Microsoft Security Architecture Certification (SC-100, SC-200)

Introduction to Zero Trust and best practice frameworks

Understand how to use best practices as a cybersecurity architect.
Understand the concept of Zero Trust and how it can be used to modernize an organizations cybersecurity.
Understand when to use different best practice frameworks like MCRA, CAF and WAF.

Introduction to Zero Trust
Zero Trust initiatives
Zero Trust technology pillars part 1
Zero Trust technology pillars part 2

Design solutions that aligh with the Cloud Adoption Framwork (CAF) and Well-Architected Framework

Understand the Cloud Adoption Framework and how it can be used to accelerate and secure an organizations move to the cloud.
Understand the Well-Architected Framework and how it can be used to design solutions in the cloud that adhere to sound design principles including security.

Introduction to the Cloud Adoption Framework
Cloud Adoption Framework secure methodology
Introduction to Azure Landing Zones
Design security with Azure Landing Zones
Introduction to the Well-Architected Framework
The Well-Architected Framework security pillar

Design solutions that align with the Microsoft Cybersecurity Refernce Architecture (MCRA) and Microsoft cloud security benchmark (MCSB)

Understand how to use Microsoft Cybersecurity Reference Architecture (MCRA) and Microsoft cloud security benchmark (MCSB) to design more secure solutions.

Introduction to Microsoft Cybersecurity Reference Architecture and cloud security benchmark
Design solutions with best practices for capabilities and controls
Design solutions with best practices for protecting against insider, external and supply chain attacks.

Design a resiliency strategy for ransomware and other attacks based on Microsoft Security Best Practices

Understand common cyberthreats like ransomware.
Understand how to support business resiliency.
Design configurations for secure backup and restore.
Design solutions for managing security updates.

Common cyberthreats and attack patterns
Support business resiliency
Design solutions for mitigating ransomware attacks, including prioritization of BCDR and privileged access
Design solutions for business continuity and disaster recovery (BCDR), including secure backup and restore
Evaluate solutions for security updates

Design solutions for regulatory compliance

Translate compliance requirements into a security solution
Address compliance requirements with Microsoft Purview
Design a solution to address privacy requirements with Microsoft Priva
Design Azure Policy solutions to address security and compliance requirements
Evaluate infrastructure compliance by using Microsoft Defender for Cloud

Introduction to regulatory compliance
Translate compliance requirements into security controls
Design a solution to address compliance requirements by using Microsoft Purview
Address privacy requirements with Microsoft Priva
Address security and compliance requirements with Azure policy
Evaluate and validate alignment with regulatory standards and benchmarks by using Microsoft Defender for Cloud

Design solutions for identity and access management

Design cloud, hybrid and multicloud access strategies
Design a solution for Azure Active Directory (Azure AD), part of Microsoft Entra
Design a solution for external identities
Design modern authentication and authorization strategies
Specify requirements to secure Active Directory Domain Services
Design a solution to manage secrets, keys, and certificates

Introduction to Identity and Access Management
Design cloud, hybrid and multicloud access strategies (including Microsoft Entra ID)
Design a solution for external identities
Design modern authentication and authorization strategies
Align conditional access and Zero Trust
Specify requirements to harden Active Directory Domain Services (AD DS)
Design a solution to manage secrets, keys, and certificates

Design solutions for securing privileged

Understand privileged access and the Enterprise Access Model
Design identity governance solutions
Design a solution for securing administration of cloud tenants
Design for cloud infrastructure entitlement management

Introduction to privileged access
The enterprise access model
Evaluate the security and governance of Microsoft Entra ID solutions
Design a solution to secure tenant administration
Design a solution for cloud infrastructure entitlement management (CIEM)
Design a solution for privileged access workstations and bastion services
Evaluate an access review management solution that includes Microsoft Entra Permissions Management
Evaluate the security and governance of on-premises Active Directory Domain Services (AD DS), including resilience to common attacks

Design solution for security operations

Design security operations capabilities in hybrid and multicloud environments.
Design centralized logging and auditing.
Design Security Information and Event Management (SIEM) solutions.
Design a solution for detection and response that includes Extended Detection and Response (XDR).
Design a solution for security orchestration, automation, and response (SOAR).
Design security workflows.
Design and evaluate threat detection with the MITRE ATT&CK framework.

