Explore how growing complexity across people, cloud, endpoints, and OT/IoT intensifies cyber security challenges, including talent shortages and data overload. Learn why interfaces and synergies between disconnected products matter.

Explore how a security operations center uses threat intelligence, indicators of compromise collection, threat hunting, log management, and incident response to detect threats, analyze incidents, and reduce the attack surface.

Explore the three-tier SoC model, where automation handles commodity malware and alerts, tier one tackles easier tasks, tier two handles advanced threats, and tier three conducts threat hunting and forensics.

Outline the NIST-based cyber security incident response process, from preparation and detection to containment, eradication, and recovery, including triage, post-incident lessons learned, and iterative analysis.

Demystify EDR, XDR, SIEM, and SOAR concepts using Defender for Endpoint, Defender for Cloud, Sentinel, and Logic Apps.

Explore blue teams' security monitoring, incident response, forensics, and threat hunting. See red teams perform vulnerability assessments and penetration testing, while purple teaming unites blue and red to boost security.

Define cyber threat as any circumstance or event that could adversely impact operations, assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification, or denial of service.

Clarify cyber threat intelligence within broader intelligence and threat intelligence, defining CTI as adversary-focused analysis of tactics, techniques, and procedures used in cybersecurity, and distinguishing it from generic threat intelligence.

Learn how cyber threat intelligence defines adversaries' motivations, intentions, and methods, beyond IOCs, to enable threat-informed defense and better enterprise security.

Clarify how threats, vulnerabilities, and risks relate in cyber security by showing how a threat actor initiates, exploits vulnerabilities, and causes impact on downtime, confidentiality, and integrity.

Explain threat-informed defense within cyber intelligence, covering mission, threat actors, their motivations, and the ttps they use to guide focused security operations center protections.

Explore tactics, techniques, and procedures (ttps) as the high-level behavior and strategy of threat actors, from objectives to how techniques are realized and procedures guide actions.

Differentiate iocs and ioas: iocs are evidence of compromise, such as file hashes and domains, while ioas reveal attack intent and behavior.

Learn the pyramid of pain and why detecting tactics, techniques, and procedures is harder for attackers to evade than changing hashes, IPs, domains, or tools.

Explore cyber threat intelligence sources across enterprise, osint, and social media, with examples like Microsoft Defender Threat Intelligence, VirusTotal, Shodan, and the sharing of IOCs and ttps.

Vulnerability is a weakness in an information system that could be exploited, including software, humans, hardware, or physical security; CVEs cover only a subset of these weaknesses.

Learn the common vulnerabilities and exposures framework and how Mitre leads CVE identification and categorization. Discover how CVE IDs, data sources, vendor announcements, and CVSS scores describe and assess vulnerabilities.

Learn how the common vulnerability scoring system (cvss) ranks vulnerabilities and prioritizes remediation, while comparing cvss versions 2 and 3 and balancing scores with asset criticality.

Explore cloud computing by examining on-demand self-service, rapid elasticity, resource pooling, measured service, and prod network access, then understand why these five properties enable fast, scalable, and billable resources.

Explore public, private, hybrid, and multi-cloud models, comparing Azure, AWS, and GCP offerings, and learn how enterprises mix cloud services with data center deployments.

Discover the Azure global backbone: global data centers, connectivity, and edge sites that deliver high performance, fault tolerance, and disaster recovery for users.

Explore the shared responsibility model in Azure across on-premises, IaaS, PaaS, and SaaS, and identify which security tasks stay with you versus Microsoft.

Explore the Azure resource hierarchy, from management groups to subscriptions and resource groups, and learn how grouping by lifecycle, location, or department supports governance and billing.

Explore Azure subscription types, from free credits for 30 days and 12 months to student plans with 12 months, no credit card, and pay-as-you-go and enterprise agreement options.

Explore how Entra ID tenants act as the identity provider and how identities access Azure resources in subscriptions and resource groups, and debunk the misconception that subscriptions are tenants.

Learn how to create a free Azure subscription by choosing between free and pay-as-you-go, providing personal details, obtaining the subscription, then logging in at portal.azure.com to start building in Azure.

