Cybersecurity, learned like a practitioner.
24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.
Microsoft Azure & M365 · modules
Entra ID, Azure resources, M365 — the Microsoft cloud security stack.
Module 4 · Azure RBAC Mastery
Module 9 (Cloud track) covered privesc paths. This module is the operational guide. Scope hierarchy Management Group → Subscription → Resource Group → Resource. Inheritance flows down. Least-privilege principle: assign at the lowest scope possible. Built-in roles to know Owner — full control + can manage access Contributor — full control without manage-access Reader — […]
Module 5 · Entra ID Conditional Access
Conditional Access = Entra ID’s policy engine. The single highest-leverage security control in any Microsoft-shop enterprise. The if-then structure If [signals] then [decision]. Signals User / group Cloud app Device platform Location Sign-in risk (Identity Protection) User risk Device compliance Authentication strength Decisions Block Require MFA Require compliant device Require Hybrid AAD-joined device Require approved […]
Module 6 · Microsoft Defender Suite
“Microsoft Defender” is a brand covering many products. Knowing which is which saves money and improves coverage. The portfolio Defender for Endpoint — EDR; replaces traditional AV Defender for Identity — on-prem AD detection (formerly ATA) Defender for Cloud Apps — CASB Defender for Office 365 — email/collab security Defender for Cloud — multi-cloud CSPM […]
Module 7 · Azure Network Security
Azure has multiple network security products with overlapping but distinct purposes. The layers NSG — Layer 4 ACLs at NIC or subnet level ASG — Application Security Group; tag-based grouping for NSG rules Azure Firewall — managed L4/L7 firewall; full-feature Application Gateway + WAF — L7 load balancer + OWASP CRS WAF Front Door + […]
Module 8 · Azure Storage Security
Azure Blob Storage is the Azure equivalent of S3. Same misconfigurations, slightly different tooling. Common findings Public-access containers SAS tokens with overly broad permissions / long expiry Account keys instead of Azure AD auth No encryption at rest with customer-managed keys No firewall restricting source IP The hardening Disable public access at storage account level […]
Module 9 · Sentinel Deployment
Sentinel = Microsoft’s SIEM. Cloud-native, KQL-based, integrates with Defender suite. Architecture Log Analytics Workspace = data store Sentinel = analytics layer on top Connectors = data ingestion Workbooks = dashboards Analytics Rules = detections Playbooks = SOAR automation (Logic Apps) Top connectors Entra ID Microsoft 365 Defender XDR Azure Activity Azure AD audit logs Office […]
Module 10 · Azure Key Vault
Azure Key Vault stores keys, secrets, certificates. Managed Identity integration is the win. What goes in Key Vault Keys (cryptographic; can be HSM-backed in Premium tier) Secrets (passwords, connection strings, API keys) Certificates (managed lifecycle) Access models Vault Access Policy — legacy; granular per-vault RBAC — modern; consistent with rest of Azure RBAC is recommended […]
Module 11 · Microsoft Purview
Purview is Microsoft’s data governance + protection brand. Components Information Protection — sensitivity labels for documents/emails; classification + encryption DLP — Data Loss Prevention; policies across Office, Teams, endpoints Insider Risk Management — UEBA-style detection eDiscovery — for legal holds and investigations Communication Compliance — monitor specific employee communications Data Map / Data Catalog — […]
Module 12 · Azure Cost-Aware Security
Azure security tools have free and paid tiers. Wrong choice = either insecure or unnecessarily expensive. The price-conscious choices Defender for Cloud free tier — covers basic CSPM. Standard tier for cloud workload protection. Sentinel pricing — per GB ingested. Tune ingestion; archive low-value data. Log Analytics retention — first 90 days included; longer extra. […]
Module 13 · Azure Incident Response
Module 7 (Blue Team) covered IR generally. This is the Azure-specific actions. Compromised account playbook Disable user account in Entra ID Revoke active sessions and refresh tokens (Revoke-AzureADUserAllRefreshToken) Reset password Review AD audit logs for the user (last 30 days) Check for created service principals or app registrations Review M365 mailbox forwarding rules Review consent […]
Practitioners who've
shipped the controls.
Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.
Why learn here
Practitioner-written.
Each lesson is authored by someone who has shipped the control or run the engagement in production.
Quiz after every module.
20+ questions with explanations. 70%+ to mark complete. Unlimited retries.
Progress tracked.
Completions, scores and streaks saved automatically. Resume exactly where you left off.
India-priced.
Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.