Introduction to Security operations (SecOps)
Design monitoring to support hybrid and multicloud environments
Design centralized logging and auditing, including Microsoft Purview Audit.
Design a solution for detection and response that includes extended detection and response (XDR) and security information and event management (SIEM)
Design solutions for detection and response that includes extended detection and response (XDR) and security information and event management (SIEM).
Design a solution for security orchestration, automation, and response (SOAR)
Design and evaluate security workflows, including incident response, threat hunting, and incident management
Design and evaluate threat detection coverage by using MITRE ATT&CK matrices, including Cloud, Enterprise, Mobile, and ICS

Design solutions for security Microsoft 365

Evaluate security posture for collaboration and productivity workloads
Design a Microsoft Defender XDR solution
Design configurations and operational practices for Microsoft 365

Introduction to security for Exchange, Sharepoint, OneDrive and Teams
Evaluate security posture for productivity and collaboration workloads by using metrics
Design a Microsoft Defender XDR solution
Design configurations and operational practices for Microsoft 365
Evaluate data security and compliance controls in Microsoft Copilot for Microsoft 365 services
Evaluate solutions for securing data in Microsoft 365 using Microsoft Purview

Design solutions for securing applications

Evaluate security posture of existing application portfolios
Evaluate threats to business-critical applications by using threat modeling
Design and implement a full lifecycle strategy for application security
Design and implement standards and practices for securing the application development process
Design a solution for workload identity to authenticate and access Azure cloud resources
Design a solution for API management and security
Design a solution for secure access to applications

Introduction to application security
Design and implement standards to secure application development
Evaluate security posture of existing application portfolios
Evaluate application threats with threat modeling
Design security lifecycle strategy for applications
Secure access for workload identities
Design a solution for API management and security
Design a solution for secure access to applications

Design solutions for securing an organziation's data

Design a solution for data discovery and classification using Microsoft Purview
Specify priorities for mitigating threats to data
Design a solution for protection of data at rest, data in motion, and data in use
Design a security solution for data in Azure workloads
Design a security solution for data in Azure Storage
Design a security solution that includes Microsoft Defender for SQL and Microsoft Defender for Storage

Introduction to data security
Evaluate solutions for data discovery and classification
Evaluate solutions for encryption of data at rest and in transit, including Azure KeyVault and infrastructure encryption
Design data security for Azure workloads
Design security for Azure Storage
Design a security solution with Microsoft Defender for SQL and Microsoft Defender for Storage

Specify requirements for securing SaaS, PaaS, and IaaS services

Specify security baselines for SaaS, PaaS, and IaaS services
Specify security requirements for IoT workloads
Specify security requirements for web workloads
Specify security requirements for containers and container orchestration

Introduction to security for SaaS, PaaS, and IaaS
Specify security baselines for SaaS, PaaS, and IaaS services
Specify security requirements for IoT workloads
Specify security requirements for web workloads
Specify security requirements for containers and container orchestration
Evaluate AI Services security

Design solutions for security posture management in hybrid and multicloud environments

Evaluate security posture by using Microsoft Cloud Security Benchmark, Microsoft Defender for Cloud, and Secure Scores
Design integrated security posture management and workload protection solutions in hybrid and multicloud environments
Design cloud workload protection solutions that use Microsoft Defender for Cloud

Introduction to hybrid and multicloud posture management
Evaluate security posture by using Microsoft Cloud Security Benchmark
Design integrated posture management and workload protection
Evaluate security posture by using Microsoft Defender for Cloud
Posture evaluation with Microsoft Defender for Cloud secure score
Design cloud workload protection with Microsoft Defender for Cloud
Integrate hybrid and multicloud environments with Azure Arc
Design a solution for external attack surface management
Posture management using Exposure management attack paths

Design solutions for securing server and client endpoints

Specify security requirements for servers
Specify security requirements for mobile devices and clients
Specify security requirements for IoT devices and embedded systems
Design a solution for securing operational technology (OT) and industrial control systems (ICS) by using Microsoft Defender for IoT
Specify security baselines for server and client endpoints
Design a solution for secure remote access

