Last Updated 23 Mar 2026Transitioning from 3rd-party SIEMs to Microsoft Sentinel unified with Defender gives you a single, integrated lens across your security estate—reducing complexity, accelerating detection, and shortening response times. In this training you’ll learn how to plan and migrate to the modern unified SOC architecture, connect critical data sources, and use Unified SecOps features in Microsoft Defender portal.
Duration - 12 Hours
Level - Intermediate
Style - Self paced
Course Type - Project Ready
Certification - No
Hands on Labs - Yes
Solution Areas - Security, Modern SecOps with Unified Platform
This content covers Microsoft’s unified SOC approach using Defender and Sentinel, cloud-native SIEM fundamentals, Sentinel’s integration into the Defender portal, high-level tenant design principles, and key Microsoft Sentinel features.
An overview of Microsoft Sentinel covering its modern architecture, data collection methods, built-in content and security resources, multi-cloud and hybrid integrations, data storage and analytics, and DevOps-driven CI/CD automation.
This covers designing a scalable Microsoft Sentinel architecture. It includes managing roles and permissions securely. It explains how to estimate and control costs using the Sentinel Cost Calculator. It focuses on writing and optimizing queries with Kusto Query Language. It also covers creating and managing threat detection rules.
This content covers migrating SIEM and SOAR capabilities to Microsoft Sentinel, including identifying and comparing detection rules, migrating rules and automations from ArcSight, Splunk, and QRadar, mapping terminology and workflows, operationalizing playbooks, applying post-migration best practices, automating threat response, and migrating historical data.
This content explains how to convert dashboards into workbooks. It starts with reviewing existing dashboards in the current SIEM. Next, it outlines preparation steps needed before conversion. It then describes the process of converting dashboards to workbooks. The content also addresses changes required in SOC operations. Overall, it supports updating processes for a Unified SOC.
These capabilities enhance security operations by improving threat detection, investigation, and response through a unified analytics engine. Analytical rules and behavior analytics help identify suspicious user and entity activities more accurately. Integrated threat intelligence provides centralized visibility and context for known and emerging threats. Threat hunting enables proactive exploration of potential risks before they escalate. Microsoft Sentinel Graph (Preview) further supports advanced investigations by revealing relationships and patterns across security data.
This content covers the use of playbooks and automation rules to streamline security operations and improve response times. It explains how incidents are investigated through unified case management and enhanced with Watchlists for better threat tracking. It also highlights the transition of Microsoft Sentinel into the Defender portal and the role of Security Copilot, MCP Server (Preview), and AI-driven SOC capabilities. A demonstration of the unified SIEM and XDR platform showcases end-to-end visibility and response. Finally, it addresses multi-customer and MSSP management capabilities after migration, enabling scalable and centralized security operations.
Take this assessment to validate your skills gathered from the self-paced online learning course completed in this course to mark your completion.
Share your feedback with us regarding your experience!
