Scribd
Upload
35 views4 pages

SC-900 Resume - 3

The document outlines the capabilities of Microsoft Identity and Access Management solutions, focusing on identity principles, authentication methods, access management, and identity protection. Key features include Single Sign-On (SSO), Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), and Microsoft Entra ID functionalities. It emphasizes the importance of secure authentication, access control, and identity lifecycle management to mitigate risks and enhance user experience.

Uploaded by

userg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
35 views4 pages

SC-900 Resume - 3

The document outlines the capabilities of Microsoft Identity and Access Management solutions, focusing on identity principles, authentication methods, access management, and identity protection. Key features include Single Sign-On (SSO), Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), and Microsoft Entra ID functionalities. It emphasizes the importance of secure authentication, access control, and identity lifecycle management to mitigate risks and enhance user experience.

Uploaded by

userg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

SC-900 Module 2: Describe the Capabilities

of Microsoft Identity and Access


Management Solutions
1. Identity Principles and Functions
Identity Principles (Concepts)

 Identity → A digital representation of a user, device, or app.


 Authentication → Verifies identity (e.g., password, MFA).
 Authorization → Grants or denies access based on policies.
 Access Control → Ensures users have the right level of access.

Identity Functions (Actions performed by identity systems)

 User Authentication → Ensures only authorized users access resources.


 Access Management → Controls permissions using policies like RBAC.
 Identity Protection → Detects and mitigates identity risks.
 Lifecycle Management → Automates user provisioning and deprovisioning.

2. Authentication Capabilities
2.1 Describe Authentication Methods

 Single Sign-On (SSO) → One login for multiple apps and services.
 Passwordless Authentication → Uses FIDO2 security keys, biometrics, or
Authenticator app instead of passwords.
 Windows Hello for Business → Uses PIN or biometrics for secure authentication.

2.2 Describe Multi-Factor Authentication (MFA)

 MFA → Requires multiple authentication factors (e.g., password + SMS code).


 Methods:
o Something you know → Password, PIN.
o Something you have → Authenticator app, FIDO2 security key.
o Something you are → Fingerprint, face recognition.

2.3 Describe Password Protection and Management Capabilities


 Azure AD Password Protection → Blocks weak or leaked passwords.
 Self-Service Password Reset (SSPR) → Users can reset their passwords securely.
 Smart Lockout → Detects and blocks brute-force login attempts.

3. Access Management Capabilities


3.1 Describe Single Sign-On (SSO) Capabilities

 SSO → One authentication grants access to multiple applications.


 Benefits → Improves security and user experience.

3.2 Describe Conditional Access

 Conditional Access → Enforces security policies based on risk signals (user, device,
location).
 Examples:
o Require MFA for high-risk sign-ins.
o Block access from unknown locations.

3.3 Describe Role-Based Access Control (RBAC)

 RBAC → Assigns permissions based on predefined roles (e.g., Admin, Reader).


 Principle of Least Privilege → Users get only the access they need.

3.4 Describe Workload Identities

 Workload Identities → Secure authentication for apps, services, and automation.

4. Identity Protection and Governance Capabilities


4.1 Describe Microsoft Entra ID Protection

 Entra ID Protection → Detects risky sign-ins and compromised accounts.


 Risk Policies:
o Sign-in risk (e.g., unusual location).
o User risk (e.g., leaked credentials).

4.2 Describe Privileged Identity Management (PIM)

 PIM → Provides temporary, just-in-time (JIT) admin access.


 Reduces Risk → Prevents over-privileged accounts.

4.3 Describe Access Reviews

 Access Reviews → Periodically verify if users still need access.

4.4 Describe Identity Lifecycle Management

 Automates user provisioning based on roles and group memberships.


 Removes access automatically when an employee leaves.

5. Microsoft Entra ID Capabilities


5.1 Microsoft Entra ID (Azure AD)

 Manages user identities and access to resources.


 Supports hybrid identity (on-prem + cloud).

5.2 Microsoft Entra Permissions Management

 Monitors and controls permissions across multi-cloud environments (Azure, AWS,


GCP).

5.3 Microsoft Entra Verified ID

 Issues verifiable digital credentials to confirm identities securely without storing


unnecessary personal data.
 Example: A company issues an employee a Verified ID instead of storing ID card
details.

5.4 Microsoft Entra Workload ID

 Protects non-human identities (apps, services, automation).

Summary Table

Category What it Covers Examples


Identity Principles & Authentication, Authorization, Access
Concepts and core functions
Functions Control
Authentication Secure authentication MFA, SSO, Passwordless, FIDO2
Category What it Covers Examples
Capabilities methods
Access Management Controlling access to
RBAC, Conditional Access, SSO
Capabilities resources
Identity Protection & Detecting and managing PIM, Identity Protection, Access
Governance identity risks Reviews
Microsoft Entra ID Permissions Management, Verified
Features of Entra ID
Capabilities ID, Workload ID

You might also like