Secure access to resources by using Microsoft Entra
At a glance
-
Level
-
Skill
-
Product
-
Role
-
Subject
Controlling who can access what, and under what conditions, is one of the most consequential responsibilities in cloud security. A misconfigured authentication policy, an overprivileged account left unreviewed, or a poorly secured AI agent can each become the foothold an attacker needs to move laterally through your environment.
In this learning path, you build the skills to close those gaps. You start by designing and deploying secure authentication in Microsoft Entra ID, including configuring multifactor authentication. Next, you configure Conditional Access policies, passwordless options, and self-service password reset for hybrid environments. You then move into privileged access, where you implement Just-in-Time access for Microsoft Entra roles and Azure resources using Privileged Identity Management (PIM). Just-in-Time access eliminates standing permissions that create unnecessary risk. Finally, you apply these identity and access principles to a modern challenge: securing AI-powered applications and declarative agents that use API plugins to act on behalf of users.
By the end of this learning path, you have a practical, defense-in-depth approach to access security, spanning credential hardening, privileged access governance, and identity-aware AI application design.
Prerequisites
- Familiarity with Microsoft Entra ID concepts, including users, groups, and directory roles
- Understanding of Azure role-based access control (RBAC), including role assignments and the Azure scope hierarchy (management group, subscription, resource group, resource)
- Basic experience navigating the Azure portal and the Microsoft Entra admin center
- Familiarity with Zero Trust security principles, including least privilege and assume breach
- Awareness of Microsoft Entra ID P2 or Microsoft Entra ID Governance licensing requirements
Achievement Code
Would you like to request an achievement code?
Modules in this learning path
Learn to plan, deploy, and manage secure authentication in Microsoft Entra ID. This module covers authentication methods, MFA with Conditional Access, passwordless options, and self-service password reset.
Implement Just-in-Time privileged access using Privileged Identity Management (PIM) to reduce standing privilege across Microsoft Entra roles, Azure resources, and group-based access for cloud and AI environments.
When building apps for work, you typically integrate with secured APIs. Learn about the two common ways of how APIs are secured – API key and OAuth2, and how to integrate with them when building an API plugin for declarative agents that run in Microsoft 365 Copilot.