Zero trust is a security strategy and mindset that verifies every action explicitly, enforces least privilege, and assumes breach to minimize blast radius through segmentation, encryption, analytics, and threat detection.

Explore the Microsoft security cosmos, focusing on cloud security, SOC, and CTI, and learn how Defender XDR and Defender for cloud apps enhance multi-cloud protection.

Trace a classic cyber kill chain and see how Defender for Office, Defender for Endpoint, Defender for Identity, and enter ID protection defend phishing, exploitation, lateral movement, and data exfiltration.

Explore Microsoft Entra, a comprehensive identity and access platform with Entra ID, zero trust access, and governance, plus external and workload identities and multi-cloud permissions management.

Explore Microsoft Entra ID, the renamed Azure Active Directory, a cloud-based identity and access management service for internal and external resources, such as access reviews and conditional access.

Explore managed identities in Azure by provisioning a VM and SQL database, then assign a system or user identity and grant access via a role assignment.

Learn how groups in Entra ID streamline access by assigning permissions to groups rather than individuals, enabling centralized administration, security, automation, and self-service.

Create a security group in Entra ID, name and describe it, optionally assign roles, set membership type, assign an owner and member, and configure Azure role assignments.

Learn how administrative units cluster your intra ID tenant by geography or division to restrict permissions, support regional role delegation, and manage users across multiple units.

Create and configure administrative units in intra ID like Europe, India, and the United States, then add members, groups, devices, and roles for streamlined management.

Learn how external identities let guests, customers, and partners access corporate resources via B2B collaboration, B2B direct connect, and B2C, using cross-tenant trust and access settings.

Configure external collaboration settings in the External Identities section to manage guest access, invitations, self-service sign-up, external user leave, and domain-based collaboration restrictions.

Discover how identity protection detects, investigates, and remediates identity-based risks in Azure, using real-time and offline risk detections, signals for conditional access, and SIEM integrations.

Learn how to manage identity protection in Entra ID, link it to conditional access, and configure user risk and sign-in risk policies to defend against attacks.

Explore Android authentication methods—from password and SMS to voice and OAuth tokens—and the role of MFA with Microsoft Authenticator, Windows Hello, FIDO2, and certificate-based options.

Passwords are inherently insecure, with 85% of breaches using passwords and 72% reused; phishing, keylogging, and brute force enable exploits, underscoring the shift to multifactor or passwordless authentication.

Explore multifactor authentication options for Azure, comparing password-based access with Microsoft Authenticator, Windows Hello for Business, and Fido2 security keys, and learn why passwordless phishing-resistant authentication offers security and usability.

Learn how to configure multifactor authentication in Entra by enabling FIDO2 passkeys and SMS, adjusting per-tenant and per-user MFA settings, and saving the policy.

Discover passwordless authentication with Windows Hello for Business, where a device signs a nonce with a private key to obtain a token and enables single sign-on with a secure session.

Enable and configure passwordless authentication with Microsoft Authenticator options, enable number matching to resist phishing and MFA fatigue, and deploy Windows Hello for Business via Intune for enterprise security.

Enable real-time Android password protection with global and custom ban lists to block weak or compromised passwords, and extend it across hybrid environments via on-prem to cloud identity syncing.

Explore how Entra ID password protection enforces security for cloud and on-prem identities by configuring logout thresholds, custom banned passwords, and audit or enforced modes.

Learn how single sign on authenticates once and enables access to multiple apps, with on-premises Active Directory identities syncing to entra ID for seamless sign-on.

Entra Verified ID enables decentralized identity by letting Alice verify her identity, work history, and certifications once, then trusted apps like LinkedIn and Facebook verify her credentials.

Self-service password reset (sspr) reduces helpdesk calls by letting users reset passwords with the Microsoft authenticator, with password writeback to on-premises AD in hybrid environments and audit logs.

Enable self-service password reset in Entra ID for all users, and enable a converged authentication policy with methods like mobile app notification, email, or SMS.

Discover how intra connect enables hybrid identity by synchronizing on-premises Active Directory with cloud intra ID, using password hash synchronization, pass-through authentication, federation options, and health monitoring.

