Microsoft Identity and Access Administrator med Information Protection Administrator. 2 x 4 dage

Modul 1)

Formål
This Module improves your ability to accomplish the following technical tasks: implement an identity management solution; implement an authentication and access management solution; implement access management for apps; and plan and implement an identity governance strategy.

Beskrivelse
The Microsoft Identity and Access Administrator designs, implements, and operates an organization’s identity and access management systems by using Azure Active Directory (Azure AD). They manage tasks such as providing secure authentication and authorization access to enterprise applications. The administrator provides seamless experiences and self-service management capabilities for all users. Adaptive access and governance are core elements to the role. This role is also responsible for troubleshooting, monitoring, and reporting for the identity and access environment.

The Identity and Access Administrator may be a single individual or a member of a larger team. This role collaborates with many other roles in the organization to drive strategic identity projects to modernize identity solutions, to implement hybrid identity solutions, and to implement identity governance.

This Module would also be helpful to an administrator or engineer that wants to specialize in providing identity solutions and access management systems for Azure-based solutions; playing an integral role in protecting an organization.

Module 1: Implement an identity management solution

Learn to create and manage your initial Azure Active Directory (Azure AD) implementation and configure the users, groups, and external identities you will use to run your solution.
Lessons
Implement Initial configuration of Azure AD
Create, configure, and manage identities
Implement and manage external identities
Implement and manage hybrid identity
Lab : Manage user roles
Lab : Setting tenant-wide properties
Lab : Assign licenses to users
Lab : Restore or remove deleted users
Lab : Add groups in Azure AD
Lab : Change group license assignments
Lab : Change user license assignments
Lab : Configure external collaboration
Lab : Add guest users to the directory
Lab : Explore dynamic groups

Module 2: Implement an authentication and access management solution

Implement and administer your access management using Azure AD. Use MFA, conditional access, and identity protection to manager your identity solution.
Lessons
Secure Azure AD user with MFA
Manage user authentication
Plan, implement, and administer conditional access
Manage Azure AD identity protection
Lab : Enable Azure AD MFA
Lab : Configure and deploy self-service password reset (SSPR)
Lab : Work with security defaults
Lab : Implement conditional access policies, roles, and assignments
Lab : Configure authentication session controls
Lab : Manage Azure AD smart lockout values
Lab : Enable sign-in risk policy
Lab : Configure Azure AD MFA authentication registration policy

Module 3: Implement access management for Apps

Explore how applications can and should be added to your identity and access solution with application registration in Azure AD.
Lessons
Plan and design the integration of enterprise for SSO
Implement and monitor the integration of enterprise apps for SSO
Implement app registration
Lab : Implement access management for apps
Lab : Create a custom role to management app registration
Lab : Register an application
Lab : Grant tenant-wide admin consent to an application
Lab : Add app roles to applications and recieve tokens

Module 4: Plan and implement an identity governancy strategy

Design and implement identity governance for your identity solution using entitlement, access reviews, privileged access, and monitoring your Azure Active Directory (Azure AD).
Lessons
Plan and implement entitlement management
Plan, implement, and manage access reviews
Plan and implement privileged access
Monitor and maintain Azure AD
Lab : Creat and manage a resource catalog with Azure AD entitlement
Lab : Add terms of use acceptance report
Lab : Manage the lifecycle of external users with Azure AD identity governance
Lab : Create access reviews for groups and apps
Lab : Configure PIM for Azure AD roles
Lab : Assign Azure AD role in PIM
Lab : Assign Azure resource roles in PIM
Lab : Connect data from Azure AD to Azure Sentinel

Modul 2)

Formål
Modulet klæder dig på til at håndtere og administrere følsomme data fx under hensyn til GDPR, og du introduceres til værktøjer som sensitivity labels og DLP policies.

Beskrivelse
GDPR er en term, som har fyldt enormt meget de seneste fem år, og med rette! Hvis vi skulle udvælge ét modul i vores portefølje til IT-medarbejderen, som skal være helt skarp inden for GDPR og datahåndtering til opfyldelse af branche- og lovmæssige standarder, så er det her modulet

Med sensitivity labels kan følsomme data øremærkes, så de ikke kan distribueres eller lækkes uhensigtsmæssigt, og dokumenter samt mails kan krypteres. På modulet får du erfaring med selv at oprette og administrere forskellige typer af sensitivity labels, så du får best-practices med hjem fra modulet.

Indhold
Module 1: Implement Information Protection in Microsoft 365

Organizations require information protection solutions to protect their data against theft and accidental loss. Learn how to protect your sensitive information. Learn how Microsoft 365 information protection and governance solutions help you protect and govern your data, throughout its lifecycle - wherever it lives, or wherever it travels. Learn about the information available to help you understand your data landscape and know your data. Learn how to use sensitive information types to support your information protection strategy. Learn about how sensitivity labels are used to classify and protect business data while making sure that user productivity and their ability to collaborate are not hindered.
Lessons
Introduction to information protection and governance in Microsoft 365
Classify data for protection and governance
Create and manage sensitive information types
Describe Microsoft 365 encryption
Deploy message encryption in Office 365
Configure sensitivity labels
Apply and manage sensitivity labels
Lab : Implement Information Protection
Assign permissions for compliance
Manage Office 365 message encryption
Manage Sensitive Information Types
Manage Trainable Classifiers
Manage Sensitivity Labels
.

Module 2: Implement Data Loss Prevention in Microsoft 365

In this module we discuss how to implement data loss prevention techniques to secure your Microsoft 365 data. Learn how to discover, classify, and protect sensitive and business-critical content throughout its lifecycle across your organization. Learn how to configure and implement data loss prevention policies and integrate them with Microsoft Cloud App Security. Learn how to respond to and mitigate data loss policy violations.
Lessons
Prevent Data loss in Microsoft 365
Implement Endpoint data loss prevention
Configure DLP policies for Microsoft Cloud App Security and Power Platform
Manage DLP policies and reports in Microsoft 365
Lab : Implement Data Loss Prevention
Manage DLP policies
Mange Endpoint DLP
Test DLP policies
Mange DLP reports
.

Module 3: Implement Information Governance in Microsoft 365

In this module you will learn how to plan and implement information governance strategies for an organization. Learn how to manage your content lifecycle using solutions to import, store, and classify business-critical data so you can keep what you need and delete what you don't. Learn how to manage retention for Microsoft 365, and how retention solutions are implemented in the individual Microsoft 365 services. Learn how to use intelligent classification to automate and simplify the retention schedule for regulatory, legal, and business-critical records in your organization.
Lessons
Govern information in Microsoft 365
Manage data retention in Microsoft 365 workloads
Manage records in Microsoft 365
Lab : Implement Information Governance
Configure Retention Labels
Implement Retention Labels
Configure Service-based Retention
Use eDiscovery for Recovery
Configure Records Management

Forbehold for ændringer efter publisering