Looking for security documentation and consultancy? Visit ridgelinecyber.com
Sign In

AD1.11 Interactive Lab: MFA and CA Deployment

5-6 hours · Module 1 · Free

Interactive Lab: MFA and Conditional Access Deployment

This lab uses the investigation engine to walk you through deploying MFA and conditional access for Northgate Engineering. You’ll make deployment decisions at each stage — creating break-glass accounts, building conditional access policies, handling exceptions, responding to a compromised account alert, and writing the first notification to management.

What you practised

This lab tested your ability to execute the complete identity security deployment: break-glass account creation, conditional access policy configuration (MFA, legacy auth blocking, device compliance in report-only), exception handling for shared accounts and executives, compromised account response (the 15-minute procedure), and management reporting. The key judgment calls were sequencing (what to deploy first), exception handling (how to handle the CEO’s MFA refusal without creating a gap), and response speed (contain before investigate).

Connection to Module AD2

With identity secured, the next module addresses the delivery mechanism: email. You’ll configure Defender for Office 365 Safe Links and Safe Attachments, set up email authentication (SPF, DKIM, DMARC), and tune anti-phishing policies to catch the sophisticated phishing that basic EOP filtering misses.

© 2026 Ridgeline Cyber Defence™ Ltd. Content may not be reproduced or redistributed. Worked artifacts may be adapted for use within your organization.

You're reading the free modules of M365 Security: From Admin to Defender

The full course continues with advanced topics, production detection rules, worked investigation scenarios, and deployable artifacts. Premium subscribers get access to all courses.

View Pricing See Full Syllabus
← Previous Next →