Masterclass: SOC Analyst Course

Live Virtual Class – Super Intensive Remote Practical Training!
(9:00am – 4:00pm CET Monday to Friday)
3000 EUR 3500 EUR (net)
Early-bird offer valid till 5th February!

Register now

Masterclass: SOC Analyst Course

This is an international Live Virtual Class where you will be able to share the learning experience with a group of IT pros from around the world without leaving your home or office! The class is taught fully remotely in English by CQURE Cybersecurity Experts. In order to ensure the highest quality and unique learning experience, the course is limited to 10 participants by default, or supported by an assistant instructor if the number of delegates exceeds 10. During this course, you will have the opportunity to go through practical exercises, interact with our world-renowned Expert and receive a lifelong certification after completing the course!

See the schedule of our all Live Virtual Classes

Upcoming Live Virtual Classes

Live Virtual Class Length Start Date Instructor
Pay & enroll 5 days-35h 26.02.2024 Piotr Pawlik
Pay & enroll 5 days-35h 27.05.2024 Piotr Pawlik

Eligible for group discount? Click here

Loads of Knowledge

The course is dedicated for people who want to learn about Microsoft’s cloud environment monitoring tools and framework. At the beginning, you will be introduced to the management of Azure Active Directory, service auditing and logs, roles related to monitoring threats in the cloud, or the implementation of PIM and PAM services.

The next module is to walk you through the secure score functionality and how to improve it with cloud security configuration best practices, Azure Defender for servers and security standards recommendations.

During the course you will be able to configure an environment with EDR enabled, where we will try to attack endpoints and user identity and see how EDR behaves. Then we will go through security operations best practices and make hunting queries.

The implemented EDR solution and other components of the security stack will be linked within the Microsoft SIEM – Sentinel, which will allow monitoring and implementation of responses to threats.

This course is ideal for:

SOC analysts, Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

To attend this training, you should have a good hands-on experience in administering Windows infrastructure and basic around public cloud concept (Office 365, Azure).

Unique exercises:

The exercises are based on O365 and Azure Cloud. This workshop is based on practical knowledge from tons of successful projects, many years of real-world experience and no mercy for misconfigurations or insecure solutions!

Platform and Technical Requirements:

To participate in the course you need a Stable internet connection. For best learning experience we also need you to have a webcam, headphones and a microphone. We will setup a secure Zoom classroom for every day of the course – we will send you a safe link to join the conference by e-mail.


After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible for CPE points!


Remote Delivery

We are Experts in remote delivery. In the past year, we have organized over 200 days of trainings and we have tested many solutions. The experience remains the same as in the case of face-to-face trainings – a personalized, practical training with a lot of interaction between you and the instructor.

Practical Exercises

You will be carrying out practical exercises on O365 and Azure Cloud.

Lifelong Certification

What is wonderful about our certification is that it is lifetime valid with no renewal fees – the technology changes, but fundamentals and attitude remain mostly the same. Our Virtual Certificates, which entitle you to collect CPE Points, are issued via Accredible.


Module 1

Monitoring operations in Azure AD

  1. Azure Active Directory Operations and Logs
  2. Azure AD Roles
  3. Identity Protection – Roles, Review access, alerts, Discovery and Insights
  4. How to deal with Audit Log
  5. Challenging Azure AD settings in Azure and Office from red team perspective
  6. Privileged Identity Management – JITA, Discover and Monitor
  7. Office Management API – Logs around Office 365
  8. Microsoft Azure Policies – getting started, compliance, remediation, assignments, blueprints.
  9. Labs

Module 2

Microsoft 365 Security

  1. Secure Score and Security Center
  2. Best Practices for Improving Your Secure Score
  3. Azure Defender for Servers
  4. Security Benchmark Policy
  5. Labs
  6. STIG & CIS – cloud security baseline

Module 3

Microsoft 365 Defender for Endpoint – EDR

  1. 1. Intro 101 (configuration, device inventory, concept, Report, alerts) and EDR deployment
  2. Security Operations best practices with Microsoft EDR
  3. How to manage Incidents
  4. Kusto language 101 – basic and advanced queries
  5. Advanced Hunting
  6. Partner & APIs
  7. Hacker ways to hide malware and bypass EDR
  8. Attacks examples and remediation labs
  9. EDR Integration with Microsoft Defender for Identity
  10. EDR Integration with Microsoft Defender for Office 365

