Microsoft Defender XDR Analyst training is designed for security professionals who want to build deep expertise in detecting, investigating, and responding to threats using the Microsoft Defender XDR ecosystem. This training focuses on leveraging integrated security capabilities across endpoints, identities, email, and cloud applications to provide unified threat visibility and response.

​​

Participants will gain hands-on experience with tools such as Microsoft Defender for Endpoint, Defender for Office 365, Defender for Identity, and Defender for Cloud Apps. The training covers advanced techniques in incident investigation, alert correlation, automated response, and threat hunting using Microsoft 365 Defender and Kusto Query Language (KQL).

 

Participants will explore real-world attack scenarios, including phishing campaigns, ransomware, credential compromise, and insider threats. Emphasis is placed on understanding attack chains, mapping detections to the MITRE ATT&CK framework, and improving detection logic through tuning and automation.