Using the previous name, Azure AD, in the lab
Lab 01, 02, 10, 27

Lab: 12

Description of issue

Typo on this line "IMPORTANT - An Azure AD Premium license is need for this exercise."

Module: 4

Lab/Demo: 19

Task: 02

Intro unclear
Step 1 I don't think is a step
Step 2 Unnecessary as you are already in the ap.
Step 5 Unclear what to do if anything - no detail as to what app to select.

Task: 03 Steps 7 and 8 there is nothing to skip from the previous step.

Task: 04 .......missing

Task: 05 (Should be 04?)

Steps 1 and 2 unnecessary if following through the lab as you are already there.
Step 5 the suggested alternative URI doesn't work. Possibly better to simply accept the default.

Exercise 2 - is this necessary - I consider this to be more relevant to enterprise app mgmt (but could be wrong). I think previously the lab got you to create an app role within the app which I consider to be nicer to do....then this could be followed through by going to the enterprise app, adding a user and seeing the role you have just created.

Module: 3

Lab/Demo: 10

Task: 5

Step: 7

Description of issue Since RDP does not support MFA you cannot logon as the AzureAD user Joni.
Repro steps:

1.Followed the lab exactly as written but JoniS cannot logon. I tested it on my personal subscription that does not require MFA and it works.
1.
1.

Lab/Demo: 10

Task: Select on Create under Ubuntu Server 18.04 LTS in the Popular view.

Step: 3

18.04 LTS no longer exists, Please change the dialog as some setting are different or have changed.

Module: 00

Lab/Demo: 06

Task: 00

Step: 03

Description of issue
Do NOT have attendees use the "Sales and Marketing" group. It contains many members and it exhaust all the licenses. Then in the next lab, no licenses will be available to assign, leading to an error.

Change the steps from stating "For example" to stating "Pick the 'Finance Team' group"

Repro steps:

Module: 00

Lab/Demo: 07

Task: 'Create a new user in Azure Active Directory'

Step: 05

Description of issue

In 'Lab 07: Change user account license assignments', task 'Create a new user in Azure Active Directory', Step 5, the user is referred to as 'Chris Green', when it should be 'Dominique Koch'.

Could you rewrite the labs to Entra UI

Lab/Demo: 16

Task: 05

Step: 02

Description of issue
Unable to execute the command

Repro steps:

1. Perform all pre-requisite steps and execute the PowerShell command

Module: 03

Lab/Demo: 18

Task: 2

Step: 00

Description of issue

Lab does work as written, after completing Task 1. Task 2 does not recognize the Conditional Access policy create. It reports there are no policies. Can not complete Task 2 of the lab.

Module: 01

Lab/Demo: 00

Task: 00

Step: 00

Description of issue

Step needd to be added to ask the learner to add address information in order to redeem the azure pass.

Module: 01

Lab/Demo: 07

Task: 3: Purchase a custom domain name

Step: 08 - 12

Description of issue
App Service Domain deployment fails with the following error.
Repro steps:

Module: 01

Lab/Demo: 01

Task: 2

Step: 6

Description of issue
User CAN add an application here......the notes say they would not be able to....
Repro steps:

Lab 07: Add Hybrid Identity with Azure AD Connect

Exercise 1 / Task 1

Step 6

Deployment of the Template failed. Seems there is a problem with the Powershell DSC Extension!

Resource ADDC failed. Status message is:
{
"status": "Failed",
"error": {
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
"details": [
{
"code": "Conflict",
"message": "{\r\n "status": "Failed",\r\n "error": {\r\n "code": "ResourceDeploymentFailure",\r\n "message": "The resource operation completed with terminal provisioning state 'Failed'.",\r\n "details": [\r\n {\r\n "code": "VMExtensionProvisioningError",\r\n "message": "VM has reported a failure when processing extension 'InstallDomainController'. Error message: \"DSC Configuration 'CreateADPDC' completed with error(s). Following are the first few: The password supplied to the Desired State Configuration resource MSFT_xADDomain is not valid. The password cannot be null or empty. The SendConfigurationApply function did not succeed.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionDSCWindowsTroubleshoot "\r\n }\r\n ]\r\n }\r\n}"
}
]
}
}

Module: 01
Lab/Demo: 07
Task: 3: Purchase a custom domain name
Step: 08 - 12
Description of issue
App Service Domain deployment fails with the following error.

