- Home
- Microsoft Certifications
- SC-900 Microsoft Security, Compliance, and Identity Fundamentals Dumps
Pass Microsoft Security SC-900 Exam in First Attempt Guaranteed!
Get 100% Latest Exam Questions, Accurate & Verified Answers to Pass the Actual Exam!
30 Days Free Updates, Instant Download!
SC-900 Premium Bundle
- Premium File 219 Questions & Answers. Last update: Nov 20, 2024
- Training Course 147 Video Lectures
- Study Guide 413 Pages
Last Week Results!
Includes question types found on the actual exam such as drag and drop, simulation, type-in and fill-in-the-blank.
Based on real-life scenarios similar to those encountered in the exam, allowing you to learn by working with real equipment.
Developed by IT experts who have passed the exam in the past. Covers in-depth knowledge required for exam preparation.
All Microsoft Security SC-900 certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the SC-900 Microsoft Security, Compliance, and Identity Fundamentals practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!
Module 2 Describe the concepts & capabilities of Microsoft identity and access
17. Security defaults and MFA
In about 2012, Microsoft started their identity security and protection team for their consumer accounts. For example, OneDrive, Skype, Xbox, and such accounts And they started doing things, for example, by putting metrics in place for everything and establishing a security standard or bare minimum security standard for all the consumer accounts. And this includes measures like registering a second factor, challenging accounts when a risk is seen on a login, and forcing people to change their passwords when they are found to be in the hands of criminals.
The results have been very good since then. And then in 2014, a lot of changes, specifically technology changes, happened in Azure Active Directory. So these changes that they made on consumer accounts were then incorporated into Azure Active Directory, and later on, they found some telemetry information, which is that 99.9% of the organization's account compromises could be stopped by using multifactor authentication, and another part of it is by disabling any kind of legacy authentication. So doing just these two things—multifactor authentication and disabling legacy authentication—completely stopped password spray attacks. Thereafter, Microsoft introduced security defaults. What that means is that there are certain settings or security settings that are onboarded with Azure ActiveDirectory, and they are preconfigured security settings. So things like Azure multifactor authentication, things like administrators performing MFA on themselves, blocking legacy authentication, users doing MFA when necessary, and protecting privileged activities on the Azure Portal are part of the security defaults. So what is the security default? A security default is a bare minimum set of identity security mechanisms that are recommended by Microsoft. and you need to enable that. And these recommendations will be automatically enforced across your organization's identities.
What is the goal here? Well, the goal here is to ensure that all organisations have some basic level of security enabled at no extra cost. You get it? Now these defaults enable some of the most common security features and controls. As I just mentioned, multifactor authentication registration is required for all users, MFA is required for all administrators, and all users can perform MFA when required. So when I say it's required for the users and sometimes it's not required for the users, what I mean is that sometimes users login from within the premises, so they are authenticating from land, environment, or known IP addresses. At that time, you can configure and say, "Hey, they do not need multifactor authentication." Or when a person is authenticating from a hotel, probably from the subway, is having lunch, there are probably getting in to a train, and that's when they need multifactor authentication because they are out there on the public network. So, security defaults are a great option for organisations that want to increase their security posture but don't know where to start. The best part is that these security defaults are included with your free tier of Azure ad licensing. Security defaults may not be appropriate all the time.
So for example, organisations that already have Azure Ad Premium licenses will have much more complex security requirements. We will talk more about the complex security requirements so far, but in this lesson, I just want to stress that Azure Active Directory free licencing has a lot of free security features that can be enabled on the fly. And you are on it to protect your environment against password attacks and from those malicious attackers sitting out there preying on your data.
18. MFA in Azure AD - Part 1
Let's talk about multifactor authentication for a bit. You also know the different factors in multifactor authentication. For example, there's this password and additional verification, and that additional verification could be a phone or even a Microsoft Authenticator app. This Microsoft Authenticator app is available for Android and iOS. So when a user chooses an authenticator as their additional authentication method, a push notification is received on the phone or tablet. If the notification is legitimate, the user will select, approve, or just deny it. There's one more thing that I want to talk about, and that's Oath, which stands for Open Authentication. Oath open authentication is an open standard that will specify how time-based one-time passwords, or TOTP codes, are generated. One-time password codes can be used to authenticate a user.
