Detect, investigate, and respond to threats using Defender, Azure Sentinel, and KQL
This course equips security operations professionals with the knowledge to detect, investigate, and respond to cyberthreats using Microsoft's security stack, including Microsoft Defender for Endpoint, Microsoft 365 Defender, Azure Defender, and Azure Sentinel.
Participants will learn how to deploy and manage security environments, investigate alerts and entities, manage vulnerabilities, and automate incident response with playbooks. The course also covers Kusto Query Language (KQL) for advanced data analysis and threat hunting, as well as techniques for log integration and behavioral analytics with Azure Sentinel.
Practical labs and real-world scenarios help reinforce threat detection, mitigation strategies, and incident management using Microsoft's cloud-native security tools.
Is it for you ?
This course is aimed at people working in security operations, and in particular Microsoft Security Operations Analysts.
The Microsoft Security Operations Analyst works with organizational stakeholders to secure the organization's IT systems. Their goal is to reduce organizational risk by quickly correcting active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to the appropriate stakeholders. Responsibilities include managing, monitoring and responding to threats using a variety of security solutions in their environment.
Prerequisites
To attend this training, it is recommended that candidates have:
• A basic understanding of Microsoft 365
• A fundamental understanding of Microsoft security, compliance, and identity products
• An intermediate understanding of Windows 10
• Knowledge of Azure services, particularly Azure SQL Database and Azure Storage
• Knowledge of Azure virtual machines and virtual networks
• A basic understanding of scripting concepts
What You'll Walk Away With
- ✓ Detect and respond to threats using Microsoft Defender (Endpoint, 365, Identity, Cloud)
- ✓ Configure and use Azure Sentinel for log collection, correlation, and monitoring
- ✓ Build KQL queries to analyze security data and identify incidents
- ✓ Automate incident response with playbooks and manage alerts efficiently
- ✓ Perform advanced investigations and threat hunting in hybrid environments
Training content
1 Mitigating Threats Using Microsoft Defender for Endpoint
- Protect against threats with Microsoft Defender for Endpoint
- Deploy the Microsoft Defender for Endpoint environment
- Implement Windows 10 security improvements
- Manage alerts and incidents
- Conduct device investigations
- Perform actions on a device
- Investigate evidence and entities
- Configure and manage automation
- Configure alerts and detections
- Use threat and vulnerability management
2 Mitigating Threats Using Microsoft 365 Defender
- Introduction to threat protection with Microsoft 365
- Mitigate incidents using Microsoft 365 Defender
- Protect identities with Azure AD Identity Protection
- Remediate risks with Microsoft Defender for Office 365
- Secure your environment with Microsoft Defender for Identity
- Protect cloud apps and services with Microsoft Cloud App Security
- Respond to data loss prevention alerts using Microsoft 365
- Manage insider risks in Microsoft 365
3 Mitigating Threats Using Azure Defender
- Plan cloud workload protections
- Explain cloud workload protections
- Connect Azure assets
- Connect non-Azure resources
- Remediate security alerts
4 Creating Queries for Azure Sentinel Using Kusto Query Language (KQL)
- Build KQL statements for Azure Sentinel
- Analyze query results using KQL
- Create multi-table statements using KQL
- Work with data in Azure Sentinel using Kusto Query Language
5 Configuring Your Azure Sentinel Environment
- Introduction to Azure Sentinel
- Create and manage Azure Sentinel workspaces
- Query logs in Azure Sentinel
- Use watchlists in Azure Sentinel
- Use threat intelligence in Azure Sentinel
6 Connecting Logs to Azure Sentinel
- Connect data to Azure Sentinel using data connectors
- Connect Microsoft services to Azure Sentinel
- Connect Microsoft 365 Defender to Azure Sentinel
- Connect Windows hosts to Azure Sentinel
- Connect Common Event Format logs to Azure Sentinel
- Connect Syslog data sources to Azure Sentinel
- Connect threat indicators to Azure Sentinel
7 Creating Detections and Performing Investigations Using Azure Sentinel
- Detect threats with Azure Sentinel analytics
- Respond to threats with Azure Sentinel playbooks
- Manage security incidents in Azure Sentinel
- Use entity behavior analytics in Azure Sentinel
- Query, visualize, and monitor data in Azure Sentinel
8 Performing Threat Hunting in Azure Sentinel
- Hunt for threats with Azure Sentinel
- Track threats using notebooks in Azure Sentinel.
📌 Practical information
Our training sessions are offered in Montreal or Quebec City, in person or in a virtual classroom. Dates and locations are specified when you select your session below. If you have any questions, check out our FAQ.