Identity and Access Management in Microsoft 365

From administration to governance

Most identity training teaches you how to configure features. This course teaches you how to operate a program. The difference matters when the auditor arrives, the developer leaves, or the AI agent accumulates permissions nobody approved.

Every module follows the same four-stage cycle: Design the governance solution with real-world constraints — incomplete HR data, E3 licensing gaps, managers who rubber-stamp access reviews. Implement in your own M365 tenant — portal first, then PowerShell and Graph API. Govern by establishing the recurring cadences that keep the program running after the initial build. Validate that the governance control actually works — if a lifecycle workflow fails silently, you find out in your lab, not during an audit.

Configuration is a project. Governance is an operation. This course builds the operation.

Who this course is for

M365 administrators ready to move beyond ad-hoc identity management — you create users, assign licenses, and reset passwords, but provisioning is manual, access reviews are spreadsheets, and nobody knows what 200+ app registrations in your tenant actually do.

Security engineers who need the governance layer — you can configure Conditional Access and PIM, but the organization still has stale accounts, departed developers' applications running on old credentials, and no evidence that access is actually governed.

IT managers and security leads who answer to auditors — you get findings about over-provisioned access and can't produce the evidence to close them. You need the framework, the cadences, and the compliance documentation.

Identity engineers who want to formalize what they do — provisioning is ad-hoc, movers keep old access, leavers have residual permissions, and the organization has no visibility into the non-human identities accumulating in the tenant.

Anyone with a genuine interest in identity and access management. Whatever your background — early career, transitioning from another domain, or expanding your skill set — if the subject interests you and you're willing to do the work, this course is for you. Backgrounds vary. Motivation is what matters.

Course at a glance

Modules: 17 (14 content + 1 capstone + 2 reference)

Phases: 6 (Foundations → User Identities → Authentication + Access → Apps + Workload Identities → Privileged Access → Governance + Lifecycle)

Estimated study time: 36–40 hours

ADRs produced: 20+

Decision matrices: 5+

Risk register entries: 15+

Reusable scripts: 50+ PowerShell and Graph API scripts

CPE credits: 40

Free modules: IAM0 + IAM1 (no account required)

Lab: M365 E5 developer tenant + Entra ID Governance trial (yours to keep)

Typical pace: ~5-10 weeks at 5 hrs/week

Built by Ridgeline Cyber

Ridgeline Cyber Defence builds security operations training grounded in operational experience. The team behind this course runs CSOC operations, manages Entra ID environments, and builds identity governance programs for production tenants.

This course isn't SC-300 study material repackaged as training. It's based on the IAM programs we build and operate — the same orphaned service principals, the same "Approve All" access review problem, the same HR systems that don't populate the attributes lifecycle workflows depend on. Every anti-pattern box comes from real assessment findings. Every decision matrix comes from real governance projects.

The course is text-based. No videos, no live sessions, no cohorts. You work at your own pace, on your own schedule, with content you can search, reference, and return to. The format is deliberate — identity governance is a reading and doing discipline, not a watching discipline.

The outcome

You start with identity as an administrative function — manual provisioning, ad-hoc access, ungoverned service principals, and a scramble every time an auditor asks for evidence. You finish with identity as a governed program:

New hires get the right access on day one. Leavers lose it completely on their last day. Movers get adjusted access automatically when their role changes. No tickets, no delays, no residual permissions.

Every identity has an owner. Human accounts have managers. Service principals have application owners. AI agents have sponsors. Orphaned identities are detected and escalated before they become attack paths.

Access reviews find real problems. Not 100% approval rates in under 60 seconds. Scoped reviews with context, targeted reviewers, automated remediation, and evidence that the certification actually evaluated whether access is still needed.

Compliance evidence exists before the auditor asks. ISO 27001, SOC 2, NIST CSF, Cyber Essentials — the controls are mapped, the evidence is automated, and the package is ready.

Every decision is documented and defensible. 20+ ADRs with context, alternatives, consequences, and residual risk. The documentation your CISO presents to the board and your successor uses to understand why things are the way they are.

At $289/year, this is less than a single day of instructor-led training — for a complete IAM program you work through at your own pace and reference permanently.

Where this course fits

This course implements and operates the identity domain. Other Ridgeline courses design or investigate around it:

M365 Security Architecture designs the architecture. IAM implements and operates the identity domain in depth.

Entra ID Security teaches identity threat detection. IAM teaches identity governance. Phase 3 overlaps intentionally — IAM teaches authentication and CA from a governance perspective, EI from a threat perspective.

Practical IR investigates when identity governance fails. IAM reduces the attack surface that IR responds to.

Detection Engineering writes detection rules. IAM M13 creates identity-specific detection rules for governance operations.

Admin to Defender (free) covers M365 basics. IAM assumes this level or teaches inline.

Conditional Access (skill) covers 7 subs. IAM5 covers 14 subs with full governance context.

Learner ladder: Admin to Defender (basics) → M365 Security Architecture (design layer) → Identity and Access Management (identity operations layer) → Entra ID Security (detection layer) → Practical IR (investigation layer)

Support and community

Questions about course content: training@ridgelinecyber.com

Billing and account management: Self-service via your account page or training@ridgelinecyber.com

LinkedIn: Follow Ridgeline Cyber for operational security content and course updates

X: @RidgelineCyber

Usage rights and disclaimer

Course materials: Licensed for individual professional development. You may deploy configurations, governance frameworks, scripts, and policies from this course in your organization's production environment. You may not redistribute course content, share account credentials, or republish course materials.

Governance configurations: All PowerShell commands, Graph API queries, lifecycle workflows, access review configurations, and entitlement management packages are provided as-is for deployment in your environment. Test every configuration in a non-production tenant before deploying to production. Identity governance controls have organizational impact — validate scope and remediation actions before enforcement. Ridgeline Cyber Defence is not responsible for operational impact from deployed configurations.

Scenarios: All example data uses the Northgate Engineering fictional environment. Any resemblance to real organizations, incidents, or individuals is coincidental.