Get Started

Training Courses

Structured learning paths for SOC analysts, IT administrators, and MSP technicians working in Microsoft 365 environments.

SC-200 Security Operations Training

28 modules across 4 phases, mapped to every SC-200 exam objective. Written content, annotated KQL, investigation walkthroughs, and downloadable assets.

Who it is for: SOC analysts, security engineers, and experienced IT administrators preparing for the SC-200 certification or building operational investigation skills.

Phase 1 — Foundations (Free)

Module 1: The M365 Security Ecosystem — A deep-dive reference into every component of Microsoft's security stack — what each service does, how they connect, and where your data flows.

Module 2: KQL Fundamentals for Security Analysts — The KQL operators, functions, and patterns you'll use in every investigation. Written for security analysts, not data engineers.

Module 3: Defender XDR Portal Navigation — Efficient navigation of the unified security portal — incident queues, alert management, and advanced hunting. Know where everything is before your first real alert.

Module 4: Entra ID Sign-In Log Analysis — Your first real investigation skill — reading sign-in logs to identify compromised accounts, risky sign-ins, and conditional access failures.

Phase 2 — Environment and Configuration (Paid)

Modules 5–12 cover Sentinel workspace design, data connectors, Defender for Endpoint, Defender for Office 365, Cloud Apps, analytics rules, cloud workload protection, and exposure management.

Phase 3 — Investigation and Response (Paid)

Modules 13–22 are complete investigation scenarios: AiTM phishing, BEC, consent phishing, token replay, ransomware, insider threat, on-prem AD, cloud workloads, cross-domain investigation, and IR reporting.

Phase 4 — Threat Hunting and Advanced (Paid)

Modules 23–28 cover threat hunting with KQL, threat intelligence and MITRE ATT&CK, Sentinel automation, workbooks, Security Copilot, and hunt management.

View Pricing

Coming Soon: From Admin to Defender

8–10 modules for IT admins managing M365 who need security skills. Covers identity security, email protection, device management, security alerts, and incident response basics. Feeds directly into the SC-200 track.