Microsoft Sentinel Course With Hands On Sims For Beginners
Last updated 2/2026
Created by John Christopher | 480,000+ enrollments
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz, 2 Ch
Level: All Levels | Genre: eLearning | Language: English + subtitle | Duration: 60 Lectures ( 6h 49m ) | Size: 3.82 GB
✓ Learn the concepts and perform hands on activities needed to master Microsoft Sentinel (SOAR and SIEM)
✓ Gain a tremendous amount of knowledge involving Microsoft Sentinel (SOAR and SIEM)
✓ Learn using hands on simulations on how to manage Microsoft Sentinel (SOAR and SIEM)
✓ Learn how to set up your own test lab for practicing the concepts!
Requirements
● Willingness to put in the time and practice the steps shown in the course
Description
We really hope you'll agree, this training is way more than the average course on Udemy!
Have access to the following
• Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer
• Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material
• Instructor led hands on and simulations to practice that can be followed even if you have little to no experience
TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS
Introduction
• Welcome to the course
• Understanding the Microsoft Environment
• Foundations of Active Directory Domains
• Foundations of RAS, DMZ, and Virtualization
• Foundations of the Microsoft Cloud Services
• DONT SKIP: The first thing to know about Microsoft cloud services
• DONT SKIP: Azure AD is now renamed to Entra ID
• Questions for John Christopher
Performing hands on activities
• DONT SKIP: Using Assignments in the course
• Creating a free Microsoft 365 Account
• Getting your free Azure credit
Understanding and setting up a Microsoft Sentinel Workspace
• Overview of Microsoft Sentinel
• Configuring a Microsoft Sentinel workspace
• Managing roles regarding Sentinel
• Managing log types, log retention, and data storage in Sentinel
Working with data connectors and ingestion in Microsoft Sentinel
• Microsoft Sentinel data source identification
• Content hub solutions in Microsoft Sentinel
• Kusto Query Language (KQL) will get covered later in the course
• Microsoft connectors for Azure, including Azure Policy & diagnostics
• Azure Monitor Agent (AMA) and data collection rules
• Using Syslog and Common Event Format (CEF) event collections
• Working with Windows Security events and Windows Event Forwarding (WEF) collections
• How to create custom log tables in the workspace
• Ingesting Azure and Entra ID data
• Monitoring data ingestion
Using analytics rules in Microsoft Sentinel
• Using entities for classification and analysis
• Understanding analytics rules in Microsoft Sentinel
• Working with analytics rules
• Advanced Security Information Model(ASIM) queries with Microsoft Sentinel
• Behavioral analytics in Microsoft Sentinel
Dealing with incidents in Microsoft Sentinel
• Incident investigation and remediation in Microsoft Sentinel
• Concepts of automation rules and Microsoft Sentinel playbooks
• Working with automation rules in Microsoft Sentinel
• Working with playbooks in Microsoft Sentinel
• Concepts of running playbooks against on-premises resources
Understanding hunting with Kusto Query Language (KQL)
• Concepts of Kusto Query Language (KQL)
• Using Microsoft's demo environment for learning KQL
• Using basic KQL syntax
• Filtering based on time ranges with KQL
• Displaying columns, amounts and characters with KQL
• Working with variables and combining output data with KQL
• Looking at threats analytics by using KQL in Defender
• Using Microsoft's Sentinel and Defender repository for hunting queries
Threat hunting with queries and managing workbooks
• Using the MITRE ATT&CK matrix
• Working with threat indicators
• Working with hunts in Microsoft Sentinel
• How to monitor hunting queries
• Using hunting bookmarks
• Restoring archived log data
• Working with search jobs
• Using workbook templates
• Using custom workbooks that include KQL
• Adjusting workbook visualizations
Conclusion
• Cleaning up your lab environment
• Getting a Udemy certificate
• BONUS Where do I go from here?
Who this course is for
■ IT people interested in learning a tremendous amount about Microsoft Sentinel (SOAR and SIEM)
Microsoft Sentinel Course With Hands On Sims For Beginners
