Microsoft Security Academy

Welcome to the Microsoft Security Academy, your gateway to comprehensive cybersecurity training and resources.

Table of Contents
Modules	Microsoft Sentinel Microsoft Defender XDR Microsoft Defender for Cloud Microsoft Entra Microsoft Purview Azure Network Security Endpoint Security
Other Pages	Getting Started Security Specializations Security Certifications Partner Programs Secure Future Initiative Security Copilot Technical Journey & Resources Security Copilot Q&A Microsoft Sentinel Resources

February 27th, 2025 Update📰

Recent Update (February 27th): Events, Certifications, Security Copilot, Defender XDR, Entra, and Azure Network Security

There’s been a lot of buzz this week about this research on the TTPs of an alleged NSA-led hack of a top Chinese university. Although some of it merits skepticism (since some of these tools leaked almost 9 years ago), it’s still an interesting read🕵️

A Russian group, known as BadPilot, has been breaching networks in the US, UK, Canada, and Australia, focusing on initial access before handing it off to other hackers for further attacks, according to recent Microsoft research and WIRED

Speaking of Threat Intel… check out our new Threat Intelligence Ingestion Rules in Defender XDR!

Many of my partners live and breathe by ServiceNow, but did you know that we recently launched a new case management service in the Defender portal? If not, read about it here!

Most security vendors pitch Zero Trust and phishing-resistant MFA as the foundations, but are you not sure where to start? Grab a coffee and read through our new Zero Trust Deployment Essentials☕

Product names aren’t the only thing known to change at Microsoft, and certifications are no exception. Read about the retirement of the SC-400 and our new SC-401: Information Security Administrator Certification.

In other news, hackers from China, Iran, and other adversaries are increasingly using AI, including Google’s Gemini, to bolster their cyberattacks, according to recent Google threat intelligence research.

Last month, we published an Expanded Cloud Log Implementation Playbook in coordination with our federal counterparts, and it’s worth a bookmark.

Remember how the U.S. State Department caught Chinese hackers snooping around Microsoft’s email systems? They used the now infamous “Big Yellow Taxi” KQL detections, which you can find here🚕

In response to the Exchange breach and others like it, we’re continuing to improve our defenses. Read more about our recent progress here.

Other News

Log Analytics can be tricky, but our new Simple Mode makes it easier than ever before!

We recently published 3 takeaways from red teaming 100 generative AI products✏️

If you’re looking for an easier way to consume Microsoft Sentinel’s extensive GitHub repository, this is a helpful catalog.

We also recently launched a Zero Trust partner kit which includes pre-packaged and co-branded resources for you to use with customers. Just add your own branding!

The Microsoft Incident Response team recently created a compilation of incident response/TTP guides, best practices, and threat-hunting strategies, known as the Microsoft Incident Response Ninja Hub.

We’re excited to announce Auxiliary Logs, a cost-effective solution for verbose logs. Azure Monitor now offers three plans: Analytics, Basic, and Auxiliary. (Auxiliary Logs = Basic Logs + Archive Tier)

We’re also excited to announce Summary Rules, which aggregate data at ingestion. You can even apply detection rule logic to Summary Rules!

Events🎯

Topic	Date	Register
Microsoft Defender XDR	Licensing & Site Security	FEB 27	Register
Microsoft Defender for Cloud	API Security Posture	MAR 5	Register
Azure Network Security	DDoS Protection & Azure WAF	MAR 6	Register
Microsoft Purview	Microsoft Purview AMA	MAR 12	Register
Microsoft Purview	Inheriting Sensitivity Labels	MAR 18	Register
Microsoft Purview	Purview for ChatGPT Enterprise	MAR 19	Register
Azure Network Security	What’s new in Azure Firewall	MAR 20	Register
Microsoft Sentinel	Transition to Unified SOC Platform	APR 1	Register
Microsoft Defender XDR	Securing AI Applications	APR 2	Register
Microsoft Sentinel	What’s new in Microsoft Sentinel	APR 10	Register
Microsoft Defender for Cloud	Securing Custom Built AI Apps	APR 15	Register
Microsoft Defender XDR	SaaS Security Exposure Reduction	APR 23	Register
Microsoft Defender for Cloud	Microsoft Defender CSPM	APR 30	Register
Microsoft Sentinel	Unified SOC: Advanced Insights	MAY 14	Register
Microsoft Defender for Cloud	XDR Advanced Hunting	MAY 15	Register
Microsoft Defender for Cloud	Unified CSPM	MAY 28	Register
Microsoft Defender for Cloud	Secure Score Revolution	JUN 4	Register

Start Your Journey

Stay Connected🔗

Join our Security Connection Program where you can have influence in helping us shape our products together.

Stay connected with our Security Community, your peers, find guidance and resources, view technical and roadmap related questions, and more.

Want to be a Ninja?

Microsoft Ninja trainings are sets of organized learning modules that guide you through the advanced features and functions of our products.

Microsoft Cybersecurity Reference Architecture (MCRA)🔒

Cybersecurity Reference Architecture