Conditional access Architecture Patterns: Workshop
RCCE students will learn conditional access policy design and implementation including risk-based authentication, device compliance requirements, location-based restrictions, and adaptive access controls. RCCE students will learn to create conditional access policies in enterprise identity platforms, enforce MFA based on sign-in risk signals, require device compliance before granting access to sensitive resources, block access from untrusted locations and networks, implement session controls and application restrictions, troubleshoot conditional access policy conflicts, and monitor conditional access logs for policy bypass attempts and unauthorized access patterns. This architecture course teaches secure system design using proven patterns, guardrails, and reference architectures. At an expert level, RCCE students will learn to evaluate design options against security requirements, make informed trade-off decisions, and build systems that are resilient by design. Students gain the architectural thinking skills needed for security engineering and solution design roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Conditional access Architecture Patterns: Workshop
- Execute hands-on tasks for conditional access
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for workshop objectives & scope
- Execute hands-on tasks for core learning targets
- Execute hands-on tasks for advanced engineering skills — covering Evaluate design options vs security needs.
- Execute hands-on tasks for conditional access: core definition
- Execute hands-on tasks for what is conditional access? — covering Policy engine enforcing if-then access decisions.
- Execute hands-on tasks for controls: grant, block, restrict, require mfa
- Apply zero-trust principles to privilege decisions and elevation
- Apply zero-trust principles to privilege decisions and elevation, including Never trust, always verify, Assume breach mentality, and Every access request is evaluated.
- Apply zero-trust principles to privilege decisions and elevation, including Every access request is evaluated, and Context-aware policy decisions.
- Design a scalable privilege management architecture with policy and enforcement, including Identity provider is the control plane, and Device management feeds compliance signals.
| Module 01 | Conditional Access |
| Module 02 | Architecture Patterns |
| Module 03 | Workshop Objectives & Scope |
| Module 04 | Core Learning Targets |
| Module 05 | Advanced Engineering Skills |
| Module 06 | Conditional Access: Core Definition |
| Module 07 | What Is Conditional Access? |
| Module 08 | Controls: grant, block, restrict, require MFA |
| Module 09 | Zero Trust & Conditional Access |
| Module 10 | Zero Trust Principles |
| Module 11 | CA as Zero Trust Enforcer |
| Module 12 | Architecture Integration Points |
| Module 13 | Signal Architecture: Input Sources |
| Module 14 | User Signals |
All hands-on labs run on Rocheston Rose X OS. Students practice conditional access architecture patterns: workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for conditional access
- Lab 2: Design a scalable privilege management architecture with policy and enforcement
- Lab 3: Execute hands-on tasks for workshop objectives & scope
- Lab 4: Execute hands-on tasks for core learning targets
- Lab 5: Execute hands-on tasks for advanced engineering skills
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Conditional access Architecture Patterns: Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI