Microsoft Identity SC-300 Exam Dumps, Practice Test Questions

100% Latest & Updated Microsoft Identity SC-300 Practice Test Questions, Exam Dumps & Verified Answers!
30 Days Free Updates, Instant Download!

Microsoft SC-300 Premium Bundle
$54.98
$44.99

SC-300 Premium Bundle

  • Premium File: 186 Questions & Answers. Last update: Jan 28, 2023
  • Training Course: 43 Video Lectures
  • Latest Questions
  • 100% Accurate Answers
  • Fast Exam Updates

SC-300 Premium Bundle

Microsoft SC-300 Premium Bundle
  • Premium File: 186 Questions & Answers. Last update: Jan 28, 2023
  • Training Course: 43 Video Lectures
  • Latest Questions
  • 100% Accurate Answers
  • Fast Exam Updates
$54.98
$44.99

Download Free SC-300 Exam Questions

File Name Size Download Votes  
File Name
microsoft.passcertification.sc-300.v2022-11-24.by.ellis.62q.vce
Size
1.69 MB
Download
100
Votes
1
 
Download
File Name
microsoft.realtests.sc-300.v2021-11-16.by.mason.57q.vce
Size
1.58 MB
Download
471
Votes
1
 
Download
File Name
microsoft.testking.sc-300.v2021-09-10.by.william.54q.vce
Size
1.73 MB
Download
532
Votes
1
 
Download
File Name
microsoft.actualtests.sc-300.v2021-07-27.by.heidi.201q.vce
Size
1.8 MB
Download
569
Votes
1
 
Download
File Name
microsoft.pass4sure.sc-300.v2021-05-21.by.robyn.43q.vce
Size
1.37 MB
Download
662
Votes
1
 
Download
File Name
microsoft.testking.sc-300.v2021-04-16.by.santiago.31q.vce
Size
1.07 MB
Download
727
Votes
2
 
Download

Microsoft SC-300 Practice Test Questions, Microsoft SC-300 Exam Dumps

With Examsnap's complete exam preparation package covering the Microsoft SC-300 Practice Test Questions and answers, study guide, and video training course are included in the premium bundle. Microsoft SC-300 Exam Dumps and Practice Test Questions come in the VCE format to provide you with an exam testing environment and boosts your confidence Read More.

