Microsoft Security Engineer Training

accredited by

Our Microsoft training course is accredited by Microsoft

Online Instructor-led (4 days)

Classroom (4 days)

Online Self-paced (32 hours)

Microsoft Security Operations Analyst SC200 Course Outline

Module 1: Introduction to Microsoft 365 Threat Protection

  • Introduction
  • Explore Extended Detection and Response (XDR) Response Use Cases
  • Understand Microsoft 365 Defender in a Security Operations Centre (SOC)
  • Explore Microsoft Security Graph
  • Investigate Security Incident in Microsoft 365 Defender

Module 2: Mitigate Incidents Using Microsoft 365 Defender

  • Introduction
  • Use the Microsoft 365 Defender Portal
  • Manage Incidents
  • Investigate Incidents
  • Manage and Investigate Alerts
  • Manage Automated Investigations
  • Use the Action Centre
  • Explore Advanced Hunting
  • Investigate Azure AD Sign-In Logs
  • Understand Microsoft Secure Score
  • Analyse Threat Analytics
  • Analyse Reports
  • Configure the Microsoft 365 Defender Portal

Module 3: Protect Your Identities with Azure AD Identity Protection

  • Introduction
  • Azure AD Identity Protection Overview
  • Detect Risks with Azure AD Identity Protection Policies
  • Investigate and Remediate Risks Detected by Azure AD Identity Protection

Module 4: Remediate Risks with Microsoft Defender for Office 365

  • Introduction to Microsoft Defender for Office 365
  • Automate, Investigate, and Remediate
  • Configure, Protect, and Detect
  • Simulate Attacks

Module 5: Safeguard Your Environment with Microsoft Defender for Identity

  • Introduction to Microsoft Defender for Identity
  • Configure Microsoft Defender for Identity Sensors
  • Review Compromised Accounts or Data
  • Integrate with Other Microsoft Tools

Module 6: Secure Your Cloud Apps and Services with Microsoft Defender for Cloud Apps

  • Introduction
  • Understand the Defender for Cloud Apps Framework
  • Explore Your Cloud Apps with Cloud Discovery
  • Protect Your Data and Apps with Conditional Access App Control
  • Walk Through Discovery and Access Control with Microsoft Defender for Cloud Apps
  • Classify and Protect Sensitive Information
  • Detect Threats

Module 7: Respond to Data Loss Prevention Alerts Using Microsoft 365

  • Introduction
  • Describe Data Loss Prevention Alerts
  • Investigate Data Loss Prevention Alerts in Microsoft Purview
  • Investigate Data Loss Prevention Alerts in Microsoft Defender for Cloud Apps

Module 8: Manage Insider Risk in Microsoft Purview

  • Insider Risk Management Overview
  • Introduction to Managing Insider Risk Policies
  • Create and Manage Insider Risk Policies
  • Knowledge Check
  • Investigate Insider Risk Alerts
  • Take Action on Insider Risk Alerts through Cases
  • Manage Insider Risk Management Forensic Evidence
  • Create Insider Risk Management Notice Templates

Module 9: Investigate Threats by Using Audit Features in Microsoft 365 Defender and Microsoft Purview Standard

  • Introduction to Threat Investigation with the Unified Audit Log (UAL)
  • Explore Microsoft Purview Audit Solutions
  • Implement Microsoft Purview Audit (Standard)
  • Start Recording Activity in the Unified Audit Log
  • Search the Unified Audit Log (UAL)
  • Export, Configure, and View Audit Log Records
  • Use Audit Log Searching to Investigate Common Support Issues

Module 10: Investigate Threats Using Audit in Microsoft 365 Defender and Microsoft Purview (Premium)

  • Introduction to Threat Investigation with the Unified Audit Log (UAL)
  • Explore Microsoft Purview Audit Solutions
  • Implement Microsoft Purview Audit (Standard)
  • Start Recording Activity in the Unified Audit Log
  • Search the Unified Audit Log (UAL)
  • Export, Configure, and View Audit Log Records
  • Use Audit Log Searching to Investigate Common Support Issues

Module 11: Investigate Threats with Content Search in Microsoft Purview

  • Introduction
  • Explore Microsoft Purview eDiscovery Solutions
  • Create a Content Search
  • View the Search Results and Statistics
  • Export the Search Results and Search Report
  • Configure Search Permissions Filtering
  • Search for and Delete Email Messages

Module 12: Protect Against Threats with Microsoft Defender for Endpoint

  • Introduction to Microsoft Defender for Endpoint
  • Practice Security Administration
  • Hunt Threats within Your Network

Module 13: Deploy the Microsoft Defender for Endpoint Environment

  • Introduction
  • Create Your Environment
  • Understand Operating Systems Compatibility and Features
  • Onboard Devices
  • Manage Access
  • Create and Manage Roles for Role-Based Access Control
  • Configure Device Groups
  • Configure Environment Advanced Features

Module 14: Implement Windows Security Enhancements with Microsoft Defender for Endpoint

  • Introduction
  • Understand Attack Surface Reduction
  • Enable Attack Surface Reduction Rules

Module 15: Perform Device Investigations in Microsoft Defender for Endpoint

  • Introduction
  • Use the Device Inventory List
  • Investigate the Device
  • Use Behavioral Blocking
  • Detect Devices with Device Discovery

Module 16: Perform Actions on a Device Using Microsoft Defender for Endpoint

  • Introduction
  • Explain Device Actions
  • Run Microsoft Defender Antivirus Scan on Devices
  • Collect Investigation Package from Devices
  • Initiate Live Response Session

Module 17: Perform Evidence and Entities Investigations Using Microsoft Defender for Endpoint

  • Introduction
  • Investigate a File
  • Investigate a User Account
  • Investigate an IP Address
  • Investigate a Domain

Module 18: Configure and Manage Automation Using Microsoft Defender for Endpoint

  • Introduction
  • Configure Advanced Features
  • Manage Automation Upload and Folder Settings
  • Configure Automated Investigation and Remediation Capabilities
  • Block At-Risk Devices

Module 19: Configure for Alerts and Detections in Microsoft Defender for Endpoint

  • Introduction
  • Configure Advanced Features
  • Configure Alert Notifications
  • Manage Alert Suppression
  • Manage Indicators

Module 20: Utilise Vulnerability Management in Microsoft Defender for Endpoint

  • Introduction
  • Understand Vulnerability Management
  • Explore Vulnerabilities on Your Devices
  • Manage Remediation

Module 21: Plan for Cloud Workload Protections Using Microsoft Defender for Cloud

  • Introduction
  • Explain Microsoft Defender for Cloud
  • Describe Microsoft Defender for Cloud Workload Protections
  • Exercise – Microsoft Defender for Cloud Interactive Guide
  • Enable Microsoft Defender for Cloud

Module 22: Connect Azure Assets to Microsoft Defender for Cloud

  • Introduction
  • Explore and Manage Your Resources with Asset Inventory
  • Configure Auto Provisioning
  • Manual Log Analytics Agent Provisioning

Module 23: Connect Non-Azure Resources to Microsoft Defender for Cloud

  • Introduction
  • Protect Non-Azure Resources
  • Connect Non-Azure Machines
  • Connect Your AWS Accounts
  • Connect Your GCP Accounts

Module 24: Manage Your Cloud Security Posture Management

  • Introduction
  • Explore Secure Score
  • Explore Recommendations
  • Measure and Enforce Regulatory Compliance
  • Understand Workbooks

Module 25: Explain Cloud Workload Protections in Microsoft Defender for Cloud

  • Introduction
  • Understand Microsoft Defender for Servers
  • Understand Microsoft Defender for App Service
  • Understand Microsoft Defender for Storage
  • Understand Microsoft Defender for SQL
  • Understand Microsoft Defender for Open-Source Databases
  • Understand Microsoft Defender for Key Vault
  • Understand Microsoft Defender for Resource Manager
  • Understand Microsoft Defender for DNS
  • Understand Microsoft Defender for Containers
  • Understand Microsoft Defender Additional Protections

Module 26: Remediate Security Alerts Using Microsoft Defender for Cloud

  • Introduction
  • Understand Security Alerts
  • Remediate Alerts and Automate Responses
  • Suppress Alerts from Defender for Cloud
  • Generate Threat Intelligence Reports
  • Respond to Alerts from Azure Resources

Module 27: Construct KQL Statements for Microsoft Sentinel

  • Introduction
  • Understand the Kusto Query Language Statement Structure
  • Use the Search Operator
  • Use the Where Operator
  • Use the Let Statement
  • Use the Extend Operator
  • Use the Order By Operator
  • Use the Project Operators

Module 28: Analyse Query Results Using KQL

  • Introduction
  • Use the Summarise Operator
  • Use the Summarise Operator to Filter Results
  • Use the Summarise Operator to Prepare Data
  • Use the Render Operator to Create Visualisations

Module 29: Build Multi-Table Statements Using KQL

  • Introduction
  • Use the Union Operator
  • Use the Join Operator

Module 30: Work with Data in Microsoft Sentinel Using Kusto Query Language

  • Introduction
  • Extract Data from Unstructured String Fields
  • Extract Data from Structured String Data
  • Integrate External Data
  • Create Parsers with Functions

Module 31: Introduction to Microsoft Sentinel

  • Introduction
  • What is Microsoft Sentinel?
  • How Microsoft Sentinel Works?
  • When to Use Microsoft Sentinel?

Module 32: Create and Manage Microsoft Sentinel Workspaces

  • Introduction
  • Plan for the Microsoft Sentinel Workspace
  • Create a Microsoft Sentinel Workspace
  • Manage Workspaces Across Tenants Using Azure Lighthouse
  • Understand Microsoft Sentinel Permissions and Roles
  • Manage Microsoft Sentinel Settings
  • Configure Logs

Module 33: Query Logs in Microsoft Sentinel

  • Introduction
  • Query Logs in the Logs Page
  • Understand Microsoft Sentinel Tables
  • Understand Common Tables
  • Understand Microsoft 365 Defender Tables

Module 34: Use Watchlists in Microsoft Sentinel

  • Introduction
  • Plan for Watchlists
  • Create a Watchlist
  • Manage Watchlists

Module 35: Utilise Threat Intelligence in Microsoft Sentinel

  • Introduction
  • Define Threat Intelligence
  • Manage Your Threat Indicators
  • View Your Threat Indicators with KQL

Module 36: Connect Data to Microsoft Sentinel Using Data Connectors

  • Introduction
  • Ingest Log Data with Data Connectors
  • Understand Data Connector Providers
  • View Connected Hosts

Module 37: Connect Microsoft Services to Microsoft Sentinel

  • Introduction
  • Plan for Microsoft Services Connectors
  • Connect the Microsoft Office 365 Connector
  • Connect the Azure Active Directory Connector
  • Connect the Azure Active Directory Identity Protection Connector
  • Connect the Azure Activity Connector

Module 38: Connect Microsoft 365 Defender to Microsoft Sentinel

  • Introduction
  • Plan for Microsoft 365 Defender Connectors
  • Connect the Microsoft 365 Defender Connector
  • Connect Microsoft Defender for Cloud Connector
  • Connect Microsoft Defender for IoT
  • Connect Microsoft Defender Legacy Connectors

Module 39: Connect Windows Hosts to Microsoft Sentinel

  • Introduction
  • Plan for Windows Hosts Security Events Connector
  • Connect Using the Windows Security Events via AMA Connector
  • Connect Using the Security Events via Legacy Agent Connector
  • Collect Sysmon Event Logs