Introduction to endpoint security
Specify server security requirements
Specify requirements for mobile devices and clients
Specify internet of things (IoT) and embedded device security requirements
Secure operational technology (OT) and industrial control systems (ICS) with Microsoft Defender for IoT
Specify security baselines for server and client endpoints
Design a solution for secure remote access
Evaluate Windows Local Admin Password Solution (LAPS) solutions

Design solutions for network security

Design solutions for network segmentation
Design solutions for filtering traffic with network security groups
Design solutions for network posture measurement
Design solutions for network monitoring

Introduction
Design solutions for network segmentation
Design solutions for traffic filtering with network security groups
Design solutions for network posture management
Design solutions for network monitoring

Introduction to Microsoft Defender XDR threat protection

Understand Microsoft Defender XDR solutions by domain
Understand the Microsoft Defender XDR role in a Modern SOC

Introduction
Explore Extended Detection & Response (XDR) response use cases
Understand Microsoft Defender XDR in a Security Operations Center (SOC)
Explore Microsoft Security Graph
Investigate security incidents in Microsoft Defender XDR

Mitigate incidents using Microsoft 365 Defender

Manage incidents in Microsoft 365 Defender
Investigate incidents in Microsoft 365 Defender
Conduct advanced hunting in Microsoft 365 Defender

Introduction
Use the Microsoft Defender portal
Manage incidents
Investigate incidents
Manage and investigate alerts
Manage automated investigations
Use the action center
Explore advanced hunting
Investigate Microsoft Entra sign-in logs
Understand Microsoft Secure Score
Analyze threat analytics
Analyze reports
Configure the Microsoft Defender portal

Protect your identities with Microsoft Entra ID Protection

Describe the features of Microsoft Entra ID Protection.
Describe the investigation and remediation features of Microsoft Entra ID Protection.

Introduction
Microsoft Entra ID Protection overview
Detect risks with Microsoft Entra ID Protection policies
Investigate and remediate risks detected by Microsoft Entra ID Protection

Remediate risks with Microsoft Defender Office 365

Define the capabilities of Microsoft Defender for Office 365.
Understand how to simulate attacks within your network.
Explain how Microsoft Defender for Office 365 can remediate risks in your environment.

Introduction to Microsoft Defender for Office 365
Automate, investigate, and remediate
Configure, protect, and detect
Simulate attacks

Safeguard your environment with Microsoft Defender for Identity

Define the capabilities of Microsoft Defender for Identity.
Understand how to configure Microsoft Defender for Identity sensors.
Explain how Microsoft Defender for Identity can remediate risks in your environment.

Introduction to Microsoft Defender for Identity
Configure Microsoft Defender for Identity sensors
Review compromised accounts or data
Integrate with other Microsoft tools

Secure your cloud apps and services with Microsoft Defender for Cloud Apps

Define the Defender for Cloud Apps framework
Explain how Cloud Discovery helps you see what’s going on in your organization
Understand how to use Conditional Access App Control policies to control access to the apps in your organization

Introduction
Understand the Defender for Cloud Apps Framework
Explore your cloud apps with Cloud Discovery
Protect your data and apps with Conditional Access App Control
Walk through discovery and access control with Microsoft Defender for Cloud Apps
Classify and protect sensitive information
Detect Threats

Fundamentals of Generative AI

Understand generative AI’s place in the development of artificial intelligence.
Understand language models and their role in intelligent applications.
Describe examples of copilots and good prompts

What is generative AI?
What are language models?
Using language models
What are copilots?
Microsoft Copilot
Considerations for Copilot prompts
Extending and developing copilots
Exercise – Explore Microsoft Copilot

Describe Microsoft Copilot for Security

Describe what Microsoft Copilot for Security is.
Describe the terminology of Microsoft Copilot for Security.
Describe how Microsoft Copilot for Security processes prompt requests.
Describe the elements of an effective prompt
Describe how to enable Microsoft Copilot for Security.

Get acquainted with Microsoft Copilot for Security
Describe Microsoft Copilot for Security terminology
Describe how Microsoft Copilot for Security processes prompt requests
Describe the elements of an effective prompt
Describe how to enable Microsoft Copilot for Security

Describe the core features of Microsoft Copilot for Security

Describe the features available in the standalone Copilot experience.
Describe the plugins available in Copilot.
Describe custom promptbooks.
Describe knowledge base connections.