So there is this TP that can be implemented either using software or hardware to generate the codes. The software OAuth tokens are typically used by applications such as Microsoft Authenticator or even other authenticator apps. There are hardware tokens that will come with a secret key that is pre-programmed in the token and must be input into an Azure Active Directory. Users are associated with a specific hardware token, and the hardware token does a refresh of the code every 30 or 60 seconds. We must also know about passwordless authentication, which is one of the best methods to authenticate. Now, password-less authentication is based on something you are. For example, a biometric facial scan, which is used in Windows Hello for Business, is something you are. It's not based on something you know, like your password. Let's go ahead and talk about Biometrics Feed Two and also Windows Hello in the upcoming sessions. Thank you.
19. MFA in Azure AD - Part 2
A quick recap about passwordless authentications Now, users are allowed to login without needing to remember a password. Instead, users can just enter their mobile phone number or email address and then receive a one-time code. That code can then be used to log into the application. So when the user authenticates via passwordless, the user is attached to the connection using something called an "identity provider." Passwordless authentication with Azure Active Directory, such as with the Microsoft Authenticator App or Feeder Keys, is particularly applicable for shared PCs, where a mobile phone is not a viable option. So it could be in scenarios where you have a help desk, an environment, a public kiosk, or a hospital team. Now, let's continue with our discussion about biometrics and Feed 2. Biometrics and Just mean the measurement of your biological traits, and it uses human characteristics such as the hand, iris, face, or even fingerprints. Windows Hello uses facial recognition or fingerprint biometric data to authenticate a user.
You'll learn more about Windows Hello in the next topic, but think about the Windows Authenticator App, which can be configured in passwordless mode using biometric data such as a fingerprint scan or a facial scan. Two is an abbreviation. It's an acronym that stands for "Fast Identity Online." So feeder two is an alliance that promotes open authentication standards and aims to reduce the reliance on passwords as a form of authentication. Azure Active Directory supports feeder two because that's a password-less authentication method that can come in different forms. So Feed 2 allows users to sign in using an external security key, and that external key might be a USB device, a Lightning connector, Bluetooth, or NFC. In whatever form Feeder 2 is implemented, the user never has to enter a password. Users can also register and select a Feed 2 Security key as their main means of authentication. Sign in with a Feed 2 security key is currently in the preview for Azure Active Directory, talking about multifactor authentication, biometrics, and Feed 2. We also need to talk about what's built into Windows 10. Windows hello. Right? So let's talk about this feature in the next lesson. Thanks for watching so far. I'll see you in the next lesson.
20. Windows Hello
Windows Hello is an authentication feature that's built into your Windows 10 operating system. It's supposed to replace your passwords, and it's going to replace them with strong two-factor authentication for your PCs as well as for your mobile devices. The authentication here with Windows Hello will consist of a new type of user credential that is tied to a device and uses a biometric or a PIN. Windows Hello lets users authenticate to, say, a Microsoft account, an Active Directory account, and an Azure Active Directory account as well.
And then it can also authenticate with your identity provider services or relying party services that are supporting feeder version 2 authentication. But that's in preview. Now, how does that work? How does the initial verification and enrollment happen? Let's talk about that. So after your initial verification of the user during enrollment, Windows Hello is set up on the user's device, and Windows asks the user to set a gesture. This can be a biometric gesture like a fingerprint or a PIN. The user provides a gesture to verify their identity. Windows from here on will use Windows Hello to authenticate the users. Windows stores the pin and the biometric data securely on the local device. It's never sent to external devices or servers, and that means that there is no single collection point that an attacker might compromise. Now, how do you configure it on your Windows devices? There are two configurations for Windows. Hello? There's a window saying "hello." And windows say hello for business.
So let's talk about the differences here. Windows Hello is configured by a user on their personal device and is referred to as "Windows Hello for Convenience Pin." It uses a PIN or a biometric gesture and is unique to that device. Windows Hello Convenience Pin is not backed by asymmetric or certificate-based authentication, so it does not use a public and a private key. Look at the other side of Windows Hello for Business, which is configured using group policies or something called Mobile Device Management, or MDMs. An example of MDM is Windows Intune or Microsoft Intune. And this always uses key-based authentication or certificate-based authentication. So this will make it much more secure than the Windows Hello Convenience Pin. By default, Windows Hello Convenience Pin is disabled on all domain-joined computers. So why do you think Windows Hello is safer than a password, right? So let's talk about that in the next lesson.