Module 40: Connect Common Event Format Logs to Microsoft Sentinel

  • Introduction
  • Plan for Common Event Format Connector
  • Connect Your External Solution Using the Common Event Format Connector

Module 41: Connect Syslog Data Sources to Microsoft Sentinel

  • Introduction
  • Plan for Syslog Data Collection
  • Collect Data from Linux-Based Sources Using Syslog
  • Configure the Data Collection Rule for Syslog Data Sources
  • Parse Syslog Data with KQL

Module 42: Connect Threat Indicators to Microsoft Sentinel

  • Introduction
  • Plan for Threat Intelligence Connectors
  • Connect the Threat Intelligence TAXII Connector
  • Connect the Threat Intelligence Platforms Connector
  • View Your Threat Indicators with KQL

Module 43: Threat Detection with Microsoft Sentinel Analytics

  • Introduction
  • Exercise - Detect Threats with Microsoft Sentinel Analytics
  • What is Microsoft Sentinel Analytics?
  • Types of Analytics Rules
  • Create an Analytics Rule from Templates
  • Create an Analytics Rule from Wizard
  • Manage Analytics Rules
  • Exercise - Detect Threats with Microsoft Sentinel Analytics

Module 44: Automation in Microsoft Sentinel

  • Introduction
  • Understand Automation Options
  • Create Automation Rules

Module 45: Security Incident Management in Microsoft Sentinel

  • Introduction
  • Exercise - Set Up the Azure Environment
  • Understand Incidents
  • Incident Evidence and Entities
  • Incident Management
  • Exercise - Investigate an Incident

Module 46: Identify Threats with Behavioral Analytics

  • Introduction
  • Understand Behavioral Analytics
  • Explore Entities
  • Display Entity Behavior Information
  • Use Anomaly Detection Analytical Rule Templates

Module 47: Data Normalisation in Microsoft Sentinel

  • Introduction
  • Understand Data Normalisation
  • Use ASIM Parsers
  • Understand Parameterised KQL Functions
  • Create an ASIM Parser
  • Configure Azure Monitor Data Collection Rules

Module 48: Query, Visualise, and Monitor Data in Microsoft Sentinel

  • Introduction
  • Exercise - Query and Visualise Data with Microsoft Sentinel Workbooks
  • Monitor and Visualise Data
  • Query Data Using Kusto Query Language
  • Use Default Microsoft Sentinel Workbooks
  • Create a New Microsoft Sentinel Workbook
  • Exercise - Visualise Data Using Microsoft Sentinel Workbooks

Module 49: Manage Content in Microsoft Sentinel

  • Introduction
  • Use Solutions from the Content Hub
  • Use Repositories for Deployment

Module 50: Explain Threat Hunting Concepts in Microsoft Sentinel

  • Introduction
  • Understand Cybersecurity Threat Hunts
  • Develop a Hypothesis
  • Explore MITRE ATT and CK

Module 51: Threat Hunting with Microsoft Sentinel

  • Introduction
  • Exercise Setup
  • Explore Creation and Management of Threat-Hunting Queries
  • Save Key Findings with Bookmarks
  • Observe Threats Over Time with Livestream
  • Exercise - Hunt for Threats by Using Microsoft Sentinel

Module 52: Use Search Jobs in Microsoft Sentinel

  • Introduction
  • Hunt with a Search Job
  • Restore Historical Data

Module 53: Hunt for Threats Using Notebooks in Microsoft Sentinel

  • Introduction
  • Access Azure Sentinel Data with External Tools
  • Hunt with Notebooks
  • Create a Notebook
  • Explore Notebook Code

Show moredown

Who should attend this Microsoft Security Operations Analyst SC200 Training Course?

This Microsoft Security Operations Analyst SC200 Course is designed for individuals who are interested in developing their skills and expertise in the field of Security Operations and Threat Detection and Response using Microsoft technologies. This training course is especially beneficial for the following professionals:

  • Cybersecurity Analysts
  • Threat Detection Specialists
  • Security Engineers
  • Incident Responders
  • IT Administrators
  • Network Administrators
  • Cloud Security Analysts

Prerequisites of the Microsoft Security Operations Analyst SC200 Training Course

There are no formal prerequisites for this Microsoft Security Operations Analyst SC200 Course. However, basic knowledge of Cybersecurity and IT concepts would be beneficial for the delegates.

Microsoft Security Operations Analyst SC200 Course Overview

The Microsoft Security Operations Analyst SC200 Training Course is a vital course that equips professionals with the knowledge and skills needed to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. In today's cybersecurity landscape, the ability to mitigate cyberthreats is of utmost importance, making this course highly relevant and valuable.

Professionals involved in Security Operations roles, including Security Engineers, Analysts, and those responsible for safeguarding digital assets, should aim to master this subject. With the increasing sophistication of cyber threats, knowing how to effectively use these technologies and Kusto Query Language (KQL) is crucial for ensuring the security and resilience of an organisation's digital infrastructure.

The 4-day training course offered by the Knowledge Academy is designed to empower delegates with the practical skills and knowledge necessary to excel in a Security Operations job role. This course focuses on configuring and using Microsoft Sentinel and utilising KQL for detection, analysis, and reporting. It also prepares learners for the SC-200: Microsoft Security Operations Analyst exam, making it a comprehensive and valuable training opportunity.

Course Objectives

  • To investigate and respond to threats using Microsoft Sentinel
  • To utilise Kusto Query Language (KQL) for threat detection and analysis
  • To configure Microsoft Sentinel for effective threat mitigation
  • To enhance threat hunting capabilities using Microsoft Defender for Cloud and Microsoft 365 Defender
  • To master the practical skills necessary for a Security Operations job role

Upon completion of this Microsoft Security Engineer Training Course, delegates will benefit from an advanced skill set and in-depth knowledge of threat mitigation using Microsoft security technologies. They will be well-prepared to effectively respond to cyber threats, enhancing their organisation's security posture and contributing to a safer digital environment.

Show moredown

What’s included in this Microsoft Security Operations Analyst SC200 Training Course?

  • World-Class Training Sessions from Experienced Instructors
  • Microsoft Security Operations Analyst SC200 Certificate
  • Digital Delegate Pack

accredited by

Our Microsoft training course is accredited by Microsoft

Online Instructor-led (4 days)

Classroom (4 days)

Online Self-paced (32 hours)

Microsoft Identity and Access Administrator SC300 Course Outline

Module 1: Explore Identity and Azure AD

  • Introduction
  • Explain the Identity Landscape
  • Explore Zero Trust with Identity
  • Discuss Identity as a Control Plane
  • Explore Why We Have Identity
  • Define Identity Administration
  • Contrast Decentralised Identity with Central Identity Systems
  • Discuss Identity Management Solutions
  • Explain Azure AD Business to Business
  • Compare Microsoft Identity Providers
  • Define Identity Licensing
  • Explore Authentication
  • Discuss Authorisation
  • Explain Auditing in Identity

Module 2: Implement Initial Configuration of Azure Active Directory

  • Introduction
  • Configure Company Brand
  • Configure and Manage Azure Active Directory Roles
  • Exercise: Manage Users Roles
  • Configure Delegation by Using Administrative Units
  • Analyse Azure AD Role Permissions
  • Configure and Manage Custom Domains
  • Configure Tenant-Wide Settings
  • Exercise: Setting Tenant-Wide Properties

Module 3: Create, Configure, and Manage Identities

  • Introduction
  • Create, Configure, and Manage Users
  • Exercise: Assign Licenses to Users
  • Exercise: Restore or Remove Deleted Users
  • Create, Configure, and Manage Groups
  • Exercise: Add Groups in Azure Active Directory
  • Configure and Manage Device Registration
  • Manage Licenses
  • Exercise: Change Group License Assignments
  • Exercise: Change User License Assignments
  • Create Custom Security Attributes
  • Explore Automatic User Creation

Module 4: Implement and Manage External Identities

  • Introduction
  • Describe Guest Access and Business to Business Accounts
  • Manage External Collaboration
  • Exercise: Configure External Collaboration
  • Invite External Users - Individually and in Bulk
  • Exercise: Add Guest Users to Directory
  • Exercise: Invite Guest Users in Bulk
  • Demo: Manage Guest Users in Azure Active Directory
  • Manage External User Accounts in Azure Active Directory
  • Manage External Users in Microsoft 365 Workloads
  • Exercise: Explore Dynamic Groups
  • Implement Cross-Tenant Access Controls
  • Configure Identity Providers
  • Implement and Manage Entra Verified ID

Module 5: Implement and Manage Hybrid Identity

  • Introduction
  • Plan, Design, and Implement Azure Active Directory Connect
  • Implement Manage Password Hash Synchronisation (PHS)
  • Implement Manage Pass-Through Authentication (PTA)
  • Demo: Manage Pass-Through Authentication and Seamless Single Sign-On (SSO)
  • Implement and Manage Federation
  • Troubleshoot Synchronisation Errors
  • Implement Azure Active Directory Connect Health
  • Manage Azure Active Directory Connect Health

Module 6: Secure Azure Active Directory Users with Multi-Factor Authentication

  • Introduction
  • What Is Azure AD Multi-Factor Authentication?
  • Plan Your Multi-Factor Authentication Deployment
  • Exercise: Enable Azure AD Multi-Factor Authentication
  • Configure Multi-Factor Authentication Methods

Module 7: Manage User Authentication

  • Introduction
  • Administer FIDO2 and Passwordless Authentication Methods
  • Explore Authenticator App and OATH Tokens
  • Implement an Authentication Solution Based on Windows Hello for Business
  • Exercise: Configure and Deploy Self-Service Password Reset
  • Deploy and Manage Password Protection
  • Configure Smart Lockout Thresholds
  • Exercise: Manage Azure Active Directory Smart Lockout Values
  • Implement Kerberos and Certificate-Based Authentication in Azure AD
  • Configure Azure AD User Authentication for Virtual Machines

Module 8: Plan, Implement, and Administer Conditional Access

  • Introduction
  • Plan Security Defaults
  • Exercise: Work with Security Defaults
  • Plan Conditional Access Policies
  • Implement Conditional Access Policy Controls and Assignments
  • Exercise: Implement Conditional Access Policies Roles and Assignments
  • Test and Troubleshoot Conditional Access Policies
  • Implement Application Controls
  • Implement Session Management
  • Exercise: Configure Authentication Session Controls
  • Implement Continuous Access Evaluation

Module 9: Manage Azure AD Identity Protection

  • Introduction
  • Review Identity Protection Basics
  • Implement and Manage User Risk Policy
  • Exercise: Enable Sign-In Risk Policy
  • Exercise: Configure Azure Active Directory Multi-Factor Authentication Registration Policy
  • Monitor, Investigate, and Remediate Elevated Risky Users
  • Implement Security for Workload Identities
  • Explore Microsoft Defender for Identity

Module 10: Implement Access Management for Azure Resources

  • Introduction
  • Assign Azure Roles
  • Configure Custom Azure Roles
  • Create and Configure Managed Identities
  • Access Azure Resources with Managed Identities
  • Analyse Azure Role Permissions
  • Configure Azure Key Vault RBAC Policies
  • Retrieve Objects from Azure Key Vault
  • Explore Entra Permissions Management (CloudKnox)

