SC-300
The Hybrid Identity Crisis
Northwind operates a hybrid identity environment: 4,000 users are synchronised from on-premises Windows Server Active Directory to Entra ID via Entra Connect (Password Hash Synchronisation). The IT helpdesk handles 300 password reset calls per month at £15 each. The CISO has mandated: (1) Enable SSPR (Self-Service Password Reset) for all users within 30 days. (2) When a user resets their cloud password, it must ALSO update their on-premises AD password (password writeback). (3) The Entra Connect server is a single server with no redundancy — fix this. (4) A review found that users can currently sign in with passwords that haven't been changed in 3+ years.
STEP 1 OF 5 — FREE PREVIEW
SSPR requires users to pre-register authentication methods before they can self-serve a reset. With 4,000 users, you need a registration strategy. Describe: (a) which authentication methods you would enable (and which you would NOT), (b) how you drive registration without making it mandatory immediately, and (c) what the minimum required number of authentication methods per user should be.
🔒
Steps 2–5 require purchase
One-time purchase — lifetime access to all 5 SC-300 labs
Sign in to purchase