Security
Modern SecOps with Unified Platform
Intermediate
Microsoft Defender XDRImplement Threat Protection with Microsoft Defender XDR solutions
This Implement with impact course empowers you to secure your entire environment using Microsoft Defender XDR. You will learn how to protect cloud ecosystems, email, SaaS applications, identities while applying Zero Trust security principles. Explore how to detect and respond to advanced threats rapidly, manage exposure risks, and leverage AI-powered security operations. The course also highlights seamless integration with Microsoft Sentinel and Security Copilot, enabling unified visibility and streamlined threat management across your organization.
12 hours(Suggested: 3 days, 4h/day)TechnicalProject ReadyHands-on Labs
MS Course ID: 00658
Last Updated: Jan 10, 2026
Course Syllabus
1
Module 1: Secure your cloud ecosystem with Microsoft Defender XDR
• Introduction to Zero Trust
• Microsoft Secure Future Initiative
• Introduction to Microsoft Defender XDR
• Accelerate SecOps with GenAI
• Microsoft Defender XDR Unified Portal
• Integrate third-party solutions
• Managed XDR (MXDR)
• Disrupt advanced attacks at machine speed
90 mins
Lecture
2
Module 2: Implement comprehensive Security with Microsoft Defender for Office 365
• Overview of Microsoft Defender for Office 365
• Prevention
• Secure Posture
• Detection
• Investigation
• Response
• Awareness and Training
• Defender for Office 365 Plans
90 mins
Lecture
3
Hands-on Labs
• Configure Threat Policies in Microsoft Defender for Office 365
• Simulate Phishing and Malware Attacks Using Attack Simulator
• Analyze Threats with Threat Explorer and Real-Time Detections
• Investigate and Remediate Incidents in Microsoft Defender XDR
• Configure Anti-Phishing and Safe Links Policies
60 mins
Lab
4
Module 3: Secure Access to SaaS apps with Microsoft Defender for Cloud Apps
• Introduction to Microsoft Defender for CloudApps
• SaaS app discovery and posture management
• SaaS threat protection
• App to app protection
• Security for AI apps
• Information protection
• Automating security workflows
• Licensing and feature support
90 mins
Lecture
5
Module 4: Protect hybrid cloud environment with Microsoft Defender for Identity
• Identity security landscape
• Introduction to Microsoft Defender for Identity
• Architecture
• One platform, one agent
• Prevention - Attack surface reduction with Posture Assessments
• Detection - Real-time analytics and data intelligence
• Investigation - User Investigation Priority
• Response - Automated security workflows
90 mins
Lecture
6
Hands-on Labs
• Microsoft Defender for Cloud Apps-Configuring Cloud App Discovery
• Discover and Analyze Shadow IT Using Cloud Discovery
• Connect and onboard a SaaS App to Defender for Cloud Apps
• Configure Session Policies to Monitor and Block Risky Behavior
• Implement App Governance and Risk Detection for OAuth Apps
• Investigate Alerts and Create Custom Detection Policies
• Deploy Microsoft Defender for Identity Sensor on Domain Controllers
• Simulate and Detect Lateral Movement Attacks
• Investigate Identity-Based Threats and User Timelines
• Integrate Defender for Identity with Microsoft Defender Portal
• Review and Respond to Advanced Hunting Queries for Identity Signals
60 mins
Lab
7
Module 5: Strengthen Your Security Posture with Microsoft Defender XDR: Threat Intelligence and Exposure Management
• Gain Comprehensive Threat Insights with Unified Threat Intelligence
• Reduce Exposure across the Digital Estate with Unified Exposure Management
• Securing AI: Posture Management and Threat Protection
• Achieve Unified Visibility, Correlation, and Management across Security Data
60 mins
Lecture
8
Module 6: Advanced Threat Detection and Response with Microsoft Sentinel in Defender XDR
• Introduction to Microsoft Sentinel
• Core Components of Microsoft Sentinel: Data Lake, MCP Server, and Sentinel Graph
• Onboarding Microsoft Sentinel to Defender
• Integration with Microsoft Defender XDR
• Threat Detection
• Analytics
• Threat intelligence
• Watchlists
• Workbooks
• User and Entity Behavior Analytics (UEBA)
• Threat investigation
• Incidents
• Threat Hunting
• Notebooks
• Threat response
• Automation rules
• Automation with Playbooks and Azure Logic Apps
60 mins
Lecture
9
Module 7: AI-powered threat detection and response with Security Copilot and agents
• Integrate with Microsoft Security Copilot and Microsoft Defender for Cloud
• Security Store
• Security Copilot agents in Microsoft Defender - Phishing Triage agent; Threat Intelligence Briefing Agent; Threat Hunting Agent; Dynamic Threat Detection Agent (preview)
60 mins
Lecture
10
Interactive Simulated Labs
• Activating and exploring Security Copilot
• Set Up and Configure the Phishing Triage Agent in Microsoft Defender XDR
• Configure and Use the Threat Intelligence Briefing Agent to Generate Environment-Specific Threat Reports
30 mins
Lab
11
Hands-on Labs
• Review and explore Sentinel workspace
• Conduct attacks, Create Detections, Investigate an Incident
• Threat Hunting using Microsoft Sentinel
• Mitigate threats using Microsoft Defender
30 mins
Lab
What You'll Learn
Understand core concepts and best practices
Hands-on experience with real-world scenarios
Learn from certified Microsoft experts
Prepare for relevant certifications
Access to lab environments
Post-training support and resources
Course Details
- Duration
- 12 hours
- Level
- Intermediate
- Role
- Technical
- Course Type
- Project Ready
- Partner Segment
- SMB, Enterprise
- Course Stage
- Available
- Hands-on Labs
- Yes
- ESI Course Code
- DW-330