Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
  • Path icon Learning Path
  • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Cloud
  • Security

Threat Detection for Azure

1 Course
1 Lab
2 Hours
Skill IQ

This learning path is actively in production. More content will be added to this page as it publishes and becomes available in the library. The planned content for this path includes the following: - Azure Security Telemetry Fundamentals (video course) - Centralized Logging and Analysis with Microsoft Sentinel (video course) - Automated Incident Response on Azure (video course) - Investigate a Security Incident in Azure (hands-on lab)

Level up your cloud defense skills by mastering Microsoft’s native detection stack, Defender for Cloud, Microsoft Sentinel, and Logic Apps, through fast‑paced, hands‑on courses and a guided lab. By the end of this path you’ll be able to surface threats in real time, prioritize what matters, and kick off automated responses that keep your Azure workloads safe.

Content in this path

Essentials

This section covers the foundational steps required to collect, aggregate, and analyze security telemetry in Azure. Learners will first enable Defender for Cloud to generate native Azure logs and alerts, and then ingest those telemetry streams into Microsoft Sentinel to build detection rules and dashboards. By focusing on core data collection and analysis workflows, learners gain the essential skills needed to detect risks before moving on to automated response.

Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
What You'll Learn
  • 1. You will configure Defender for Cloud to enable and validate Azure-native telemetry collection across subscriptions.
  • 2. You will ingest and analyze logs in Microsoft Sentinel by deploying data connectors, writing simple KQL queries, and building workbooks for security monitoring.
  • 3. You will build and schedule detection rules that surface high-priority threats and feed into incident queues for SOC workflows.
Prerequisites
  • Learners should already be comfortable navigating the Azure portal, understand core Resource Manager constructs (subscriptions, resource groups, and role‑based access control), and have a working grasp of fundamental security practices such as least‑privilege access and centralized logging. Hands‑on familiarity with the Azure CLI or PowerShell will help them move swiftly through the demos.
Related topics
  • Cloud Security
  • Microsoft Azure
  • Threat Detection
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more

Join our learners and upskill
in leading technologies