We cannot buy a domain with a azure pass ???!!!!
So why creating this so long lab and to stop !!!!!

Thanks

Module: 04

Lab/Demo: 31

Task: 01

Step: 02

Description of issue

'Azure Sentinel' now renamed to 'Microsoft Sentinel'. There are several places in the text this should be updated, but in particular in Step 2 where student searches for it, it will now appear as "Microsoft Sentinel':

Module: 00

Lab/Demo: 12

Task: 'Setup conditional access rules for MFA'

Step: 11

Description of issue

In Lab 12 - 'Enable Azure AD multi-factor authentication', in Task 'Setup conditional access rules for MFA' where one is setting up MFA it will fail w/error 'Security defaults must be disabled to enable Conditional Access policy' in Step 11 unless 'Enable Security defaults' is set to No for the subscription being used.

Since in most/many cases this value will be set to 'Yes' by default, and thus is a predictable error: it might be a good idea to have the steps in Lab 14 - 'Working with security defaults' occur before Lab 12.

Alternatively, a 'Note' could be included in Step 11 of Lab 12 indicating to the student that if they receive this error to jump to Lab 14 to fix for it.

Module: 4

Lab: 26

Step: 19

Description of issue
In lab 26, step 19:
"Under Assignments, select 'Users and groups' ."
In the current version of Azure, the entry is called "Users or workload identities".

Module: 00

Lab/Demo: Lab_16_UsingAzureKeyVaultForManagedIdentities.md

Task: 05

Step: 02

Unable to access data with Key Vault secret with PowerShell, I am getting the error while running this command, $Response = Invoke-RestMethod -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net' -Method GET -Headers @{Metadata="true"}.

Repro steps:

1. Task-5 > Step-2 > In PowerShell, invoke the web request on the tenant to get the token for the local host in the specific port for the VM.

@R-C-Stewart @dwnatwick @uniQuk @federicofdez @DieterRauscher @GraemeMalcolm @billwood44 @shanecribbs @Arvin166 @garjen55 @SriAchary @federicofdez

Major update to SC-300 course, change log states
• Updated labs to align to use the Microsoft Entra admin center as the primary configuration
and management tool.

PPT's updated, content on MSLearn updated, no updates to labs.

Could you please provide a date as to when the labs hosted here will be updated?

Using the previous name, Microsoft 365 Defender,
in Lab 28

Module: 01

Lab/Demo: 08

Task: 01

Step: 05

Description of issue
Azure AD Guest Invite Settings look now different in new tenants.
Now:
Guest invite settings
Guest invite restrictions
Learn more
Anyone in the organization can invite guest users including guests and non-admins (most inclusive)
Member users and users assigned to specific admin roles can invite guest users including guests with member permissions
Only users assigned to specific admin roles can invite guest users
No one in the organization can invite guest users including admins (most restrictive)

Repro steps:

1. just check https://portal.azure.com/#blade/Microsoft_AAD_IAM/CompanyRelationshipsMenuBlade/Settings in a tenant. Please update Screenshot and the instructions.

Module: 02

Lab/Demo: 10

Task: 03

Step: 07

Instructions point to the Server Dashboard + later on to RDP into Server 2022, but earlier instructions tell us to deploy a Windows 11 Azure VM, not a server OS version

Instructions should be updated to either deploy a Server 2022 OS, or updated to not point to the Server dashboard in the task details

Module: 01

Lab/Demo: 06

Task: 1

Description of issue: The user referenced is not in the CSV and is not created at anytime in the previous lab steps. As well, the lab asks to assign a Windows license but there are no instructions on how to obtain licenses to assign. The trial licenses available to active (EMS E5 and AAD P2) are not referenced at anytime in the lab. There is no option to activate trial Windows licenses.