Module 11: Plan and Design the Integration of Enterprise Apps for SSO

  • Introduction
  • Discover Apps by Using Microsoft Defender for Cloud Apps and Active Directory Federation Services App Report
  • Configure Connectors to Apps
  • Exercise: Implement Access Management for Apps
  • Design and Implement App Management Roles
  • Exercise: Create a Custom Role to Manage App Registration
  • Configure Pre-Integrated Gallery SaaS Apps
  • Implement and Manage Policies for OAuth Apps

Module 12: Implement and Monitor the Integration of Enterprise Apps for SSO

  • Introduction
  • Implement Token Customisations
  • Implement and Configure Consent Settings
  • Integrate On-Premises Apps by Using Azure Active Directory Application Proxy
  • Integrate Custom SaaS Apps for Single Sign-On
  • Implement Application User Provisioning
  • Monitor and Audit Access to Azure Active Directory Integrated Applications
  • Create and Manage Application Collections

Module 13: Implement App Registration

  • Introduction
  • Plan Your Line of Business Application Registration Strategy
  • Implement Application Registration
  • Exercise: Register an Application
  • Configure Application Permission
  • Exercise: Grant Tenant-Wide Admin Consent to an Application
  • Implement Application Authorisation
  • Exercise: Add App Roles to Application and Receive Tokens
  • Manage and Monitor Applications with App Governance

Module 14: Plan and Implement Entitlement Management

  • Introduction
  • Define Access Packages
  • Exercise: Create and Manage a Resource Catalog with Azure AD Entitlement
  • Configure Entitlement Management
  • Exercise: Add Terms of Use Acceptance Report
  • Exercise: Manage the Lifecycle of External Users with Azure AD Identity Governance
  • Configure and Manage Connected Organisations
  • Review Per-User Entitlements

Module 15: Plan, Implement, and Manage Access Review

  • Introduction
  • Plan for Access Reviews
  • Create Access Reviews for Groups and Apps
  • Create and Configure Access Review Programs
  • Monitor Access Review Findings
  • Automate Access Review Management Tasks
  • Configure Recurring Access Reviews

Module 16: Plan and Implement Privileged Access

  • Introduction
  • Define a Privileged Access Strategy for Administrative Users
  • Configure Privileged Identity Management for Azure Resources
  • Exercise: Configure Privileged Identity Management for Azure Active Directory Roles
  • Exercise: Assign Azure Active Directory Roles in Privileged Identity Management
  • Exercise: Assign Azure Resource Roles in Privileged Identity Management
  • Plan and Configure Privileged Access Groups
  • Analyse Privileged Identity Management Audit History and Reports
  • Create and Manage Emergency Access Accounts

Module 17: Monitor and Maintain Azure Active Directory

  • Introduction
  • Analyse and Investigate Sign-In Logs to Troubleshoot Access Issues
  • Review and Monitor Azure Active Directory Audit Logs
  • Exercise: Connect Data from Azure Active Directory to Microsoft Sentinel
  • Export Logs to Third-Party Security Information and Event Management System
  • Analyse Azure Active Directory Workbooks and Reporting
  • Monitor Security Posture with Identity Secure Score

Show moredown

Who should attend this Microsoft Identity and Access Administrator SC300 Training Course?

This Microsoft Identity and Access Administrator SC300 Training Course is designed for individuals who are interested in becoming proficient in managing Identity and Access Management using Microsoft technologies. This training course is especially beneficial for the following professionals:

  • Identity and Access Managers
  • Security Administrators
  • IT Administrators
  • Security Engineers
  • Cloud Administrators
  • Cybersecurity Analysts
  • Compliance Officers

Prerequisites of the Microsoft Identity and Access Administrator SC300 Training Course

There are no formal prerequisites for this Microsoft Identity and Access Administrator SC300 Training Course. However, basic knowledge of Cybersecurity and IT concepts would be beneficial for the delegates.

Microsoft Identity and Access Administrator SC300 Course Overview

The Microsoft Identity and Access Administrator SC300 Training Course is a pivotal course focused on implementing, designing, and managing an organisation's identity and access management systems with Azure AD (Azure Active Directory). In today's digital landscape, the importance of secure authorisation and authentication access to enterprise applications cannot be overstated, making this course highly relevant.

Professionals responsible for identity and access management, including Security Engineers and Administrators, should aim to master this subject. As identity solutions are integral to modernising an organisation's security posture, implementing identity governance, and achieving hybrid identity solutions, this knowledge is crucial for enhancing an organisation's security and career prospects.

The Knowledge Academy's 4-day training is designed to equip delegates with comprehensive knowledge and practical skills for implementing identity management solutions. Topics covered include user authentication management, Azure AD identity protection, App registration, and more. With experienced trainers, this course ensures a complete understanding of identity and access administration, enabling professionals to add valuable skills to their profiles.

Course Objectives

  • To create, configure, and manage identities effectively
  • To implement and manage hybrid identity solutions
  • To secure Azure AD users with Multi-Factor Authentication (MFA)
  • To plan and implement privileged access for enhanced security
  • To integrate and monitor enterprise applications for Single Sign-On (SSO)
  • To implement and manage external identities

Upon completion of this Microsoft Identity and Access Administrator SC300 Course, delegates will be capable of implementing and managing external and hybrid identities, securing Azure AD users with MFA, and effectively integrating enterprise applications for SSO. This knowledge will not only enhance an organisation's identity management but also open doors to valuable career opportunities in the field of security and access administration.

Show moredown

What’s included in this Microsoft Identity and Access Administrator SC300 Training Course?

  • World-Class Training Sessions from Experienced Instructors
  • Microsoft Identity and Access Administrator SC300 Certificate
  • Digital Delegate Pack

accredited by

Our Microsoft training course is accredited by Microsoft

Online Instructor-led (3 days)

Classroom (3 days)

Online Self-paced (24 hours)

Microsoft Information Protection Administrator SC400​ Course Outline

Module 1: Introduction to Information Protection and Data Lifecycle Management in Microsoft Purview

  • Introduction to Information Protection and Data Lifecycle Management
  • Know Your Data
  • Protect Your Data
  • Prevent Data Loss
  • Govern Your Data

Module 2: Classify Data for Protection and Governance

  • Data Classification Overview
  • Classify Data Using Sensitive Information Types
  • Classify Data Using Trainable Classifiers
  • Review Sensitive Information and Label Usage
  • Explore Labelled and Sensitive Content
  • Understand Activities Related to Your Data

Module 3: Create and Manage Sensitive Information Types

  • Introduction
  • Compare Built-In Versus Custom Sensitive Information Types
  • Create and Manage Custom Sensitive Information Types
  • Describe Custom Sensitive Information Types with Exact Data Match
  • Implement Document Fingerprinting
  • Create Keyword Dictionary

Module 4: Understand Microsoft 365 Encryption

  • Introduction to Microsoft 365 Encryption
  • Learn How Microsoft 365 Data Is Encrypted at Rest
  • Understand Service Encryption in Microsoft Purview
  • Explore Customer Key Management Using Customer Key
  • Learn How Data Is Encrypted In-Transit

Module 5: Deploy Microsoft Purview Message Encryption

  • Introduction to Microsoft 365 Encryption
  • Learn How Microsoft 365 Data Is Encrypted at Rest
  • Understand Service Encryption in Microsoft Purview
  • Explore Customer Key Management Using Customer Key
  • Learn How Data Is Encrypted In-Transit

Module 6: Protect Information in Microsoft Purview

  • Information Protection Overview
  • Configure Sensitivity Labels
  • Configure Sensitivity Label Policies
  • Configure Auto-Labelling Policies
  • Manage, Monitor, and Remediate Information Protection

Module 7: Apply and Manage Sensitivity Labels

  • Introduction
  • Apply Sensitivity Labels to Microsoft Teams, Microsoft 365 Groups, and SharePoint Sites
  • Plan On-Premises Labelling
  • Configure On-Premises Labelling for the Unified Labelling Scanner
  • Apply Protections and Restrictions to Email and Files
  • Monitor Label Performance Using Label Analytics

Module 8: Prevent Data Loss in Microsoft Purview

  • Introduction
  • Data Loss Prevention Overview
  • Identify Content to Protect
  • Define Policy Settings for Your DLP Policy
  • Test and Create Your DLP Policy
  • Prepare Endpoint DLP
  • Manage DLP Alerts in the Microsoft Purview Compliance Portal
  • View Data Loss Prevention Reports
  • Implement the Microsoft Purview Extension

Module 9: Configure DLP Policies for Microsoft Defender for Cloud Apps and Power Platform

  • Introduction
  • Configure Data Loss Prevention Policies for Power Platform
  • Integrate Data Loss Prevention in Microsoft Defender for Cloud Apps
  • Configure Policies in Microsoft Defender for Cloud Apps
  • Manage Data Loss Prevention Violations in Microsoft Defender for Cloud Apps

Module 10: Manage Data Loss Prevention Policies and Reports in Microsoft 365

  • Introduction
  • Configure Data Loss Prevention for Policy Precedence
  • Implement Data Loss Prevention Policies in Test Mode
  • Explain Data Loss Prevention Reporting Capabilities
  • Manage Permissions for Data Loss Prevention Reports
  • Manage and Respond to Data Loss Prevention Policy Violations

Module 11: Manage the Data Lifecycle in Microsoft Purview

  • Data Lifecycle Management Overview
  • Configure Retention Policies
  • Configure Retention Labels
  • Configure Manual Retention Label Policies
  • Configure Auto-Apply Retention Label Policies
  • Import Data for Data Lifecycle Management
  • Manage, Monitor, and Remediate Data Lifecycle Management

Module 12: Manage Data Retention in Microsoft 365 Workloads

  • Introduction
  • Explain Retention in Exchange Online
  • Explain Retention in SharePoint Online and OneDrive
  • Explain Retention in Microsoft Teams
  • Explain Retention in Microsoft Yammer
  • Recover Content in Microsoft 365 Workloads
  • Activate Archive Mailboxes in Microsoft Exchange
  • Apply Mailbox Holds in Microsoft Exchange
  • Recover Content in Microsoft Exchange

Module 13: Manage Records in Microsoft Purview

  • Introduction
  • Records Management Overview
  • Import a File Plan
  • Configure Retention Labels
  • Configure Event-Driven Retention
  • Manage, Monitor, and Remediate Records

Module 14: Explore Compliance in Microsoft 365

  • Introduction
  • Plan for Security and Compliance in Microsoft 365
  • Plan Your Beginning Compliance Tasks in Microsoft Purview
  • Manage Your Compliance Requirements with Compliance Manager
  • Examine the Compliance Manager Dashboard
  • Analyse the Microsoft Compliance Score

Module 15: Search for Content in the Microsoft Purview Compliance Portal

  • Introduction
  • Explore Microsoft Purview eDiscovery Solutions
  • Create a Content Search
  • View the Search Results and Statistics
  • Export the Search Results and Search Report
  • Configure Search Permissions Filtering
  • Search for and Delete Email Messages

Module 16: Manage Microsoft Purview eDiscovery (Standard)

  • Introduction
  • Explore Microsoft Purview eDiscovery Solutions
  • Implement Microsoft Purview eDiscovery (Standard)
  • Create eDiscovery Holds
  • Search for Content in a Case
  • Export Content from a Case
  • Close, Reopen, and Delete a Case