Describe the features available in the standalone experience of Microsoft Copilot for Security
Describe the features available in a session of the standalone experience
Describe the Microsoft plugins available in Microsoft Copilot for Security
Describe the non-Microsoft plugins supported by Microsoft Copilot for Security
Describe custom promptbooks
Describe knowledge base connections

Describe the embedded experiences of Microsoft Copilot for Security

Describe Microsoft Copilot in Microsoft Defender XDR.
Describe Microsoft Copilot in Microsoft Purview.
Describe Microsoft Copilot in Microsoft Entra.
Describe Microsoft Copilot in Microsoft Intune.
Describe Microsoft Copilot in Microsoft Defender for Cloud.

Describe Microsoft Copilot in Microsoft Defender XDR
Microsoft Copilot in Microsoft Purview
Microsoft Copilot in Microsoft Entra
Microsoft Copilot in Microsoft Intune
Microsoft Copilot in Microsoft Defender for Cloud (Preview)

Respond to data loss prevention alerts using Microsoft 365

Describe data loss prevention (DLP) components in Microsoft 365
Investigate DLP alerts in the Microsoft Purview compliance portal
Investigate DLP alerts in Microsoft Defender for Cloud Apps

Describe data loss prevention alerts
Investigate data loss prevention alerts in Microsoft Purview
Investigate data loss prevention alerts in Microsoft Defender for Cloud Apps

Manage insider risk in Microsoft Purview

Explain how Microsoft Purview Insider Risk Management can help prevent, detect, and contain internal risks in an organization.
Describe the types of built-in, pre-defined policy templates.
List the prerequisites that need to be met before creating insider risk policies.
Explain the types of actions you can take on an insider risk management case.

Insider risk management overview
Introduction to managing insider risk policies
Create and manage insider risk policies
Knowledge check
Investigate insider risk alerts
Take action on insider risk alerts through cases
Manage insider risk management forensic evidence
Create insider risk management notice templates

Search and investigate with Microsoft Purview Audit

Identify the differences between Microsoft Purview Audit (Standard) and Audit (Premium).
Configure Microsoft Purview Audit for optimal log management.
Perform audits to assess compliance and security measures.
Analyze irregular access patterns using advanced tools in Purview Audit (Premium) and PowerShell.
Ensure regulatory compliance through strategic data management.

Microsoft Purview Audit overview
Configure and manage Microsoft Purview Audit
Conduct searches with Audit (Standard)
Audit Microsoft Copilot for Microsoft 365 interactions
Investigate activities with Audit (Premium)
Export audit log data
Configure audit retention with Audit (Premium)

Investigate threats with Content search in Microsoft Purview

Describe how to use content search in the Microsoft Purview compliance portal.
Design and create a content search.
Preview the search results.
View the search statistics.
Export the search results and search report.
Configure search permission filtering.

Explore Microsoft Purview eDiscovery solutions
Create a content search
View the search results and statistics
Export the search results and search report
Configure search permissions filtering
Search for and delete email messages

Protect against threats with Microsoft Defender for Endpoint

Define the capabilities of Microsoft Defender for Endpoint.
Understand how to hunt threats within your network.
Explain how Microsoft Defender for Endpoint can remediate risks in your environment.

Introduction to Microsoft Defender for Endpoint
Practice security administration
Hunt threats within your network

Deploy the Microsoft Defender for Endpoint environment

Create a Microsoft Defender for Endpoint environment
Onboard devices to be monitored by Microsoft Defender for Endpoint
Configure Microsoft Defender for Endpoint environment settings

Create your environment
Understand operating systems compatibility and feature
Onboard devices
Manage access
Create and manage roles for role-based access control
Configure device groups
Configure environment advanced features

Implement Windows security enhancements with Microsoft Defender for Endpoint

Explain Attack Surface Reduction in Windows
Enable Attack Surface Reduction rules on Windows 10 devices
Configure Attack Surface Reduction rules on Windows 10 devices

Understand attack surface reduction
Enable attack surface reduction rules

Perform device investigations in Microsoft Defender for Endpoint

Use the device page in Microsoft Defender for Endpoint
Describe device forensics information collected by Microsoft Defender for Endpoint
Describe behavioral blocking by Microsoft Defender for Endpoint

