Browse opportunities

Hands-on lab: write three production analytics rules with KQL, then tune them against a noisy data set. Includes a downloadable workspace template.

How to author, test, and tune Sigma detections that survive contact with reality. Covers ATT&CK alignment, false-positive triage, and a CI pipeline for detections-as-code.

A half-day workshop walking through the full CTI lifecycle — direction, collection, processing, analysis, dissemination — with templates for stakeholder PIRs and finished products.

A self-paced module set covering Defender XDR sensor deployment, baseline policies, automated investigation tuning, and integration with Sentinel.

Strengthen security posture using Microsoft Defender for Cloud and Microsoft Sentinel

This learning path deals with securing your Azure resources. After completing the learning path, you’ll be able to determine if your Azure IaaS workloads have any security vulnerabilities, and remediate those potential security vulnerabilities.

Learn to secure, manage, and monitor endpoints using Microsoft Intune, Microsoft Defender for Endpoint, and Microsoft Security Copilot. This path covers device onboarding, policy enforcement, compliance, threat protection, and AI-powered incident response for modern organizations. (MD-4011)

Configure your Microsoft Sentinel environment

Perform threat hunting in Microsoft Sentinel

Mitigate threats using Microsoft Defender for Cloud

Create detections and perform investigations using Microsoft Sentinel

Learn how to deploy Defender for IoT to discover and secure IoT and OT devices.