Looking for security documentation and consultancy? Visit ridgelinecyber.com
Sign In

Module 0: AD0 — The M365 Security Landscape

4-5 hours · Free tier

The M365 Security Landscape

Someone decided you’re responsible for security. Maybe it was your manager, maybe it was the CEO after reading a news article about a breach, maybe it was nobody — the responsibility just drifted to you because you’re the person who manages the M365 tenant. Either way, you’re now expected to secure an environment you’ve been administering, and the gap between “managing M365” and “securing M365” is wider than anyone who made that decision understands.

This module closes the first part of that gap. You’ll learn what attackers actually target in M365 environments (it’s not what most people think), discover what security tools are already included in your license and sitting unused, understand the difference between security defaults and conditional access, navigate the five admin portals you’ll use daily for security work, read your first security alert without panicking, and build the assessment framework that tells you where your environment stands today.

The goal is not to make you a SOC analyst. It’s to make you an IT administrator who understands the security posture of the environment you manage, can configure the most impactful protections, and knows what to do when something goes wrong — because eventually, something will.

What you will learn

  • The reality of security ownership for IT administrators — what you’re responsible for and what you’re not
  • The three attack surfaces attackers target in every M365 tenant: identity, email, and data
  • What security tools are included in your M365 license and which ones are configured by default
  • The difference between security defaults and conditional access, and when to graduate between them
  • How to navigate the M365 Admin Center, Entra Admin Center, Defender portal, Purview, and Intune for security tasks
  • How to read security alerts in the Defender portal and understand what they mean
  • What Secure Score measures, what it doesn’t, and which recommendations are worth acting on first
  • The security improvement sequence: identity first, email second, devices third, monitoring fourth

Subsections

AD0.1 You’re the Security Team Now · AD0.2 What Attackers Target in M365 · AD0.3 The M365 Security Stack You Already Have · AD0.4 Security Defaults vs Conditional Access · AD0.5 The Admin Centers That Matter · AD0.6 Reading Security Alerts for the First Time · AD0.7 Secure Score: What It Means and What It Doesn’t · AD0.8 The NE Starting Point · AD0.9 The Security Improvement Sequence · AD0.10 What This Course Covers and What It Doesn’t · AD0.11 Interactive Lab: Security Posture Assessment · AD0.12 Module Summary · AD0.13 Check My Knowledge

Sections in this module

AD0.1 You're the Security Team Now

AD0.2 What Attackers Target in M365

AD0.3 The M365 Security Stack You Already Have

AD0.4 Security Defaults vs Conditional Access

AD0.5 The Admin Centers That Matter

AD0.6 Reading Security Alerts for the First Time

AD0.7 Secure Score: What It Means and What It Doesn't

AD0.8 The NE Starting Point

AD0.9 The Security Improvement Sequence

AD0.10 What This Course Covers and What It Doesn't

AD0.11 Interactive Lab: Security Posture Assessment

AD0.12 Module Summary

AD0.13 Check My Knowledge

Start: AD0.1 You're the Security Team Now →