Mastering Microsoft Cloud Cybersecurity

Cloud Security Overview

Security matters. Modern organizations face a wide range of security threats targeting identities, devices, applications, and data. This module introduces the current threat landscape and explains the core security concepts and strategies used to protect cloud-based environments, including Zero Trust and layered defense.

• Threat Landscape
• Common Threats and Attack Types
• The Defender's Dilemma
• Zero Trust Model
• Shared Responsibility Model
• Attack Kill Chain
• Identity and Access Management
• Threat Protection
• Security Management
• Information Protection
• LAB: Cloud Security Overview

Microsoft Entra: Securing Your Cloud Identities

Identities are a primary attack target in cloud environments and must be protected accordingly. This module focuses on securing cloud identities using Microsoft Entra ID by implementing strong authentication, detecting identity-based attacks, and enforcing access policies.

• Single Sign On
• Password-Based Attacks
• Multi-Factor Authentication
• PasswordLess Authentication
• Token Theft
• Entra Authentication Methods
• Identity Protection
• Conditional Access
• Privileged Identity Management
• LAB: Securing Your Identities

Microsoft Defender for Identity

Microsoft Defender for Identity helps protect on-premises Active Directory environments by detecting identity-based threats and suspicious activities. This module explains how Defender for Identity identifies reconnaissance, credential theft, and lateral movement attacks within traditional AD environments.

• Kerberos-Based Attacks
• Microsoft Defender for Identity Features
• Configuring Defender for Identity
• Protecting Your Accounts
• Identify Threats: Reconnaissance and Lateral Movement
• Detect Pass-the-Hash and Pass-the-Ticket Attacks
• LAB: Microsoft Defender for Identity

Microsoft Defender for Office 365

Email and collaboration tools are common attack vectors for phishing, malware, and social engineering. This module covers how Microsoft Defender for Office 365 protects users and collaboration platforms by detecting malicious content and enforcing security policies.

• Protect Against Malware, Spam, Phishing, Spoofing
• Email Authentication: SPF, DKIM and DMARC
• Attack Simulator
• Safe Attachments and Safe Links
• Threat Protection for Collaboration: SharePoint, OneDrive and Teams
• LAB: Microsoft Defender for Office 365

Microsoft Defender for Endpoint

Endpoints are a frequent target for attackers exploiting vulnerabilities and misconfigurations. Microsoft Defender for Endpoint provides visibility into device security posture, detects malicious behavior, and supports investigation and automated response.

• Endpoint Security Overview
• Protect Your Devices
• Onboarding Devices
• Threat and Vulnerability Management
• Endpoint Detection and Response
• Device Investigations
• Automated Investigation and Remediation
• LAB: Microsoft Defender for Endpoint

Microsoft Defender for Cloud Apps

Organizations rely on a growing number of cloud applications, increasing the risk of data exposure and shadow IT. Microsoft Defender for Cloud Apps helps monitor cloud app usage, control access, and protect sensitive data across SaaS applications.

• Cloud Discovery
• App Connectors
• Control Access to Apps with Policies
• Conditional Access App Control
• Protect Sensitive Information
• LAB: Microsoft Defender for Cloud Apps

Detect and Stop attacks with Microsoft Defender XDR

Microsoft Defender XDR correlates signals from multiple security services to provide end-to-end visibility into attacks. This module focuses on investigating incidents, understanding attack timelines, performing threat hunting, and responding to advanced threats across identities, devices, and applications.

• Microsoft Defender XDR
• Protect Your Environment
• Security Recommendations and Secure Score
• Attack Investigation
• Threat Hunting
• LAB: Microsoft Defender XDR

Microsoft Security Copilot

Investigating incidents and analyzing security data can be complex and time-consuming. Microsoft Security Copilot assists security teams by providing AI-driven insights, generating queries, summarizing incidents, and supporting threat hunting and reporting.

• Investigate Incidents with Copilot
• Analyze Suspicious Scripts
• Hunt Like a Pro
• Copilot Plugins
• Prompt Engineering Basics for Security Use Cases

Information Governance and Protection

Protecting sensitive data and meeting compliance requirements are essential responsibilities in modern organizations. This module covers how Microsoft Purview helps classify, protect, and govern data by applying policies that control access, usage, retention, and data loss.

• Microsoft Purview Portal
• Sensitive Information Types
• Trainable Classifiers
• Sensitivity Labels
• Data Loss Prevention
• Communication Compliance
• Insider Risk Management
• Retention Labels and Policies
• LAB: Information Governance and Protection

Microsoft Sentinel

Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. It aggregates and analyzes security data from across your environment to provide centralized threat detection, visibility, proactive hunting, and incident response capabilities.

• Microsoft Sentinel Overview
• Sentinel Pricing and Log Data Retention
• Activate Microsoft Sentinel
• Onboard Security Sources: Data Connectors and Content Hub
• Threat Intelligence
• Watchlists
• User and Entity Behavior Analytics (UEBA)
• LAB: Microsoft Sentinel

Kusto Query Language

The Kusto Query Language (KQL) is used to query and analyze log, telemetry, and security data collected by Azure services. It allows security professionals to explore large datasets, detect patterns, and investigate anomalies using a readable and efficient query syntax optimized for log analytics and threat detection.

• Kusto Query Language
• Writing Basic Log Queries
• Filter Data
• Aggregate Data
• Using Variables
• Joining Multiple Tables in a Single Query
• Functions and Computer Groups
• LAB: Kusto Query Language

Microsoft Sentinel Incident Investigation and Threat Hunting

Microsoft Sentinel collects security data from a wide range of sources, including Microsoft Defender services, Microsoft Entra ID, Azure logs, and third-party security solutions. By correlating and analyzing this data, Sentinel enables security administrators to investigate incidents, perform threat hunting, and reconstruct attack paths to understand the full scope of a security event and respond effectively.

• Sentinel Analytics and Investigation
• Security Orchestration Automation: Automation Rules and Playbooks
• Threat Hunting
• Workbooks and Notebooks
• LAB: Microsoft Sentinel Incident Investigation and Threat Hunting

Securing Access to Azure Resources

Controlling access to Azure resources is a fundamental aspect of securing cloud environments. Azure provides a comprehensive identity and access management model that allows administrators to assign permissions, manage privileged access, and securely handle credentials and secrets used by applications and services.

• Microsoft Entra ID and Azure Identity Model
• Role Based Access Control
• Privileged Identity Management (PIM) for Azure Roles
• Azure Key Vault
• Secrets, Keys and Certificates Lifecycle
• Managed Identities
• LAB: Securing Access to Azure Resources

Microsoft Defender for Cloud

Microsoft Defender for Cloud provides centralized security management and threat protection for Azure, hybrid, and multi-cloud environments. It helps organizations improve their security posture by enforcing policies, identifying misconfigurations, protecting workloads, and detecting and investigating security threats across their cloud resources.

• Microsoft Defender for Cloud Overview
• Defender for Cloud Plans and Pricing
• Security Policies and Initiatives
• Security Recommendations and Secure Score
• Regulatory Compliance
• Workload Protection Features: Just in Time VM Access, File Integrity Monitoring
• Security Alerts, Incidents and Investigation
• LAB: Microsoft Defender for Cloud