Create and manage Microsoft Sentinel workspaces
Upon completion of this module, the learner will be able to:
- Describe Microsoft Sentinel workspace architecture
- Onboard a Microsoft Sentinel workspace to Microsoft Defender
- Manage a Microsoft Sentinel workspace in Microsoft Defender
Connect Microsoft services to Microsoft Sentinel
Upon completion of this module, the learner is able to:
- Connect Microsoft service connectors
- Explain how connectors auto-create incidents in Microsoft Sentinel
Connect Windows hosts to Microsoft Sentinel
Upon completion of this module, the learner is able to:
- Connect Azure Windows Virtual Machines to Microsoft Sentinel
- Connect non-Azure Windows hosts to Microsoft Sentinel
- Install and configure a data connector to collect Sysmon events
Threat detection with Microsoft Sentinel analytics
In this module, you will:
- Explain the importance of Microsoft Sentinel Analytics.
- Explain different types of analytics rules.
- Create rules from templates.
- Create new analytics rules and queries using the analytics rule wizard.
- Manage rules with modifications.
Automation in Microsoft Sentinel
After completing this module, you're able to:
- Explain automation options in Microsoft Sentinel
- Create automation rules in Microsoft Sentinel
Configure security information and event management (SIEM) security operations using Microsoft Sentinel.
Upon completion of this module, the learner is able to:
- Create and configure a Microsoft Sentinel workspace
- Deploy Microsoft Sentinel Content Hub solutions and data connectors
- Configure Microsoft Sentinel Data Collection rules, NRT Analytic rule, and Automation
- Perform a simulated attack to validate Analytic and Automation rules
- Run a simulation exercise to connect a Microsoft Sentinel workspace to the Microsoft Defender portal

Syllabus

Create and manage Microsoft Sentinel workspaces
- Introduction
- Plan for the Microsoft Sentinel workspace
- Create a Microsoft Sentinel workspace
- Manage workspaces across tenants using Azure Lighthouse
- Understand Microsoft Sentinel permissions and roles
- Manage Microsoft Sentinel settings
- Configure logs
- Module assessment
- Summary and resources
Connect Microsoft services to Microsoft Sentinel
- Introduction
- Plan for Microsoft services connectors
- Connect the Microsoft 365 connector
- Connect the Microsoft Entra connector
- Connect the Microsoft Entra ID Protection connector
- Connect the Azure Activity connector
- Module assessment
- Summary and resources
Connect Windows hosts to Microsoft Sentinel
- Introduction
- Plan for Windows hosts security events connector
- Connect using the Windows Security Events via AMA Connector
- Connect using the Security Events via Legacy Agent Connector
- Collect Sysmon event logs
- Module assessment
- Summary and resources
Threat detection with Microsoft Sentinel analytics
- Introduction
- Exercise - Detect threats with Microsoft Sentinel analytics
- What is Microsoft Sentinel Analytics?
- Types of analytics rules
- Create an analytics rule from templates
- Create an analytics rule from wizard
- Manage analytics rules
- Exercise - Detect threats with Microsoft Sentinel analytics
- Summary
Automation in Microsoft Sentinel
- Introduction
- Understand automation options
- Create automation rules
- Module assessment
- Summary and resources
Configure SIEM security operations using Microsoft Sentinel
- Introduction
- Exercise - Configure SIEM operations using Microsoft Sentinel
- Exercise - Install Microsoft Sentinel Content Hub solutions and data connectors
- Exercise - Configure a data connector Data Collection Rule
- Exercise - Perform a simulated attack to validate the Analytic and Automation rules
- Exercise - Connect Microsoft Sentinel to Microsoft Defender XDR
- Summary