In this section

Interactive Lab: Email Protection Deployment

5-6 hours · Module 2 · Free

Interactive Lab: Email Protection Deployment

This lab uses the alert simulator to walk you through deploying email protection for Northgate Engineering. You'll configure Safe Links, Safe Attachments, and anti-phishing policies, then investigate a reported phishing email using message trace and URL trace data — classifying the threat, scoping the impact, and executing containment.

What you practised

This lab tested your ability to configure email protection policies with the correct settings, investigate a phishing report using the 15-minute procedure, determine blast radius (how many users received the email and how many clicked), and execute containment (purge + block + credential compromise check). The key judgment was prioritizing active credential compromise over mailbox remediation — contain the compromised account first, then clean up the email.

Connection to Module AD3

With identity and email secured, the next module addresses the device layer. You'll build Intune compliance policies that ensure only healthy, managed devices can access your M365 data — closing the gap that AiTM token replay attacks exploit when the attacker authenticates from an unmanaged device.

Unlock the Full Course See Full Course Agenda

Get weekly detection and investigation techniques

KQL queries, detection rules, and investigation methods — the same depth as this course, delivered every Tuesday.

No spam. Unsubscribe anytime. ~2,000 security practitioners.

← Previous Next →