Provision a hybrid identity lab in Azure by creating a resource group identity, a VNet identity, and two Windows Server 2019 virtual machines for domain controller and interconnect.

Purchase and configure a custom domain for Azure Active Directory using App Service domains or external registrars; verify ownership with a TXT DNS record and enable privacy protection.

Install Active Directory domain services on an Azure virtual machine, promote it to a domain controller, and create a new forest with the root domain Azure demos.org.

Install Entra Connect on an Azure virtual machine and join it to the Azure Demos domain. Configure DNS to the domain controller and enable password hash synchronization with single sign-on.

Explore hybrid authentication in Azure, guiding decisions between password hash sync and pass through authentication based on cloud versus on premises requirements, AD policies, and signing requirement.

Enable managed domain services in the cloud to run legacy apps with LDAP, Kerberos, and NTLM without deploying domain controllers, integrated with Entra ID for lift‑and‑shift to Azure.

Explore how Entra ID roles grant specific permissions across the Microsoft ecosystem, with examples of Teams administrator, security administrator, and global reader, highlighting built-in roles and cross-service scope.

Explore built-in Entra ID roles in the Azure portal, focusing on the security administrator role, its permissions, and how to assign and configure role activation, MFA, and approvals for identities.

Create a new custom entry ID role, select permissions, and save it. Assign the role to a user or group and set its status to active for permanent access.

Azure role-based access control (RBAC) assigns permissions to security principals via role definitions and scopes, using built-in roles like Azure Sentinel Contributor and custom roles for least privilege.

Learn to create a custom Azure RBAC role using a resource group, set an assignable scope, clone or start from scratch, define permissions, and review the JSON.

Learn to assign built-in and custom Azure RBAC roles using Access Control (IAM), selecting users, groups, service principals, or managed identities and choosing eligible, active, or time-bound assignments.

Contrast Azure RBAC and Entra ID roles by scope and target; RBAC controls access to Azure resources, while Entra ID manages directory-wide users, groups, applications, and policies.

Explore Entra ID governance and how it manages identity and access across IT environments using entitlement management, PIM, access reviews, lifecycle workflows, and terms of use.

Explore entitlements management as an identity governance feature that scales access through automated requests, approvals, and role-based access packages for developers, HR, and external collaborators.

Leverage privileged identity management (PIM) in Entra ID to grant just-in-time, time-bound privileged access with approvals, multifactor authentication requirements, access reviews, and activity notifications for secure management of privileged resources.

Explore privileged identity management in Entra ID with PIM, assigning eligible and active roles, requesting and approving access, and activating just-in-time privileges with MFA and conditional access.

Use access reviews in Azure to regularly audit role assignments, group memberships, and guest access, with monthly manager reviews in Entra ID that auto-apply results to reduce permission creep.

Demonstrates configuring an access review in Azure Identity Governance: define scope, reviewers, recurrence, and completion actions to securely manage team and group access.

Explore Entra permissions management to discover, monitor, and remediate cross-cloud permissions across Azure, AWS, and GCP. Enforce zero trust with least privilege, just-in-time access, and ML-driven anomaly detection.

Discover how conditional access enforces access control using user and device signals during authentication. Implement adaptive policies, including MFA, to enforce zero trust across cloud and on-prem resources.

Learn to create and test an Office 365 conditional access policy in Azure, using assignments, targets, and grants with risk, device, and MFA requirements, and test in report-only mode first.

Register your application in Azure Active Directory to give it an identity, then authenticate with a secret or certificate to access resources like a virtual machine, SQL database, or storage.

Learn how to create an app registration in Entra ID, choose account types, configure a redirect uri, and reference the resulting client and object IDs for authentication.

Configure app authentication by selecting the app registration, choosing the platform (web, single-page, or mobile/desktop), and setting redirect URIs, front-channel logout url, and platform-specific details such as bundle IDs.

Learn how to configure api permissions for registered android apps using app registrations, add permissions like microsoft graph and sharepoint, and choose between delegated and application permissions with admin consent.

Explore how the Entra application proxy enables secure remote access to on premises web apps via a cloud service, with single sign-on and conditional access.