SC-300: Building a Secure Hybrid Identity Baseline | Entra ID + Azure AD Connect Lab
Hybrid Identity Security hands-on Lab Series – EID-EXP-009
Most environments simply install Azure AD Connect and move on. In this hands-on lab (EID-EXP-009), I focus on building a robust security baseline that supports Conditional Access, MFA enforcement, and future attack simulations.
Lab environment:
• HP Gen9 virtualization host
• Sophos XGS firewall
• VLAN-segmented network
• Windows Server domain controllers
• Azure AD Connect server
• Windows 11 client
What this lab demonstrates:
• Hybrid identity architecture
• Azure AD Connect custom installation
• Password Hash Synchronization
• OU-scoped directory Synchronization
• Conditional Access baseline
• Blocking legacy authentication
• Secure Score baseline recording
• Authentication validation through Entra sign-in logs
This lab is part of an ongoing research series focused on hybrid identity security, real-world attack simulations, and Zero Trust architecture.
Next lab:
Simulating a password spray attack against the hybrid environment.
🔬 Full lab write-up:
https://f11.ca
#EntraID #HybridIdentity #AzureADConnect #ZeroTrust #MicrosoftSecurity
#CyberSecurity #ITLab #HomeLab