Looking for security documentation and consultancy? Visit ridgelinecyber.com
Sign In

Module 1: AD1 — Securing Identities in Entra ID

5-6 hours · Free tier

Securing Identities in Entra ID

If you do one thing to secure your M365 environment, make it this module. Identity is the perimeter. Over 80% of breaches that hit M365 tenants start with a compromised account — a password that was phished, sprayed, stuffed from a breach database, or simply guessed because someone used their daughter’s name followed by the year. No firewall, no email filter, no endpoint agent helps when the attacker has a valid username and password. MFA is the single control that stops the majority of these attacks, and conditional access is the policy engine that enforces it consistently.

This module teaches you to deploy MFA and conditional access from the IT administrator’s perspective — not the security engineer’s. That means dealing with the real-world problems that security training usually ignores: the CEO who refuses MFA on their phone, the conference room account that can’t authenticate interactively, the service account that breaks when you enforce conditional access, and the user who calls the helpdesk because they got a new phone and can’t log in. You’ll build three conditional access policies that cover 90% of the identity attack surface, configure self-service password reset to reduce both helpdesk tickets and security risk, enable risk-based protection that responds to threats automatically, and learn the step-by-step procedure for containing a compromised account — because eventually, someone in your organisation will click a phishing link and enter their credentials.

What you will learn

  • Why identity is the most critical security control in any M365 environment
  • What MFA protects against — and the attacks it does NOT stop (AiTM, token theft, MFA fatigue)
  • How to deploy MFA without locking out users, breaking workflows, or generating helpdesk chaos
  • Three conditional access policies that cover the majority of identity attacks
  • How to handle MFA exceptions for executives, service accounts, and shared resources without creating gaps
  • Self-service password reset configuration with on-premises writeback
  • Entra ID Protection risk-based policies and what risk levels actually mean
  • How to read sign-in logs and identify compromised accounts
  • The 15-minute emergency procedure for a compromised account
  • How to report identity security posture to management in terms they understand

Subsections

AD1.1 Why Identity Is the Perimeter · AD1.2 MFA: What It Actually Protects Against · AD1.3 Deploying MFA Without Breaking Everything · AD1.4 Conditional Access: Your First Three Policies · AD1.5 Handling MFA Exceptions Without Creating Gaps · AD1.6 Self-Service Password Reset · AD1.7 Entra ID Protection: Risk-Based Policies · AD1.8 Monitoring Sign-In Activity · AD1.9 Emergency Response: Compromised Account · AD1.10 Reporting Identity Security to Management · AD1.11 Interactive Lab: MFA and CA Deployment · AD1.12 Module Summary · AD1.13 Check My Knowledge

Sections in this module

AD1.1 Why Identity Is the Perimeter

AD1.2 MFA: What It Actually Protects Against

AD1.3 Deploying MFA Without Breaking Everything

AD1.4 Conditional Access: Your First Three Policies

AD1.5 Handling MFA Exceptions Without Creating Gaps

AD1.6 Self-Service Password Reset

AD1.7 Entra ID Protection: Risk-Based Policies

AD1.8 Monitoring Sign-In Activity

AD1.9 Emergency Response: Compromised Account

AD1.10 Reporting Identity Security to Management

AD1.11 Interactive Lab: MFA and CA Deployment

AD1.12 Module Summary

AD1.13 Check My Knowledge

Start: AD1.1 Why Identity Is the Perimeter →