21. Why is Windows Hello safer than a password
Windows Hello in Windows 10 will enable the user to sign in to the device using a pin. A pin looked much more like a password. And a Windows Hello pin is more secure because it's tied to a specific device on which it was originally set up. Without the hardware, the pin is useless. A regular password is transmitted to a server, where it can be intercepted during transmission or stolen from the server. A pin is local to the device. It's not transmitted anywhere. It's not stored on the server. The Windows Hello pin is backed up by a trusted platform module. It's called a TPM chip. Now, this is a super-secure crypto processor that is designed to carry out cryptographic operations. And that means that for you to use the Windows Hello pin, you need to have the TPM chip embedded on your motherboard. So the TPM module must be there.
And today's devices, most of which are five, seven, and ten devices, all have the TPM chip. Now, what's special about the chip? This chip includes multiple physical security mechanisms to make it tamper-resistant. And the malicious software would be unable to tamper with the security functions of the TPM. Today, most modern phones and laptops have the TPM chip in it. And that's how windows work. Hello. is safer than a password. OK, that's enough said and done. With Windows Hello and other multifactor authentication mechanisms, let's talk about some of the wonderful features that Azure Active Directory brings in. For example, a self-service password reset. Thanks for watching so far, and I'll see you in the next lesson. So we learn about self-service password reset, an important feature of Azure Active Directory.
Microsoft Security SC-900 practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass SC-900 Microsoft Security, Compliance, and Identity Fundamentals certification exam dumps & practice test questions and answers are to help students.
Exam Comments * The most recent comment are on top
Purchase SC-900 Exam Training Products Individually
Why customers love us?
What do our customers say?
The resources provided for the Microsoft certification exam were exceptional. The exam dumps and video courses offered clear and concise explanations of each topic. I felt thoroughly prepared for the SC-900 test and passed with ease.
Studying for the Microsoft certification exam was a breeze with the comprehensive materials from this site. The detailed study guides and accurate exam dumps helped me understand every concept. I aced the SC-900 exam on my first try!
I was impressed with the quality of the SC-900 preparation materials for the Microsoft certification exam. The video courses were engaging, and the study guides covered all the essential topics. These resources made a significant difference in my study routine and overall performance. I went into the exam feeling confident and well-prepared.
The SC-900 materials for the Microsoft certification exam were invaluable. They provided detailed, concise explanations for each topic, helping me grasp the entire syllabus. After studying with these resources, I was able to tackle the final test questions confidently and successfully.
Thanks to the comprehensive study guides and video courses, I aced the SC-900 exam. The exam dumps were spot on and helped me understand the types of questions to expect. The certification exam was much less intimidating thanks to their excellent prep materials. So, I highly recommend their services for anyone preparing for this certification exam.
Achieving my Microsoft certification was a seamless experience. The detailed study guide and practice questions ensured I was fully prepared for SC-900. The customer support was responsive and helpful throughout my journey. Highly recommend their services for anyone preparing for their certification test.
I couldn't be happier with my certification results! The study materials were comprehensive and easy to understand, making my preparation for the SC-900 stress-free. Using these resources, I was able to pass my exam on the first attempt. They are a must-have for anyone serious about advancing their career.
The practice exams were incredibly helpful in familiarizing me with the actual test format. I felt confident and well-prepared going into my SC-900 certification exam. The support and guidance provided were top-notch. I couldn't have obtained my Microsoft certification without these amazing tools!
The materials provided for the SC-900 were comprehensive and very well-structured. The practice tests were particularly useful in building my confidence and understanding the exam format. After using these materials, I felt well-prepared and was able to solve all the questions on the final test with ease. Passing the certification exam was a huge relief! I feel much more competent in my role. Thank you!
The certification prep was excellent. The content was up-to-date and aligned perfectly with the exam requirements. I appreciated the clear explanations and real-world examples that made complex topics easier to grasp. I passed SC-900 successfully. It was a game-changer for my career in IT!