- Learn how to use multifactor authentication with Microsoft Entra ID to harden your user accounts.
In this module, you will:
- Learn about Microsoft Entra multifactor authentication.
- Create a plan to deploy Microsoft Entra multifactor authentication.
- Turn on Microsoft Entra multifactor authentication for users and specific apps.
- There are multiple options for authentication in Azure AD. Learn how to implement and manage the right authentications for users based on business needs.
By the end of this module, you will be able to:
Administer authentication methods (FIDO2 / Passwordless)
Implement an authentication solution based on Windows Hello for Business
Configure and deploy self-service password reset
Deploy and manage password protection
Implement and manage tenant restrictions
- Conditional Access gives a fine granularity of control over which users can do specific activities, access which resources, and how to ensure data and systems are safe.
By the end of this module, you will be able to:
Plan and implement security defaults.
Plan conditional access policies.
Implement conditional access policy controls and assignments (targeting, applications, and conditions).
Test and troubleshoot conditional access policies.
Implement application controls.
Implement session management.
Configure smart lockout thresholds.
- Protecting a user's identity by monitoring their usage and sign-in patterns will ensure a secure cloud solution. Explore how to design and implement Microsoft Entra Identity protection.
By the end of this module you're able to:
Implement and manage a user risk policy.
Implement and manage sign-in risk policies.
Implement and manage MFA registration policy.
Monitor, investigate, and remediate elevated risky users.
- Explore how to use built-in Azure roles, managed identities, and RBAC-policy to control access to Azure resources. Identity is the key to secure solutions.
By the end of this module, you'll be able to:
Configure and use Azure roles within Microsoft Entra ID
Configure and managed identity and assign it to Azure resources
Analyze the role permissions granted to or inherited by a user
Configure access to data in Azure Key Vault using RBAC-policy
- The modern workforce transitioned from traditional office settings to working from nearly anywhere. This change in working location necessitates an identity-aware, cloud-delivered network perimeter. This identity-aware perimeter is known as Security Service Edge (SSE). The Microsoft SSE solution includes Microsoft Entra Internet Access and Microsoft Entra Private Access, collectively referred to as Global Secure Access. This solution is founded on Zero Trust principles, emphasizing least privilege, explicit verification, and an assumption of breach to ensure security in the cloud era.
By the end of this module, you are able to:
Define Global Secure Access and its components.
Explore deployment and configuration of Microsoft Entra Internet Access.
Explore deployment and configuration of Microsoft Entra Private Access.
Use the Global Secure Access Dashboard to monitor your systems.
Configure Remote Networks.
Create Conditional Access policies to protect your networks, data, and applications.
