Configure your Microsoft Sentinel environment

Get familiar with Microsoft Sentinel, a cloud-native, security information and event management (SIEM) service.
By the end of this module, you'll be able to:
- Identify the various components and functionality of Microsoft Sentinel.
- Identify use cases for Microsoft Sentinel and Microsoft Defender solutions.
Create and manage Microsoft Sentinel workspaces
Upon completion of this module, the learner will be able to:
- Describe Microsoft Sentinel workspace architecture
- Onboard a Microsoft Sentinel workspace to Microsoft Defender
- Manage a Microsoft Sentinel workspace in Microsoft Defender
Query logs in Microsoft Sentinel
Upon completion of this module, the learner is able to:
- Use the Logs page to view data tables in Microsoft Sentinel
- Query the most used tables using Microsoft Sentinel
Use watchlists in Microsoft Sentinel
Upon completion of this module, the learner is able to:
- Create a watchlist in Microsoft Sentinel
- Use KQL to access the watchlist in Microsoft Sentinel
Utilize threat intelligence in Microsoft Sentinel
Upon completion of this module, the learner is able to:
- Manage threat indicators in Microsoft Sentinel
- Manage threat indicators in Microsoft Defender
- Use KQL to access threat indicators in Microsoft Sentinel
In this module, you learn how to integrate Microsoft Defender XDR with Microsoft Sentinel.
By the end of this module, you're able to:
- Understand the differences between Microsoft Sentinel capabilities in Azure and Defender portals
- Know the prerequisites for integrating Microsoft Defender XDR with Microsoft Sentinel
- Connect a Microsoft Sentinel workspace to Microsoft Defender XDR

Syllabus

Introduction to Microsoft Sentinel
- Introduction
- What is Microsoft Sentinel?
- How Microsoft Sentinel works
- When to use Microsoft Sentinel
- Module assessment
- Summary
Create and manage Microsoft Sentinel workspaces
- Introduction
- Plan for the Microsoft Sentinel workspace
- Create a Microsoft Sentinel workspace
- Manage workspaces across tenants using Azure Lighthouse
- Understand Microsoft Sentinel permissions and roles
- Manage Microsoft Sentinel settings
- Configure logs
- Module assessment
- Summary and resources
Query logs in Microsoft Sentinel
- Introduction
- Query logs in the logs page
- Understand Microsoft Sentinel tables
- Understand common tables
- Understand Microsoft Defender XDR tables
- Module assessment
- Summary and resources
Use watchlists in Microsoft Sentinel
- Introduction
- Plan for watchlists
- Create a watchlist
- Manage watchlists
- Module assessment
- Summary and resources
Utilize threat intelligence in Microsoft Sentinel
- Introduction
- Define threat intelligence
- Manage your threat indicators
- View your threat indicators with KQL
- Module assessment
- Summary and resources
Integrate Microsoft Defender XDR with Microsoft Sentinel
- Introduction
- Understand the benefits of integrating Microsoft Sentinel with Defender XDR
- Explore the capability differences between Microsoft Defender XDR and Microsoft Sentinel portals
- Onboarding Microsoft Sentinel to Microsoft Defender XDR
- Explore Microsoft Sentinel features in Microsoft Defender XDR
- Exercise - Connect Microsoft Sentinel to Microsoft Defender XDR
- Module assessment
- Summary