2. Design Identity and Security (25-30%)

2.1 Design authentication

recommend a solution for single-sign on

recommend a solution for authentication

recommend a solution for Conditional Access, including multi-factor authentication

recommend a solution for network access authentication

recommend a solution for a hybrid identity including Azure AD Connect, Azure AD Connect cloud sync and Azure AD Connect Health

recommend a solution for user self-service

recommend and implement a solution for B2B integration

2.3 Design authorization

choose an authorization approach

recommend a hierarchical structure that includes management groups, subscriptions and resource groups

recommend an access management solution including RBAC policies, access reviews, role assignments, Privileged Identity Management (PIM), Azure AD Identity Protection, Just In Time (JIT) access

2.4 Design governance

recommend a strategy for tagging

recommend a solution for using Azure Policy

recommend a solution for using Azure Blueprints

recommend a solution that leverages Azure Resource Graph

2.5 Design security for applications

recommend a solution that includes Key Vault

recommend a solution that includes Managed Identities

recommend a solution for integrating applications into Azure AD