For identity governance there are three main areas that you want to focus on and each one of these areas plays a critical role in securing access and managing risk.
The first thing we have is conditional access. You’ll want to understand how to configure policies that enforce multifactor authentication, block access from specific geographic regions, and allow access only for managed devices or approved clients.
These are examples of things that you’ll definitely want to know. Keep in mind that these controls help you ensure that only trusted users and devices can access these resources.
A few key considerations when using Conditional Access:
- MFA for more granular control
- Access prevention for specific geographic areas
- Access only from managed devices and only from approved client apps
Next take a closer look at identity protection. Keep in mind that this is where risk based policies come in to play. Know how to set thresholds like requiring actions when a user’s risk level is high or when a sign in risk is medium or above. And understand those various levels.
Also be familiar with how to investigate and respond to these risks using the Azure portal. Now this is going to be one of those key things to identify threats and risks within your organization.
A few key considerations when using Identity Protection:
- “High” threshold for user risk policy
- “Medium and above” threshold for sign-in risk policy.
- Risk investigation in the Azure portal
Design for identity protection
And finally study how to design an effective access review plan. You’ll need to identify which resources should be reviewed, determine what automatic actions should be taken for users who no longer need access, and choose the right reviewers whether it’s the resource owner or someone else.
A few key considerations when designing Access Review Plan
- Resources to be reviewed
- Automatic action for resources
- Reviewer background
These are three areas: conditional access, identity protection, and access reviews, which can work together to secure your environment. And understanding how to configure these and apply these is going to be essential for passing your exam.