Module 17: Manage Microsoft Purview eDiscovery (Premium)

  • Introduction
  • Explore Microsoft Purview eDiscovery (Premium)
  • Implement Microsoft Purview eDiscovery (Premium)
  • Create and Manage an eDiscovery (Premium) Case
  • Manage Custodians and Non-Custodial Data Sources
  • Analyse Case Content

Module 18: Manage Microsoft Purview Audit (Standard)

  • Introduction
  • Explore Microsoft Purview Audit Solutions
  • Implement Microsoft Purview Audit (Standard)
  • Search the Audit Log
  • Export, Configure, and View Audit Log Records
  • Use Audit Log Searching to Investigate Common Support Issues

Module 19: Prepare Microsoft Purview Communication Compliance

  • Introduction to Communication Compliance
  • Plan for Communication Compliance
  • Identify and Resolve Communication Compliance Workflow
  • Introduction to Communication Compliance Policies
  • Knowledge Check
  • Case Study: Configure an Offensive Language Policy
  • Investigate and Remediate Communication Compliance Alerts

Module 20: Manage Insider Risk in Microsoft Purview

  • Insider Risk Management Overview
  • Introduction to Managing Insider Risk Policies
  • Create and Manage Insider Risk Policies
  • Knowledge Check
  • Investigate Insider Risk Alerts
  • Take Action on Insider Risk Alerts Through Cases
  • Manage Insider Risk Management Forensic Evidence
  • Create Insider Risk Management Notice Templates

Module 21: Implement Microsoft Purview Information Barriers

  • Introduction
  • Explore Microsoft Purview Information Barriers
  • Configure Information Barriers in Microsoft Purview
  • Examine Information Barriers in Microsoft Teams
  • Examine Information Barriers in OneDrive
  • Examine Information Barriers in SharePoint

Module 22: Manage Regulatory and Privacy Requirements with Microsoft Priva

  • Introduction
  • Create and Manage Risk Management Policies
  • Investigate and Remediate Risk Management Alerts
  • Create Rights Requests
  • Manage Data Estimate and Retrieval for Rights Requests
  • Review Data from Rights Requests
  • Get Reports from Rights Requests

Module 23: Implement Privileged Access Management

  • Introduction to Privileged Access Management
  • Case Study: Implementing Privileged Access Management
  • Introduction to Customer Lockbox
  • Manage Customer Lockbox Requests

Show moredown

Who should attend this Microsoft Information Protection Administrator SC400 Training Course?

This Microsoft Information Protection Administrator SC400 Course is designed for individuals who want to become proficient in managing and securing sensitive information within an organisation using Microsoft technologies. This training course is beneficial for the following professionals:

  • Information Protection Administrators
  • Data Protection Officers
  • Compliance Officers
  • IT Administrators
  • Network Administrators
  • Cybersecurity Analysts
  • Cloud Administrators

Prerequisites of the Microsoft Information Protection Administrator SC400 Training Course

There are no formal prerequisites for this Microsoft Information Protection Administrator SC400 Training Course. However, basic knowledge of Cybersecurity and IT concepts would be beneficial for the delegates.

Microsoft Information Protection Administrator SC400 Course Overview

The Microsoft Information Protection Administrator SC400 Training is a critical course focused on planning, defining requirements, and implementing information protection in Microsoft 365. In today's data-centric world, the protection of sensitive information against theft and accidental loss is of paramount importance, making this course highly relevant and essential.

Professionals responsible for safeguarding data and ensuring organisational compliance, including Security Engineers and Administrators, should aim to master this subject. As organisations increasingly rely on digital data, understanding information protection and governance in Microsoft 365 is crucial for mitigating risks and meeting compliance requirements.

The 3-day training is designed to enhance delegates' knowledge and skills related to information protection and governance in Microsoft 365. The course covers topics such as Microsoft 365 encryption, message encryption deployment in Office 365, data loss prevention, and sensitivity label configuration. This training equips professionals with the expertise needed to excel in data security and governance roles.

Course Objectives

  • To configure sensitivity labels for data protection
  • To prevent data loss in Microsoft 365
  • To apply and manage sensitivity labels effectively
  • To manage endpoint Data Loss Prevention (DLP) solutions
  • To master sensitivity label management
  • To ensure compliance with organisational information protection policies

Upon completion of this Microsoft Information Protection Administrator SC400 Training, delegates will have the skills and knowledge necessary to protect sensitive data, prevent data loss, and implement robust information protection and governance measures. This expertise will not only enhance their career prospects but also contribute to their organisation's data security and compliance efforts.

Show moredown

What’s included in this Microsoft Information Protection Administrator SC400 Training Course?

  • World-Class Training Sessions from Experienced Instructors
  • Microsoft Information Protection Administrator SC400 Certificate
  • Digital Delegate Pack

accredited by

Our Microsoft training course is accredited by Microsoft

Online Instructor-led (1 days)

Classroom (1 days)

Online Self-paced (8 hours)

Microsoft Security, Compliance, and Identity Fundamentals SC900 Course Outline

Module 1: Security and Compliance Concepts

  • Introduction
  • Describe the Shared Responsibility Model
  • Describe Defense in Depth
  • Describe the Zero Trust Model
  • Describe Encryption and Hashing
  • Describe Governance, Risk, and Compliance (GRC) Concepts

Module 2: Identity Concepts

  • Introduction
  • Define Authentication and Authorisation
  • Define Identity as the Primary Security Perimeter
  • Describe the Role of the Identity Provider
  • Describe the Concept of Directory Services and Active Directory
  • Describe the Concept of Federation

Module 3: The Function and Identity Types of Microsoft Entra ID

  • Introduction
  • Describe Microsoft Entra ID
  • Describe Types of Identities
  • Describe Hybrid Identity
  • Describe External Identities

Module 4: Authentication Capabilities of Microsoft Entra ID

  • Introduction
  • Describe Authentication Methods
  • Describe Multifactor Authentication
  • Describe Self-Service Password Reset
  • Describe Password Protection and Management Capabilities

Module 5: Access Management Capabilities of Microsoft Entra ID

  • Introduction
  • Describe Conditional Access
  • Describe Microsoft Entra Roles and Role-Based Access Control (RBAC)

Module 6: Identity Protection and Governance Capabilities of Microsoft Entra

  • Introduction
  • Describe Microsoft Entra ID Governance
  • Describe Access Reviews
  • Describe Entitlement Management
  • Describe the Capabilities of Privileged Identity Management
  • Describe Microsoft Entra ID Protection
  • Describe Microsoft Entra Permissions Management
  • Describe Microsoft Entra Verified ID

Module 7: Core Infrastructure Security Services in Azure

  • Introduction
  • Describe Azure DDoS Protection
  • Describe Azure Firewall
  • Describe Web Application Firewall
  • Describe Network Segmentation in Azure
  • Describe Azure Network Security Groups
  • Describe Azure Bastion
  • Describe Azure Key Vault

Module 8: Security Management Capabilities of Azure

  • Introduction
  • Describe Microsoft Defender for Cloud
  • Describe How Security Policies and Initiatives Improve Cloud Security Posture
  • Describe Cloud Security Posture Management
  • Describe the Enhanced Security of Microsoft Defender for Cloud
  • Describe DevOps Security Management

Module 9: Security Capabilities of Microsoft Sentinel

  • Introduction
  • Define the Concepts of SIEM and SOAR
  • Describe Threat Detection and Mitigation Capabilities in Microsoft Sentinel
  • Describe Microsoft Security Copilot

Module 10: Threat Protection with Microsoft 365 Defender

  • Introduction
  • Describe Microsoft 365 Defender Services
  • Describe Microsoft Defender for Office 365
  • Describe Microsoft Defender for Endpoint
  • Describe Microsoft Defender for Cloud Apps
  • Describe Microsoft Defender for Identity
  • Describe Microsoft Defender Vulnerability Management
  • Describe Microsoft Defender Threat Intelligence
  • Describe the Microsoft 365 Defender Portal

Module 11: Microsoft’s Service Trust Portal and Privacy Capabilities

  • Introduction
  • Describe the Offerings of the Service Trust Portal
  • Describe Microsoft's Privacy Principles
  • Describe Microsoft Privacy

Module 12: Compliance Management Capabilities in Microsoft Purview

  • Introduction
  • Describe the Microsoft Purview Compliance Portal
  • Describe Compliance Manager
  • Describe Use and Benefits of Compliance Score

Module 13: Information Protection and Data Lifecycle Management in Microsoft Purview

  • Introduction
  • Know Your Data, Protect Your Data, and Govern Your Data
  • Describe the Data Classification Capabilities of the Compliance Portal
  • Describe Sensitivity Labels and Policies
  • Describe Data Loss Prevention
  • Describe Retention Policies and Retention Labels
  • Describe Records Management

Module 14: Insider Risk Capabilities in Microsoft Purview

  • Introduction
  • Describe Insider Risk Management
  • Describe Communication Compliance
  • Describe Information Barriers

Module 15: Discovery and Audit Capabilities of Microsoft Purview

  • Introduction
  • Describe the eDiscovery Solutions in Microsoft Purview
  • Describe the Audit Solutions in Microsoft Purview

Module 16: Resource Governance Capabilities in Azure

  • Introduction
  • Describe Azure Policy
  • Describe the Use of Azure Blueprints
  • Describe the Capabilities in the Microsoft Purview Governance Portal

Show moredown

Who should attend this Microsoft Security, Compliance, and Identity Fundamentals SC900 Training Course?

This Microsoft Security, Compliance, and Identity Fundamentals SC900 Course is designed for individuals who are interested in gaining a foundational knowledge of security, compliance, and identity concepts within the context of Microsoft technologies. This training course is especially beneficial for these professionals:

  • Cloud Architects
  • IT Professionals
  • Security Analysts
  • Incident Responders
  • Security Architects
  • Compliance Officers
  • Entrepreneurs and Small Business Owners

Prerequisites of the Microsoft Security, Compliance, and Identity Fundamentals SC900 Training Course

There are no formal prerequisites for this Microsoft Security, Compliance, and Identity Fundamentals SC900 Course. However, basic knowledge of IT concepts would be beneficial for the delegates.

Microsoft Security, Compliance, and Identity Fundamentals SC 900 Course Overview

The Microsoft Security, Compliance, and Identity Fundamentals SC900 Course introduces individuals to Microsoft's Security, Compliance, and Identity (SCI) solution, a framework that enhances organisational resilience and security by integrating platforms, clouds, and services. In today's ever-evolving digital landscape, the ability to strengthen cloud workload security and streamline security management is of utmost relevance, making this course highly important.

Professionals looking to excel in technical roles, such as Technical Specialists and Security Architects, should aim to master this subject. With the increasing importance of cloud security, authentication capabilities, access management, compliance management, and insider risk capabilities, understanding these topics is essential for enhancing an organisation's security posture and opening doors to reputable job profiles.

The 1-day training is designed to provide delegates with comprehensive knowledge of security, compliance, and identity. The course covers key areas, including authentication capabilities, access management, security capabilities, and compliance management. With highly experienced trainers, this course ensures a deep understanding of Microsoft's Security, Compliance, and Identity (SCI) solution, empowering professionals with valuable skills.

