For IT administrators and helpdesk professionals managing M365 tenants
M365 Security: From Admin to Defender
Go from managing M365 to securing it — without starting from scratch.
Configure the security controls that protect your Microsoft 365 tenant against the attacks that target it every day. Set up multi-factor authentication and Conditional Access properly, deploy email protection that catches phishing, understand security alerts and what to do when they fire, and present your security posture to management in terms they can act on.
Text-based · Persistent labs on your own hardware · Entirely free — no account needed · Content last updated: May 2026
Overview
There are hundreds of introductory cybersecurity courses available. Most of them spend weeks teaching you about firewalls, network segmentation, and the OSI model. If your job is to secure a Microsoft 365 tenant, almost none of that is immediately useful.
M365 Security: From Admin to Defender starts where you are: managing an M365 environment. You already know how to create users, assign licenses, configure Exchange Online, and deploy applications through Intune. What you have not had the chance to learn is how to secure that environment against the phishing attacks, compromised accounts, and data leaks that target it every day.
Across multiple modules, you will learn to configure multi-factor authentication and conditional access properly (including handling the exceptions that every organization has), set up email protection that actually catches phishing, understand what security alerts mean and what to do when they fire, and present your security posture to management in terms they can act on.
Everything is specific to the Microsoft 365 environment. No theoretical detours. No padding. Just the security knowledge you need for the tenant you already manage.
Audience profile
IT administrators who have been given security responsibilities. You are the person who has been managing an M365 tenant for a year or two, and now your manager has asked you to "also handle security." You do not need to learn what a firewall is. You need to learn how to configure conditional access without locking out your CEO, and what to do when someone in finance clicks a phishing link.
Helpdesk team leads stepping up. You have been resetting passwords and managing devices, and you want to move into a role with more responsibility. Understanding M365 security is the most direct path from helpdesk to security operations for anyone already working in a Microsoft environment.
MSP technicians responsible for client security. You manage five or ten M365 tenants and you need a repeatable security baseline you can deploy across all of them. This course gives you the knowledge and the configurations to do that efficiently.
Prerequisites: Experience managing a Microsoft 365 tenant — creating users, managing Exchange Online, basic Entra ID familiarity. No security certifications or prior security experience required.
Anyone with a genuine interest in M365 security. Whether you are an IT administrator who has just been handed security responsibilities, a helpdesk professional looking to move into security, or someone exploring a career change into cybersecurity through a platform you already know — if you are willing to put in the work, this course is for you. Backgrounds vary. Motivation is what matters.
Course syllabus
8 modules across 3 phases — all completely free, no account required. Structured around the security tasks that matter most for an M365 environment in the order you should tackle them. Identity first, then email, then devices, then monitoring and response.
Free Phase 1 — Foundations
AD0Free Phase 2 — Protection
AD2Free Phase 3 — Operations
AD6Expected outcomes
What this produces
MFA, Conditional Access, email protection, security alerts, and posture reporting — configured and documented. The security foundation for your M365 tenant, built from "I manage M365 tenants" to "I own M365 security" — the bridge course that turns IT skills into a credible entry point for security operations and SC-200 track work.
What you will be able to do
Configure identity protection that prevents most account compromises
Conditional access and MFA, properly configured, stop the vast majority of credential-based attacks. You will understand which policies to create, how to roll them out without disrupting your users, and how to handle the inevitable exceptions (shared mailboxes, service accounts, the CEO who refuses to use an authenticator app).
Set up email security controls that catch real phishing
You will configure Defender for Office 365 policies, implement email authentication records that stop domain spoofing, and understand the practical difference between the protection levels — instead of just accepting the defaults and hoping for the best.
Respond sensibly when a security alert fires
The first time you see a high-severity alert in the Defender portal can be intimidating. You will have a clear process for initial triage, know when to escalate, understand what evidence to preserve, and be able to take initial containment steps with confidence.
Report your security posture in terms management understands
Secure Score numbers mean nothing to a finance director. You will learn to translate your security posture into business language: what risks exist, what controls are in place, what improvements are needed, and what they will cost. This is how you get budget approval for the changes you know are necessary.
Time commitment
Roughly 20 to 30 hours of estimated study time. Most people complete it over 4 to 6 weeks at about 5 hours per week. Each module is designed for a single sitting of 30 to 60 minutes.
Where this leads
This course is designed as a stepping stone. Once you are comfortable securing your M365 environment, the M365 Security Operations course takes you into investigation, detection engineering, and threat hunting — the skills that define a SOC analyst role. Many people who start here end up building a career in security operations.
What you get that you will not find elsewhere
This is not a security overview. Overview courses explain concepts. This course teaches IT administrators to configure the security controls they already have access to — conditional access, email authentication, DLP, audit logging — using the M365 admin tools they already know.
Designed for the transition. You are an IT administrator who has been told to "do more security." This course bridges that gap with practical, deployable configurations — not theory, not certifications, not tools you do not have.
Where this course fits
This is the entry point. After completing Admin to Defender, you are ready for any Premium course — Entra ID Security for deep identity architecture, M365 Security Operations for SOC skills, or Detection Engineering for rule building.
100% free. No account required. No subscription needed.
Support and community
Questions about course content: training@ridgelinecyber.com
LinkedIn: Follow Ridgeline Cyber for operational security content and course updates
Version and changelog
Current version: 2.0 | Last updated: April 2026
April 2026 — v2.0: Inclusive audience statement added. Course page redesigned. All 8 modules at full content standard compliance. 227,000 words across 8 modules.
2026 — v1.0: Course launch. 8 free modules (AD0-AD7) across 3 phases covering identity, email, devices, data, monitoring, incident response, and governance.
This course is actively maintained and updated as the Microsoft 365 security platform evolves.
Start learning now — free, no account needed
All 8 modules are completely free. No account, no credit card, no signup. 227,000 words of practical M365 security training covering identity, email, devices, data, monitoring, incident response, and governance. Start at Module 0 and work through at your own pace.