Module: 02

Lab/Demo: 12

Task: 01

Step: 01

It is not always clear to the trainee what tenant to use for the labs. Some labs can be done with the newly created tenant (created at the start of each module), but then some steps are referring to users or apps that don't exist. For that, trainees need to use the Office 365 credentials from the resources panel.

Is this something intended? Why use 2 different tenants/credentials?

Lab/Demo: 22

Exercise: 01

Task: 01

Step: 07

Description of issue: If disable is selected, it hides the option to review step 8

Repro steps:

1. Do step 7, it hides "Enabled for external users" option, so it cannot be seen in step 8

Recommendation:

1. Put step 8 BEFORE step 7, even as a Note if needed.

Module: 03

Lab: 18

Exercise: 03

Task: 01

Step: 06

Description of issue - Cannot create policy due conditional client app control not exist

Conditional access created according previous step but not populated into Defender for Cloud App

Alex

Module: 00

Lab/Demo: 00

Task: 00

Step: 00

Description of issue
If someone can explain if there is any issue with Lab 12 - Custom Smart Lockout feature not locking out as per the threshold set.
Repro steps:

Module: 04

Lab/Demo: 21

Task:

Step:

Description of issue

Remove Ex 2 from Lab 21 - in the wrong Learning path and repeated in Lab 24

Module: 00

Lab/Demo: 03

Task: 'Assigning licenses using group membership'

Step: 04/05

Description of issue

In 'Lab 01: Manage user roles', the user Chris Green is created but never deleted, at least in this lab. In 'Lab 03: Assigning licenses using group membership', the same user Chris Green is created again.

While I can see this being needed if every lab is taken independently, given the relatively short length of these labs it is likely students will be taking multiple #s of them consecutively in one session and thus already will have that user created when they get to this lab. It might be good to either have a short note indicating 'If you still have the user Chris Green, please skip these steps'.

Alternatively, it might flow better if the username created in that task was simply changed into a differently named user then
the already-created Chris.

Lab 00: Lab Environment Setup
Description of issue
I'm using Learn On Demand LAB

Implement an identity management solution (Expected Duration 1 hours, 55 minutes)
SC-300T00-A Microsoft Identity and Access Administrator [Azure Pass Required], Module 01

I the first Step, students has to add a azure pass using the office 365 credentials that is generated

In this course, students don't need a azure pass !!! JUste p2 license
So why asking this in the setup guide

Also in the next module
Implement an authentication and access management solution (Expected Duration 2 hours, 25 minutes)
SC-300T00-A Microsoft Identity and Access Administrator [Azure Pass Required], Module 02
A new admin office 365 is generated !!!!!!!!
So the azure pass is lost !!!! as the student has new office 365 credentials

SO the issue is from vm from learn on demand as new office 365 credentials are generated with each lab
The solution could be to generate only one VM for all the training

How can we solve this issue as Monday I have 10 students !!!

Repro steps:

Hello,

I am not able to download the student guide. Is it available for public ?

Module: 03

Lab/Demo: 18

Task: 02

Step: 05

When you click + Create policy. Select Access policy.
It shows an error message:

You don't have any apps deployed with Conditional Access App Control. Go to Conditional Access App Control page to deploy an app.

Repro steps:
Follow the lab instructions
1.
1.
1.

Lab 01: Manage user roles

Exercise 4 - Bulk import of users

Task 2 - Bulk addition of users using PowerShell

With the retirement of the MicrosoftOnline and AzureAD modules, this lab needs to be updated to use the Microsoft.Graph module. Something like the following.

Task 2 - Create a user using PowerShell

Check PowerShell Version

1. Open PowerShell 7 as an administrator. This can be done by clicking the Start Menu, typing pwsh, right-clicking on PowerShell 7 (x64) and choosing Run As Administrator. Select Yes at the UAC prompt.