Configure and Manage Identities

2. Create and Manage Groups

So in this video, we're going to talk about the concept of groups. So groups are a fairly simple concept. It's really just a way of grouping a bunch of related users together. Now within Azure Ad, I don't really consider this to be a security concept. It's not like you're grouping individuals and that's going to restrict their permissions, more or less. You're basically able to operate in groups. When we get into assigning permissions, we can operate groups according to the group that they're in. You can do bulk operations against a group, but it's really just a way of grouping likeminded people together. So I'm in the group section and I said "new group." And we can see that there are really two concepts. One is the security group, which is in the AzureAd, and the other would be more of a Microsoft365 group if you're going to be working together in SharePoint or on Teams or in Outlook, etc. But let's talk about a security group, the purpose of this course. So in my Azure ad, I have a group of teachers and a group of students. So the most logical concept is to have teachers in one group. I can call this a group of teachers and students in one. Now you see this flag right off the bathere, whether or not I'm going to allow AzureAd roles to be assigned to the group. So, if I leave this as the default, which I do not, this is simply a collection of individuals. But it's not a security concept. If I said yes, then I can assign roles to this group, and all of the people that are part of that group inherit those permissions. So I'm going to say yes just for the sake of this. You could assign your owners and members right now,but I'm going to leave that follow up. So as you can see, a little pop up says once you've set this to yes, you can't set it back. So this is a permanent choice. So now I have a teacher's group that is allowed to have roles assigned to it. might as well create a student group, make it the same and say "create and accept." So right now I have a couple of empty groups. If I go into the teachers' group, I can see that there are literally no members in it. If I go under member, I can start to look for a teacher. And in my Azure Ad, I've got three teachers: one, two, and three. And so those people can be all part of the teachers' group. If I go back up and go into the students' group, I can also add members and remember students. Now I'm going to just put one, two, and three. And we can deal with the others in a different way. So I have two groups, and each of them has three members. Now groups also have this concept of owners. Now owners of a group are able to manage the group,but they don't actually have to be part of the group.So I can assign the teachers as the owners of this group. So they can actually add and remove members, but they're the ones that are receiving the permissions or are being acted on in bulk as being part of the group. So they have ownership rights to just this group. Now, if we see the effect of all these assignments on the membership, we go back to the tenant. Getting into users, let's look at teacher number one. And now we can see that they are listed as a member of the teachers' group. Even though they're also owners of the student group,they are members of the teacher's group. Alright, let's go back to the groups here, and I'll show you one final thing when it comes to groups. So we created two groups, and these are called assigned groups. You can see the membership type isassigned, and they're called that because we've manually chosen the members of the group. We've added the three teachers, and unless we manually remove one of the teachers or we manually add additional teachers, that's the only way the membership of this group changes. There is a concept of a dynamic group. So let's go into a new group. We're going to form a third group here, and within that group, we'll form a group that we'll call a student's part two. But in this case, instead of it being an assigned group, we can call it a dynamic group. Now, the dynamic group requires that we create a query that will determine who gets to be part of the students' part two group. In this particular case, I can see that their username, let's see if they have a username, contains the word student. So if you have the word student in your username,then we will accept you as part of this group. And so I can say, create. What should happen is that all of the existing students should be added to this group. But if we create a new user with the word student in the name, then they will also be automatically added to the group instead of the students' group, which means you have to manually assign the student to the group. Now, doing this is dependent on the username and is a bit not realistic, but there are other fields within your query where you could have the departmentID, job title, location, etc. There are various properties of a user that we saw earlier that you can create groups based on the contents of those properties that come from, let's say they come from your onpremises active directory. And so we've seen that we can create groups that are optionally going to be used to assign roles to but notby default, that are both assigned and dynamic groups.

3. Assign Azure AD Premium Licenses to Users

So next up, we're going to talk about licensing. We remember that we were previously on the free plan, and we did a 30 day trial upgrade to Azure Ad Premium P Two to enable certain features like custom roles. If we go under your tenant, there is a menu item called "licenses." And if you say all products, we can see that in this particular case, I am on the P Two plan. But there is this concept of licenses, and you can see that I'm given 100 total licenses. There are four P: two and zero have been assigned, and 100 are available. So what does that all mean? In order to understand that, we need to go to the Microsoft documentation. So let's look at the pricing first. So if you go to the Azure website for pricing, you will see that there is obviously the free plan that most of us were on when we first created our tenant. And the P Two plan runs at $9 per user per month on an annual commitment. So, after the 30-day free trial period, we'd have to pay around $900 per month to licence all 100 licences assigned to us. Now what do we get with this P two? Let's go to the documentation for that. So let's look at the feature comparison. For your free plan, you're going to get the basic tenant, including MFA. And for MFA, you're going to be forced to use the mobile app as your second factor. So if you log in, you have to get a code from the Azure Mobile App. The global administrator, which is you, if you created the tenant, gets the option of a phone call or SMS, but only the global administrator gets that. When we upgrade to the P Two option, we can see that there are other features, including SMS and phone for everyone, fraud alerts, MFA reports, phone calls, custom greetings, trusted IP addresses, and other features. And this is only under the MFA option. If we look at other features like passwordreset, we can see there are other benefits you get from password reset, et cetera. The good news, I guess, is that you don't have to licence all your users under this plan. So, for instance, in the case of the AzureP Two, maybe I only want the teachers to have this MFA SMS option, or when a self-service password reset or all these other features. So I can go into the P Two, I can say Assign, and I can manually add the people who I want to use licences for. So I'm willing to pay that $9 a month. If I don't choose them, then they're still operating under the limits of the free plan, which is fine. So this is actually pretty good. You don't have to licence every user in your Azure Active Directory. We also have the ability to licence the entire group. So if I remove this and I choose the teachers' group that is basically using the same three licences for that group, it simplifies licence management in this particular sense. So you can see that I am using up my licence for the P two tier and Microsoft MFA. If you want to turn off and on these types of features, then you can do that here. Sign-in options There's a processing step. Azure P Two is four out of four enabled signs. Of course, it's not instantaneous, so we can basically say this is again the trial option. But when you do upgrade to this, you can choose to only put certain users, like your administrators and your highly privileged users, under PTU for the additional security benefits,while your non-highly privileged users can still stay on the free plan. You do have the choice of who gets assigned under what license. Now if you want to see which features are included in your licenses, going into the License Features section gives you that elimination, right? So we can see there's a limit of 5000 objects in the free licence and no limit for the other licenses. Now these are the features that are licensed: single sign-on userprovisioning, self-service password reset, cloud sync. We can learn more. And clicking on this often takes us to the page where we can then manage our groups. In that particular case, Group Access Management takes us to the group section. Multi-factor Authentication takes us to the MFA section. It's actually a good navigation feature as well. So these are all of the things you can get with your, in this case, P Two license, and see which users you're going to want to have these features and the rest of them don't need to pay for them.

