Module 1 · Microsoft Entra ID Security

Manish Garg
Manish Garg Associate of (ISC)² · RingSafe
Apr 22, 2026
5 min read
Read as

Last updated: April 29, 2026

Roles, attack patterns (token theft, AitM, consent phishing), Conditional Access, PIM, hybrid AD considerations.

Microsoft Entra ID (formerly Azure Active Directory) is the identity backbone for Microsoft 365 and Azure cloud — and increasingly for SaaS apps via SSO. Compromise of Entra ID is the modern equivalent of compromising Active Directory: the attacker can become any user, access any tenant resource, and pivot to other clouds via federated trust. This module covers Entra ID security, the attack patterns, and the controls that matter.

Entra ID 101

  • Cloud-native identity provider; SaaS multi-tenant
  • Holds users, groups, applications, devices, conditional-access policies
  • Issues tokens for OAuth 2.0, OpenID Connect, SAML
  • Differs from on-prem AD: no Kerberos, no NTLM, no domain controllers (you connect to graph.microsoft.com)
  • Hybrid mode common: Entra Connect synchronizes from on-prem AD; same identity used both places
Want this for your team?

Custom team training + practitioner advisory

Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.

Book team training call Replies in 4 working hrs · India-only · Senior consultants
Start of track
← Back to Academy Hub
Continue Learning

Other modules in this track

View all modules
Academy
Module 2 · Intermediate

RBAC hierarchy, network security, Storage/SQL/KeyVault hardening, Defender for Cloud, common misconfigurations.

Apr 22, 2026 · 4 min read
Academy
Module 3 · Advanced

Exchange + SharePoint + Teams + Power Platform hardening, Defender stack, Purview, IR in M365.

Apr 22, 2026 · 4 min read
Academy
Module 4 · Intermediate

Last updated: April 29, 2026 Module 9 (Cloud track) covered privesc paths. This module is the…

Apr 27, 2026 · 1 min read