Microsoft

Threat Detection and Security Engineering

Microsoft

Threat Detection and Security Engineering

 Microsoft

Instructor: Microsoft

Included with Coursera PlusLearn more

Ask Coursera

Gain insight into a topic and learn the fundamentals.
Advanced level

Recommended experience

9 hours to complete
Flexible schedule
Learn at your own pace
Gain insight into a topic and learn the fundamentals.
Advanced level

Recommended experience

9 hours to complete
Flexible schedule
Learn at your own pace

What you'll learn

  • Design security architecture patterns and recommend tooling to automate continuous monitoring and protect sensitive data.

  • Engineer SIEM detection use cases and MITRE ATT&CK-aligned catalogs to achieve coverage across log sources and AI threats.

  • Orchestrate red and purple team exercises to validate detective and preventive controls against defined success criteria.

  • Develop incident response plans and AI-driven strategies to manage cross-functional crises and optimize SOC timelines.

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

17 assignments¹

AI Graded see disclaimer
Taught in English

See how employees at top companies are mastering in-demand skills

 logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your Security expertise

This course is part of the Microsoft Cybersecurity Architecture Professional Certificate
When you enroll in this course, you'll also be enrolled in this Professional Certificate.
  • Learn new concepts from industry experts
  • Gain a foundational understanding of a subject or tool
  • Develop job-relevant skills with hands-on projects
  • Earn a shareable career certificate from Microsoft

There are 11 modules in this course

The "secure" architecture you designed yesterday may be vulnerable today. Learn to implement continuous monitoring utilizing Microsoft Security Exposure Management to visualize and remediate emerging attack paths before they are exploited.

What's included

1 video2 readings1 assignment1 ungraded lab

Don't wait for a real attacker to test your defenses. Learn to structure and orchestrate simulated endpoint attacks to empirically validate that your Microsoft Defender XDR configurations detect and correlate specific threat behaviors.

What's included

2 readings3 assignments

A SIEM is only as good as its data and its rules. Learn to connect external data sources to Microsoft Sentinel and write Scheduled Analytics Rules using Kusto Query Language (KQL) that turn raw data into actionable incidents.

What's included

1 video2 readings1 assignment1 ungraded lab

Maintain the health of your SOC. Learn to map rules to the MITRE ATT&CK matrix in Sentinel, and how to use Automation Rules to gracefully handle false positives without blinding the organization to real threats.

What's included

1 video2 readings2 assignments1 ungraded lab

Manual incident triage is too slow to stop modern ransomware. Learn to leverage Microsoft Sentinel Playbooks (powered by Azure Logic Apps) to automate enrichment, notification, and containment actions.

What's included

2 readings1 assignment1 ungraded lab

When automation fails, humans must act. Learn to utilize Advanced Hunting in Defender XDR for manual threat response, and how to formalize these actions into a comprehensive Enterprise Incident Response plan.

What's included

1 video2 readings2 assignments1 ungraded lab

Stop reinventing the wheel. Learn to leverage the Microsoft Cybersecurity Reference Architectures (MCRA) to design standardized, secure-by-default patterns for new organizational workloads.

What's included

1 video2 readings1 assignment1 ungraded lab

Security tools must work together seamlessly. Learn how to evaluate and integrate tooling in Defender XDR to ensure Automated Investigation and Response (AIR) capabilities function correctly across the enterprise.

What's included

1 video2 readings1 assignment1 ungraded lab

Data is the ultimate target. Learn to utilize Microsoft Purview to establish default sensitivity labeling, set up Information Barriers, and deploy Data Loss Prevention (DLP) policies to stop exfiltration.

What's included

2 readings2 assignments1 ungraded lab

AI is fundamentally altering both the speed of cyberattacks and the defenders' capabilities. In this module, you will evaluate the impact of AI-driven threats and define enterprise strategies utilizing tools like Microsoft Security Copilot to improve and measure triage, investigation, and incident response metrics within the SOC.

What's included

1 video2 readings2 assignments

Synthesize your knowledge of SIEM rule engineering, automated SOC playbooks, and Purview data protection to design a cohesive Threat Detection Pattern. You will apply risk-informed design principles to document how detection and response capabilities should integrate to reduce the impact of a specific threat scenario.

What's included

3 readings1 assignment

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV. Share it on social media and in your performance review.

Instructor

 Microsoft
374 Courses2,691,214 learners

Offered by

Microsoft

Explore more from Security

Why people choose Coursera for their career

Felipe M.

Learner since 2018
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."

Jennifer J.

Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."

Larry W.

Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."

Chaitanya A.

"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Frequently asked questions

¹ Some assignments in this course are AI-graded. For these assignments, your data will be used in accordance with Coursera's Privacy Notice.