Attacking and Defending Azure & M365
Course Description
Attacking and Defending Azure & M365 is an advanced, hands-on security course designed for cloud security professionals, red teamers, blue teamers, system administrators, and anyone responsible for securing Microsoft cloud environments. This course provides a deep dive into the offensive and defensive techniques used across Azure Active Directory, Microsoft 365, and core Azure services—showing you how real-world attacks unfold and how to detect, prevent, and mitigate them.
You’ll explore identity-based attacks, privilege escalation paths, misconfigurations, token manipulation, Microsoft Graph abuse, lateral movement, persistence mechanisms, and more. On the defensive side, you’ll learn how to harden Azure AD and M365, configure detection and response capabilities, apply Zero Trust principles, monitor critical logs, and leverage Microsoft’s security stack to protect cloud identities and assets.
Through lab-driven scenarios and threat simulations, you’ll gain practical experience in both attacking and defending cloud environments, giving you a complete 360° understanding of modern cloud security.
What You’ll Learn
Offensive Azure & M365 Techniques
Enumerating Azure AD tenants, identities, roles, and applications
Exploiting misconfigured Conditional Access, MFA, and app registrations
Token theft and manipulation (refresh tokens, access tokens, and device codes)
Abusing Microsoft Graph API for stealthy access and privilege escalation
Exploiting insecure OAuth flows, consent grants, and service principals
Attacking Azure resources via misconfigured storage, functions, VMs, and networking
Persistence and covert access techniques in Azure AD and M365
Defensive Azure & M365 Strategies
Configuring Zero Trust identity controls and enforcing MFA securely
Hardening Azure AD roles, Privileged Identity Management (PIM), and admin boundaries
Securing applications, permissions, service principals, and API access
Monitoring and detecting attacks using Azure AD logs, Defender for Cloud, and M365 alerts
Using Sentinel for correlation, hunting, incident response, and automation
Implementing governance controls: Conditional Access, identity protection, and policy enforcement
Operational Security & Best Practices
Securing hybrid identity (AAD Connect, federation, pass-through authentication)
Preventing lateral movement in cloud and hybrid environments
Understanding real-world threat actor techniques and mitigations
Building a continuous detection and response workflow
Who This Course Is For
Cloud security engineers
Red team and penetration testing professionals
Security analysts and blue team defenders
Identity and access administrators
IT professionals securing Azure and Microsoft 365 environments
Anyone wanting deep hands-on expertise in Microsoft cloud security