This repository provides an expanded reference guide to the Entra Control Stack — a seven-layer security framework for structuring Microsoft Entra ID governance, identity protection, and continuous verification.
The content is designed as a consolidated study and operational reference, integrating each layer’s purpose, required Entra elements, implementation actions, and operational notes.
Unlike simulation-based projects, this reference is purely conceptual and instructional. It captures best-practice controls and layer-by-layer recommendations in a consistent, reusable format.
The notebook (brightwave_analytics.ipynb) is organized into seven core layers:
- Authority Definition – Establish and verify top-level administrative authority and role assignments.
- Scope Boundaries – Define and enforce role scopes, delegation boundaries, and administrative segmentation.
- Privileged Identity Management (PIM) Controls – Govern activation, approval, and auditing of privileged roles.
- Role Assignment Governance – Maintain strict oversight of permanent and eligible role assignments.
- Access Governance – Implement access reviews, entitlement management, and policy-based provisioning.
- Device Trust Enforcement – Ensure only secure, compliant devices can access sensitive resources.
- Continuous Verification – Maintain ongoing assurance through risk-based controls, analytics, and automated reviews.
- Study Aid – Supports SC-300 and AZ-500 exam preparation by aligning with core Entra governance concepts.
- Operational Reference – Serves as a baseline for tenant hardening and identity security architecture.
- Governance Mapping – Facilitates mapping Entra controls to NIST, CIS, and Zero Trust frameworks.
brightwave_analytics.ipynb— Main project notebook containing the expanded Entra Control Stack reference.
Steven Tuschman
GitHub: Compcode1
Website: steventuschman.com