Get Started Free
Coming Soon

From Admin to Defender

You already manage a Microsoft 365 tenant. Now you have been told you are responsible for security too. This course bridges the gap — teaching you to secure, monitor, and protect the environment you already know, without starting from scratch with generic cybersecurity theory.

Get Notified When Available
YOU NOWM365 Admin CentreExchange OnlineEntra ID basicsIntuneSharePoint / Teams
<!-- Arrow -->
<path d="M185 160 L235 160" stroke="#E86A2A" stroke-width="2" marker-end="url(#arrow)"/>
<defs><marker id="arrow" markerWidth="8" markerHeight="8" refX="6" refY="4" orient="auto"><path d="M0 0 L8 4 L0 8" fill="#E86A2A"/></marker></defs>
<text x="210" y="148" fill="#E86A2A" font-family="sans-serif" font-size="9" font-weight="600" text-anchor="middle">THIS COURSE</text>
<!-- Right: Defender -->
<rect x="250" y="80" width="140" height="160" rx="8" fill="#112436" stroke="#059669" stroke-width="1"/>
<text x="320" y="110" fill="#059669" font-family="sans-serif" font-size="10" font-weight="600" text-anchor="middle" letter-spacing="1.5">YOU AFTER</text>
<text x="320" y="136" fill="#e2e8f0" font-family="sans-serif" font-size="11" text-anchor="middle">Defender portal</text>
<text x="320" y="158" fill="#e2e8f0" font-family="sans-serif" font-size="11" text-anchor="middle">Security policies</text>
<text x="320" y="180" fill="#e2e8f0" font-family="sans-serif" font-size="11" text-anchor="middle">Conditional access</text>
<text x="320" y="202" fill="#e2e8f0" font-family="sans-serif" font-size="11" text-anchor="middle">Incident response</text>
<text x="320" y="224" fill="#e2e8f0" font-family="sans-serif" font-size="11" text-anchor="middle">Security reporting</text>
</svg>
</div>
<div class="glance-card">
<h3>Overview</h3>
<p>This is not a generic "introduction to cybersecurity" course. Those already exist by the hundred, and most of them spend weeks on network fundamentals and firewall theory that have nothing to do with your actual job.</p>
<p>This course starts where you are: managing a Microsoft 365 tenant. You know how to create users, manage groups, configure Exchange Online, and deploy applications through Intune. What you do not know — yet — is how to secure that environment against the threats that target it every day.</p>
<p>Over 8–10 modules, you will learn to configure MFA and conditional access properly, set up email protection policies that actually stop phishing, understand what security alerts mean and what to do when one fires, and produce security reports that management can act on. By the end, you will be ready to move into the more advanced SC-200 Security Operations track if you choose to go deeper.</p>
</div>
<div class="glance-card">
<h3>Audience profile</h3>
<p>You are an IT administrator, helpdesk lead, or systems engineer who manages a Microsoft 365 environment. You might work in a small-to-medium business where "security" has been added to your title without any additional training. Or you might be in an MSP, managing multiple client tenants and trying to figure out which security settings actually matter.</p>
<p>You are comfortable with the M365 admin centre but the Defender portal feels overwhelming. You have heard of conditional access but are not sure how to configure it without locking everyone out. You want practical, step-by-step guidance — not another certification syllabus.</p>
<p><strong>Prerequisites:</strong> Experience managing an M365 tenant (creating users, managing Exchange Online, basic Entra ID familiarity). No security experience required.</p>
</div>
<div class="glance-card full-width">
<h3>Course syllabus</h3>
<div class="syllabus-phases">
<div class="syllabus-phase">
<h4>What you will cover</h4>
<p>The course is structured around the security tasks that matter most for an M365 environment, in the order you should tackle them:</p>
<div class="syllabus-topics">
<div class="topic-card">
<strong>Identity and access</strong>
<p>MFA enforcement, conditional access policies, security defaults, and Entra ID protection. The single most important security control in your environment.</p>
</div>
<div class="topic-card">
<strong>Email protection</strong>
<p>Anti-phishing policies, Safe Links, Safe Attachments, and email authentication (SPF, DKIM, DMARC). Practical setup, not theory.</p>
</div>
<div class="topic-card">
<strong>Device security</strong>
<p>Intune compliance policies, device enrolment, endpoint security baselines. Making sure devices that access your data meet your security standards.</p>
</div>
<div class="topic-card">
<strong>Data protection</strong>
<p>Sensitivity labels, DLP basics, and information barriers. Preventing sensitive data from leaving your organisation through email, Teams, or SharePoint.</p>
</div>
<div class="topic-card">
<strong>Security monitoring</strong>
<p>Understanding alerts in the Defender portal, basic triage, and knowing what to do when something looks wrong. Your first steps into security operations.</p>
</div>
<div class="topic-card">
<strong>Posture and governance</strong>
<p>Microsoft Secure Score, security baselines, and the governance policies your organisation needs. Includes guidance on reporting security posture to management.</p>
</div>
</div>
</div>
</div>
</div>
</div>

Expected outcomes

What you will be able to do

<div class="outcomes-detailed">
<div class="outcome-detail">
<div class="od-num">1</div>
<div class="od-content">
<h3>Configure identity protection that stops most attacks before they start</h3>
<p>Conditional access and MFA, properly configured, prevent the vast majority of account compromise. You will understand which policies to create, how to test them without disruption, and how to handle the exceptions that every organisation has.</p>
</div>
</div>
<div class="outcome-detail">
<div class="od-num">2</div>
<div class="od-content">
<h3>Set up email security that catches real phishing</h3>
<p>You will configure Defender for Office 365 policies, set up email authentication records, and understand how Safe Links and Safe Attachments work in practice — not just in Microsoft documentation.</p>
</div>
</div>
<div class="outcome-detail">
<div class="od-num">3</div>
<div class="od-content">
<h3>Respond appropriately when a security alert fires</h3>
<p>You will know the difference between a noisy false positive and a genuine incident. You will have a clear process for initial triage, know when to escalate, and understand what evidence to preserve.</p>
</div>
</div>
<div class="outcome-detail">
<div class="od-num">4</div>
<div class="od-content">
<h3>Report your security posture to management in terms they understand</h3>
<p>Secure Score, compliance reports, and security baselines — translated into business language. You will know what to measure, what to present, and how to justify the security improvements you need budget for.</p>
</div>
</div>
</div>

Time commitment

8–10 modules, roughly 20–30 hours of study. Most people complete it in 4–6 weeks at 4–5 hours per week. Each module is designed for a single sitting of 30–60 minutes.

Where it leads

This course is designed as a stepping stone. Once you are comfortable with the security fundamentals of your M365 environment, the SC-200 Security Operations track takes you into investigation, detection engineering, and advanced threat hunting.

This course is currently in development

Expected availability: mid-2026. Subscribe to be notified when it launches, or start with the free modules in our SC-200 track — Module 1 covers the security ecosystem overview that this course builds on.

Get Launch Notification Start SC-200 Module 1 — Free