Sign In
In this module

AD2.11 Interactive Lab: Email Protection Deployment

5-6 hours · Module 2 · Free

Interactive Lab: Email Protection Deployment

This lab uses the alert simulator to walk you through deploying email protection for Northgate Engineering. You'll configure Safe Links, Safe Attachments, and anti-phishing policies, then investigate a reported phishing email using message trace and URL trace data — classifying the threat, scoping the impact, and executing containment.

What you practised

This lab tested your ability to configure email protection policies with the correct settings, investigate a phishing report using the 15-minute procedure, determine blast radius (how many users received the email and how many clicked), and execute containment (purge + block + credential compromise check). The key judgment was prioritising active credential compromise over mailbox remediation — contain the compromised account first, then clean up the email.

Connection to Module AD3

With identity and email secured, the next module addresses the device layer. You'll build Intune compliance policies that ensure only healthy, managed devices can access your M365 data — closing the gap that AiTM token replay attacks exploit when the attacker authenticates from an unmanaged device.

© 2026 Ridgeline Cyber Defence™ Ltd. Content may not be reproduced or redistributed. Worked artifacts may be adapted for use within your organization.

You're reading the free modules of M365 Security: From Admin to Defender

The full course continues with advanced topics, production detection rules, worked investigation scenarios, and deployable artifacts.

View Pricing See Full Syllabus
← Previous Next →