External Identities

1. External Collaboration Settings

So in this section of the course, we're going to be talking about the concept of external identities. Now you'll remember when we were creating users in the previous section, there was this mysterious button that said "New Guest User." Or when you go into the new user section, we have the ability to invite a user to collaborate with us. And so what we're talking about is called external identities. Within Microsoft Azure, there are two general categories of external identities. One, you can think of as business users. These are your partners, the people that you have a certain amount of trust with and who you need to collaborate with. You can collaborate with them in SharePointMicrosoft teams or within your own application. The other type of user you may have a little bit less trust in is These are people who have social media accounts. These are your Google account, your Facebook account, and even your Microsoft account. These are your end users. So if you have an application and anyone is allowed to sign up for it, let's say they can use their social media account to sign in for your application. And so Microsoft used to call these two categories, broadly, B to B collaboration, which is your partners, business to business, and B to C collaboration,which is the end users, or business to consumer. Microsoft Azure supports both types of collaboration. And we're going to see in this section of the course talking about how to invite users into your Azure ad, how to collaborate with these people, various settings to have additional social media applications or additional identity providers. So let's go. To start off in the external collaboration settings tab, we see here three major categories of settings. The first is guest user access. Now, guest user access basically means that the people you invite to your Azure ad as guests have the same access as members. And specifically, can they see which groups that they belong to? Can they view other groups, and is there any restriction on what they can see compared to what a full member can see? And you've got a very open policy versus a little bit more restrictive policy, and they can only see their own membership, but they can't see who else is a member of the same group as them, right? So we can sort of pick the access policy for memberships. The second one has to do with the ability for people to invite guests by default. We can see that anyone that's in this organization,which is the students, the teachers, and the latest users that I've created, is allowed to invite other users, including guests, to join this Azure ad. There are very specific admin roles. So there's a guest invite role that someone can get that allows them to have this. Only actual admin roles or specific admin roles can invite users, so no one can invite guest users. So we can see here that this is kind of an important setting. Do you want anyone in your organisation to be able to invite other users into Azure ads? I think that you'd want to turn this up a little bit into a more restrictive setting. Finally, whom are you allowed to invite? So if you have the permission to invite a user, can you invite any user worldwide? Is there a deny list where certain domains are not allowed to be part of your organization? Or do you have an allow list where only specific domains are going to be allowed to enter your organization? This might seem like a smart setting if you know that you have a handful of partners that you work with and don't want anyone from any domain to be part of it. Or maybe you want to specifically deny certain known, like, you know@yahoo.com, email addresses. Maybe there's something you have against users who are using certain email domains, but certainly the middle one seems like the most important of the settings to see who can be allowed to invite external users. So those are the three settings that you have for setting up your external identities and coming up with videos. We're going to show you how that works when you invite someone and set up social media sign-ups as well. So come back for that.

