microsoftlearning / sc-300-identity-and-access-administrator Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Description of issue
In Task 6 when we are logging into the VM using the Entra ID credentials. Not able to see the Entra ID user in the Administrators group as mentioned in the guide.
Repro steps:
Instructions point to the Server Dashboard + later on to RDP into Server 2022, but earlier instructions tell us to deploy a Windows 11 Azure VM, not a server OS version
Instructions should be updated to either deploy a Server 2022 OS, or updated to not point to the Server dashboard in the task details
Hi there. Both Fast Lane and Skillable Support told me to submit the following on this repository. I found more errors and issues with SC-300 lab on Fast Lane:
I went through Module 4 again, and here are the following errors:
Lab 23: Add terms of use and acceptance reporting
17. Under Assignments, select Users or workload identities. <-- Workload does not appear (just “Users”)
20. Select Cloud apps or actions. <-- now "Target Resources"
Task 6 - Edit terms of use details <-- does not appear to work. I have logged out and logged back in as global admin, but the newly created Terms of Use cannot be edited. This also applies to Task 7.
Lab 24: Manage the lifecycle of external users in Microsoft Entra Identity Governance settings
Exercise 1 = Settings are grayed out, like the signin account has no permissions. Checked and determined that [email protected] is a Global Admin. Not sure why.
Lab 26: Configure Privileged Identity Management for Microsoft Entra roles
Task 3 - Activate your Microsoft Entra roles (as Miriam)
6. In the Activate – Compliance Administrator pane, select Additional verification required and then follow the instructions to provide additional security verification. You are required to authenticate only once per session. <-- Did not see any "Additional verification required" when I selected Active
Lab 27 - Microsoft Sentinel Kusto Queries for Microsoft Entra data sources
Task 3 - Run Kusto query on User activity
7. Scroll down to find the query "Anomalous sign-in location by user account and authenticating application". This query over Microsoft Entra sign-in considers all user sign-ins for each Microsoft Entra application and picks out the most anomalous change in location profile for a user within an individual application. The intent is to hunt for user account compromise, possibly via a specific application vector.
<-- Could not find the query. Error message: "Hunting Query with "content source = gallery content" has been removed. All the removed c content and more is available in content hub. Click here to reinstate in use "content source = gallery content" templates". Searched for "Anomalous" and "UEBA Essentials" showed up. Installed it. However, the specific query could not be found, so instead used "Anomalous Sign-In Activity" query which of course errored: "'where' operator: Failed to resolve table or column expression named 'BehaviorialAnalytics'".
Lab 28 - Monitor and managed security posture with Identity Secure Score
Task 2 - Execute an improvement action
I ended the course since I was running out of time (even after one 60-minute extension) since I was documenting the above errors."
Note also that I just completed my second attempt with SC-300 exam (which I again failed, this time by 32 points). The following items were covered in the exam but not in the SC-300 practice lab:
Any questions or need more details, let me know.
Description of issue - Cannot create policy due conditional client app control not exist
Conditional access created according previous step but not populated into Defender for Cloud App
Alex
Description of issue
Remove Ex 2 from Lab 21 - in the wrong Learning path and repeated in Lab 24
With the retirement of the MicrosoftOnline and AzureAD modules, this lab needs to be updated to use the Microsoft.Graph module. Something like the following.
Open PowerShell 7 as an administrator. This can be done by clicking the Start Menu, typing pwsh, right-clicking on PowerShell 7 (x64) and choosing Run As Administrator. Select Yes at the UAC prompt.
If the PowerShell version is earlier than 7.2 then close the PowerShell 7 window and perform the following step. Otherwise skip to the next section.
Open Microsoft Edge. Navigate to https://aka.ms/PowerShell-Release?tag=v7.3.1. Scroll down to the assets section and select powershell-7.3.1-win-x64.msi. When the download has completed, select Open file. Install using all the defaults.
In the administrative PowerShell 7 window, enter the following.
Install-Module Microsoft.Graph -Scope CurrentUser
If asked to confirm downloading from an untrusted repository then enter y.
Close the administrative PowerShell 7 window.
Open PowerShell 7.
Sign in to Azure by entering the folowing.
Connect-MgGraph -Scopes "User.ReadWrite.All"
When Microsoft Edge opens, sign in as MOD Administrator.
At the Permissions requested page, enable Consent on behalf of your organization and then select Accept.
Close the Microsoft Edge browser tab and return to PowerShell.
Create a password profile object. Replace Pa55w.rdPa55w.rd with a complex password of your choice.
$PWProfile = @{
Password = "Pa55w.rdPa55w.rd";
ForceChangePasswordNextSignIn = $false
}
Create a user. Replace labtenantname.com with the .onmicrosoft.com name assigned to your tenant.
