SC-300 Labs 23 & 24 | Terms of Use Policies & External User Lifecycle Management | 2026

Compliance, consent, and external user governance — three areas the SC-300 exam tests heavily and every Identity Administrator must master! In this combined Labs 23 & 24 walkthrough, you'll build and enforce a Terms of Use policy using Conditional Access, test the end-user consent experience, generate acceptance reports, and manage the full lifecycle of external guest users in Microsoft Entra Identity Governance — all in 2026.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ WHAT YOU'LL LEARN
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔷 LAB 23 – Terms of Use and Acceptance Reporting (20 mins)
☑ Task 1 – Create a Terms of Use policy (Contoso Terms of Use) with PDF upload
☑ Task 2 – Build a Conditional Access policy (Enforce ToU) targeting Adele Vance
☑ Task 3 – Log in as Adele and validate the ToU acceptance experience
☑ Task 4 – View accepted and declined reports and download consent audit logs
☑ Task 5 – Review how users view their accepted ToU via MyApps portal
☑ Task 6 – Edit Terms of Use details (name, display name, expand requirement)
☑ Task 7 – Update an existing ToU document and configure re-acceptance requirement

🔷 LAB 24 – External User Lifecycle Management (5 mins)
☑ Task 1 – Configure block sign-in for external users who lose access package assignments
☑ Task 2 – Enable automatic removal of guest accounts with configurable day threshold
☑ Understand the scope of entitlement management lifecycle vs manually invited guests

⏱ Lab 23 = 20 mins | Lab 24 = 5 mins | Total = ~25 mins
⚠️ WARNING: Do NOT assign the ToU Conditional Access policy to your Global Admin account — you risk being locked out of the portal!
⚠️ NOTE: Terms of Use may take a few minutes to appear after creation — log out and back in if the policy does not trigger immediately.
⚠️ NOTE: Consent on every device requires users to register each device with Microsoft Entra ID — keep this Off for lab purposes.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⏱️ TIMESTAMPS:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
00:00 - Introduction & Secure Infrastructure Scenario
07:54 - Hands-on Labs
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🎯 WHY THIS TOPIC IS EXAM-CRITICAL
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
- Terms of Use policies enforced via Conditional Access Grant controls are tested in identity governance and compliance scenarios
- Understanding ToU consent expiry, re-acceptance schedules, and duration settings is a frequent exam scenario topic
- The difference between Custom Policy, All Users, and All Guests ToU templates is a classic exam differentiator
- External user lifecycle settings — block sign-in and auto-remove after access package expiry — are tested under Entitlement Management
- Knowing what entitlement management WILL and WILL NOT automatically remove is a key exam detail
- Audit logs and acceptance reporting reflect real-world compliance and governance workflows tested

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📝 SC-300 EXAM TIPS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
💡 ToU policies are enforced via Conditional Access GRANT controls — not session controls
💡 Service accounts must be EXCLUDED from ToU Conditional Access policies — they do not support enforcement
💡 Declining a ToU does not permanently block access — the user is prompted again on next sign-in
💡 You can edit ToU name and display name but CANNOT modify the uploaded PDF — you must upload a new version
💡 Require re-accept toggle on document update = only new users or expired consents see the new version if toggled Off
💡 Entitlement management lifecycle settings ONLY apply to users invited through entitlement management — not all guests
💡 Setting removal days to 0 removes the guest account immediately upon losing their last access package assignment
💡 A blocked external user cannot re-request access packages — plan lifecycle settings carefully

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
👥 WHO IS THIS FOR?
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✔ SC-300 exam candidates
✔ Identity Governance administrators managing compliance and consent policies
✔ Security admins enforcing legal and regulatory ToU requirements
✔ B2B collaboration teams managing external guest user lifecycles

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔗 SERIES REFERENCE LINKS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📺 Full SC-300 Lab Series Playlist:
https://www.youtube.com/playlist?list=PL9BWcEhV1pxgdFcJPz60qRWg98qlX0iHV

📚 Microsoft Learn – SC-300 Certification:
https://learn.microsoft.com/en-us/credentials/certifications/identity-and-access-administrator/?ns-enrollment-type=Collection&ns-enrollment-id=31pnf6tmjyx6kr&practice-assessment-type=certification

💻 GitHub – SC-300 Lab Files:
https://github.com/MicrosoftLearning/SC-300-Identity-and-Access-Administrator/tree/master

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔔 SUBSCRIBE & STAY CERTIFIED!
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Found this helpful? Hit 👍 LIKE and 🔔 SUBSCRIBE for the full SC-300 lab series — every lab designed to get you hands-on ready and exam confident for 2026.

#SC300 #MicrosoftEntraID #IdentityGovernance #TermsOfUse #AzureCertification2026

Видео SC-300 Labs 23 & 24 | Terms of Use Policies & External User Lifecycle Management | 2026 канала CloudOps Insider