Architecture Thinking

0.1 What this module covers

This module establishes the discipline. Seven sections covering three areas: what security architecture is and how it differs from configuration (Sections 0.1-0.2), the methods you'll use throughout the course — Architecture Decision Records and threat-informed design (Sections 0.3-0.4), and the environment — the Northgate Engineering scenario, your lab setup, and the architecture package structure you'll populate across fifteen modules (Sections 0.5-0.7).

By module end, you'll have the methodology (ADRs), the threat model lens (attacker-first design), the lab environment (developer tenant + Azure), and the package structure that every subsequent module adds to.

0.2 What you will learn

Section 0.1 — What security architecture actually is. The difference between configuring M365 security features and designing M365 security architecture. Three questions that change how you evaluate every setting in your tenant.

Section 0.2 — The M365 security stack as an architecture. Twelve security domains mapped by data flow and dependency — not as a product list. Identity feeds authentication, authentication feeds Conditional Access, CA consumes device trust, detection monitors what protection prevents.

Section 0.3 — Architecture Decision Records. The documentation methodology for every design decision. Context, decision, alternatives rejected, consequences, and the 30-second version for the CISO.

Section 0.4 — Threat-informed architecture. Design from the attacker's perspective. Map controls to specific ATT&CK techniques. Name the gaps as residual risk.

Section 0.5 — The Northgate Engineering scenario. The 810-person organization you'll architect security for. Every constraint real environments have — legacy applications, mixed licensing, executive exceptions, vendor demands.

Section 0.6 — Lab setup. M365 E5 developer tenant and Azure subscription. Cost managed under $25/month.

Section 0.7 — The architecture package. The deliverable structure: ADRs, decision matrices, risk register, compliance mapping, executive summary. You'll populate this across all fifteen modules.

The diagram below shows the four-stage architecture cycle this course teaches. The environment simulator lets you toggle architectural domains and see how each one contributes to the complete architecture.

0.3 Module structure

• Section 0.1 — What security architecture actually is
• Section 0.2 — The M365 security stack as an architecture
• Section 0.3 — Architecture Decision Records
• Section 0.4 — Threat-informed architecture
• Section 0.5 — The Northgate Engineering scenario
• Section 0.6 — Lab setup
• Section 0.7 — The architecture package
• Summary — Module summary

Go to Section 0.1 — What Security Architecture Actually Is to begin.