Mastering Azure Sentinel

In this course students will gain the knowledge and skills needed to implement security controls, maintain the security posture, and identify and remediate vulnerabilities by using a variety of security tools.

Azure Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyse large volumes of data across an enterprise—fast. Azure Sentinel aggregates data from all sources, including users, applications, servers and devices running on-premises or in any cloud, letting you reason over millions of records in a few seconds.


This course is aimed at SecOps and IT Pros working with the task of an security administrator role. This role collaborates with the Microsoft 365 Enterprise Administrator, business stakeholders and other workload administrators to plan and implement security strategies and ensures that the solutions comply with the policies and regulations of the organization.

Students should have at least one year of hands-on experience securing Azure workloads and experience with security controls for workloads on Azure.


To attend this course you should have the following skills:

  • Basic conceptual understanding of Microsoft Azure
  • Experience with Office 36
  • Basic understanding of authorization and authentication
  • Basic understanding of computer networks
  • Knowledge of security incident management
  • Basic knowledge of operational concepts such as monitoring, logging, and alerting
  • Familiarity with security operations in an organization

Course outline

Day 1:

Module 1. Security Challenges

  • Security Challenges for SecOps
  • Current Threat Landscape
  • Threat Intelligence
  • Introduction to Azure Sentinel
  • Architecture

Module 2 : Query, visualize, and monitor data in Azure Sentinel

  • Data Collection
  • Visualization
  • Querying the logs
  • Introduction to Kusto Query Language (KQL)
  • Useful Queries in KQL (Advanced Queries in KQL)
  • Interactive reports with Workbooks

Module 3: Detecting threat using Analytics Rules

  • Detecting Threats using correlation Rules
  • Out of the box Detection
  • Custom threat detection rules
  • Advanced multistage attack detection
  • Use entity behavior analytics in Azure Sentinel
  • Intro to Use cases
  • Real time use cases for Cloud
  • User Behavior related use cases

Day 2

Module 4: Incident Management

  • Introduction to Threat investigation
  • Investigating Incidents
  • Use the investigation graph to deep dive

Module 5. Threat hunting with Azure Sentinel

  • Connect threat indicators to Azure Sentinel
  • Threat hunting concept in Azure Sentinel
  • Life cycle of Threat hunting
  • Use Notebooks to hunt

Module 6: Respond to threat using playbooks

  • Introduction to SOAR
  • Introduction to Play Books
  • Creating Security Play Books
  • Creating Logic through Logic App Designe
  • Threat Response Automation
  • Community driven Playbooks

Module 7: Operational Tasks for Azure Sentinel

  • Integration with partners
  • Using Watchlists


There is no certification related to this training.