Use the device inventory list
Investigate the device
Use behavioral blocking
Detect devices with device discovery

Perform actions on a device using Microsoft Defender for Endpoint

Perform actions on a device using Microsoft Defender for Endpoint
Conduct forensics data collection using Microsoft Defender for Endpoint
Access devices remotely using Microsoft Defender for Endpoint

Explain device actions
Run Microsoft Defender antivirus scan on devices
Collect investigation package from devices
Initiate live response session

Perform evidence and entities investigations using Microsoft Defender for Endpoint

Investigate files in Microsoft Defender for Endpoint
Investigate domains and IP addresses in Microsoft Defender for Endpoint
Investigate user accounts in Microsoft Defender for Endpoint

Investigate a file
Investigate a user account
Investigate an IP address
Investigate a domain

Configure and manage automation using Microsoft Defender for Endpoint

Configure advanced features of Microsoft Defender for Endpoint
Manage automation settings in Microsoft Defender for Endpoint

Configure advanced features
Manage automation upload and folder settings
Configure automated investigation and remediation capabilities
Block at risk devices

Configure for alerts and detectiosn in Microsoft Defender for Endpoint

Configure alert settings in Microsoft Defender for Endpoint
Manage indicators in Microsoft Defender for Endpoint

Configure advanced features
Configure alert notifications
Manage alert suppression
Manage indicators

Utilize Vulnerability Management in Microsoft Defender for Endpoint

Describe Vulnerability Management in Microsoft Defender for Endpoint
Identify vulnerabilities on your devices with Microsoft Defender for Endpoint
Track emerging threats in Microsoft Defender for Endpoint

Understand vulnerability management
Explore vulnerabilities on your devices
Manage remediation

Plan for cloud workload protections using Microsoft Defender for Cloud

Describe Microsoft Defender for Cloud features
Microsoft Defender for Cloud workload protections
Enable Microsoft Defender for Cloud

Explain Microsoft Defender for Cloud
Describe Microsoft Defender for Cloud workload protections
Exercise – Microsoft Defender for Cloud interactive guide
Enable Microsoft Defender for Cloud

Connect Azure assets to Microsoft Defender for Cloud

Explore Azure assets
Configure auto-provisioning in Microsoft Defender for Cloud
Describe manual provisioning in Microsoft Defender for Cloud

Explore and manage your resources with asset inventory
Configure auto provisioning
Manual log analytics agent provisioning

Connect non-Azure resources to Microsoft Defender for Cloud

Connect non-Azure machines to Microsoft Defender for Cloud
Connect AWS accounts to Microsoft Defender for Cloud
Connect GCP accounts to Microsoft Defender for Cloud

Protect non-Azure resources
Connect non-Azure machines
Connect your AWS accounts
Connect your GCP accounts

Manage you cloud security posture management

Describe Microsoft Defender for Cloud features.
Explain the Microsoft Defender for Cloud security posture management protections for your resources.

Explore Secure Score
Explore Recommendations
Measure and enforce regulatory compliance
Understand Workbooks

Explain cloud workload protections in Microsoft Defender for Cloud

Explain which workloads are protected by Microsoft Defender for Cloud
Describe the benefits of the protections offered by Microsoft Defender for Cloud
Explain how Microsoft Defender for Cloud protections function

Understand Microsoft Defender for servers
Understand Microsoft Defender for App Service
Understand Microsoft Defender for Storage
Understand Microsoft Defender for SQL
Understand Microsoft Defender for open-source databases
Understand Microsoft Defender for Key Vault
Understand Microsoft Defender for Resource Manager
Understand Microsoft Defender for DNS
Understand Microsoft Defender for Containers
Understand Microsoft Defender additional protections

Remediate security alerts using Microsoft Defender for Cloud

Describe alerts in Microsoft Defender for Cloud
Remediate alerts in Microsoft Defender for Cloud
Automate responses in Microsoft Defender for Cloud

Understand security alerts
Remediate alerts and automate responses
Suppress alerts from Defender for Cloud
Generate threat intelligence reports
Respond to alerts from Azure resources

Construct KQL statements for Microsoft Sentinel

Construct KQL statements
Search log files for security events using KQL
Filter searches based on event time, severity, domain, and other relevant data using KQL

