Identity and Access Administrator -koulutuksessa opit toteuttamaan identiteetin- ja pääsynhallintaa uusimmilla tekniikoilla.

Tavoite

Opi tiedot ja taidot toteuttaa identiteetin- ja pääsynhallintaa käyttämällä Microsoft Entraa (ex- Azure AD) ja siihen oleellisesti liittyviä palveluita.

Kenelle

Koulutus sopii tietoturva-ammattilaiselle, joka työskentelee identiteetin ja pääsynhallinnan parissa.

Koulutukseen osallistujalla on hyvä olla ennestään seuraavat taidot:

Tietoturvan yleiset periaatteet, kuten esim. defense in depth, least privileged access, shared responsibility, and zero trust model
(Microsoft-)identiteetteihin liittyvien konseptien, kuten todennus, valtuutus ja Active Directory tuntemus
Azuren perusteiden tuntemus, esim. Azure Fundamentals tai vastaava suoritettuna
Azuren hallintatyökalujen osaaminen

Lisätiedot

Koulutus valmentaa Microsoftin viralliseen SC-300 Microsoft Identity and Access Administrator -sertifiointitestiin.

Koulutuksen sisältö

Configure and manage a Microsoft Entra tenant

Configure and manage built-in and custom Microsoft Entra roles
Recommend when to use administrative units
Configure and manage administrative units
Evaluate effective permissions for Microsoft Entra roles
Configure and manage custom domains
Configure Company branding settings
Configure tenant properties, user settings, group settings, and device settings

Create, configure, and manage Microsoft Entra identities

Create, configure, and manage users
Create, configure, and manage groups
Manage custom security attributes
Automate the management of users and groups by using PowerShell
Assign, modify, and report on licenses

Implement and manage identities for external users and tenants

Manage External collaboration settings in Microsoft Entra ID
Invite external users, individually or in bulk
Manage external user accounts in Microsoft Entra ID
Implement Cross-tenant access settings
Implement and manage cross-tenant synchronization
Configure identity providers, including SAML and WS-Fed
Create and manage a Microsoft Entra B2C tenant (Microsoft Entra External ID)

Implement and manage hybrid identity

Implement and manage Microsoft Entra Connect
Implement and manage Microsoft Entra Connect cloud sync
Implement and manage password hash synchronization
Implement and manage pass-through authentication
Implement and manage seamless single sign-on (SSO)
Implement and manage federation, excluding manual Active Directory Federation Services (AD FS) deployments
Implement and manage Microsoft Entra Connect Health
Troubleshoot synchronization errors

Plan, implement, and manage Microsoft Entra user authentication

Plan for authentication
Implement and manage authentication methods
Implement and manage tenant-wide Multi-factor Authentication (MFA) settings
Manage per-user MFA settings
Configure and deploy self-service password reset (SSPR)
Implement and manage Windows Hello for Business
Disable accounts and revoke user sessions
Implement and manage password protection and smart lockout
Enable Microsoft Entra Kerberos authentication for hybrid identities
Implement certificate-based authentication in Microsoft Entra

Plan, implement, and manage Microsoft Entra Conditional Access

Plan Conditional Access policies
Implement Conditional Access policy assignments
Implement Conditional Access policy controls
Test and troubleshoot Conditional Access policies
Implement session management
Implement device-enforced restrictions
Implement continuous access evaluation
Create a Conditional Access policy from a template

Manage risk by using Microsoft Entra ID Protection

Implement and manage user risk policies
Implement and manage sign-in risk policies
Implement and manage MFA registration policies
Monitor, investigate and remediate risky users
Monitor, investigate, and remediate risky workload identities

Implement access management for Azure resources by using Azure roles

Create custom Azure roles, including both control plane and data plane permissions
Assign built-in and custom Azure roles
Evaluate effective permissions for a set of Azure roles
Assign Azure roles to enable Microsoft Entra ID login to Azure virtual machines
Configure Azure Key Vault role-based access control (RBAC) and access policies

Plan and implement identities for applications and Azure workloads

Select appropriate identities for applications and Azure workloads, including managed identities, service principals, user accounts, and managed service accounts
Create managed identities
Assign a managed identity to an Azure resource
Use a managed identity assigned to an Azure resource to access other Azure resources

Plan, implement, and monitor the integration of enterprise applications

Configure and manage user and admin consent
Discover apps by using AD FS application activity reports
Plan and implement settings for enterprise applications, including application-level and tenant-level settings
Assign appropriate Microsoft Entra roles to users to manage enterprise applications
Monitor and audit activity in enterprise applications
Design and implement integration for on-premises apps by using Microsoft Entra Application Proxy
Design and implement integration for software as a service (SaaS) apps
Assign, classify, and manage users, groups, and app roles for enterprise applications
Create and manage application collections

Plan and implement app registrations

Plan for app registrations
Create app registrations
Configure app authentication
Configure API permissions
Create app roles

Manage and monitor app access by using Microsoft Defender for Cloud Apps

Configure and analyze cloud discovery results by using Defender for Cloud Apps
Configure connected apps
Implement application-enforced restrictions
Configure Conditional Access app control
Create access and session policies in Defender for Cloud Apps
Implement and manage policies for OAuth apps
Manage the Cloud app catalog

Plan and implement entitlement management in Microsoft Entra

Plan entitlements
Create and configure catalogs
Create and configure access packages
Manage access requests
Implement and manage terms of use (ToU)
Manage the lifecycle of external users
Configure and manage connected organizations

Plan, implement, and manage access reviews in Microsoft Entra

Plan for access reviews
Create and configure access reviews
Monitor access review activity
Manually respond to access review activity

Plan and implement privileged access

Plan and manage Azure roles in Microsoft Entra Privileged Identity Management (PIM), including settings and assignments
Plan and manage Azure resources in PIM, including settings and assignments
Plan and configure privileged access groups
Manage the PIM request and approval process
Analyze PIM audit history and reports
Create and manage break-glass accounts

Monitor identity activity by using logs, workbooks, and reports

Design a strategy for monitoring Microsoft Entra
Review and analyze sign-in, audit, and provisioning logs by using the Microsoft Entra admin center
Configure diagnostic settings, including configuring destinations such as Log Analytics workspaces, storage accounts, and event hubs
Monitor Microsoft Entra by using KQL queries in Log Analytics
Analyze Microsoft Entra by using workbooks and reporting
Monitor and improve the security posture by using Identity Secure Score

Plan and implement Microsoft Entra Permissions Management

Onboard Azure subscriptions to Permissions Management
Evaluate and remediate risks relating to Azure identities, resources, and tasks
Evaluate and remediate risks relating to Azure highly privileged roles
Evaluate and remediate risks relating to Permissions Creep Index (PCI) in Azure
Configure activity alerts and triggers for Azure subscriptions

Avainsanat

Microsoft, Entra, Entra ID, Azure AD, Tietoturva, Microsoft -identiteetit, Pääsynhallinta, Käyttövaltuushallinta

Paikka	Etäkoulutus
Päivämäärä	9.3.-2.4.2026, 1.-16.6.2026

SC-300 Microsoft Identity and Access Administrator