Course Objectives

  • To grasp security and compliance concepts and methodologies
  • To understand the different services and identity types within Azure AD
  • To explore the security capabilities of Azure Sentinel
  • To learn about E-Discovery and audit capabilities in Microsoft 365
  • To understand resource governance capabilities in Azure
  • To become proficient in managing security and compliance with Microsoft's SCI solution

Upon completion of the Microsoft Security, Compliance, and Identity Fundamentals SC900 Course, delegates will possess the knowledge and skills needed to enhance cloud workload security, streamline security management, and contribute to organisational resilience. This expertise will not only enrich their careers, but also enhance their ability to drive effective security practices within their organisations.

Show moredown

What’s included in this Microsoft Security, Compliance, and Identity Fundamentals SC900 Training Course?

  • World-Class Training Sessions from Experienced Instructors
  • Microsoft Security, Compliance, and Identity Fundamentals SC900 Certificate
  • Digital Delegate Pack

accredited by

Our Microsoft training course is accredited by Microsoft

Online Instructor-led (4 days)

Classroom (4 days)

Online Self-paced (32 hours)

Microsoft Cybersecurity Architect SC100 Course Outline

Module 1: Introduction to Zero Trust and Best Practice Frameworks

  • Introduction to Zero Trust
  • Zero Trust Initiatives
  • Zero Trust Technology Pillars Part 1
  • Zero Trust Technology Pillars Part 2

Module 2: Design Solutions that Align with the Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF)

  • Define a Security Strategy
  • Introduction to the Cloud Adoption Framework
  • Cloud Adoption Framework Secure Methodology
  • Introduction to Azure Landing Zones
  • Design Security with Azure Landing Zones
  • Introduction to the Well-Architected Framework
  • Well-Architected Framework Security Pillar

Module 3: Design Solutions that Align with the Microsoft Cybersecurity Reference Architecture (MCRA) and Microsoft Cloud Security Benchmark (MCSB)

  • Introduction to Microsoft Cybersecurity Reference Architecture and Cloud Security Benchmark
  • Design solutions with Best Practices for Capabilities and Controls
  • Design solutions with Best Practices for Attack Protection

Module 4: Design a Resiliency Strategy for Common Cyberthreats Like Ransomware

  • Common Cyberthreats and Attack Patterns
  • Support Business Resiliency
  • Ransomware Protection
  • Configurations for Secure Backup and Restore
  • Security Updates

Module 5: Case study: Design solutions that align with security best practices and priorities

  • Introduction
  • Case Study Description
  • Case Study Answers
  • Conceptual Walkthrough
  • Technical Walkthrough

Module 6: Design Solutions for Regulatory Compliance

  • Introduction to Regulatory Compliance
  • Translate Compliance Requirements into a Security Solution
  • Address Compliance Requirements with Microsoft Purview
  • Address Privacy Requirements with Microsoft Priva
  • Address Security and Compliance Requirements with Azure Policy
  • Evaluate Infrastructure Compliance with Defender for Cloud

Module 7: Design Solutions for Identity and Access Management

  • Introduction to Identity and Access Management
  • Design Cloud, Hybrid and Multicloud Access Strategies
  • Design a Solution for External Identities
  • Design modern Authentication and Authorisation Strategies
  • Align Conditional access and Zero Trust
  • Specify Requirements to Secure Active Directory Domain Services
  • Design a Solution to Manage Secrets, Keys, and Certificates

Module 8: Design Solutions for Securing Privileged Access

  • Introduction to Privileged Access
  • enterprise Access Model
  • Design Identity Governance Solutions
  • Design a Solution to Secure Tenant Administration
  • Design a Solution for Cloud Infrastructure Entitlement Management
  • Design a Solution for Privileged Access Workstations and Bastion Services

Module 9: Design Solutions for Security Operations

  • Introduction to Security Operations (SecOps)
  • Design Security Operations Capabilities in Hybrid and Multicloud Environments
  • Design Centralised Logging and Auditing
  • Design Security Information and Event Management (SIEM) Solutions
  • Design Solutions for Detection and Response
  • Design a Solution for Security Orchestration, Automation, and Response (SOAR)
  • Design Security Workflows
  • Design Threat Detection Coverage

Module 10: Case study: Design Security Operations, Identity and Compliance Capabilities

  • Introduction
  • Case Study Description
  • Case Study Answers
  • Conceptual Walkthrough
  • Technical Walkthrough

Module 11: Design Solutions for Securing Microsoft 365

  • Introduction to Security for Exchange, Sharepoint, OneDrive and Teams
  • Evaluate Security Posture for Collaboration and Productivity Workloads
  • Design a Microsoft 365 Defender Solution
  • Design Configurations and Operational Practices for Microsoft 365

Module 12: Design solutions for Securing Applications

  • Introduction to Application Security
  • Design and Implement Standards to Secure Application Development
  • Evaluate Security Posture of Existing Application Portfolios
  • Evaluate Application Threats with Threat Modeling
  • Design Security Lifecycle Strategy for Applications
  • Secure Access for Workload Identities
  • Design a Solution for API Management and Security
  • Design a Solution for Secure Access to Applications

Module 13: Design Solutions for Securing an Organisation's Data

  • Introduction to Data Security
  • Design a Solution for Data Discovery and Classification Using Microsoft Purview
  • Design a Solution for Data Protection
  • Design Data Security for Azure Workloads
  • Design Security for Azure Storage
  • Design a Security Solution with Microsoft Defender for SQL and Microsoft Defender for Storage

Module 14: Case study: Design Security Solutions for Applications and Data

  • Introduction
  • Case Study Description
  • Case Study Answers
  • Conceptual Walkthrough
  • Technical Walkthrough

Module 15: Specify Requirements for Securing SaaS, PaaS, and IaaS Services

  • Introduction to Security for SaaS, PaaS, and IaaS
  • Specify Security Baselines for SaaS, PaaS, and IaaS Services
  • Specify Security Requirements for Web Workloads
  • Specify Security Requirements for Containers and Container Orchestration

Module 16: Design Solutions for Security Posture Management in Hybrid and Multicloud Environments

  • Introduction to Hybrid and Multicloud Posture Management
  • Evaluate Security Posture by Using Microsoft Cloud Security Benchmark
  • Design Integrated Posture Management and Workload Protection
  • Evaluate Security Posture by Using Microsoft Defender for Cloud
  • Posture Evaluation with Microsoft Defender for Cloud Secure Score
  • Design Cloud Workload Protection with Microsoft Defender for Cloud
  • Integrate Hybrid and Multicloud Environments with Azure Arc
  • Design a Solution for External Attack Surface Management

Module 17: Design Solutions for Securing Server and Client Endpoints

  • Introduction to Endpoint Security
  • Specify Server Security Requirements
  • Specify Requirements for Mobile Devices and Clients
  • Specify Internet of Things (IoT) and Embedded Device Security Requirements
  • Secure Operational Technology (OT) and Industrial Control Systems (ICS) with Microsoft Defender for IoT
  • Specify Security Baselines for Server and Client Endpoints
  • Design a Solution for Secure Remote Access

Module 18: Design Solutions for Network Security

  • Introduction
  • Design Solutions for Network Segmentation
  • Design Solutions for Traffic Filtering with Network Security Groups
  • Design Solutions for Network Posture Management
  • Design Solutions for Network Monitoring

Module 19: Case Study: Design Security Solutions for Infrastructure

  • Introduction
  • Case Study Description
  • Case Study Answers
  • Conceptual Walkthrough
  • Technical Walkthrough

Show moredown

Who should attend this Microsoft Cybersecurity Architect SC100 Training Course?

This Microsoft Cybersecurity Architect SC100 Course is beneficial for those who want to gain an in-depth understanding of Microsoft's Cybersecurity Solutions, especially for Microsoft 365 and Azure services. This course can be beneficial for a wide range of professionals, including: including:

  • Cybersecurity Analysts
  • Network Administrators
  • Systems Administrators
  • Cloud Solutions Architects
  • Compliance Officers
  • Security Consultants
  • DevSecOps Engineers

Prerequisites of the Microsoft Cybersecurity Architect SC100 Training Course

There are no formal prerequisites for attending this Microsoft Cybersecurity Architect SC100 Training Course. However, The SC-100 exam is an advanced, expert-level exam that covers a wide range of cybersecurity topics, so advanced experience and knowledge in identity and access, platform protection, security operations, securing data, and securing applications is recommended.

Microsoft Cybersecurity Architect SC100 Course Overview

The Microsoft Cybersecurity Architect SC100 Course will equip individuals with the skills and knowledge to design and implement security solutions that protect organisations against cyber threats. Its relevance in today's digital age cannot be overstated, as cyber security remains a critical concern for businesses across the globe.

Understanding and proficiency in cybersecurity architecture are crucial for IT professionals safeguarding their organisations' digital assets. This course is particularly beneficial for Cybersecurity Architects, Security Officers, and IT Professionals looking to enhance their skill set in designing and managing secure solutions by industry best practices.

The Knowledge Academy’s intensive 4-day training offers a comprehensive introduction to the principles of cybersecurity architecture within the Microsoft ecosystem. Delegates will gain hands-on experience designing security solutions that leverage Microsoft technologies to enhance organisational security posture. The course aims to empower participants with the knowledge and skills to make informed security decisions that align with business objectives.

Course Objectives:

  • To understand the cybersecurity landscape and the architect’s role in designing secure systems
  • To learn how to design and implement secure infrastructure and applications
  • To master the application of security controls and threat protection
  • To gain proficiency in identity and access management solutions
  • To develop skills in data protection and encryption strategies

After completing this course, delegates will receive a Microsoft Cybersecurity Architect Certification. This certification validates the delegate's expertise in designing and implementing security solutions. This credential is a testament to the holder's ability to play a pivotal role in protecting their organisation against cyber threats, enhancing their employability and career prospects in cybersecurity.

Show moredown

What’s included in this Microsoft Cybersecurity Architect SC100 Training Course?

  • World-Class Training Sessions from Experienced Instructors
  • Microsoft Cybersecurity Architect SC100 Certificate
  • Digital Delegate Pack

accredited by

Our Microsoft training course is accredited by Microsoft

Online Instructor-led (1 days)

Classroom (1 days)

Online Self-paced (8 hours)

Microsoft Security Workshop: Implementing PowerShell Security Best Practices 40555A Training Course Outline

Module 1: PowerShell Fundamentals

  • Overview of Windows PowerShell
  • PowerShell Editions and Versions
  • Running PowerShell

Module 2: PowerShell Operational Security

  • Managing Local Script Execution
  • Managing Remote Execution Capabilities of Windows PowerShell
  • Managing Remote Execution Capabilities of PowerShell Core
  • Language Mode

Module 3: Implementing PowerShell-based Security

  • Windows PowerShell DSC
  • Just Enough Administration (JEA)
  • Windows PowerShell Auditing and Logging

Module 4: Windows PowerShell-based Exploits and their Mitigation

  • Windows PowerShell-Based Attacks
  • Windows PowerShell-Based Security Tools
  • Summary of Windows PowerShell Security-Related Technologies

Lab: Implementing Windows PowerShell Security

  • Implement Windows PowerShell Logging by Using DSC
  • Carry Out a Windows PowerShell-Based Exploit
  • Implement Just Enough Administration

Show moredown

Who should attend this Implementing PowerShell Security Best Practices 40555A Training Course?

