Microsoft Identity and Access Management Solutions

Introduction

This lab explores core components of Microsoftโ€™s identity and access management solutions, including Microsoft Entra ID (formerly Azure AD), Self-Service Password Reset (SSPR), Conditional Access, and Privileged Identity Management (PIM). Through hands-on tasks, I configured user settings, enabled audit logging, enforced access policies, and managed privileged roles to strengthen cloud security posture.

Objectives

  • Configure Microsoft Entra ID user settings and roles
  • Enable Microsoft 365 audit logging and file monitoring
  • Implement Self-Service Password Reset (SSPR)
  • Create Conditional Access policies
  • Manage privileged roles using PIM

Prerequisites

  • Azure subscription with admin access
  • Skillable lab environment
  • Familiarity with Microsoft 365 and Azure Portal

Walkthrough

Task 1: Sign In to Microsoft Entra Admin Center

  • Accessed the Microsoft Entra admin portal
  • Verified tenant and user access
    ๐Ÿ“ธ Screenshot: entra-signin.png โ€“ Admin sign-in to Microsoft Entra
    Sign In

Task 2: Explore User Settings

  • Navigated to Users > All Users
  • Reviewed user roles and authentication methods
  • Modified settings for selected accounts
    ๐Ÿ“ธ Screenshot: entra-user-settings.png โ€“ Viewing user settings
    User Settings

Task 3: Enable Microsoft 365 Audit Logging

  • Opened Microsoft 365 Defender > Audit
  • Verified audit logging was already enabled
  • Enabled file monitoring for compliance
    ๐Ÿ“ธ Screenshot: audit-log-enabled.png โ€“ Audit log status
    Audit Log

๐Ÿ“ธ Screenshot: file-monitoring-enabled.png โ€“ File monitoring enabled
File Monitoring

Task 4: Configure Self-Service Password Reset (SSPR)

  • Accessed Password Reset > Properties
  • Enabled SSPR for all users
  • Defined authentication methods (email, phone)
    ๐Ÿ“ธ Screenshot: sspr-properties.png โ€“ SSPR configuration
    SSPR Properties

Task 5: Test SSPR Functionality

  • Simulated password reset from user portal
  • Verified multi-factor authentication prompts
  • Confirmed successful password change
    ๐Ÿ“ธ Screenshot: sspr-reset-process.png โ€“ Reset process flow
    SSPR Reset

Task 6: Create Conditional Access Policy

  • Navigated to Security > Conditional Access
  • Created policy targeting risky sign-ins
  • Required MFA for access to sensitive apps
    ๐Ÿ“ธ Screenshot: conditional-access-policy.png โ€“ Policy creation
    Conditional Access

Task 7: Assign Conditions and Controls

  • Selected user group and cloud apps
  • Applied sign-in risk condition
  • Enabled control: Require MFA
    ๐Ÿ“ธ Screenshot: conditional-access-controls.png โ€“ Assigning controls
    Access Controls

Task 8: Test Conditional Access Enforcement

  • Attempted sign-in from unmanaged device
  • Triggered MFA prompt
  • Verified access was granted only after compliance
    ๐Ÿ“ธ Screenshot: conditional-access-test.png โ€“ Policy enforcement test
    Policy Test

Task 9: Explore Privileged Identity Management (PIM)

  • Accessed Microsoft Entra > PIM
  • Reviewed eligible and active roles
  • Assigned just-in-time access to Global Administrator
    ๐Ÿ“ธ Screenshot: pim-dashboard.png โ€“ PIM dashboard overview
    PIM Dashboard

Task 10: Activate Role and Review Audit Logs

  • Activated Global Admin role for limited duration
  • Verified approval workflow
  • Reviewed audit logs for role activation
    ๐Ÿ“ธ Screenshot: pim-role-activation.png โ€“ Role activation flow
    Role Activation

๐Ÿ“ธ Screenshot: pim-audit-log.png โ€“ Audit log review
Audit Log