Microsoft Sentinel Academy

Welcome to the Microsoft Sentinel Academy. Explore Microsoft Sentinel video sessions with demos delivered directly to partners, relevant certifications, and further resources.

Explore our new Microsoft Sentinel Skill-up Training Plan🎉

Stay connected with the Microsoft Sentinel Blog.

Additional Resources

Resources for Microsoft Sentinel


Short on time? Learn the fundamentals of Microsoft Sentinel, why it’s a necessity for your Security Operations (SecOps) and threat protection, its unique value, core capabilities, data ingestion methods, and more with a thorough demo and in just 30 minutes. more »

Join Dave Branscome as he explores the details of Microsoft Sentinel sizing, pricing, and planning. Learn about what influences Microsoft Sentinel's costs, different pricing models, archive and long-term retention options, logs, and a demo of how to estimate and measure spend. more »

The odds are against us. Bad actors and nation-states threaten our secure industries, businesses, and livelihoods. Attacks are growing in complexity, as seen with STORM-0558’s recent hack. If you’re a Microsoft partner or MSSP (Managed Security Service Provider) wanting to protect against threats, learn how to fight back with our comprehensive deep dive into Microsoft Sentinel. In three hours, learn everything you need to harness the full capabilities of Microsoft Sentinel. more »

Storage of logs is easily one of the largest expenses that you will encounter in your SIEM environment. In this session, explore the different options available for Microsoft Sentinel log ingestion, identify when you should use each type, and learn about the Analytics Rules you can use to query log repositories. more »

Attackers frequently try to display their actions as normal activities and in the balance between ordinary user activity and obvious attacker doings – there is a grey area. This grey area may pose imminent threats to your organization but could be overlooked. Learn how UEBA builds comprehensive profiles of the user and entity across time and peer group horizons to best find anomalies and suspicious activity. more »

Defending a multi-cloud, multi-SaaS environment against modern threats can be challenging. You need the ability to "see your environment as your enemy sees it", understand what the threat landscape looks like, and respond quickly -- with a consistent approach every time. These are exactly the challenges we tackle in this session, which deals with External Attack Surface Management (EASM), Microsoft Defender Threat Intelligence (MDTI) and threat hunting with Jupyter Notebooks! more »

Explore various Threat Intelligence features within Microsoft Sentinel and learn about Sentinel’s advanced multi-stage attack detection with Fusion, which is a powerful correlation engine. Lastly, analyze basic incident investigations, including investigations across workspaces for MSSPs scenarios. more »

Discover Microsoft Sentinel features that are critical to MSSPs, such as Repositories, Workbooks, and Content Hub Solutions. Join us as we dive into a thorough demo of the Repositories feature, along with popular Sentinel Workbooks. more »

Learn about Microsoft Sentinel's SOAR capabilities, including Automation Rules and Playbooks. Explore several OOB Playbooks, Community Playbooks, as well as Custom Playbooks, including one utilizing the OpenAI Logic App Connector. more »

Learn how to sell Microsoft Sentinel as a powerful and flexible solution that can help organizations of all sizes improve their security posture and better protect their assets. This session details how Microsoft Sentinel is an excellent choice for organizations looking to enhance their security operations and protect against today's advanced threats. more »

A comprehensive deep dive into Microsoft Sentinel's core capabilities, data ingestion methods, Azure Monitor Agent (AMA), and Sentinel for MSSPs. Within this session, analyze Microsoft Sentinel implementation and learn about ARM templates, Incidents, Workbooks, Data Connectors, Content Hub solutions, Watchlists, and more with a detailed demo. more »