Claude Field Guide

The AI training your security team actually needs.

Practical Claude training with real M365 security examples throughout. From prompt fundamentals to security operations, IR documentation, detection engineering, and AI governance. No fluff. Production workflows from page one.

Start Module F1 Jump to Security Track

Overview

Eleven modules across two tracks. The Foundation track teaches Claude fundamentals — models, prompting, context management, and safety. The Security track applies Claude to the work you already do — alert triage, IR documentation, detection engineering, compliance, and AI governance.

Audience profile

SOC analysts who want to integrate Claude into daily operations. IT administrators managing M365 environments who are adopting AI tools. Security managers who need an AI governance framework. Anyone who wants to use Claude effectively with a security-first perspective. No prior Claude or AI experience required.

Course syllabus

Foundation

What everyone needs to know

Five modules covering what Claude is, how to use it effectively, and where it fails. Roughly 90 minutes total.

What Claude Actually Is — Architecture, model tiers, context windows, and knowledge boundaries. What Claude can do, what it cannot, and why that matters for your work.

Claude.ai Walkthrough — Interface tour. Free vs Pro vs Max vs Team vs Enterprise. Projects, Artifacts, memory, web search, Extended Thinking. Complete a real task from start to finish.

Prompt Engineering Fundamentals — System prompts, user prompts, XML tag structure, few-shot examples, chain-of-thought, output formatting. The Anthropic prompting patterns that produce professional output.

Working with Files & Context — Uploading documents, images, code, and log data. Context window management. When Claude loses track and how to recover.

Safety, Limitations & Responsible Use — Hallucination patterns, knowledge boundaries, when NOT to trust Claude. Ethical use, data privacy, and the operational discipline of AI-assisted security work.

Security & IT

Claude for security operations

Six modules applying Claude to alert triage, incident response, detection engineering, compliance, automation, and AI risk management. M365 examples throughout. Roughly 135 minutes total.

Claude for Security Operations — Alert triage assistance, log analysis, KQL generation, parsing Defender and Sentinel output. Practical Claude workflows for daily security operations.

Incident Response with Claude — IR report drafting, timeline reconstruction, evidence analysis, communication templates, and DFIR documentation acceleration. Claude as your IR documentation co-pilot.

Threat Intelligence & Detection Engineering — MITRE ATT&CK mapping, writing detection rules with Claude, analysing IOCs, generating threat briefings. Claude as a detection engineering accelerator.

Compliance & Policy Generation — Policy drafting, compliance gap analysis, risk assessment documentation. NIST, ISO 27001, CMMC alignment with Claude. From framework requirement to deployable policy.

Security Automation with Claude — PowerShell generation, automated report building, integrating Claude outputs into security workflows. Limitations and human-in-the-loop requirements.

AI Security Risks — Prompt injection, data leakage through AI tools, shadow AI, governance frameworks. What your CISO needs to know — and what your security team needs to enforce.

What you leave with

Operational capability, not just knowledge

A Claude Project configured for your security operations

System prompt tuned to your environment, reference documents uploaded, naming conventions set. Every conversation produces output calibrated to your tenant, your tools, and your reporting format.

Prompt templates for every major security workflow

Alert triage, KQL generation, IR report drafting, detection rule documentation, threat briefings, compliance gap analysis. Copy-paste-adapt prompts that produce professional output on the first attempt.

The investigation feedback loop

Generate query → run in Sentinel → analyse results in Claude → generate follow-up. Each cycle: 2-3 minutes. Full investigation: 30-45 minutes instead of 2+ hours. The single highest-value Claude pattern for security work.

AI governance framework for your organisation

Shadow AI detection queries, data classification rules, vendor assessment criteria, acceptable use policy structure, and a CISO briefing template. The complete framework for governing AI tools across your security team.

The verification discipline

Output → Verify → Deploy. The operational discipline that separates professionals from amateurs. Know where Claude hallucinations occur, how to catch them, and when to trust vs verify. This is the habit that makes AI-assisted security work safe.

Study guide

How to approach this course

Time commitment

Plan for roughly 4 hours across all 11 modules. Foundation takes about 90 minutes. Security track takes about 135 minutes. Each module is 15-25 minutes and can be completed independently.

What you need

A Claude account (any tier — even free works for exercises). For security track modules, access to a Microsoft 365 environment or developer tenant is recommended but not required.

Recommended path

Work through the Foundation first (F1-F5). If you already use Claude daily and understand prompting, skip to the Security track (S1-S6). Security professionals should complete both tracks — the Foundation covers safety and limitations that apply to every security use case.

What makes this different

This is not another "prompt engineering 101." Every module uses real security examples — KQL queries, Sentinel alerts, IR reports, compliance frameworks. The Security track covers workflows no other Claude course has: investigation feedback loops, detection rule documentation automation, and AI governance for security teams.

Start the Field Guide

Eleven modules across two tracks. Begin with Module F1 and work through to AI governance.

Begin Module F1 See M365 Security Operations