2. Invite External Users

So let's have a look at these guest users. I'm in my tenant, in which I'm a global administrator, going to users. There are a couple of ways to get to this. One is that there's a shortcut for new guest user right on this page, or I can say new user and invite guest user from within that dialogue. So I'm going to see if there's a new guest user and you can see the new user's dialogue with this invited user. So in this dialogue here, we're going to basically fill in some details and that's going to triggeran invitation to be emailed to this other person, and then they can accept that invitation and be recognised as part of your development tenant. So I'm going to create myself a test user here. In terms of the email address, you're going to have to provide an external email address that's not part of your tenant. It's not one of your recognised domain names. It's going to be a third-party domain. It could be a hotmail or gmail third-party company. We're going to fill in an email address here, and when we click Send, it's going to send the invitation to this person. Alright? So I'm going to fill in a little message and we're going to say invite. So that's going to send off an invitation to the email address of the person that we just invited. Now the person that you invited is going to receive an email saying that your tenant has invited you to access applications within their organization. And so you can accept that invitation by clicking the Accept invitation button in the email. Now we have a pretty familiar permission request from Microsoft. Please note that they do say that it's not a Microsoft invitation, it's actually from an organization. So this other organisation would like to essentially allow you to join their organization, which I guess is what we're intending to do. So I can say "accept." Once you've logged in, there's nothing for you to see. We haven't really talked about assigning permissions to this user. Assigning applications There is this dashboard concept. You can see we customised it with a logo earlier in this course. But we do have this dashboard concept, but this specific user doesn't have access to any applications. And so we'll have to assign them at least one application in order for them to see this. So why don't we do that? So go back to the classroom and let's look at enterprise applications. And you can see that there are Skype and Outlook groups and things like that. We can certainly pick another application, a third-party application such as SAP or Adobe Creative Cloud. These are enterprise-related applications that we can allow people to validate through our tenant. Basically, these applications can use Azure Active Directory as their identity service. So these are companies that have modified their applications. Azure Active Directory is a valid identity source. It seems like doing that has broken my heart, but it should be okay. All right, so if I refresh this now, if we go into the application here within the Enterprise app, you'll see that there's sort of a sequence of events. The first thing we're going to want to do is we're going to want to assign the users to this application. I've already assigned this test user, but you're going to have to go in here and say, "Add user group." And then you're going to assign your new guest user to that. And the next thing we're going to have to do is we're going to have to tell Azure How is this person going to authenticate? And so we're going to say, during Adobe Creative Cloud, how is it going to authenticate? We have the option between not allowing theauthentication, which was the default, or choosing Sam'lauthentication, which is what I'll choose. And we can sort of see that this is here. And now When we go back to the user's dashboard,my applications are logged in as the testuser, and we can see that Adobe Creative Cloud has been granted access to it. And there's actually a way to sign in to the Creative Cloud using SAML authentication. So now we've seen that we can invite external users into our Active Directory. Not as full members of our organization. However, as external users and those granted access to external applications which could be Skype, OneDrive, LS 365, and things like that. Or our own internal applications. which we haven't developed yet. But we could have developed our own applications that other outsiders needed access to. Azure ads as their back-end authentication.

ExamSnap's Microsoft SC-300 Practice Test Questions and Exam Dumps, study guide, and video training course are complicated in premium bundle. The Exam Updated are monitored by Industry Leading IT Trainers with over 15 years of experience, Microsoft SC-300 Exam Dumps and Practice Test Questions cover all the Exam Objectives to make sure you pass your exam easily.

Comments (0)

Add Comment

Please post your comments about Microsoft Exams. Don't share your email address asking for SC-300 braindumps or SC-300 exam pdf files.

Add Comment

Purchase Individually

SC-300  Premium File
SC-300
Premium File
186 Q&A
$43.99 $39.99
SC-300  Training Course
SC-300
Training Course
43 Lectures
$16.49 $14.99

Microsoft Certifications

UP

LIMITED OFFER: GET 30% Discount

This is ONE TIME OFFER

ExamSnap Discount Offer
Enter Your Email Address to Receive Your 30% Discount Code

A confirmation link will be sent to this email address to verify your login. *We value your privacy. We will not rent or sell your email address.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.