Module 1: Mitigate threats using Microsoft Defender
- Introduction to threat protection with Microsoft 365
- Mitigate incidents using Microsoft 365 Defender
- Remediate risks with Microsoft Defender for Office 365
- Microsoft Defender for Identity
- Azure AD Identity Protection
- Microsoft Cloud App Security
- Respond to data loss prevention alerts
- Manage insider risk in Microsoft 365
Module 2: Mitigate threats using Microsoft 365 Defender for Endpoint
- Protect against threats with Microsoft Defender for Endpoint
- Deploy the Microsoft Defender for Endpoint environment
- Implement Windows 10 security enhancements
- Perform device investigations
- Perform actions on a device
- Perform evidence and entities investigations
- Configure for alerts and detections
- Manage insider risk in Microsoft 365
- Utilize Threat and Vulnerability Management
Module 3: Mitigate threats using Azure Defender
- Plan for cloud workload protections using Azure Defender
- Explain cloud workload protections in Azure Defender
- Connect Azure assets to Azure Defender
- Connect non-Azure resources to Azure Defender
- Remediate security alerts using Azure Defender
Module 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)
- Construct KQL statements for Azure Sentinel
- Analyze query results using KQL
- Build multi-table statements using KQL
- Work with data in Azure Sentinel using Kusto Query Language
Module 5: Configure your Azure Sentinel environment
- Introduction to Azure Sentinel
- Create and manage Azure Sentinel workspaces
- Query logs in Azure Sentinel
- Use watchlists in Azure Sentinel
- Utilize threat intelligence in Azure Sentinel
Module 6: Connect logs to Azure Sentinel
- Connect data to Azure Sentinel using data connectors
- Connect Microsoft services to Azure Sentinel
- Connect Microsoft 365 Defender to Azure Sentinel
- Connect Windows hosts to Azure Sentinel
- Connect Common Event Format logs to Azure Sentinel
- Connect syslog data sources to Azure Sentinel
- Connect threat indicators to Azure Sentinel
Module 7: Create detections and perform investigations using Azure Sentinel
- Threat detection with Azure Sentinel analytics
- Threat response with Azure Sentinel playbooks
- Security incident management in Azure Sentinel
- Use entity behavior analytics in Azure Sentinel
- Query, visualize, and monitor data in Azure Sentinel
Module 8: Perform threat hunting in Azure Sentinel
- Threat hunting with Azure Sentinel
- Hunt for threats using notebooks in Azure Sentinel