The Implementing PowerShell Security Best Practices 40555A Training is designed for IT professionals and security practitioners who work with PowerShell, Microsoft's scripting and automation framework. This course is particularly suitable for the following professionals:

  • Systems Administrators
  • Network Administrators
  • IT Security Professionals
  • PowerShell Scripters
  • DevOps Engineers
  • Windows Server Administrators
  • Cybersecurity Analysts

Prerequisites of the Implementing PowerShell Security Best Practices 40555A Training Course

There are no formal prerequisites for attending this Implementing PowerShell Security Best Practices 40555A Training. However, having prior knowledge and experience of Windows PowerShell commands would be beneficial for the delegates.

Microsoft Security Workshop: Implementing PowerShell Security Best Practices 40555A Training Course Overview

The Implementing PowerShell Security Best Practices 40555A Course focuses on Windows PowerShell, a versatile scripting language and command-line shell integral to the Microsoft ecosystem. Understanding PowerShell's fundamentals, architectural design, and interaction basics is highly relevant in today's IT landscape. This course serves as a fundamental building block for IT professionals and enthusiasts seeking a comprehensive understanding of PowerShell.

Professionals across various IT domains, including Technical Leaders, Dynamics CRM Developers, Data Engineers, and anyone working with Microsoft technologies, should aim to master PowerShell. PowerShell plays a pivotal role in automating tasks, managing systems, and optimising operations. Knowledge of its best practices is crucial for efficiency, security, and career growth.

The 1-day training course by the Knowledge Academy is designed to provide delegates with an overview of Windows PowerShell-based security technologies. During this course, delegates will gain insights into managing remote execution of PowerShell core and learn to control the remote execution capabilities of Windows PowerShell. This training equips professionals with practical skills to enhance their PowerShell proficiency.

Course Objectives:

  • To comprehend the architectural design of Windows PowerShell
  • To master the basics of interacting with PowerShell
  • To understand PowerShell's editions and versions
  • To explore security-related technologies within PowerShell
  • To learn to manage remote execution of PowerShell core
  • To control the remote execution capabilities of Windows PowerShell

Upon completion of the Implementing PowerShell Security Best Practices 40555A Course, delegates will possess a strong foundation in PowerShell fundamentals and best practices. This knowledge will empower them to automate tasks, manage systems more efficiently, and ensure the security of their PowerShell environment. It opens doors to enhanced career prospects and greater proficiency in working with Microsoft technologies.

Show moredown

What's Included in this Implementing PowerShell Security Best Practices 40555A Training Course?

  • World-Class Training Sessions from Experienced Instructors
  • Implementing PowerShell Security Best Practices 40555A Certificate
  • Digital Delegate Pack

accredited by

Our Microsoft training course is accredited by Microsoft

Online Instructor-led (1 days)

Classroom (1 days)

Online Self-paced (8 hours)

Configure and Govern Entitlement with Microsoft Entra ID (SC-5008) Training Course Outline

Module 1: Plan and Implement Entitlement Management

  • Define Access Packages
  • Exercise Create and Manage A Resource Catalogue With Microsoft Entra Entitlement Management
  • Configure Entitlement Management
  • Exercise Add Terms of Use Acceptance Report
  • Exercise Manage the Lifecycle of External Users with Microsoft Entra Identity Governance
  • Configure and Manage Connected Organisations
  • Review Per-User Entitlements

Module 2: Plan, Implement, and Manage Access Review

  • Plan for Access Reviews
  • Create Access Reviews for Groups and Apps
  • Create and Configure Access Review Programs
  • Monitor Access Review Findings
  • Automate Access Review Management Tasks
  • Configure Recurring Access Reviews

Module 3: Monitor and Maintain Microsoft Entra ID

  • Analyse and Investigate Sign-In Logs to Troubleshoot Access Issues
  • Review and Monitor Microsoft Entra Audit Logs
  • Exercise Connect Data from Microsoft Entra ID to Microsoft Sentinel
  • Export Logs to Third-Party Security Information and Event Management System
  • Analyse Microsoft Entra Workbooks and Reporting
  • Monitor Security Posture with Identity Secure Score

Module 4: Plan and Implement Privileged Access

  • Define a Privileged Access Strategy for Administrative Users
  • Configure Privileged Identity Management for Azure Resources
  • Exercise Configure Privileged Identity Management for Microsoft Entra Roles
  • Exercise Assign Microsoft Entra Roles in Privileged Identity Management
  • Exercise Assign Azure Resource Roles in Privileged Identity Management
  • Plan and Configure Privileged Access Groups
  • Analyse Privileged Identity Management Audit History and Reports
  • Create and Manage Emergency Access Accounts

Module 5: Explore the Many Features of Microsoft Entra Permissions Management

  • A Comprehensive Experience for All Cloud Environments
  • Get High Level Insights in the Permissions Management Dashboard
  • Dive Deeper with the Analytics Tab
  • Develop a Better Understanding of Your Environment with Reports
  • Analyse Historical Data with the Audit Tab
  • Act on Your Findings with the Permissions Management Remediation Tab
  • Take a More Proactive Approach to Managing with Continuous Monitoring
  • Manage Access to Microsoft Entra Permissions Management

Show moredown

Who Should Attend this Configure and Govern Entitlement with Microsoft Entra ID (SC-5008) Course?

This Configure and Govern Entitlement with Microsoft Entra ID (SC-5008) Course is designed for anyone who wants to specialise in entitlement management and governance within cloud and hybrid environments. However, this training will be beneficial for:

  • Identity and Access Management (IAM) Specialists
  • IT Security Administrators
  • Compliance Managers
  • Cloud Security Engineers
  • Systems Administrators
  • IT Governance Officers
  • Risk Management Specialists

Prerequisites of the Configure and Govern Entitlement with Microsoft Entra ID (SC-5008) Course

There are no formal prerequisites for attending this Configure and Govern Entitlement with Microsoft Entra ID (SC-5008) Course.

Configure and Govern Entitlement with Microsoft Entra ID (SC-5008) Training Course Overview

Configure and Govern Entitlement with Microsoft Entra ID (SC-5008) is a specialised training course designed to empower IT professionals with the skills to manage and govern entitlements using Microsoft Entra ID. The course highlights the importance of robust entitlement management for enhancing security and compliance across organisational IT environments. For organisations, mastering Microsoft Entra ID offers strategic advantages by ensuring precise control over access and permissions, which minimises security risks and enhances regulatory compliance. For individuals, the training enhances expertise in identity and access management, a critical component in today's IT security landscape. Career-wise, participants will gain skills that elevate their professional capabilities, making them key players in roles such as IT security, compliance management, and systems administration.

In this course, delegates will gain a comprehensive understanding of Microsoft Entra ID, focusing on planning, implementing, and managing entitlements. They will learn how to create and manage access packages, configure entitlement management settings, and utilise advanced features like adaptive scopes and event-based retention. The training will cover practical applications for setting up and managing access reviews, as well as techniques for monitoring and maintaining the security posture through Microsoft Entra ID. This training will be conducted by our highly professional and skilled trainer, who has years of experience in teaching.

Course Objectives

  • To create and manage comprehensive access packages using Microsoft Entra ID
  • To configure entitlement management settings for optimal security and compliance
  • To implement adaptive scopes and manage the lifecycle of external users
  • To conduct access reviews and configure recurring review processes
  • To monitor and analyse sign-in and audit logs for security insights
  • To configure and manage privileged access and emergency accounts effectively

After attending this training, delegates will be able to confidently configure and manage entitlements using Microsoft Entra ID. They will be equipped to establish robust access packages, effectively manage and review access permissions, and monitor compliance with organisational policies. Delegates will also have the skills to analyse security data for insights, respond to compliance alerts, and maintain high standards of data governance.

Show moredown

What’s included in this Configure and Govern Entitlement with Microsoft Entra ID SC5008 Course?

  • World-Class Training Sessions from Experienced Instructors 
  • Configure and Govern Entitlement with Microsoft Entra ID SC5008 Course Certificate
  • Digital Delegate Pack

accredited by

Our Microsoft training course is accredited by Microsoft

Online Instructor-led (1 days)

Classroom (1 days)

Online Self-paced (8 hours)

Enhance Endpoint Security with Microsoft Intune and Microsoft Copilot for Security (MD-4011) Training Course Outline

Module 1: Discover Microsoft Intune Essentials

  • Introduction
  • Explore Core Features of Microsoft Intune
  • Understand Device Management Capabilities
  • Effectively Secure and Manage Applications
  • Integrate Security and Compliance
  • Optimize Deployment Strategies with Intune
  • Unify Management Across Platforms with Microsoft Intune

Module 2: Unlock Insights with Microsoft Copilot for Security

  • Introduction
  • Discover Microsoft Copilot for Security
  • Understand How Microsoft Copilot for Security Works
  • Explore Microsoft Copilot for Security Experiences
  • Deploy Microsoft Copilot for Security for Enhanced Security
  • Utilise Prompts in Microsoft Copilot for Security
  • Incorporate Promptbooks in Microsoft Copilot for Security
  • Explore New Features in Microsoft Copilot for Security

Module 3: Optimise Microsoft Intune for Microsoft Copilot for Security Integration

  • Introduction
  • Understand the Benefits of Microsoft Copilot for Security and Intune
  • Implement Strong Naming Conventions
  • Rename a Device in Microsoft Intune
  • Add Groups in Microsoft Intune to Organise Users and Devices
  • Understand Authentication in Microsoft Copilot for Security
  • Integrate Microsoft Copilot for Security with Microsoft Intune
  • Leverage Prompting Features in Microsoft Copilot for Security
  • Sample Prompts for Microsoft Intune

Show moredown

Who should attend this Enhance Endpoint Security with Microsoft Intune and Microsoft Copilot for Security MD-4011 Training Course?

The Enhance Endpoint Security with Microsoft Intune and Microsoft Copilot for Security MD-4011 Training Course is ideal for individuals looking to strengthen their expertise in endpoint management and security using Microsoft's advanced tools. This training is particularly beneficial for:

  • IT Security Professionals
  • System Administrators
  • Cybersecurity Analysts
  • IT Managers and Directors
  • Security Engineers
  • Network Architects
  • IT Auditors

Prerequisites of the Enhance Endpoint Security with Microsoft Intune and Microsoft Copilot for Security MD-4011 Training Course

There are no formal prerequisites for attending this Enhance Endpoint Security with Microsoft Intune and Microsoft Copilot for Security MD-4011 Training Course.

Enhance Endpoint Security with Microsoft Intune and Microsoft Copilot for Security (MD-4011) Training Course Overview

Endpoint Security with Microsoft Intune and Microsoft Copilot for Security is an advanced approach to managing and securing devices across an organisation using Microsoft's comprehensive tools. The importance of this approach lies in its ability to streamline security protocols and device management, enhancing protection against evolving cybersecurity threats. For organisations, this training provides essential strategies to optimise device management and security operations, reducing vulnerabilities and improving compliance. Individuals gain a robust understanding of both Intune and Copilot for Security, enhancing their skills in deploying, managing, and securing endpoints effectively. For delegates, this course offers valuable career advancement opportunities by developing expertise in high-demand areas of cybersecurity and device management, preparing them for leadership roles in IT security.

In the Enhance Endpoint Security with Microsoft Intune and Microsoft Copilot for Security MD-4011 course, delegates will learn how to effectively utilise Microsoft Intune and Microsoft Copilot for Security to manage and secure endpoints within their organisation. The training covers the essentials of Microsoft Intune, insights on leveraging Microsoft Copilot for Security, and the synergies between these two powerful tools for optimal endpoint management and security.

