Course Summary

Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.

Key Topics:

• Microsoft Sentinel Configuration: Setup and management of Sentinel workspaces.
• Kusto Query Language (KQL): Utilize KQL for effective detection, analysis, and reporting of security incidents.
• Detection and Analysis: Perform threat detection and analysis using Sentinel.
• Reporting: Generate reports to track and respond to cyber threats.st.

Module 1: Mitigate Threats with Microsoft 365 Defender (25–30%)

Microsoft 365 Defender Overview: Manage threats to Microsoft Teams, SharePoint Online, OneDrive, and email.
Data Loss & Insider Risk: Respond to DLP and insider risk alerts.
Defender for Cloud Apps: Discover, manage, and remediate security risks.
Defender for Endpoint: Configure data retention, ASR, and manage endpoint threats.
Identity Threats: Mitigate risks in Microsoft Entra ID and AD DS.

Module 2: Manage Extended Detection & Response (XDR) in Microsoft 365 Defender

Incident Management: Handle incidents and automated investigations.
Custom Detections & Alerts: Configure and manage alerts and custom detections.
Threat Analytics: Use KQL and Microsoft Secure Score for risk identification.
Audit Features: Perform threat hunting using a unified audit log and advanced modes.

Module 3: Mitigate Threats with Microsoft Sentinel (50–55%)

Sentinel Workspace Design: Plan, configure, and manage workspaces, roles, and data storage.
Data Connectors & Ingestion: Set up and configure data connectors for various sources.
Analytics Rules: Manage security analytics, custom, and near-real-time rules.
SOAR: Configure automation rules, playbooks, and incident response workflows.
Incident Management: Triage, investigate, and respond to incidents using Sentinel.

Module 4: Mitigate Threats with Microsoft Defender for Cloud (15–20%)

Cloud Security Posture: Implement and manage cloud security settings and configurations.
Incident Response: Set up notifications, alert suppression, and workflow automation.
Threat Intelligence: Analyze threat intelligence reports and respond to cloud incidents.

Module 5: Threat Hunting and Behavioral Analytics

Hunting in Sentinel: Customize hunting queries, analyze attack vectors, and monitor queries.
User and Entity Behavior Analytics (UEBA): Configure settings and investigate anomalies.

Basic understanding of Microsoft 365 • Fundamental understanding of Microsoft security, compliance, and identity products • Intermediate understanding of Microsoft Windows • Familiarity with Azure services, specifically Azure SQL Database and Azure Storage • Familiarity with Azure virtual machines and virtual networking • Basic understanding of scripting concepts.

Mitigate threats by using Microsoft 365 Defender (25–30%) Mitigate threats by using Defender for Cloud (15–20%) Mitigate threats by using Microsoft Sentinel (50–55%)

Following your booking, a confirmation message will be sent to all participants, ensuring you're well-informed of your successful enrollment. Calendar placeholders will also be dispatched to assist you in scheduling your commitments around the course. Rest assured, all course materials and access to necessary labs or platforms will be provided no later than one week before the course begins, allowing you ample time to prepare and engage fully with the learning experience ahead.

Our comprehensive training package includes all the necessary materials and resources to facilitate a full learning experience. Enrollees will be provided with detailed course content, encompassing a wide array of topics to ensure a thorough understanding of the subject matter. Additionally, participants will receive a certificate of completion to recognize their dedication and hard work. It's important to note that while the course fee covers all training materials and experiences, the examination fee for certification is not included but can be purchased separately.

Questions About This Course?