating a Microsoft 365 trial subscription

If you are new to Microsoft 365 and Azure, getting hands-on experience is important not just for exam preparation, but also for professional development. If you are getting certified to open doors to new job opportunities, you must understand the administration portals and how to work within them. This book will provide some exercises that will get you familiar with how to work within Microsoft 365 and Azure AD. In order to follow along with the steps, it is recommended that you have a subscription to Microsoft 365 and Azure AD Premium. The steps to create these in a 30-day trial are provided in the next sections.

Office 365 or Microsoft 365 trial subscription

Many of the features and capabilities discussed within the exam objectives require an enterprise-level license within Microsoft 365. The enterprise licenses are the E3 and E5 licenses. Microsoft offers 30-day trial licenses of these, so as you prepare for the exam, you can create a trial subscription and will then be able to follow along with the exercises.

To get started, navigate to https://www.microsoft.com/en-us/microsoft-365/enterprise/compare-office-365-plans and select Try for free under the Office 365 E5 plan, as illustrated in the following screenshot:

Figure 1.9 – Office 365 trial subscription sign-up

Follow the steps to create an account, as shown in the following screenshot. If you have already created an account previously, you may need to use a different email address to obtain a free trial:

Figure 1.10 – Office 365 E5 subscription sign-up form

After completing the form and creating your Microsoft 365 tenant, you will have access to Microsoft 365 services and the administration panel. The next section will guide you through signing up for an additional add-on service that will be required to follow along with the exercises within this book and to provide full hands-on preparation for your exam.

Azure AD Premium subscription

In addition to the Office 365 E5 trial subscription, you will need access to an Azure AD Premium license for many of the advanced identity and access features that are discussed within the exam objectives. The best way to obtain these features is through an Enterprise Mobility + Security (EMS) E5 license. Microsoft also offers this as a 30-day free trial. Follow these steps to set this up:

  1. To get started, navigate to this link: https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing.
  2. Then, select Try now under the Enterprise Mobility + Security E5 plan, as shown in the following screenshot:
Figure 1.11 – EMS E5 trial subscription sign-up

This is an add-on license to Microsoft 365, so you should enter the same email address that you used to sign up for the Office 365 E5 subscription in the box shown in the following screenshot:

Figure 1.12 – EMS E5 subscription sign-up form

You should now have everything you need for your hands-on exam preparation and to follow along with the exercises within this book. The next section will provide an overview of the objectives that are covered in the exam and throughout this book.

 

Exam objectives

This book will cover the specific objectives of the SC-300 Microsoft Identity and Access Administrator exam. The structure of the book follows these objectives closely within the main sections. However, there is an added section on monitoring and management to provide additional emphasis as you move forward in a career as an Identity and Access Administrator.

As is the case with all Microsoft exams, each objective area is weighted differently. The weight of each objective is meant to be used as a guide to understanding the potential number of questions to expect in these areas of the exam. The objectives covered within the SC-300 exam are listed here:

Objective Weight
Implement an identity management solution 25-30%
Implement an authentication and access management solution 25-30%
Implement access management for applications 10-15%
Plan and implement an identity governance strategy 25-30%

Additional details on the topics that make up these objectives can be found at this link: https://www.query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Myp5.

Understand that the weights do not mean that if an objective is weighted at 10%, you will only get 5 questions out of 50 in this area. Microsoft exams use a scoring scale of 1,000 based on the type of question and the objectives covered within the question. Many questions may have elements of multiple objectives and therefore work into the percentages. The weights of the objectives can help to understand the level of importance that is being placed on the objective.

Now that you know the objective areas being covered for this exam, you may be wondering how this exam and certification can assist in professional development and career advancement. The next section provides some insight into the types of roles that this exam highlights.

 

Who should take the SC-300 exam?

Now that you understand more about Microsoft exams, paths to learning, and the specific areas covered in the SC-300 exam, it is important to think about the roles that someone should have or want before preparing for this exam. The SC-300 exam is the Microsoft Identity and Access Administrator exam, so the focus is on the areas of protecting identities and implementing proper access roles for services within Microsoft 365, Azure, and hybrid infrastructures. The next chapter will go further into the importance of identity and access within cloud infrastructures. Anyone that has the goal of working with Microsoft cloud technologies will benefit from learning the objectives of this exam. This exam could also prepare you for an Identity and Access Administrator role as a career, as more organizations are requiring this role as they adopt more cloud-native applications within their environment. 

 

Summary

In this chapter, we covered the areas that will prepare you for the Identity and Access Administrator exam and the setup required to follow along with the exercises covered within this book. We also provided an overview of what to expect when taking a Microsoft exam.

The next chapter will discuss the importance of identity and access management (IAM) and how it has evolved as cloud technologies have become more prevalent.

About the Author

  • Dwayne Natwick

    Dwayne Natwick is a Cloud Training Architect Lead at Opsgility, a Microsoft CSP. He has been in IT, security design, and architecture for over 30 years. His love of teaching led him to become a Microsoft Certified Trainer (MCT) Regional Lead and a Microsoft Most Valuable Professional (MVP).

    Dwayne has a master’s degree in Business IT from Walsh College, the CISSP from ISC2, and 18 Microsoft certifications, including Identity and Access Administrator, Azure Security Engineer, and Microsoft 365 Security Administrator. Dwayne can be found providing and sharing information on social media, industry conferences, his blog site, and his YouTube channel.

    Originally from Maryland, Dwayne currently resides in Michigan with his wife and three children.

    Browse publications by this author
Microsoft Identity and Access Administrator Exam Guide
Unlock this book and the full library for $5 a month*
Start now