Master M365 Security Operations
Hands-on training for SOC analysts, IT admins, and MSP technicians. Written by a practising CSOC analyst. Every module maps directly to SC-200 exam objectives.
4 modules completely free. No account required.
SC-200 Aligned
28 modules covering every exam domain. January 2026 objectives.
Copy-Paste KQL
Every query tested in production Sentinel workspaces. Ready to deploy.
Real Incident Patterns
Investigation walkthroughs based on actual attack campaigns — not contrived labs.
Written, Not Video
Search it. Bookmark it. Copy the code. Reference it during an investigation.
Free Modules — Start Now
The M365 Security Ecosystem
A deep-dive reference into every component of Microsoft's security stack — what each service does, how they connect, and where your data flows.
2KQL Fundamentals for Security Analysts
The KQL operators, functions, and patterns you'll use in every investigation. Written for security analysts, not data engineers.
3Defender XDR Portal Navigation
Efficient navigation of the unified security portal — incident queues, alert management, and advanced hunting. Know where everything is before your first real alert.
4Entra ID Sign-In Log Analysis
Your first real investigation skill — reading sign-in logs to identify compromised accounts, risky sign-ins, and conditional access failures.
Ready for the full track?
28 modules. Monthly challenges. Downloadable KQL libraries, playbooks, and ARM templates.
Subscribe — £19/month