Microsoft Identity & Access Adminstration | SC-300 Exam Guide | Job Oriented Course | IAM Course |
is rename this to Microsoft ENT so now we refer it as Microsoft entra so if you hear saying Microsoft inra ID or Azure active directory it is one and the same thing they can also provide secure authentication and authorization access to Enterprise applications administrator provides seamless experiences and selfs service management capabilities for all the users adaptive access and governance are core elements to the role by troubleshooting monitoring and reporting for the identity and access environment we can also identify and run projects to modernize identity solutions to implement hybrid identity Solutions and to implement identity governance so all these things identity and access administrator do in day-to-day life now what are the prerequisites for this particular course so there are some basic prerequisites right so with this course it provides Knowledge and Skills on ID Management in the cloud using Azure active directory a participant need to have an understanding on best practices and Industry security Concepts such as defense and DEP Le access role based Access Control shared responsibility model and zero test model even if in case you are not meeting the prerequisite that is absolutely fine as well because in this particular course we are going to start things from scratch so anyone who know knows or who meet the prerequisite will be an added Advantage anyone who's not meeting it we will start the course in such a manner that first we are trying to meet the prerequisits and then we will be jumping onto the topics of this particular course right so person should have some experience in Azure workloads understanding of azure Azure ad and cloud computing Concepts basic it knowledge or experience working in an IT environment would be an added Advantage understanding the different different between authentication and authorization would also be helpful so that is all what we going that is all the prerequisites so if in case you are meeting it it's well and if in case you're not meeting it that's fine as well as I mentioned after doing this particular training you can also appear for the certification so when you'll be appearing for the certification this is the percentage of questions you miss see so implementing an identity management solution you may expect somewhere around 25 to 30% of the course content implementing an authentication access management solution 25 to 30% implementing access management for applications 10 to 15% planning and implementing an identity governance strategy 25 to 30% so this is the percentage of questions you may see during the certification right and if in case you clear the certification you achieve this one you achieve this middle certification that is Microsoft certified identity and access administrator associate so this is an intermediate level of certification that you achieve this is the certificate that you will be achieving right after this if you further want to do a deep drive into Azure then maybe you can go with Azure solution architect expert this is A35 right then you will become Microsoft certified aure solution architect expert but in order to clear this you need to clear this first SC300 certificate P right what all we are going to cover see usually it's a 32-hour course this is defined for eight hours but usually when we do trainings it's weekends or weekday trainings we'll be doing trainings for two to three hours a day so right now they have defined this day one Concepts as per eight hours but we will further break this day one into multiple days right we will be doing a 2hour trading every day or three hour trading every day so this is the content as per 8 hours but we will further break it down into two two hours so this is what we are going to cover in this particular course we'll be talking about how can we set up Azure ad how can we set up identities we will be doing some Labs external identities hybrid identities again we'll be doing some Labs multiactor authentication user authentication conditional access identity protection planning for single sign on implementing single signon application registrations right and settlement management access reviews Pim monitoring aure ad this is what all we are going to cover in this particular course so as of now they have mentioned as per eight hours every day for four hours four days but we will break it down probably into 10 to 15 days right that is how we are going to cover things okay so this is how or this is what we to cover in this particular course now let me give you a brief demonstration that how actual training is going to be how actually we are going to cover things during the technical discussion so maybe for 10 15 minutes I'll give you a brief demonstration maybe I'll pick up one topic and I'll try to give a brief demonstration on on that particular topic right uh Team am I audible am I audible clearly to all of [Music] you guys am I audible clearly to all of you all right sounds good all so now let me give you a brief demonstration on one particular topic see guys first of all what is identity right as I mentioned nowadays whenever any person joins any organization the first thing organization try to do is it try to give an identity to that particular person right when Cloud was not there in picture how we were creating identities we were creating identities with the help of on premisis setup right when Cloud was not there in the picture how we were creating identities we were creating identities in the on premises in short right in short we can call this as on Prem as well on-prem is nothing but the data center environment where organized ations have set up their own data centers right so how do we create identities in on premises in on premises we have something called as Windows Server active directory that is how traditionally we were creating the identities so using this window server active directory we were creating the identities in the on premises right sometime people also call this as directory services in short people also call this as ad sometime call this is Windows Server it it is one and the same thing right this is synonyms now question comes how do we get this Windows Server adid right how do we get this Windows server ID on premises in the Enterprise world we have two types of operating [Music] system right in the Enterprise world we have two types of operating system so one is we have right so one is we have Windows operating system and one is we have Linux operating system if we further talk about the Windows operating system there are two types of Windows operating system one is what we called as client operating system and one is what we call as server operating system right so the examples of client operating systems and server operating systems are see client operating system is Windows 7 Windows 8 right so Windows 7 Windows 8 Windows 8.1 Windows 10 Windows 11 these are all examples of client operating systems similarly we have server operating systems like Windows Server 2019 Windows Server 2022 Windows Server 2016 so these are all examples of server operating systems right now if we want to get active directory we can achieve achieve active directory with the help of server operating system we cannot achieve active directory with the help of client operating system it can only be achieved with the help of server OS right so let's say we can have a machine it could be a physical machine it could be a virtual machine right so we may have a machine it could be a physical it could be a virtual machine in this machine we need to get a server operating system right so basically we need to have a virtual machine it could be a physical machine or it could be a virtual virtual server in this machine we need to deploy server operating system so let's say we deploy Windows Server 2019 when we Windows Server 2019 when we deploy a server operating system in This Server operating system we have something called as server manager right so we have something called as server manager as a name suggest with the help of server manager we can manage the entire server entire server can be managed with the help of the server manager when we go to the server manager here we will get something called as ADD roles and features now depending upon what role we are going to add in the server accordingly the server would be able to behave for example if we want to make this server as web server we can add the web server role if we want to make this machine as DNS server we can add the DNS role right similarly if we would like to get active directory we need to add this adds rule this rule we need to add adds stands for active directory [Music] domain service role this role we need to add right we need to add this ads so once we add this adds Ro then we get an option to promote the server to uh domain controller we get an option to promote the server to a DC domain controllers are very powerful machines so let's say we have a big environment where we have thousands of users thousands of devices we can manage thousands of users thousands of devices with the help of few domain controllers it can be managed right so we can promote the server to a domain controller when we will be promoting the server to a domain controller we will get three options are we adding a new Forest are we adding a domain into an existing forest or are we adding a domain controller into an existing domain right so are we adding a new forest or domain into an existing forest or domain controller into an existing domain if we are doing this activity for the very first time we will say that we are adding a new Forest so first of all we have to add a new Forest so when we see that we are adding a new Forest it says hey what is your Forest root domain name root domain name is the first domain of this Forest so whatever the first domain is it could be abc.com local.com infotech.com jen.com google.com microsoft.com whatever the domain we are using right so let's say my domain is jen.com
this is the first domain of the Forest jen.com right so what will happen now once all this is done this VM number one will be rebooted and after this reboot VM number one will be acting like a domain controller right so vm1 becomes a domain controller and earlier prior to the reboot VM number one was in a work group environment but after reboot this VM number one will now be in a domain environment and this becomes the fully qualified domain name vm1 jen.com this becomes the fqdn fully qualified domain name of this machine so now this machine is acting like a domain controller so we can go to server manager right again we can go to server manager in server manager we can go to tools we can go to active directory users and computers and we can create the on Prem users so on premises users can be created user number one at jen.com user
number two at jen.com so that is how we would be able to create the on premisis users that is how on premises users can be created right and where all this information is stored so we have something called as active directory database and this is the location to this database see Windows under Windows there will be a folder with the name NDS under NDS there will be a file with the name ntds.dit so this is our active directory database file this is the place where all the information is stored all the users they passwords their first name last name everything all the information is stored in this active directory database right this database has further got four logical partitions it has got schema partition configuration partition application partition domain partition right but we are not doing a deep dive into the on premisis directory so this is the active directed database that we have got now let me give you some information regarding this Forest right see guys so anyone who's new to this see how this forain domain controller come let's say Google is the first organization or Google is organization who's starting their business so what is the first thing Google will be needing so Google will be needing a forest let's say the forest is google.com right what is the benefit of this Forest Forest basically provide us an isolation boundary means whatever go will be deploying inside this Forest anyone outside the forest would not be able to access anything which is present inside the forest whatever database applications identities whatever Google will be creating inside this Forest they will basically get an isolation bound right any person outside the forest would not be able to access it okay all right right now what Google will do when they have got a forest now they will be getting a their first domain so let's say their first domain is we call it as Forest root domain right sometime people call this as primary domain but the precise name is Forest Ro domain who is the first domain of this Forest same as our forest that is google.com google.com is the