New-MgUser `
-DisplayName "Rene Magi" `
-GivenName "Rene" -Surname "Magi" `
-MailNickname "renemagi" `
-UsageLocation "NZ" `
-UserPrincipalName "[email protected]" `
-PasswordProfile $PWProfile -AccountEnabled `
-Department "Research" -JobTitle "Subject Matter Expert"
"Choose a reviewer, select a review recurrence, then click settings. "
Description of issue
Hyperlink on rule 51 is incorrect.
Sign in to [https:portal.azure.com] (https:portal.azure.com).
It should be:
Sign in to https://portal.azure.com.
Description of issue: If disable is selected, it hides the option to review step 8
Repro steps:
Recommendation:
Description of issue
In 'Lab 01: Manage user roles', the user Chris Green is created but never deleted, at least in this lab. In 'Lab 03: Assigning licenses using group membership', the same user Chris Green is created again.
While I can see this being needed if every lab is taken independently, given the relatively short length of these labs it is likely students will be taking multiple #s of them consecutively in one session and thus already will have that user created when they get to this lab. It might be good to either have a short note indicating 'If you still have the user Chris Green, please skip these steps'.
Alternatively, it might flow better if the username created in that task was simply changed into a differently named user then
the already-created Chris.
Description of issue
Repro steps:
Using the previous name, Microsoft 365 Defender,
in Lab 28
Lab 12 - Enable Azure AD multi-factor authentication
Exercise 1 - Review and enable Multifactor Authentication in Azure
Task 3 - Test Delia's login
Enter the password = pass@word123. ???
We have to ue the password tenant !! it's a typo error
Can you check please
Description of issue: The user referenced is not in the CSV and is not created at anytime in the previous lab steps. As well, the lab asks to assign a Windows license but there are no instructions on how to obtain licenses to assign. The trial licenses available to active (EMS E5 and AAD P2) are not referenced at anytime in the lab. There is no option to activate trial Windows licenses.
Unable to access data with Key Vault secret with PowerShell, I am getting the error while running this command, $Response = Invoke-RestMethod -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net' -Method GET -Headers @{Metadata="true"}.
Repro steps:
@R-C-Stewart @dwnatwick @uniQuk @federicofdez @DieterRauscher @GraemeMalcolm @billwood44 @shanecribbs @Arvin166 @garjen55 @SriAchary @federicofdez
With "Require users to consent on every device" on, the user will have to register the device with AAD, this requires extra steps not covered in this lab. We should not enable this option
Lab 00: Lab Environment Setup
Description of issue
I'm using Learn On Demand LAB
Implement an identity management solution (Expected Duration 1 hours, 55 minutes)
SC-300T00-A Microsoft Identity and Access Administrator [Azure Pass Required], Module 01
I the first Step, students has to add a azure pass using the office 365 credentials that is generated
In this course, students don't need a azure pass !!! JUste p2 license
So why asking this in the setup guide
Also in the next module
Implement an authentication and access management solution (Expected Duration 2 hours, 25 minutes)
SC-300T00-A Microsoft Identity and Access Administrator [Azure Pass Required], Module 02
A new admin office 365 is generated !!!!!!!!
So the azure pass is lost !!!! as the student has new office 365 credentials
SO the issue is from vm from learn on demand as new office 365 credentials are generated with each lab
The solution could be to generate only one VM for all the training
How can we solve this issue as Monday I have 10 students !!!
Repro steps:
It is not always clear to the trainee what tenant to use for the labs. Some labs can be done with the newly created tenant (created at the start of each module), but then some steps are referring to users or apps that don't exist. For that, trainees need to use the Office 365 credentials from the resources panel.
Is this something intended? Why use 2 different tenants/credentials?
Hello,
I am not able to download the student guide. Is it available for public ?
Using the previous name, Azure AD, in the lab
Lab 01, 02, 10, 27
Description of issue
In Lab 12 - 'Enable Azure AD multi-factor authentication', in Task 'Setup conditional access rules for MFA' where one is setting up MFA it will fail w/error 'Security defaults must be disabled to enable Conditional Access policy' in Step 11 unless 'Enable Security defaults' is set to No for the subscription being used.
Since in most/many cases this value will be set to 'Yes' by default, and thus is a predictable error: it might be a good idea to have the steps in Lab 14 - 'Working with security defaults' occur before Lab 12.
Alternatively, a 'Note' could be included in Step 11 of Lab 12 indicating to the student that if they receive this error to jump to Lab 14 to fix for it.
Description of issue
In lab 26, step 19:
"Under Assignments, select 'Users and groups' ."
In the current version of Azure, the entry is called "Users or workload identities".
When you click + Create policy. Select Access policy.
