Sign In
In this section

Module Summary

5 hours · Module 0 · Free

Module Summary

Module MSA0 established the foundations of security architecture thinking — the discipline, the methodology, the environment, and the tools you'll use across fifteen modules.

Security architecture vs configuration (Section 0.1). Configuration answers "what is turned on." Architecture answers "why this design, what was rejected, what risk remains." The course teaches the second — the documented reasoning that makes every security decision defensible.

The M365 security stack as an architecture (Section 0.2). Twelve security domains connected by data flows and signal dependencies. Identity feeds authentication. Authentication feeds Conditional Access. CA consumes device trust from Intune. Detection monitors what protection prevents. The connections are the architecture.

Architecture Decision Records (Section 0.3). The documentation methodology for every design decision. Context, decision, alternatives rejected, consequences, and the 30-second version for the CISO. By course end, you have thirty or more ADRs.

Threat-informed architecture (Section 0.4). Design from the attacker's perspective, not from a best-practice checklist. Map controls to specific techniques. Name the gaps as residual risk. An architecture designed without a threat model protects against theoretical attacks.

Northgate Engineering (Section 0.5). The 810-person organization you'll architect security for throughout the course — with every constraint real environments have. Legacy applications, mixed licensing, executive exceptions, vendor demands.

Lab environment (Section 0.6). M365 E5 developer tenant and Azure subscription configured. Cost managed under $25/month. The architecture you design is the architecture you implement.

Architecture package (Section 0.7). The deliverable structure: ADRs, decision matrices, risk register, compliance mapping, and executive summary. Populated across fifteen modules.

What you built in the free modules

Across MSA0 and MSA1, you've built the foundation the rest of the course depends on.

The methodology. You know how to think about security architecture — not as a list of settings but as a set of connected decisions with documented reasoning. You know how to write ADRs. You know how to design from the attacker's perspective.

The identity layer. MSA1 designed the identity architecture — tenant decisions, identity type governance, hybrid identity, administrative boundaries, lifecycle automation, naming conventions, and group architecture. Every security control from MSA2 onward operates on this identity layer.

The environment. Your developer tenant is configured. Your architecture package structure is established. Your baseline assessment is complete. The lab is ready for MSA2.

What happens next

The architecture starts in MSA2

Phase 1 continues — Authentication + Conditional Access (MSA2-MSA3). Authentication architecture: every method ranked by phishing resistance, passwordless strategy, legacy auth elimination, service account authentication, token protection. Then Conditional Access: persona-based policy design, the baseline set, tiered access, device trust, break-glass accounts, exception management. MSA3 is the densest module in the course — it's where every identity decision from MSA1 becomes a targeting policy.

Phase 2 — Protection Stack (MSA4-MSA7). Privileged access architecture with PIM design and PAW strategy. Data protection with sensitivity labels and DLP. Endpoint security with device trust as an identity signal. Email defense with Defender for Office 365 and DMARC.

Phase 3 — Detection and Response (MSA8-MSA11). Sentinel workspace architecture with real cost modeling. Detection architecture with identity-based detection patterns. Incident response architecture. Defender XDR as the operations fabric.

Phase 4 — Governance and Capstone (MSA12-MSA14). Identity governance. Compliance mapping to ISO 27001, SOC 2, NIST CSF. The capstone: assembling the complete architecture package and defending it in a simulated review.

Specialist subscription. Cancel anytime. Every tool in the course is free.

💬

How was this module?

Your feedback helps us improve the course. One click is enough — comments are optional.

Thank you — your feedback has been received.
© 2026 Ridgeline Cyber Defence™ Ltd. Content may not be reproduced or redistributed. Worked artifacts may be adapted for use within your organization.
Unlock the Full Course See Full Course Agenda
← Previous Next →