Understand the Kusto Query Language statement structure
Use the search operator
Use the where operator
Use the let statement
Use the extend operator
Use the order by operator
Use the project operators

Analyze query results using KQL

Summarize data using KQL statements
Render visualizations using KQL statements

Use the summarize operator
Use the summarize operator to filter results
Use the summarize operator to prepare data
Use the render operator to create visualizations

Build multi-table statements using KQL

Create queries using unions to view results across multiple tables using KQL
Merge two tables with the join operator using KQL

Use the union operator
Use the join operator

Work with data in Microsoft Sentinel using Kusto Query Language

Extract data from unstructured string fields using KQL
Extract data from structured string data using KQL
Create Functions using KQL

Extract data from unstructured string fields
Extract data from structured string data
Integrate external data
Create parsers with functions

Introduction to Microsoft Sentinel

Identify the various components and functionality of Microsoft Sentinel.
Identify use cases where Microsoft Sentinel would be a good solution.

What is Microsoft Sentinel?
How Microsoft Sentinel works
When to use Microsoft Sentinel

Create and manage Microsoft Sentinel workspaces

Describe Microsoft Sentinel workspace architecture
Install Microsoft Sentinel workspace
Manage a Microsoft Sentinel workspace

Plan for the Microsoft Sentinel workspace
Create a Microsoft Sentinel workspace
Manage workspaces across tenants using Azure Lighthouse
Understand Microsoft Sentinel permissions and roles
Manage Microsoft Sentinel settings
Configure logs

Query logs in Microsoft Sentinel

Use the Logs page to view data tables in Microsoft Sentinel
Query the most used tables using Microsoft Sentinel

Query logs in the logs page
Understand Microsoft Sentinel tables
Understand common tables
Understand Microsoft Defender XDR tables

Use watchlists in Microsoft Sentinel

Create a watchlist in Microsoft Sentinel
Use KQL to access the watchlist in Microsoft Sentinel

Plan for watchlists
Create a watchlist
Manage watchlists

Utilize threat intelligence in Microsoft Sentinel

Manage threat indicators in Microsoft Sentinel
Use KQL to access threat indicators in Microsoft Sentinel

Define threat intelligence
Manage your threat indicators
View your threat indicators with KQL

Connect data to Microsoft Sentinel using data connectors

Describe how to install Content Hub Solutions to provision Microsoft Sentinel Data connectors
Explain the use of data connectors in Microsoft Sentinel
Describe the Microsoft Sentinel data connector providers
Explain the Common Event Format and Syslog connector differences in Microsoft Sentinel

Ingest log data with data connectors
Understand data connector providers
View connected hosts

Connect Microsoft services to Microsoft Sentinel

Connect Microsoft service connectors
Explain how connectors auto-create incidents in Microsoft Sentinel

Plan for Microsoft services connectors
Connect the Microsoft Office 365 connector
Connect the Microsoft Entra connector
Connect the Microsoft Entra ID Protection connector
Connect the Azure Activity connector

Connect Microsoft Defender XDR to Microsoft Sentinel

Activate the Microsoft Defender XDR connector in Microsoft Sentinel
Activate the Microsoft Defender for Cloud connector in Microsoft Sentinel
Activate the Microsoft Defender for IoT connector in Microsoft Sentinel

Plan for Microsoft Defender XDR connectors
Connect the Microsoft Defender XDR connector
Connect Microsoft Defender for Cloud connector
Connect Microsoft Defender for IoT
Connect Microsoft Defender legacy connectors

Connect Windows hosts to Microsoft Sentinel

Connect Azure Windows Virtual Machines to Microsoft Sentinel
Connect non-Azure Windows hosts to Microsoft Sentinel
Configure Log Analytics agent to collect Sysmon events

Plan for Windows hosts security events connector
Connect using the Windows Security Events via AMA Connector
Connect using the Security Events via Legacy Agent Connector
Collect Sysmon event logs

Connect Common Event Format logs to Microsoft Sentinel

Explain the Common Event Format connector deployment options in Microsoft Sentinel
Run the deployment script for the Common Event Format connector

Plan for Common Event Format connector
Connect your external solution using the Common Event Format connector