first domain of this Forest right now within this Forest we have got a root domain within this domain now Google will add some machines dc1 and dc2 dc1 and dc2 are nothing but the machines they could be physical machines it could be virtual machines which they have promoted as a domain controller and why they have to promote them as a domain controller because now let's say if Google has set up their domain now they will be hiring people let's say if they are hiring me today so what is the first thing they have to do they have to provide me an identity so j@ google.com how they will provide me an identity they need to have a domain controller this dc1 and dc2 is nothing but the machines that Google has promoted them to a domain controllers why we have multiple domain controllers for the high availability on a given day if dc1 is down dc2 would be able to do the job would be able to do the authentication authorization and so on right now let's say after 6 months Google is moving into one more line of Industry right so within the same Forest they may create one more domain so let's say today they decided that they will be going into this email industry so they have got one more domain that is gmail.com for gmail.com as well they will be hiring people so again they need to have some domain controllers so let's say they have got two domain controllers now let's say after one year they are moving into one more line of Industry so now let's say they are moving into audios and videos so they may have one more domain let's say youtube.com for that as well they need
to have a domain controller and then there is a concept of child domain so you can easily identify it's a child domain because whenever we have a child domain parent domain name will always come so let's say this our child domain Maybe us. youtube.com so in child domain parent domain name will always be there so youtube.com is a parent domain and us. youtube.com is a child domain so for this as well we can have domain controller so that is how we can have the domain controller so guys can you please tell me how many Forest do we have in this diagram how many Forest do we have in this diagram [Music] right we have one Forest absolutely correct how many domains we have in this [Music] diagram we have one Forest how many domains we have in this diagram okay basically we have four domains google.com is one domain gmail.com is second domain youtube.com is third domain and us. youtube.com is
also a domain although it's a child domain but that's a separate domain too so we have four domains right how many domain controllers we have in this diagram how many controllers do we have in this diagram so basically we have six domain controllers in this absolutely correct so in total we have got six controllers in this right that is how basically we can get the forest root and root that is how we basically create identities in the arises right okay guys anyone has any questions any queries so far regarding this technical discussion anyone has see you may have some other queries right but any questions regarding these topics that we have discussed so far okay so let's go we do not have any questions as of now let me give you a brief introduction uh can we have multiple Forest absolutely you may have multiple Forest if in case we need multiple Forest then we can set up multiple Forest right but usually you will find out organizations have a single Forest within the single Forest they may have multiple domains but if in case if in case you need to have multiple Forest then we can have multiple Forest now what is the difference between domain controller and domain see Ravi domain is like a logical component jen.com facebook.com it's like a logical entity domain controller is a machine domain controller see in one domain we can have multiple domain controllers so domain is like a logical entity domain controller is like a physical entity it's a virtual machine or it's a server on which we have added a specific rle and on that machine which has now become the domain controller we can create the identities so it's like a machine on which a special role has been assigned right think it like this think it like this Hospital what is hospital hospital is like a logical thing right hospital is basically a place where patients can get the treatment so in one hospital we can have multiple doctors right we may have multiple doctors so any person let's say I'm a person but in order for me to become a doctor what I have to do I have to study medicine for five years so similarly in order for a machine to become a domain controller we have to meet a prerequisite what is the prerequisite we have to add the adds role and then we have to promote the server to a domain controller right so we can turn a person into a doctor after a specific study similarly we can turn a machine into a domain controller but we have to meet some prerequisites hope you got the clarity uh sha I'm not sure which example you're asking for so maybe you can just raise your hand I can unmute you then you can put the question across but R hope you got the clarity the difference between domain controller and domain okay sounds good right now let me just give a brief introduction about the cloud identity right so this is how we create identities in the on premises so let's have a look how do we create identities in Cloud so in Cloud we have a service called as aure active directory that's a service in short people also call this as Azure ID in short people call this as a a now the name has been renamed to Microsoft entra ID right so now it has been renamed to Microsoft entry ID so if you hear someone saying Azure ID or Azure active directory Microsoft ENT ID one and the same thing right how do we get this we all know in order to create a user what do we need we need a usern name at domain name a domain is required without having a domain can we create the identity not possible right jitin facebook.com facebook.com is a