Course Objectives:

  • To explore core features of Microsoft Intune
  • To understand the operational mechanisms of Microsoft Copilot for Security
  • To integrate Microsoft Copilot for Security with Microsoft Intune
  • To manage device security and compliance effectively
  • To utilise advanced prompting features in Microsoft Copilot for Security
  • To implement best practices for endpoint security enhancements

After attending this training, delegates will be capable of deploying Microsoft Intune and Microsoft Copilot for Security to enhance the security and management of devices across their network. They will understand how to utilise the specific features of both tools to monitor, manage, and secure endpoints, ensuring compliance with organisational policies and security requirements.

Show moredown

What’s included in this Enhance Endpoint Security with Microsoft Intune and Microsoft Copilot for Security MD4011 Training Course?

  • World-Class Training Sessions from Experienced Instructors 
  • Enhance Endpoint Security with Microsoft Intune and Microsoft Copilot for Security MD4011 Training Certificate
  • Digital Delegate Pack

accredited by

Our Microsoft training course is accredited by Microsoft

Online Instructor-led (1 days)

Classroom (1 days)

Online Self-paced (8 hours)

Get started with Microsoft Copilot for Security (SC-5006) Training Course Outline

Module 1: Fundamentals of Generative AI

  • Introduction
  • What is Generative AI?
  • What Are Language Models?
  • Using Language Models
  • What Are Copilots?
  • Microsoft Copilot
  • Considerations for Copilot Prompts
  • Extending and Developing Copilots
  • Exercise - Explore Microsoft Copilot

Module 2: Describe Microsoft Copilot for Security

  • Introduction
  • Get Acquainted with Microsoft Copilot for Security
  • Describe Microsoft Copilot for Security Terminology
  • Describe How Microsoft Copilot for Security Processes Prompt Requests
  • Describe the Elements of an Effective Prompt
  • Describe How to Enable Microsoft Copilot for Security

Module 3: Describe the Core Features of Microsoft Copilot for Security

  • Introduction
  • Describe the Features Available in the Standalone Experience of Microsoft Copilot for Security
  • Describe the Features Available in a Session of the Standalone Experience
  • Describe the Microsoft Plugins Available in Microsoft Copilot for Security
  • Describe the Non-Microsoft Plugins Supported by Microsoft Copilot for Security
  • Describe Custom Promptbooks
  • Describe Knowledge Base Connections

Module 4: Describe the Embedded Experiences of Microsoft Copilot for Security

  • Introduction
  • Describe Microsoft Copilot in Microsoft Defender XDR
  • Microsoft Copilot in Microsoft Purview
  • Microsoft Copilot in Microsoft Entra
  • Microsoft Copilot in Microsoft Intune
  • Microsoft Copilot in Microsoft Defender for Cloud (Preview)

Module 5: Explore Use Cases of Microsoft Copilot for Security

  • Introduction
  • Explore the First Run Experience
  • Explore the Standalone Experience
  • Configure the Microsoft Sentinel Plugin
  • Enable a Custom Plugin
  • Explore File Uploads as a Knowledge Base
  • Create a Custom Promptbook
  • Explore the Capabilities of Copilot in Microsoft Defender XDR
  • Explore the Capabilities of Copilot in Microsoft Purview

Show moredown

Who should attend this Get started with Microsoft Copilot for Security (SC-5006) Training Course?

The Get Started with Microsoft Copilot for Security (SC-5006) Training Course is ideal for individuals aiming to harness the power of generative AI in cybersecurity applications. It is particularly beneficial for:

  • IT Security Professionals
  • System Administrators
  • Cybersecurity Analysts
  • IT Managers and Directors
  • Security Engineers
  • Network Architects
  • IT Auditors

Prerequisites of the Get started with Microsoft Copilot for Security (SC-5006) Training Course

There are no formal prerequisites for attending this Get started with Microsoft Copilot for Security (SC-5006) Training Course.

Get started with Microsoft Copilot for Security (SC-5006) Training Course Overview

Microsoft Copilot for Security is an innovative tool that leverages generative AI to enhance cybersecurity measures across various Microsoft platforms. Its importance lies in its ability to intelligently process and respond to security prompts, thereby augmenting security operations with advanced AI capabilities. For delegates, mastering Microsoft Copilot for Security opens up career advancement opportunities, positioning them as leaders in the cybersecurity field and making them highly valuable assets in an AI-driven corporate world.

In the Get Started with Microsoft Copilot for Security (SC-5006) course, delegates will gain comprehensive insights into the integration of generative AI with cybersecurity practices through Microsoft Copilot for Security. The training covers the basics of generative AI, detailed functionalities of Microsoft Copilot for Security, and its application within various Microsoft security tools, enabling a deeper understanding of AI's role in enhancing security measures.

Course Objective:

  • To understand generative AI and language model basics
  • To explore Microsoft Copilot for Security's functionalities
  • To learn how to customise and extend Copilot capabilities
  • To apply Copilot in Microsoft Defender and other tools
  • To develop effective prompts for optimised security responses
  • To manage and integrate various plugins and extensions

After attending this training, delegates will be equipped to effectively implement and manage Microsoft Copilot for Security across various platforms. They will be proficient in customising the tool to fit their organisation's unique security needs, configuring and utilising plugins, and creating effective prompt strategies.

Show moredown

What’s included in this Get started with Microsoft Copilot for Security SC5006 Training Course?

  • World-Class Training Sessions from Experienced Instructors 
  • Get started with Microsoft Copilot for Security SC5006 Training Course Certificate
  • Digital Delegate Pack

accredited by

Our Microsoft training course is accredited by Microsoft

Online Instructor-led (1 days)

Classroom (1 days)

Online Self-paced (8 hours)

Configure SIEM Security Operations using Microsoft Sentinel (SC-5001) Course Outline

Module 1: Create and Manage Microsoft Sentinel Workspaces

  • Plan for the Microsoft Sentinel workspace
  • Create a Microsoft Sentinel workspace
  • Manage Workspaces Across Tenants using Azure Lighthouse
  • Understand Microsoft Sentinel Permissions and Roles
  • Manage Microsoft Sentinel Settings
  • Configure Logs

Module 2: Connect Microsoft services to Microsoft Sentinel

  • Plan for Microsoft Services Connectors
  • Connect the Microsoft Office 365 Connector
  • Connect the Microsoft Entra Connector
  • Connect the Microsoft Entra ID Protection Connector
  • Connect the Azure Activity Connector

Module 3: Connect Windows Hosts to Microsoft Sentinel

  • Plan for Windows Hosts Security Events Connector
  • Connect Using the Windows Security Events Via AMA Connector
  • Connect Using the Security Events Via Legacy Agent Connector
  • Collect Sysmon Event Logs

Module 4: Threat Detection with Microsoft Sentinel Analytics

  • Exercise - Detect Threats with Microsoft Sentinel Analytics
  • What is Microsoft Sentinel Analytics?
  • Types of Analytics Rules
  • Create an Analytics Rule from Templates
  • Create an Analytics Rule from Wizard
  • Manage Analytics Rules
  • Exercise - Detect Threats with Microsoft Sentinel Analytics

Module 5: Automation in Microsoft Sentinel

  • Understand Automation Options
  • Create Automation Rules

Module 6: Configure SIEM Security Operations using Microsoft Sentinel

  • Exercise - Configure SIEM Operations using Microsoft Sentinel
  • Exercise - Install Microsoft Sentinel Content Hub Solutions and Data Connectors
  • Exercise - Configure a Data Connector Data Collection Rule
  • Exercise - Perform a Simulated Attack to Validate the Analytic and Automation Rules

Show moredown

Who Should Attend this Configure SIEM Security Operations using Microsoft Sentinel (SC-5001)?

This Configure SIEM Security Operations using Microsoft Sentinel (SC-5001) Course is designed for anyone who wants to effectively set up and utilise Microsoft Sentinel for Security Information and Event Management (SIEM). However, this training will be beneficial for:

  • Cybersecurity Analysts
  • Security Operations Centre (SOC) Analysts
  • IT Security Engineers
  • SIEM Administrators
  • Threat Intelligence Analysts
  • Network Security Managers
  • Compliance and Audit Officers

Prerequisites of the Configure SIEM Security Operations using Microsoft Sentinel (SC-5001) Course

There are no formal prerequisites for attending this Configure SIEM Security Operations using Microsoft Sentinel (SC-5001) Course.

Configure SIEM Security Operations using Microsoft Sentinel (SC-5001) Course Overview

Configure SIEM Security Operations using Microsoft Sentinel (SC-5001) is a focused training course that teaches how to set up and manage Security Information and Event Management (SIEM) operations using Microsoft Sentinel. The importance of this course stems from the growing need to safeguard digital infrastructures and data effectively against increasing cybersecurity threats. For organisations, the training enables the setup of a robust SIEM system that enhances threat detection and response capabilities, crucial for maintaining security and compliance. For individuals, it provides deep insights into cloud-based security operations, enhancing skill sets in a critical area of IT security. Career-wise, the course prepares participants for advanced roles in cybersecurity, such as SIEM administrators, security analysts, or security consultants, where expertise in cutting-edge security technologies is highly valued.

In this course, delegates will learn how to effectively configure and manage Microsoft Sentinel as a SIEM system. They will start by setting up Sentinel workspaces, understanding and managing permissions, and configuring data collection across multiple platforms and services. Delegates will also learn to connect and monitor various data sources, including Microsoft services and third-party applications. This training will be conducted by our highly professional and skilled trainer, who has years of experience in teaching.

Course Objectives

  • To deploy Microsoft Sentinel workspaces optimised for organisational needs
  • To integrate and manage data connectors from Microsoft services and third parties
  • To create advanced analytics rules to detect security threats effectively
  • To implement automation for efficient security incident response
  • To configure and manage permissions, roles, and settings within Microsoft Sentinel
  • To practice and refine security configurations with real-world simulations

After attending this training course, delegates will be able to effectively configure and utilise Microsoft Sentinel as a powerful SIEM tool within their organisations. They will be capable of integrating a variety of data sources, designing sophisticated analytics to monitor security threats, and implementing automated workflows to respond to incidents rapidly.

Show moredown

What’s included in this Configure SIEM Security Operations using Microsoft Sentinel SC5001 Course?