Connect syslog data sources to Microsoft Sentinel

Describe the Azure Monitor Agent Data Collection Rule (DCR) for Syslog
Install and Configure the Azure Monitor Linux Agent extension with the Syslog DCR
Run the Azure Arc Linux deployment and connection scripts
Verify Syslog log data is available in Microsoft Sentinel
Create a parser using KQL in Microsoft Sentinel

Plan for syslog data collection
Collect data from Linux-based sources using syslog
Configure the Data Collection Rule for Syslog Data Sources
Parse syslog data with KQL

Connect threat indicators to Microsoft Sentinel

Configure the TAXII connector in Microsoft Sentinel
Configure the Threat Intelligence Platform connector in Microsoft Sentinel
View threat indicators in Microsoft Sentinel

Plan for threat intelligence connectors
Connect the threat intelligence TAXII connector
Connect the threat intelligence platforms connector
View your threat indicators with KQL

Threat detection with Microsoft Sentinel analytics

Explain the importance of Microsoft Sentinel Analytics.
Explain different types of analytics rules.
Create rules from templates.
Create new analytics rules and queries using the analytics rule wizard.
Manage rules with modifications.

What is Microsoft Sentinel Analytics?
Types of analytics rules
Create an analytics rule from templates
Create an analytics rule from wizard
Manage analytics rules

Automation in Microsoft Sentinel

Explain automation options in Microsoft Sentinel
Create automation rules in Microsoft Sentinel

Understand automation options
Create automation rules

Threat response with Microsoft Sentinel playbooks

Explain Microsoft Sentinel SOAR capabilities.
Explore the Microsoft Sentinel Logic Apps connector.
Create a playbook to automate an incident response.
Run a playbook on demand in response to an incident.

What are Microsoft Sentinel playbooks?
Trigger a playbook in real-time
Run playbooks on demand

Security incident management in Microsoft Sentinel

Learn about security incidents and Microsoft Sentinel incident management.
Explore Microsoft Sentinel incident evidence and entities.
Use Microsoft Sentinel to investigate security incidents and manage incident resolution.

Understand incidents
Incident evidence and entities
Incident management

Identify threats with Behavioral Analytics

Explain User and Entity Behavior Analytics in Azure Sentinel
Explore entities in Microsoft Sentinel

Understand behavioral analytics
Explore entities
Display entity behavior information
Use Anomaly detection analytical rule templates

Data normalization in Microsoft Sentinel

Use ASIM Parsers
Create ASIM Parser
Create parameterized KQL functions

Understand data normalization
Use ASIM Parsers
Understand parameterized KQL functions
Create an ASIM Parser
Configure Azure Monitor Data Collection Rules

Query, visualize and monitor data in Microsoft Sentinel

Visualize security data using Microsoft Sentinel Workbooks.
Understand how queries work.
Explore workbook capabilities.
Create a Microsoft Sentinel Workbook.

Monitor and visualize data
Query data using Kusto Query Language
Use default Microsoft Sentinel Workbooks
Create a new Microsoft Sentinel Workbook

Manage content in Microsoft Sentinel

Install a content hub solution in Microsoft Sentinel
Connect a GitHub repository to Microsoft Sentinel

Use solutions from the content hub
Use repositories for deployment

Explain threat hunting concepts in Microsoft Sentinel

Describe threat hunting concepts for use with Microsoft Sentinel
Define a threat hunting hypothesis for use in Microsoft Sentinel

Understand cybersecurity threat hunts
Develop a hypothesis
Explore MITRE ATT&CK

Threat hunting with Microsoft Sentinel

Use queries to hunt for threats.
Save key findings with bookmarks.
Observe threats over time with livestream.

Explore creation and management of threat-hunting queries
Save key findings with bookmarks
Observe threats over time with livestream

Use Search jobs in Microsoft Sentinel

Use Search Jobs in Microsoft Sentinel
Restore archive logs in Microsoft Sentinel

Hunt with a Search Job
Restore historical data

Hunt for threats using notebooks in Microsoft Sentinel

Explore API libraries for advanced threat hunting in Microsoft Sentinel
Describe notebooks in Microsoft Sentinel
Create and use notebooks in Microsoft Sentinel

Access Azure Sentinel data with external tools
Hunt with notebooks
Create a notebook