Hi All,

Greetings for the day 🙂 LIFE IS BEAUTIFUL 🙂 I hope we all are safe 🙂 STAY SAFE, STAY HEALTHY 🙂

Recently, Microsoft introduced 4 new security certificates, today those are still in beta. Also these exams will not replace the current exams – AZ 500 and MS 500.

Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals (beta)https://docs.microsoft.com/…/certifications/exams/SC-900

Exam SC-300: Microsoft Identity and Access Administrator (Security exam beta)https://docs.microsoft.com/…/certifications/exams/sc-300

Exam SC-400: Microsoft Information Protection Administrator (Security exam beta)https://docs.microsoft.com/…/certifications/exams/sc-400

Exam SC-200: Microsoft Security Operations Analyst (beta)https://docs.microsoft.com/…/certifications/exams/sc-200

Please note these exams didn’t replace current security related exams – Az-500 and MS-500

Among above exams one of my favorite topic is Microsoft Identity and now there is separate exam related to this – Exam SC-300: Microsoft Identity and Access Administrator (Security exam beta). So thought to give shot. So started preparing and then of course as SHARING IS CARING, sharing study material as well.

Skills required for – Exam SC-300: Microsoft Identity and Access Administrator

1. Implement an identity management solution (25-30%)
2. Implement an authentication and access management solution (25-30%)
3. Implement access management for apps (10-15%)
4. Plan and implement an identity governance strategy (25-30%)

So today we will discuss 1st part – Implement an identity management solution and in this Configure and manage Azure Active Directory roles

So lets begin the show 🙂

What is Azure AD ?

1. Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service (IAM)
2. A directory – container for users, credentials and access rights
3. Azure AD can sync with an on-premises directory via Azure AD Connect
4. Azure AD helps our organization users to sign in and access resources in
   • External Resources => M365, the Azure Portal, other SAAS applications. It supports around more than 2,800 pre-integrated SAAS application such as Docusign, Zoom, Drupal, ServiceNow, Twitter, LinkedIn and so on. This list is ever growing
   • Internal Resources => Apps in our network or in Intranet

Audience of Azure AD

1. IT Admins
   • Who manages Azure AD operations / features like managing users, managing Groups, setting conditional policies, managing authentication mechanisms for users like setting up MFA (Multi Factor Authentication)
2. App developers
   • Azure AD helps to be used as standard based approach to enable features likes SSO
3. Microsoft 365, Office 365, Azure, or Dynamics CRM Online subscribers
   • Each Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is automatically an Azure AD tenant

Azure AD Roles

• Azure AD roles are used to manage Azure Resources in a directory such as user management (creating user / assigning roles to users / resetting password, managing licenses, domains and so on)
• Different roles have different responsibilities
• Following are key roles which I’ll lists hers
  • Global Administrator
    • Having full rights
    • Manage access to all administrative features in Azure AD
    • Assign administrative roles to other users
    • Reset password for all other users including administrators
  • User Administrator
    • Create and manage users
    • Create and manage groups
    • Manage support tickets
    • Monitor service health
    • Change passwords for users, Helpdesk administrators, and other User Administrators
  • Billing Administrator
    • Manage subscriptions
    • Manage support tickets
    • Monitor service health
    • Make purchase

To view all the available roles

• Navigate to Azure AD Portal
• Either directly navigating to https://aad.portal.azure.com/
• OR through M365 admin center
• Navigate to https://admin.microsoft.com/
• Under Admin centers select “Azure Active Directory” as

• We will be redirected to Azure Active Directory admin center portal as

• Click on “Azure Active Directory” from left side pane and click on “Roles and administrators” as

• Click on “Roles and administrators” from left blade as shown in above Fig. We will be redirected to “Roles and administrators” page as shown in below Fig

Assigning AD Roles to the users

• To assign any roles as listed in above fig, we need to navigate to – user profile page
• From left pane, please navigate to Users page as shown in below Fig

• Once we are on given user profile page, from left pane we will navigate to – “Assigned roles” as shown in below Fig
• Click on “Assigned roles” link, we will be navigated to – “Assigned roles” page as

• On “Assigned roles” page current listing of roles assigned to users appears as shown in above Fig
• We have an link available “+Add assignments” available. To add new role to the respective user, click on “+ Add assignments” option
• We will be redirected to “Add assignments” page as

• From “Add assignments” page select role which we want to assign, here we are selecting “Application Developer”
• Please have a look at other properties as per need like – Assignment type, Whether role need to assign permanently assign or for specific duration as shown in below Fig

• At top right corner of the page we will have status message as shown in below Fig

• Once role assigned to user we could see in it the list on “Assigned roles” page as shown in below Fig

Since this article is going long, I’ll stop here. In next article we will continue 🙂

Next Article : In next article we will discuss how to create custom roles and assign to the user

Thanks for reading 🙂 If its worth at least reading once, kindly please like and share 🙂 SHARING IS CARING 🙂

Share In Teams:

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