Microsoft 365 Identity Security Engineering

Master Microsoft 365 Identity Security Engineering

Build and engineer resilient identity systems that stop real attacks at the source. Design, implement, and operationalise secure identity controls using Microsoft Entra ID; including Conditional Access, Privileged Identity Management, Identity Protection, and Zero Trust strategies; to block account takeover, MFA fatigue, token theft, and advanced identity threats.

View Pricing Download Lab Pack Take End of Course Exam → 40 CPE Credits

What you'll be able to do

Design and implement enterprise-grade Conditional Access policies that adapt to risk in real time
Engineer and operationalise Privileged Identity Management (PIM), Identity Governance, and automated lifecycle workflows
Build and tune identity threat detection using Microsoft Entra ID Protection and Defender for Identity
Implement Zero Trust identity controls that eliminate standing privileges and block token theft, MFA fatigue, and account takeover
Investigate and respond to identity attacks with speed and precision
Measure, monitor, and continuously harden your organisation's identity security posture
What students say about this course

“Spent a ton of time digging into Entra sign-in logs and looking at how token theft actually works in the real world; the Entra ID Security training was very helpful for this. Thankfully, not another 'turn on MFA' lecture. The course was very helpful in learning how to properly audit your environment.”

Hanna
ARC401 | Premium tier | 19 modules across 4 phases | 36–40 hours at your own pace | 40 CPE credits | 5 free preview lessons, no account needed | Updated June 2026
Course Agenda View all 21 modules

Course overview

The Microsoft 365 Identity Security Engineering course is built specifically for Security Engineers, Identity Architects, and Microsoft 365 Administrators who design identity controls that stop real attacks. You'll gain hands-on engineering expertise to:

Architect and implement robust, risk-based Conditional Access and adaptive authentication policies
Deploy and operationalise Privileged Identity Management (PIM), Identity Governance, and Just-In-Time access
Detect, investigate, and respond to identity threats using Entra ID Protection and Defender for Identity
Engineer Zero Trust identity architectures across cloud, hybrid, and on-prem environments

By the end, you'll have the advanced engineering skills and mindset to own and harden your organisation's entire identity infrastructure; dramatically reducing identity-based risk and preventing breaches before they happen.

Who this course is for

You're a Security Engineer, Identity Architect, or Microsoft 365 Administrator responsible for designing identity controls that stop real attacks. This course is built for you if you want to:

Move from basic Entra ID administration to true Microsoft 365 Identity Security Engineering
Master advanced identity controls and Zero Trust strategies that actually work against modern threats
Gain deep engineering skills in Conditional Access, PIM, Identity Protection, and threat response
Become the expert who owns and defends the identity layer across the organisation

In short: if you're ready to engineer identity systems that attackers cannot easily bypass, this course is for you.

What you'll learn

By the end of this Microsoft 365 Identity Security Engineering course you will be able to:

Architect and implement risk-based Conditional Access and adaptive authentication at scale
Design, deploy, and operationalise Privileged Identity Management (PIM) and Identity Governance
Configure and tune Microsoft Entra ID Protection for proactive threat detection
Integrate Defender for Identity to hunt and respond to identity-based attacks
Engineer Zero Trust identity architectures across Microsoft 365, hybrid, and on-prem environments
Measure and continuously improve identity security posture with engineering-driven metrics

Key course takeaways

Engineer production-grade identity security controls that significantly reduce real-world attack surface
Master Conditional Access, PIM, Identity Governance, and Identity Protection in depth
Build automated, resilient Zero Trust identity workflows organisations can rely on
Rapidly detect, investigate, and neutralise identity threats before they escalate
Transform identity from a vulnerability into a strong security control layer
Become the Identity Security Engineer who organisations trust to protect their most critical asset

Lab Pack, Microsoft 365 Identity Security Engineering Toolkit

Downloadable lab pack with realistic identity evidence, deployable Conditional Access policies, detection rules, PIM configurations, and the complete governance framework for a production identity security program. Two PowerShell generators produce ~130 individual files covering every module in the course.

Identity evidence (~2,000+ entries across 6 tables): SigninLogs (14 days + AiTM, password spray, MFA fatigue, impossible travel), AuditLogs (admin activity + inbox rules, OAuth consent, GA role assignment, CA policy disable), NonInteractiveSignInLogs (token refresh + AiTM replay), ServicePrincipalSignInLogs (5 SPs + external auth), IdentityInfo (15 user records), RiskDetections (5 identity risk events).

Conditional Access (12 policies + validation): CA001–CA012 as individual JSON exports. 7 KQL validation queries. 6 What-If scenarios with expected outcomes.

Detection rules (30 files): 15 KQL rules + 15 Sigma equivalents covering AiTM token replay, password spray, MFA fatigue, impossible travel, inbox forwarding, GA assignment outside PIM, CA policy modification, OAuth consent to unverified publisher, and more.

Operational artifacts (~70 files): PIM role configs, Identity Protection risk policies, application security inventory, workload identity inventory, governance templates, monitoring runbooks, backup/recovery checklists, architecture templates, compliance mappings (ISO 27001, NIST CSF), and 3 capstone design challenges.

Microsoft 365 Identity Security Engineering Lab Pack
~130 files · 6 identity tables · 12 CA policies · 30 detection rules · PIM + governance + monitoring
Download Lab Pack (.zip)

Things you need to know

What are the prerequisites for this course?

There are no prerequisites. The course teaches identity security engineering from first principles. Familiarity with Entra ID and the Microsoft 365 admin center will help you move faster through the early modules, but neither is required. Every concept is explained at first use.

What are the device requirements?

A device with a modern browser. Access to a Microsoft 365 E5 developer tenant (free from Microsoft) for hands-on Conditional Access, PIM, and Identity Protection configuration. The course walks you through tenant setup in Module 0.

How will the course benefit your career?

Identity is the primary attack surface in modern environments. Organisations need engineers who can design Conditional Access architectures against real attack patterns, not just enable MFA and pass a compliance check. This course gives you the skills to engineer identity controls, build detection rules, and operationalise privileged access governance.

The demand for identity security engineers continues to grow as organisations face increasingly sophisticated identity-based attacks including AiTM phishing, token theft, and MFA fatigue.

Usage rights and disclaimer

Course materials: Licensed for individual professional development. You may deploy scripts, queries, detection rules, and policies in your production environment. You may not redistribute course content or share account credentials.

Identity configurations: All Conditional Access policies, PIM configurations, and detection rules are provided as-is. Test every configuration in report-only mode before enforcement. Ridgeline Cyber Defence is not responsible for operational impact from deployed configurations.

Fictional environment: All scenarios use Northgate Engineering. Any resemblance to real organizations is coincidental.

Version and changelog

Current version: 2.1  |  Last updated: June 2026

June 2026, v2.1: Course renamed to Microsoft 365 Identity Security Engineering.

June 2026, v2.0: Course renamed to Microsoft 365 Identity Security Engineering. Course page restructured. Lab pack with ~130 identity security artifacts.

2026, v1.0: Course launch. 19 modules across 4 phases. Defense Design Method across all modules.

This course is actively maintained. Content is updated as the Entra ID platform and identity threat landscape evolve.

COURSE ASSESSMENT

End of Course Exam

Complete the course, then prove your skills under time pressure. Pass mark: 70. Earn your certificate with CPE credits.

40minutes
3phases
100points
2scenarios
Take End of Course Exam

Requires 80% course completion. One random scenario per attempt. Certificate issued on pass.