  • World-Class Training Sessions from Experienced Instructors 
  • Configure SIEM Security Operations using Microsoft Sentinel SC5001 Course Certificate
  • Digital Delegate Pack

accredited by

Our Microsoft training course is accredited by Microsoft

Online Instructor-led (1 days)

Classroom (1 days)

Online Self-paced (8 hours)

Implement Information Protection and Data Loss Prevention by Using Microsoft Purview (SC-5003) Course Outline

Module 1: Create and Manage Sensitive Information Types

  • Sensitive Information Type Overview
  • Compare Built-In Vs Custom Sensitive Information Types
  • Create and Manage Custom Sensitive Information Types
  • Create and Manage Exact Data Match Sensitive Info Types
  • Implement Document Fingerprinting
  • Create A Keyword Dictionary

Module 2: Create and Configure Sensitivity Labels with Microsoft Purview

  • Sensitivity Label Overview
  • Create and Configure Sensitivity Labels and Label Policies
  • Configure Encryption with Sensitivity Labels
  • Implement Auto-Labeling Policies
  • Use the Data Classification Dashboard to Monitor Sensitivity Labels

Module 3: Prevent Data Loss in Microsoft Purview

  • Data Loss Prevention Overview
  • Identify Content to Protect
  • Identify Sensitive Data with Optical Character Recognition (Preview)
  • Define Policy Settings for Your DLP Policy
  • Test and Create Your DLP Policy
  • Prepare Endpoint DLP
  • Manage DLP Alerts in the Microsoft Purview Compliance Portal
  • View Data Loss Prevention Reports
  • Implement the Microsoft Purview Extension

Module 4: Implement Information Protection and Data Loss Prevention with Microsoft Purview

  • Exercise - Create a Sensitive Info Type
  • Exercise - Create and Publish a Sensitivity Label
  • Exercise - Create and Assign an Auto-Labeling Policy
  • Exercise - Create a Data Loss Prevention (DLP) Policy

Show moredown

Who Should Attend this Implement Information Protection and Data Loss Prevention by Using Microsoft Purview (SC-5003)?

This Implement Information Protection and Data Loss Prevention by Using Microsoft Purview (SC-5003) Course is designed for anyone who wants to enhance their skills in managing enterprise-level information protection and data loss prevention solutions. However, this training will be beneficial for:

  • Data Protection Officers
  • Compliance Managers
  • Cybersecurity Analysts
  • IT Security Managers
  • Risk Management Specialists
  • Information Governance Officers
  • Privacy Consultants

Prerequisites of the Implement Information Protection and Data Loss Prevention by Using Microsoft Purview (SC-5003)

There are no formal prerequisites for attending this Implement Information Protection and Data Loss Prevention by Using Microsoft Purview (SC-5003) Course.

Implement Information Protection and Data Loss Prevention by Using Microsoft Purview (SC-5003) Course Overview

Implement Information Protection and Data Loss Prevention by Using Microsoft Purview (SC-5003) is a focused training course designed to equip IT professionals with the capabilities to set up and manage Microsoft Purview for data protection and loss prevention. This training is essential as it enables organisations to safeguard sensitive information effectively and comply with various regulatory requirements. For organisations, the training provides strategic benefits by enhancing data security frameworks and minimising the risks associated with data breaches. For individuals, it deepens understanding and expertise in one of the most critical areas of IT security, making them indispensable to their current and future roles. The career benefits for participants include advancing their qualifications for high-demand roles in cybersecurity, compliance, and data governance.

In this course, delegates will learn how to effectively use Microsoft Purview to implement robust information protection and data loss prevention strategies within their organisations. The training covers a comprehensive overview of Microsoft Purview, including the creation and management of sensitive information types, configuration of sensitivity labels, and the establishment of data loss prevention policies. This training will be conducted by our highly professional and skilled trainer, who has years of experience in teaching.

Course Objectives

  • To understand the core features and capabilities of Microsoft Purview
  • To create and manage sensitive information types within Microsoft Purview
  • To configure and apply sensitivity labels and label policies across data
  • To implement and manage data loss prevention policies effectively
  • To utilise advanced tools such as document fingerprinting and OCR in data protection
  • To monitor and analyse the effectiveness of implemented security measures

After attending this training, delegates will be equipped to effectively implement and manage Microsoft Purview within their organisations. They will have the skills to ensure that sensitive information is identified, classified, and protected according to best practices and regulatory standards. Delegates will be capable of configuring detailed data loss prevention strategies that are tailored to the specific needs of their organisations, significantly reducing the risk of data breaches.

Show moredown

What’s included in this Implement Information Protection and Data Loss Prevention by Using Microsoft Purview SC5003 Course?

  • World-Class Training Sessions from Experienced Instructors 
  • Implement Information Protection and Data Loss Prevention by Using Microsoft Purview SC5003 Course Certificate
  • Digital Delegate Pack

accredited by

Our Microsoft training course is accredited by Microsoft

Online Instructor-led (1 days)

Classroom (1 days)

Online Self-paced (8 hours)

Implement Retention, eDiscovery, and Communication Compliance in Microsoft Purview (SC-5007) Course Outline

Module 1: Implement and Manage Retention with Microsoft Purview

  • Overview of Retention with Microsoft Purview
  • Create and Configure Retention Policies
  • Create and Configure Adaptive Scopes
  • Create and Publish Retention Labels
  • Apply Retention Labels Across Microsoft 365 Services
  • Configure Event-Based Retention
  • Create and Manage Auto-Apply Retention Labels
  • Declare Records by Using Retention Labels
  • Conduct Disposition Reviews

Module 2: Manage Microsoft Purview eDiscovery (Premium)

  • Explore Microsoft Purview eDiscovery (Premium)
  • Implement Microsoft Purview eDiscovery (Premium)
  • Create and Manage an eDiscovery (Premium) Case
  • Manage Custodians and Non-Custodial Data Sources
  • Collect Content for a Case
  • Review and Manage Case Content
  • Analyze Case Content

Module 3: Prepare Microsoft Purview Communication Compliance

  • Introduction to Communication Compliance
  • Plan for Communication Compliance
  • Identify and Resolve Communication Compliance Workflow
  • Introduction to Communication Compliance Policies
  • Communication Compliance with Copilot For Microsoft 365
  • Knowledge Check
  • Case Study--Configure an Offensive Language Policy
  • Investigate and Remediate Communication Compliance Alerts

Module 4: Implement Retention, eDiscovery, and Communication Compliance in Microsoft Purview

  • Exercise - Create Retention Policies
  • Exercise - Create and Publish Retention Labels
  • Exercise - Conduct an eDiscovery Search
  • Exercise - Create a Communication Compliance Policy

Show moredown

Who Should Attend this Implement Retention, eDiscovery, and Communication Compliance in Microsoft Purview (SC-5007)?

This Implement Retention, eDiscovery, and Communication Compliance in Microsoft Purview (SC-5007) Course is designed for anyone who wants to enhance their expertise in managing data governance frameworks effectively within their organisations. However, this training will be beneficial for:

  • Compliance Officers
  • Data Protection Officers
  • Legal Counsel Executives
  • IT Security Managers
  • Records Managers
  • Risk Management Specialists
  • Corporate Governance Officers

Prerequisites of the Implement Retention, eDiscovery, and Communication Compliance in Microsoft Purview (SC-5007) Course

There are no formal prerequisites for attending this Implement Retention, eDiscovery, and Communication Compliance in Microsoft Purview (SC-5007).

Implement Retention, eDiscovery, and Communication Compliance in Microsoft Purview (SC-5007) Course Overview

Implement Retention, eDiscovery, and Communication Compliance in Microsoft Purview (SC-5007) is a specialised training course tailored for IT professionals. It focuses on using Microsoft Purview to manage data governance effectively within organisations. This essential training equips participants with the tools and knowledge necessary to comply with legal and regulatory frameworks, thus protecting against data breaches and litigation. By mastering these functionalities, organisations can maintain data integrity, ensure compliance, and optimise information lifecycle management. For individuals, the course boosts capabilities in handling sensitive data and complex compliance requirements, enhancing career prospects in data protection, compliance, and information security roles.

In this training course, delegates with a deep dive into Microsoft Purview's capabilities for implementing retention policies, conducting eDiscovery, and enforcing communication compliance. They will learn how to create and manage retention labels and policies, configure and execute eDiscovery searches, and set up communication compliance solutions to monitor and regulate corporate communication. The training includes hands-on exercises that mimic real-world scenarios—such as setting up retention for different types of information. This training will be conducted by our highly professional and skilled trainer, who has years of experience in teaching.

Course Objectives

  • To create and manage comprehensive retention policies within Microsoft Purview
  • To understand and implement eDiscovery procedures for legal compliance
  • To configure and manage communication compliance across Microsoft 365
  • To apply retention labels and policies across diverse data sets
  • To conduct thorough disposition reviews and manage data lifecycle
  • To effectively manage and respond to compliance alerts and investigations

After attending this training, delegates will be equipped to effectively set up, manage, and utilise Microsoft Purview for retention, eDiscovery, and communication compliance. They will be capable of creating and enforcing data retention policies, conducting eDiscovery searches, and handling complex compliance requirements with confidence.

Show moredown

What’s included in this Implement Retention eDiscovery and Communication Compliance in Microsoft Purview SC5007 Course?

  • World-Class Training Sessions from Experienced Instructors 
  • Implement Retention eDiscovery and Communication Compliance in Microsoft Purview SC5007 Course Certificate
  • Digital Delegate Pack

Not sure which course to choose?

Speak to a training expert for advice if you are unsure of what course is right for you. Give us a call on +46 850282424 or Enquire.

Microsoft Security Engineer Training FAQs

A Microsoft Security Engineer is responsible for designing, implementing, and maintaining security solutions within the Microsoft ecosystem to protect against cyber threats and ensure the organisation's data and systems are secure. They work on tasks such as configuring firewalls, monitoring for security breaches, and responding to incidents to safeguard Microsoft-related technologies and data.
Professionals who hold Microsoft Security Engineer Training are more likely to obtain more excellent job prospects, higher pay, and get better job profiles in organisations as compared to their uncertified peers.
Microsoft Security Engineers have various roles and responsibilities, including designing and implementing security solutions for Microsoft technologies, monitoring for threats, analysing vulnerabilities, configuring and maintaining security tools, conducting risk assessments, and responding to security incidents to protect an organisation's Microsoft-based systems and data.
Yes, these Microsoft Courses from The Knowledge Academy is accredited by Microsoft.
To become a Microsoft Security Engineer, one should typically start by gaining a strong foundation in IT and security concepts, followed by obtaining relevant certifications such as the Microsoft Certified: Azure Security Engineer Associate or Microsoft 365 Certified: Security Administrator Associate. Additionally, gaining practical experience in designing, implementing, and managing security solutions within the Microsoft ecosystem is crucial to excel in this role.
After completing these courses, individuals can pursue various job opportunities, including roles such as Security Engineer, Security Analyst, Network Security Engineer, Cloud Security Engineer, or Cybersecurity Consultant. These positions often involve designing, implementing, and managing security solutions within the Microsoft ecosystem to protect data and systems from cyber threats.
If you face any issues while accessing the course, you can reach out to our customer support team who will instantly look into the issue.
The Knowledge Academy is the Leading global training provider for Microsoft Security Engineer Training.
The training fees for Microsoft Security Engineer Training in Sweden starts from SEK32995
Show more down

Why we're the go to training provider for you

icon

Best price in the industry

You won't find better value in the marketplace. If you do find a lower price, we will beat it.

icon

Trusted & Approved

We are accredited by PeopleCert on behalf of AXELOS

icon

Many delivery methods

Flexible delivery methods are available depending on your learning style.

icon

High quality resources

Resources are included for a comprehensive learning experience.

barclays Logo
deloitte Logo
Thames Water Logo

"Really good course and well organised. Trainer was great with a sense of humour - his experience allowed a free flowing course, structured to help you gain as much information & relevant experience whilst helping prepare you for the exam"

Joshua Davies, Thames Water

santander logo
bmw Logo
Google Logo
cross

BIGGEST
Christmas SALE!

red-starWHO WILL BE FUNDING THE COURSE?

+46
close

close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

close

close

Press esc to close

close close

Back to course information

Thank you for your enquiry!

One of our training experts will be in touch shortly to go overy your training requirements.

close close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.