domain so we need to have a domain now how do we get domain in Cloud so how do we start the journey in Azure see whenever we are going with Azure think it like this guys let's say I want to send an email to my friend and while sending an email to my friend I would like to use G Gmail services so what is the first thing I need I need a Gmail account right let's say jittin and gmail.com is my account now I can go to Gmail portal I can go to www.gmail.com I can log in there and then I can send an email to my friend so if I want to use Gmail Services I will be needing a Gmail account similarly if I would like to use Azure Services right I will be needing an Azure account it could be my personal account jitin outlook.com or let's think it like this
let's say jin. sing outlook.com is my account or it could be my corporate account I'll give you examples with both right let's say this is my personal account traditionally what was happening traditionally when we were creating the account Microsoft was providing us two things Microsoft was providing us default directory and Microsoft was also providing us a domain because without a domain we would not be able to create the identities so how we were getting this domain from this Azure account Microsoft will remove these special characters so what are the special characters dot at again this do com is also a special character but it do not touches Doom because do is a top level domain doco doin dog right so these are all top level domains so what will be my domain it will remove the special correctors from this Azure account so jittin dot will be remov sync at will be removed Outlook and it always provide us a domain at onmicrosoft.com so this becomes a domain right so now we have got the domain can we create the cloud users or aure ad users or Microsoft ENT ID users so now we have have got the domain now we can create the users so how can we do this we can say test at username at domain name or let's say test 1 2 3 at domain name so that is how we would be able to create the identities in CL right let's take one more example this time May with the corate ID so let's say my Azure account is jitin facebook.com this is my Azure account so what Microsoft will be doing Microsoft will be providing us two things default directory and we'll be providing us a domain so what will be the domain it will remove the special characters right so jitin at will be removed facebook.on
microsoft.com right so this becomes our domain so now we have got the domain can we create the Cloud users yes you can create the cloud user maybe let's say user number one and so and so user number two so that is how we would be able to create the users in Cloud right that is how we get a directory and that is how we get the users in Cloud so that is how we can do things in Cloud as well see guys reason of doing this small demonstration is just wanted to give you an idea that how our actual training is going to be so in actual training this is how we will be discussing things this is how I will be explaining things to all of you and let's say while I'm explaining any technical question if in case you have any queries anything that you want to ask feel free to ask so there you can just unmute yourself and you can ask anything like whatever comes to your mind regarding the technical discussion you can ask that particular question as well right so just wanted to give you a brief uh demonstration right just wanted to give you a brief demonstration like how training is going to be so now guys I'm just uh opening questions and the answers around for you people right so if in case anyone of you has any question any queries regarding this particular training please feel free to ask right e e e e e okay guys I apologize for the inconvenience cost I think I got disconnected right U not sure like I think I just got dropped off so let me as I mentioned are been now creating users and devices in 28 so will not manage user on which uh let me just unmute you uh pushkar Sharma let me just unmute you uh please please go with your question uh pushkar please go with you hi yeah actually I was asking that we are now creating the users into the a a director directory and uh the users are already created uh on the on Prim ad which are not syned to uh a ad so does it not manage manage through IM see what we have to do whatever users we are creating in on premises if in case we want to synchronize those users to Cloud we can do that okay but then we have to use a tool we call them as hybrid identities then we use a tool called as Azure ad connect tool now it is called as Microsoft entri Connect by default the users are not synced we have to do this process so there is a process of creating the hybrid identity and with the help of azure connect tool it can be done right let's say you have 5,000 users in ones now maybe you have a requirement you only want to sing 500 users to Cloud we can do that as well so we have n number of users of those n number of users if we only want to sing some users that is also we can do hope you got the clarity your question yes yes thank you you're welcome so guys uh opening this questions and answers on for you as well anyone who has any questions any queries please feel free to ask I have also shared the contact detail of the person on this uh on my screen so Amit is the right guy who would be able to help you with the enrollment process for this particular training so his phone number is mentioned over here right so you can just take a picture or you can just pin down his number and you may reach out to him or any enrollment process so team any question anyone has any questions any queries anything yeah Shiva let me just unmute you or request you to please go ahead with your question just give me a minute so I have unmuted you please go ahead please go with your question uh yes J um last part you said right it will remove the dot andore about the domain right yeah can you please explain one more time actually I created my own personal Office 365 domain so I'm I'm not seeing this behavior Can you please explain on which which domain you have created I created Nur I mean Office 365 subscription I taken mhm so in that uh uh I see I see my name at the rate uh my domain name. onmicrosoft.com I'm seeing see so basically what would have happened when you will be going with the Office 365 account or office 65 license you could have used like this maybe let's say jin. sing at jin. onmicrosoft.com whatever you wish to use means this part is something that you can decide on your own this part and it will be coming do onmicrosoft.com
