Security
Modern SecOps with Unified Platform
Intermediate
Microsoft SentinelThreat Protection and Incident response with Microsoft Sentinel within Unified Platform
Learn how to implement end-to-end threat protection and incident response using the new unified Microsoft Defender portal. This course equips technical teams to deploy, investigate, automate, and integrate Microsoft Sentinel with Microsoft security suite using a single, streamlined SecOps experience enhanced by AI, UEBA, SOAR, and Security Copilot.
8 hours(Suggested: 2 days, 4h/day)TechnicalProject ReadyHands-on Labs
MS Course ID: 00062
Last Updated: Feb 13, 2026
Course Syllabus
1
Module 1: Threat Intelligence in Microsoft Sentinel
• The threat landscape and SOC challenge
• Modernize the SOC to defend against the evolving threat and scape
• Microsoft Sentinel SIEM Overview
• Unified Security Operations with Defender Portal
• Planning and Deployment of Microsoft Sentinel SIEM
• Sentinel Platform Deployment
• Get started with Microsoft Sentinel MCP server and tools
• Microsoft Sentinel Graph (Preview) Overview
• Onboarding Sentinel to Data Lake and Graph
• Sentinel experience in Microsoft Defender portal
• Threat intelligence with Microsoft Sentinel in Defender portal
90 mins
Lecture
2
Module 2: Investigation in Microsoft Sentinel
• Watchlists overview
• User and Entity Behavior Analytics (UEBA)
• Enable User and Entity Behavior Analytics (UEBA)
• Investigating with UEBA
90 mins
Lecture
3
Hands-on Labs
• Microsoft Sentinel Deployment
• Enabling Data Connectors in Microsoft Sentinel in Microsoft Defender Portal
• Getting a Connector via the Microsoft Security Store
• Threat Intelligence connector and Content hub
• UEBA with Microsoft Sentinel
60 mins
Lab
4
Module 3: Automation and response with Microsoft Sentinel
• Introduction to SOAR in Microsoft Sentinel
• Automation with Playbooks and Azure Logic Apps
• Customizing Microsoft Sentinel playbooks from templates
• Enhance detection with unified engine
• Data Analysis and Threat Detection
• Threat hunting
• Threat Analysis in Microsoft Defender
60 mins
Lecture
5
Module 4: Integration with other Security Solutions
• Integration with Microsoft Defender for Cloud
• Integration with Microsoft Defender XDR
• Access Control and migration
60 mins
Lecture
6
Module 5: Security Copilot and Unified SOC
• Microsoft Security Copilot for SOC
• Security Copilot agents and Security Store
• Investigate incidents in Security Copilot
• Manage your unified SOC in Defender portal
60 mins
Lecture
7
Hands-on Labs
• Responding to threats using Automation
• Hunt threats using KQL across the data lake
• Analytics Rules and Incident Management
• Hunting queries and Watchlists
• Threat hunting with Jupyter notebooks
• Exploring Microsoft Sentinel Advanced Features
• Repositories in Microsoft Sentinel
60 mins
Lecture
What You'll Learn
Understand core concepts and best practices
Hands-on experience with real-world scenarios
Learn from certified Microsoft experts
Prepare for relevant certifications
Access to lab environments
Post-training support and resources
Course Details
- Duration
- 8 hours
- Level
- Intermediate
- Role
- Technical
- Course Type
- Project Ready
- Partner Segment
- SMB, Enterprise
- Course Stage
- Available
- Hands-on Labs
- Yes
- ESI Course Code
- DW-360