Module 4

Extended Detection and Response with Sentinel

    1. Sentinel 101 – Azure Sentinel Dashboards, Connectors
    2. Understanding Normalization in Azure Sentinel
    3. Cloud & on-prem architecture
    4. Workbooks deep dive – Visualize your security threats and hunts
    5. Incidents
    6. KQL intro (KQL hands-on lab exercises) and Optimizing Azure Sentinel KQL queries performance
    7. Auditing and monitoring your Azure Sentinel workspace
    8. Sentinel configuration with Microsoft Cloud stack, EDR and MCAS
    9. Fusion ML Detections with Scheduled Analytics Rules
    10. Streamlining your SOC Workflow with Automated Notebooks
    11. Customizing Azure Sentinel with Python
    12. Best Practices for Converting Detection Rules

from Splunk, QRadar, and ArcSight to Azure Sentinel Rules

  • Deep Dive into Azure Sentinel Innovations
  • Investigating Azure Security Center alerts using Azure Sentinel
  • Customizable Anomalies and How to Use Them
  • Introduction to Monitoring GitHub with Azure Sentinel for Security Professionals
  • Hunting in Sentinel
  • Deep Dive on Threat Intelligence
  • End-to-End SOC scenario with Sentinel


Module 5

Microsoft Cloud App Security

  1. Intro do MCAS
  2. Enabling Secure Remote Work
  3. App Discovery and Log Collector Configuration
  4. Extending real-time monitoring & controls to any app
  5. Connecting 3rd party Applications
  6. Automation and integration with Microsoft Flow
  7. Conditional Access App Control
  8. Threat detection
  9. Information Protection
  10. Labs: Protect Your Environment Using MCAS
  11. DLP in Microsoft stack – how to deploy and monitor using MCAS and Sentinel
Register now

Click here to browse the modules:


Mike Jankowski-Lorek, PhD

CQURE Director of Consulting, Cybersecurity Expert, Trainer

Cybersecurity Expert with more than 20 years of experience in the field. Dr. Mike designs and implements solutions for organization identity and access, databases, network, as well as security monitoring and management. He also has a Ph.D. in Computer Science and since 2007, he has been a teacher at the Polish-Japanese Academy of Information Technology in Warsaw. His areas of expertise include Windows Infrastructure Security, cloud solutions, and Database Servers Security.

Piotr Pawlik

Cybersecurity Expert, Trainer, former Microsoft MVP Exchange Server

Piotr Pawlik is former Microsoft Most Valuable Professional in Exchange Server Category, CQURE’s Cybersecurity Expert, System Engineer and Unified Communications Expert with experience in design, implementation, and support for Microsoft solutions. During his work for Orange Business Services, Piotr was responsible for planning and deployment of security solutions for the biggest customers in Poland (insurance, banking, education and government sectors) and many customers located in Europe. Piotr’s main areas of expertise are: Microsoft Private Cloud (Hyper-V virtualization and System Center 2012), Microsoft Public Cloud (Office 365 and Azure), Microsoft Exchange Server 2010/2013, Lync Server 2010/2013, Office Communications Servers and Windows Server family. His additional experience includes disaster recovery, capacity planning, virtualization and business continuity. Excellent problem-solving skills and interpersonal skills.



SOC analysts, Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.


To attend this training, you should have a good hands-on experience in administering Windows infrastructure and basic around public cloud concept (Office 365, Azure).


Course exercises are based on O365 and Azure Cloud.

Our students say…

“All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you never use. You’ll find that all of the material you’ll lrarn in the class will be used, at some point, in your security career.”

Jack Perry

Security Principal Consultant - Presido

“Totally professional, total great stuff, in-depth knowledge and a perfect Learning Atmosphere! I like it! Thanks so much for sharing your experience and knowledge!”

Martin Weber


“I have attended CQURE’s training as someone who is not a security professional, but just an enthusiast, and I feel like I learned a A LOT. The whole training was loaded with information and nice demos of the latest technologies. On top of that — having an opportunity to ask and talk to professionals was priceless.”

Marek Chmel