2. If the PowerShell version is earlier than 7.2 then close the PowerShell 7 window and perform the following step. Otherwise skip to the next section.

3. Open Microsoft Edge. Navigate to https://aka.ms/PowerShell-Release?tag=v7.3.1. Scroll down to the assets section and select powershell-7.3.1-win-x64.msi. When the download has completed, select Open file. Install using all the defaults.

Install the module

1. In the administrative PowerShell 7 window, enter the following.

   Install-Module Microsoft.Graph -Scope CurrentUser

2. If asked to confirm downloading from an untrusted repository then enter y.

3. Close the administrative PowerShell 7 window.

Create a user

1. Open PowerShell 7.

2. Sign in to Azure by entering the folowing.

   Connect-MgGraph -Scopes "User.ReadWrite.All"

3. When Microsoft Edge opens, sign in as MOD Administrator.

4. At the Permissions requested page, enable Consent on behalf of your organization and then select Accept.

5. Close the Microsoft Edge browser tab and return to PowerShell.

6. Create a password profile object. Replace Pa55w.rdPa55w.rd with a complex password of your choice.

   $PWProfile = @{
       Password = "Pa55w.rdPa55w.rd";
       ForceChangePasswordNextSignIn = $false
   }

7. Create a user. Replace labtenantname.com with the .onmicrosoft.com name assigned to your tenant.

   New-MgUser `
       -DisplayName "Rene Magi" `
       -GivenName "Rene" -Surname "Magi" `
       -MailNickname "renemagi" `
       -UsageLocation "NZ" `
       -UserPrincipalName "[email protected]" `
       -PasswordProfile $PWProfile -AccountEnabled `
       -Department "Research" -JobTitle "Subject Matter Expert"

Module: 02

Lab/Demo: 018

Task: 2

Step: 5

You cannot block access and require MFA at the same time

Repro steps:

1. Open the lab VM
2. Navigate to Task 2 step 5
3. It says set the grant to block and then it asks to set require MFA

Module: 4

Lab/Demo: 26

Task: 00

Step: 00

With "Require users to consent on every device" on, the user will have to register the device with AAD, this requires extra steps not covered in this lab. We should not enable this option

Module: 00

Lab/Demo: 00

Task: 00

Step: 00

Description of issue

Repro steps:

Lab: 22

Task: Add a client secret

Step: 6

Description of issue:

The instructions of step 6 says: "Record the secret's value for use in your client application code; It's never displayed again after you leave this page."

Actually, the secret's value is displayed after leaving the page and back. However, logging out and in again show an obfuscated value.

Lab 12 - Enable Azure AD multi-factor authentication
Exercise 1 - Review and enable Multifactor Authentication in Azure
Task 3 - Test Delia's login

Enter the password = pass@word123. ???
We have to ue the password tenant !! it's a typo error
Can you check please

Module: 05

Lab/Demo: 25

Task: 01

Step: 09 - additional info needed before moving on to settings such as the below as you need to select a reccurence in an AR.

"Choose a reviewer, select a review recurrence, then click settings. "

Step: 11 Creat should read create

Lab/Demo: 24

Description of issue
Hyperlink on rule 51 is incorrect.
Sign in to [https:portal.azure.com] (https:portal.azure.com).

It should be:
Sign in to https://portal.azure.com.

Lab 27 - Exercise 1 - Task 3 - Step 7 - Can make it into Threat Management and select Hunting, but after that, no queries or previews are available, and no additional windows open to locate the Anomolous sign-in location by user account and authentication application that is indicated in step 7 [p1].

Looks like a UI/UX update in Azure may have relocated them or removed them entirely, but the query isn't viewable as written in the instructions [p2].

[p1]

[p2]

Module: 02

Lab: 07

Exercise: 02

Task: 01

Step: 06

Description of issue
Error: "Only paid customers can create a Microsoft Entra Workforce tenant."
and "Microsoft Entra ID" option is not available.

This is my tenant (MCT) in class using an Azure Pass.