1. Home
  2. Training Library
  3. Microsoft 365
  4. Microsoft 365 Courses
  5. Introduction to Security in Microsoft 365

Microsoft Sentinel


Introduction to Security in Microsoft 365
1m 12s

The course is part of this learning path

Start course

In this course, we take an introductory look at the security tools within Microsoft 365.

Learning Objectives

  • Explain what a Zero Trust Policy is and what value it can have.
  • Explain identity and access management concepts.
  • Explain threat and information protection in Microsoft 365.
  • Understand the different tools and portals available to you in Microsoft 365 security offerings.

Intended Audience

  • Users who are new to Microsoft 365.
  • Users looking to learn about the security offerings Microsoft 365 has to offer.


An understanding of general technical concepts.


Microsoft Sentinel is a security information and event management solution and a security, orchestration, automation, and response solution. It provides security analytics and enables proactive threat response for organizations. Microsoft Sentinel is built upon a repeating four step process: collect, detect, investigate, and respond. It first collects data across an organization's on-premises and cloud-based environments. This data includes users, devices, applications, and infrastructure. Microsoft Sentinel then utilizes this data and provides information on threats. This detection is enhanced with analytics rules organizations can use to fully encompass their security needs. 

This alongside providing notifications of suspicious activity, can also be used to identify false positives and can be refined to your specific environment's needs. Next, Microsoft Sentinel provides multiple ways to investigate the threat with artificial intelligence and threat analytics. Each time a suspicious activity is detected, it breaks them down into incidents which can be organized into severity and threat level. It breaks incidents down further with the investigation graph, by providing a visual representation of the incident. And finally respond. By providing a comprehensive list of incidents and information about them, organizations can choose how to respond to each. Organizations can even respond quickly to common tasks and incidents by implementing orchestration and automation rules. Let's quickly touch upon automation rules to showcase how Microsoft Sentinel can be used to automatically respond to incidents as they occur. 

Microsoft Sentinel utilizes what are known as playbooks to respond to threats. These are a collection of procedures that can be run by Microsoft Sentinel in response to an incident or an alert. These playbooks are based on workflows built in Azure Logic Apps which provides templates and high customizability for each playbook. Organizations can create playbooks that have a defined triggers, conditions, and actions which can be automatically implemented once the set criteria is met. For example, you can create a playbook to automatically detect compromised users and restrict their access within your environment. This is just one example of how Microsoft Sentinel can be used to automatically detect and respond to threats within an organization's environment.


About the Author
Learning Paths

Lee has spent most of his professional career learning as much as he could about PC hardware and software while working as a PC technician with Microsoft. Once covid hit, he moved into a customer training role with the goal to get as many people prepared for remote work as possible using Microsoft 365. Being both Microsoft 365 certified and a self-proclaimed Microsoft Teams expert, Lee continues to expand his knowledge by working through the wide range of Microsoft certifications.