I’ve been working through the SC-200 recently. I’ve picked out some of the video and interactive walkthrough guides that demonstrate some of the functionality for anyone who is new to the product.

Getting Started


When starting out with Microsoft Threat Protection it’s useful to get an overview of the components and services that create the platform.

Microsoft Defender ATP had the products rebranded, this public document highlights the old and new product names.

Defender Services Overview

Defender Products Interaction

The diagram below shows how Microsoft’s Defender products interact with different areas of the kill chain and help mitigate threats.

Here’s a nice page from Microsoft that includes some short sharp videos to get going for Defender for Endpoint

Short & sweet educational videos on Microsoft Defender for Endpoint – Microsoft Tech Community


It may be useful to set up a lab during the process of learning, Microsoft provides some resources for this

Evaluate Microsoft 365 Defender | Microsoft Docs

Microsoft Defender for Endpoint evaluation lab | Microsoft Docs

Prepare your Microsoft 365 Defender trial lab environment | Microsoft Docs

Threat and vulnerability Management

Explore how to reduce organizational risk with Threat and Vulnerability Management

Practice security administration – Learn | Microsoft Docs

Reduce organizational risk with threat vulnerability management

Understand Threat and Vulnerability Management – Learn | Microsoft Docs

Explore how to investigate and remediate threats with Microsoft Defender for Endpoint

Hunt threats within your network – Learn | Microsoft Docs

M365 Defender

Protect your organization with Microsoft 365 Defender

Understand the evolving threat landscape – Learn | Microsoft Docs

Safeguard your organization with Microsoft Defender for Office 365

Configure, protect, and detect – Learn | Microsoft Docs

Detect suspicious activities and potential attacks with Microsoft Defender for Identity

Introduction to Microsoft Defender for Identity – Learn | Microsoft Docs

Investigate and respond to attacks with Microsoft Defender for Identity

Review compromised accounts or data – Learn | Microsoft Docs

Cloud App Security

Discover, protect and control your apps with Cloud App Security


Detect threats and manage alerts with Cloud App Security


Insider Threats

Minimize internal risks with insider risk management in Microsoft 365

Take action on insider risk alerts through cases – Learn | Microsoft Docs

Kusto Query Language

Logs – Microsoft Azure

Training References

SC-200 part 1: Mitigate threats using Microsoft Defender for Endpoint – Learn | Microsoft Docs
SC-200 part 2: Mitigate threats using Microsoft 365 Defender – Learn | Microsoft Docs
SC-200 part 3: Mitigate threats using Azure Defender – Learn | Microsoft Docs
SC-200 part 4: Create queries for Azure Sentinel using Kusto Query Language (KQL) – Learn | Microsoft Docs
SC-200 part 5: Configure your Azure Sentinel environment – Learn | Microsoft Docs
SC-200 part 6: Connect logs to Azure Sentinel – Learn | Microsoft Docs
SC-200 part 7: Create detections and perform investigations using Azure Sentinel – Learn | Microsoft Docs
SC-200 part 8: Perform threat hunting in Azure Sentinel – Learn | Microsoft Docs

Azure Network Security Ninja Training
Azure Security Center Ninja Training
Azure Sentinel Ninja Training
Microsoft 365 Defender Ninja Training
Microsoft Cloud App Security Ninja Training
Microsoft Defender for Endpoint Ninja Training
Microsoft Defender for Identity Ninja Training
Microsoft Defender for Office 365 Ninja Training
Microsoft Cloud Workshop




Security Community Webinars – Microsoft Tech Community

Microsoft Defender Masterclass

GitHub – JamesGrahamMSFT/DefenderMasterclass1: This is a repository for the Microsoft Defender Masterclass series.
(1) Microsoft Defender Masterclass – YouTube


Mitre Att&ck Framework
Understand security alerts – Learn | Microsoft Docs
Mitre and Att&ck training

Useful Sites

Insider Threat Report – Crowd Research Partners
The “Big Picture” of Insider IT Sabotage Across U.S. Critical Infrastructures (cmu.edu)
Insider Threats in Healthcare (Part 7 of 9: Insider Threats Across Industry Sectors) (cmu.edu)


Join Our Security Community – Microsoft Tech Community


Security Community Webinars


awesome-azure-learning/kustoquerylanguage.md at master · ddneves/awesome-azure-learning · GitHub


Microsoft Defender for Endpoint – Getting Started

KQL Training

Kusto Query Lanuage (KQL) from scratch
On-demand webcast series: “Tracking the adversary

Lots of useful content in one place to get you up and running