Overview

Welcome to Microsoft Sentinel, Microsoft Defender XDR & Threat Protection, a deep-dive course designed for cloud security engineers, SOC analysts, and IT professionals who want to master Microsoft’s advanced detection, response, and threat protection ecosystem. This course covers the end-to-end workflow of cloud security operations using Microsoft Sentinel (SIEM & SOAR) and Microsoft Defender XDR. You’ll explore workspace planning, SIEM roles, SOAR automation, threat detection, and hunting queries in Sentinel. You’ll then move into Defender XDR configuration, integration with Sentinel, and best practices for incident response. Finally, you’ll learn about the entire Microsoft Defender product family (Defender for Cloud Apps, Office 365, Identity, and Endpoint) to build a unified threat protection strategy. By the end of this course, you’ll be confident in deploying, configuring, and managing Microsoft Sentinel and Microsoft Defender XDR to detect, investigate, and respond to modern cloud threats. Who Should Take This Course? SOC Analysts and Incident Responders Cloud Security Engineers and Azure Administrators IT Security Professionals looking to implement SIEM + XDR Learners preparing for SC-200 or seeking advanced Microsoft security skills Course Format This course delivers 6–7 hours of expert-led video content, split across four modules. Each module includes demos, configuration guides, and best practices. Knowledge checks and in-video questions are included to help reinforce learning. Course Modules: Module 1: Azure Security Foundations: Networking, Key Vault & Defender Module 2: Microsoft Sentinel: SIEM & SOAR for Cloud Security Operations Module 3: Microsoft Defender XDR: Configuration, Integration & Best Practices

Syllabus

Azure Security Foundations: Networking, Key Vault & Defender

Welcome to Week 1 of this course! We’ll begin with the essential building blocks for securing Azure workloads. You’ll explore Azure networking security, including Azure DDoS Protection, Azure Bastion, and Azure Firewall, to understand how to defend your resources at the network edge. Next, we’ll dive into network segmentation using Azure Virtual Networks, and configure Network Security Groups (NSG) and Application Security Groups (ASG) with hands-on demos. You’ll also explore Azure Key Vault and see how to secure application secrets and configuration data using App Configuration and Key Vault demos. Finally, we’ll introduce Microsoft Defender for Cloud, its Cloud Security Posture Management (CSPM) capabilities, and workload protection features to help you proactively strengthen your cloud security posture.

Microsoft Sentinel: SIEM & SOAR for Cloud Security Operations

Welcome to Week 2! this week, we’ll focus on Microsoft Sentinel and its role as a cloud-native SIEM and SOAR solution. You’ll learn how to plan and deploy workspaces, align Sentinel implementation with Microsoft’s Cloud Adoption Framework (CAF) security design phases, and understand the role of SIEM in modern security operations. We’ll then explore Sentinel’s automation capabilities with SOAR, threat detection, and mitigation features. By the end of this week, we’ll dive into threat hunting, reviewing sample KQL queries and walking through a hands-on demo to see how to proactively hunt for threats in your environment.

Microsoft Defender XDR: Configuration, Integration & Best Practices

Welcome to Week 3! this week focuses on governance and identity protection features of Microsoft Entra ID. You’ll explore Privileged Identity Management (PIM) to enforce just-in-time (JIT) access, conduct access reviews, and automate provisioning/deprovisioning. This week also covers Microsoft Entra ID Protection, showing how to detect and mitigate identity risks with real-time monitoring. By the end of the week, you will be able to Configure MFA and passwordless authentication methods, Design Conditional Access policies for secure access and Implement RBAC effectively at tenant, group, or resource scope.