This post will cover labs for the SC-300 certification. I don’t think Microsoft’s labs are entirely sufficient, so I’ve chosen to expand upon them with an additional 50 labs to strengthen the practical foundation in identity management. I believe these labs will provide comprehensive coverage of the topics related to “Identity and Access Management.” They are designed to take you from basic to advanced levels if you are looking to develop your skills in this area. The labs are tailored to leverage the features of the Microsoft 365 E5 license. While it’s possible to use an Azure free trial for this, I believe that to truly learn, it’s essential to test all features to get a good overall understanding.

After completing all these labs, I believe that you (and I) will gain a high level of practical experience that will take us to a whole new level beyond just meeting the basic requirements. Of course, I also believe that these labs will prepare you well for the SC-300 certification.

Finally, I am confident that after completing these labs, you will be in a strong position to work professionally in this field in the real world.

Before you start these labs, I recommend that you build a solid theoretical foundation, so you grasp the fundamentals. I encourage you to lab and not just read “how to” guides; even if you simulate, I don’t think it will be enough to fully understand the big picture. These labs are designed solely for learning the subject and preparing for the SC-300 certification. Implementing these solutions in a real environment without the guidance of a professional technician in the field is not advised, and I personally take no responsibility for what you do with this knowledge. This is all for training purposes and consists of “fictional” lab scenarios.

Completing all the labs will, of course, take time, but I will do them first, make sure they work, and then publish them gradually. You can simply click on the links to access the labs. When it comes to images, I won’t be adding step-by-step screenshots in detail—that would consume too much of my storage space on this blog, lol! I trust that if you’re following my labs, you have good reading comprehension and can follow instructions.

Good luck!

Where can you find the theoretical knowledge for SC-300? You can find it here: https://learn.microsoft.com/en-us/credentials/certifications/identity-and-access-administrator/?practice-assessment-type=certification

I also advise you to check out the “prep” videos, which you can find here: https://learn.microsoft.com/en-us/shows/exam-readiness-zone/preparing-for-sc-300-implement-identities-in-azure-ad-1-of-4

---

Basic Labs for Microsoft Certified: Identity and Access Administrator Associate

1. SC-300: Basic User Management in Entra ID

• Create, update, and delete user accounts in Entra ID.

2. SC-300: Create and Manage Groups in Entra ID

• Create security groups and Microsoft 365 groups.

3. SC-300: Configure User Attributes and Custom Profiles

• Manage user attributes and configure custom user profiles.

4. SC-300: Connect a Windows Device to Entra ID

• Connect a Windows 10/11 device to Entra ID.

5. SC-300: Basics of Multi-Factor Authentication (MFA)

• Enable and configure MFA for users in Entra ID.

6. SC-300: Basic License Management in Entra ID

• Assign and manage Microsoft 365 licenses for users.

7. SC-300: Manage Guest Users in Entra ID

• Add and manage B2B guest users in your Entra ID environment.

8. SC-300: Implement Self-Service Password Reset (SSPR)

• Configure and test SSPR for users in Entra ID.

9. SC-300: Basics of Conditional Access

• Create a simple Conditional Access policy to require MFA when accessing cloud apps.

10. SC-300: Basic Role-Based Access Control (RBAC)

• Assign administrator roles in Entra ID and understand their permissions.

---

Intermediate Labs for Microsoft Certified: Identity and Access Administrator Associate