It shows an error message:
You don't have any apps deployed with Conditional Access App Control. Go to Conditional Access App Control page to deploy an app.
Repro steps:
Follow the lab instructions
1.
1.
1.
Description of issue
Typo on this line "IMPORTANT - An Azure AD Premium license is need for this exercise."
Module: 01
Lab/Demo: 07
Task: 3: Purchase a custom domain name
Step: 08 - 12
Description of issue
App Service Domain deployment fails with the following error.
We cannot buy a domain with a azure pass ???!!!!
So why creating this so long lab and to stop !!!!!
Thanks
Description of issue Since RDP does not support MFA you cannot logon as the AzureAD user Joni.
Repro steps:
1.Followed the lab exactly as written but JoniS cannot logon. I tested it on my personal subscription that does not require MFA and it works.
1.
1.
You cannot block access and require MFA at the same time
Repro steps:
Description of issue
Lab does work as written, after completing Task 1. Task 2 does not recognize the Conditional Access policy create. It reports there are no policies. Can not complete Task 2 of the lab.
Could you rewrite the labs to Entra UI
Description of issue:
The instructions of step 6 says: "Record the secret's value for use in your client application code; It's never displayed again after you leave this page."
Actually, the secret's value is displayed after leaving the page and back. However, logging out and in again show an obfuscated value.
18.04 LTS no longer exists, Please change the dialog as some setting are different or have changed.
Description of issue
Azure AD Guest Invite Settings look now different in new tenants.
Now:
Guest invite settings
Guest invite restrictions
Learn more
Anyone in the organization can invite guest users including guests and non-admins (most inclusive)
Member users and users assigned to specific admin roles can invite guest users including guests with member permissions
Only users assigned to specific admin roles can invite guest users
No one in the organization can invite guest users including admins (most restrictive)
Repro steps:
Major update to SC-300 course, change log states
• Updated labs to align to use the Microsoft Entra admin center as the primary configuration
and management tool.
PPT's updated, content on MSLearn updated, no updates to labs.
Could you please provide a date as to when the labs hosted here will be updated?
Description of issue
In 'Lab 07: Change user account license assignments', task 'Create a new user in Azure Active Directory', Step 5, the user is referred to as 'Chris Green', when it should be 'Dominique Koch'.
Intro unclear
Step 1 I don't think is a step
Step 2 Unnecessary as you are already in the ap.
Step 5 Unclear what to do if anything - no detail as to what app to select.
Steps 1 and 2 unnecessary if following through the lab as you are already there.
Step 5 the suggested alternative URI doesn't work. Possibly better to simply accept the default.
Exercise 2 - is this necessary - I consider this to be more relevant to enterprise app mgmt (but could be wrong). I think previously the lab got you to create an app role within the app which I consider to be nicer to do....then this could be followed through by going to the enterprise app, adding a user and seeing the role you have just created.
Description of issue
User CAN add an application here......the notes say they would not be able to....
Repro steps:
Description of issue
Do NOT have attendees use the "Sales and Marketing" group. It contains many members and it exhaust all the licenses. Then in the next lab, no licenses will be available to assign, leading to an error.
Change the steps from stating "For example" to stating "Pick the 'Finance Team' group"
Repro steps:
Lab 27 - Exercise 1 - Task 3 - Step 7 - Can make it into Threat Management and select Hunting, but after that, no queries or previews are available, and no additional windows open to locate the Anomolous sign-in location by user account and authentication application that is indicated in step 7 [p1].
Looks like a UI/UX update in Azure may have relocated them or removed them entirely, but the query isn't viewable as written in the instructions [p2].
[p1]
[p2]
Description of issue
If someone can explain if there is any issue with Lab 12 - Custom Smart Lockout feature not locking out as per the threshold set.
Repro steps:
Deployment of the Template failed. Seems there is a problem with the Powershell DSC Extension!
Resource ADDC failed. Status message is:
{
"status": "Failed",
"error": {
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
"details": [
{
"code": "Conflict",
"message": "{\r\n "status": "Failed",\r\n "error": {\r\n "code": "ResourceDeploymentFailure",\r\n "message": "The resource operation completed with terminal provisioning state 'Failed'.",\r\n "details": [\r\n {\r\n "code": "VMExtensionProvisioningError",\r\n "message": "VM has reported a failure when processing extension 'InstallDomainController'. Error message: \"DSC Configuration 'CreateADPDC' completed with error(s). Following are the first few: The password supplied to the Desired State Configuration resource MSFT_xADDomain is not valid. The password cannot be null or empty. The SendConfigurationApply function did not succeed.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionDSCWindowsTroubleshoot "\r\n }\r\n ]\r\n }\r\n}"
}
]
}
}
Description of issue
Step needd to be added to ask the learner to add address information in order to redeem the azure pass.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.