this is this will be happening when you will be creating an account with Su andu assuming you do not have any account see there are two things first when you are signing up for Office 365 or when you are signing up for Azure you would like to use your account this is your account or this could be your account you are using that account if you go with this method then you will get a domain like this this is how you will get a domain second is let's say I'm saying I do not have any email ID while I'm getting for an Azure account or while I'm getting for an office 65 so then it give you an option you can write your own email ID so this part you can write whatever you want you can write but this part will be given to us by Microsoft this account will be given to us by Microsoft so these are two options mostly people go with this option mostly I'm not saying always but mostly people go with this option right yeah now one more thing you can do on top of it see usually this is how we do not want to create the users so let's say if I am the first person in Facebook who is onboarding azure and let's say I have used this account jet facebook.com this is my domain let's say now we are hiring so many other people we don't want to create users like this maybe we would like to create users like this maybe let's say user number three at Facebook .c or user number 4 at facebook.com so we can do this as well how this can be achieved in Microsoft entra ID there is a feature called as custom domain names so we have to go to that feature we have to go to custom domain names and we have to add a custom domain name over there so which domain name we will be adding we will be adding facebook.com as a domain and then we have to verify that domain then we can even create users on this domain like this user 3@ facebook.com
and user 4@ facebook.com that can also of custom domain okay yeah yeah thank you Jan uh ragav uh I just showed you the modules over here so I just showed modules couple of minutes back yeah ra let me just unmute you yeah please go ahead okay yes I so um so you said you have already shared the module f it I can even look up in the Google um so uh this this actually it it covers most of the topic like like conditional access policy and everything for uh is there any like small projects kind of thing in SC300 to be done for any kind of certification or so there are so Labs that we will be doing so you can treat them as small projects or you can think of them as Labs so that is something we will be doing in this s300 there are good number of labs that we'll be doing oh okay all right yeah that's it and so how many days it so it will be taken on the weekend or it will be taken every day so in how many days it will be this will be done so usually this course will take somewhere around 24 hours so if we will be doing it on weekend and let's say every weekend we'll be spending two to three hours then it can take n number of days like for example let's say we are meeting for two hours every day then we will be needing 12 sessions right okay we we will be meeting for three hours every day then we will be needing eight sessions so it will be around 24 hours let's say we are doing this parall means we are doing this on weekends as well as on weekdays so in weekdays if we are doing it for again let's say for two hours every day again we'll be reading 12 sessions so we will be opting like we will be opening the trainings on both on week days as well as on weekends so depending upon your schedule depending upon your uh availability you can enroll for the right course means weekend or week days depending upon your availability okay all right thanks this is the course outline if in case you want to go through it again so I'll share this uh PDF with Amed he'll share it to all of you so this is the course content right this is a course Outlet this is all what we will be cover so module one implementing an management solution module two right implementing authentication and access solution right then we have module three implementing access management for apps then we have module four planning and managing in governance strategy right this is how we'll be covering things so totally four modules right so in there would be four module yeah in yeah number of modules are four but if you have a look at every module every module has has got so many subtopics right right right for example right these are all the subtopics that we'll be covering yeah got it got it still belongs to module one okay so there are so many topics to be covered in module one all right Jia got it yeah thanks all right okay anyone else team has any questions any queries okay so guys uh please pin down the name of the gentleman who would be able to help you with the enrollment process so Amit is the name of the guy I have shared his number over here right so let me share this number on chat as well so I'm just sharing his number on the chat window as well so anyone who would like to uh enroll just can talk with this person he's the right guy to help you with the enrolling process so team if you have any questions uh see uh n man AZ 500 has are different topics Al together EZ 500 talks about the Azure security it talks about networking network security identity security container security kubernetes security right application security so basically uh a 500 talks about the Azure security a300 talks about the identity and access management so these are two different courses completely right hope that answers your query no thank you so guys uh as we do not have any further questions so would like to thank you all and we can wind up here so thank you all for giving your valuable time it was really nice interacting with all of you right so for the enrollment you can just reach out to this guy I've already shared his number uh on PowerPoint as well as via chat as well if you have any questions any queries you can connect with Amit and maybe he can connect uh you with the the right person right so would like to thank you all for giving you valuable time it was really nice interacting with all of you would uh have a good weekend ahead and look forward to see you on the training dates thank you team I'm stopping the screen sharing I'll be stopping this recording and we'll be uh dropping the all will be just closing this call as well right so again would like to thank you all have a good rest of the day take
2024-07-08 23:51