11. SC-300: Implement and Manage Entra ID Connect
    • Install and configure Azure AD Connect to synchronize users from an on-premises AD environment.
12. SC-300: Hybrid Identity with Password Synchronization
    • Configure password synchronization between on-premises AD and Azure AD.
13. SC-300: Hybrid Identity with Pass-Through Authentication
    • Implement and configure pass-through authentication with Azure AD Connect.
14. SC-300: Implement and Manage Conditional Access Based on Location
    • Create and test Conditional Access policies based on the user’s location.
15. SC-300: Implement and Manage Conditional Access Based on Device Compliance
    • Create Conditional Access policies that require compliant devices for access.
16. SC-300: Create and Manage Dynamic Groups in Azure AD
    • Create dynamic groups that automatically assign users based on their attributes.
17. SC-300: Implement and Manage Identity Protection
    • Enable and configure Azure AD Identity Protection to secure user accounts.
18. SC-300: Implement Azure AD Privileged Identity Management (PIM)
    • Manage privileged roles with PIM, including activation and review functions.
19. SC-300: Create and Manage Access Reviews
    • Configure and conduct access reviews for user roles and group memberships.
20. SC-300: Manage External Identity and B2B Integrations
    • Implement and manage B2B identities for external partners.
21. SC-300: Integrate and Manage B2C Identities
    • Configure an Entra ID B2C service and manage customer identities.
22. SC-300: Implement Self-Service App Provisioning
    • Configure and test a self-service solution for users to request access to applications.
23. SC-300: Implement App Registration in Entra ID
    • Register an application in Entra ID and configure OAuth2 permissions.
24. SC-300: Implement Entra MFA Server for On-Premises Applications
    • Install and configure Entra MFA Server to protect on-premises applications.
25. SC-300: Manage and Analyze User Activity Logs in Entra ID
    • Use Entra ID logs to analyze user activities and identify security risks.
26. SC-300: Implement and Manage Risk-Based Conditional Access
    • Configure Conditional Access policies that react to risk levels, such as login attempts from unknown locations.
27. SC-300: Manage Security Incidents with Entra ID Identity Protection
    • Manage and remediate security incidents detected by Azure AD Identity Protection.
28. SC-300: Create and Manage Custom Domain Names in Entra ID
    • Add and verify custom domain names in Entra ID.
29. SC-300: Using Microsoft Graph API for Identity Management
    • Perform basic CRUD operations on user identities via the Microsoft Graph API.
30. SC-300: Configure Security Groups to Manage Resource Access
    • Use security groups to control access to specific resources in your Microsoft 365 environment.

---

Advanced Labs for Microsoft Certified: Identity and Access Administrator Associate

31. SC-300: Implement Zero Trust with Azure AD Conditional Access
    • Create a Zero Trust architecture with advanced Conditional Access policies.
32. SC-300: Configure Identity and Access Solutions for Remote Work
    • Implement solutions that protect access for remote workers, including VPN access and MFA.
33. SC-300: Implement Access Management with Devices Requiring BitLocker
    • Create policies that require devices to be encrypted with BitLocker before accessing resources.
34. SC-300: Integrate and Manage Microsoft Defender for Identity
    • Install and configure Microsoft Defender for Identity to protect against identity-based attacks.
35. SC-300: Implement and Manage Authentication with FIDO2 Security Keys
    • Configure and test FIDO2 security keys as an authentication method for Entra ID users.
36. SC-300: Implement Conditional Access with Session Controls
    • Use session controls in Conditional Access to restrict specific sessions, such as for sensitive applications.
37. SC-300: Manage Hybrid Identities with Federation
    • Implement federation with ADFS and configure trust relationships with Entra ID.
38. SC-300: Configure and Use Entra ID Application Proxy
    • Use Azure AD Application Proxy to publish on-premises applications to external users.
39. SC-300: Implement and Manage Identity Synchronization with Multiple Entra ID Tenants
    • Configure synchronization between multiple Entra ID tenants and an on-premises AD.
40. SC-300: Implement Advanced App Registration and Management in Entra ID
    • Create advanced application registrations with multiple OAuth2 scopes and roles.
41. SC-300: Implement and Manage Security Policies with Conditional Access
    • Create policies to restrict access based on a combination of risk and device compliance.
42. SC-300: Manage Guest Access with Microsoft Teams and Entra ID
    • Configure and manage guest access in Microsoft Teams through Azure AD.
43. SC-300: Implement and Manage Just-In-Time (JIT) Access with PIM
    • Configure JIT access for administrator roles with Entra ID PIM.
44. SC-300: Implement and Manage Self-Service Group Management
    • Configure self-service solutions for group management in Entra ID.
45. SC-300: Integrate Entra ID with On-Premises Applications
    • Connect on-premises applications to Entra ID for single sign-on (SSO).
46. SC-300: Implement Conditional Access Based on User Risk and Sign-In Risk
    • Create policies that respond to user and sign-in risks with Identity Protection.
47. SC-300: Create and Manage Multi-Factor Authentication (MFA) with Conditional Access
    • Implement advanced MFA settings with Conditional Access.
48. SC-300: Manage Certificate-Based Authentication in Entra ID
    • Implement and manage certificate-based authentication for users.
49. SC-300: Implement and Manage Advanced PIM Policies for Administrator Roles
    • Create and manage advanced PIM policies that require approval and review.
50. SC-300: Create Custom Reports with Entra ID Log Analytics
    • Use Log Analytics to create and visualize custom reports based on Azure AD data.

---

28 extra labs for the SC-300 certification preparation

Microsofts github: https://microsoftlearning.github.io/SC-300-Identity-and-Access-Administrator/