Security threat monitoring is a critical challenge for all organizations. The Configure SIEM Security Operations Using Microsoft Sentinel training (SC-5001) teaches you in one day to deploy and configure Microsoft Sentinel, Microsoft’s cloud-native SIEM. You will set up a workspace, connect data sources, configure analytics rules for threat detection, and automate incident response with automation rules.
Delivered by an MCT-certified trainer at ITTA in Geneva or Lausanne, this SC-5001 training is entirely hands-on with labs on the official Microsoft cloud environment. You will configure Microsoft Sentinel end-to-end, from workspace creation to detection rule validation on simulated attacks. At the end of this intensive day, you will be able to deploy and operate Microsoft Sentinel in your production environment. This training prepares for the Microsoft Applied Skills credential.
Module 1: Create and manage Microsoft Sentinel workspaces
Module 2: Connect Microsoft services to Microsoft Sentinel
Module 3: Connect Windows hosts to Microsoft Sentinel
Module 4: Threat detection with Microsoft Sentinel analytics
Module 5: Automation in Microsoft Sentinel
Module 6: Configure SIEM security operations using Microsoft Sentinel
Microsoft Sentinel is Microsoft’s cloud-native SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) solution. With 480 monthly searches for the keyword microsoft sentinel, this technology is at the heart of cybersecurity strategies for organizations using the Microsoft ecosystem. The SC-5001 training allows you to master in one day the fundamentals of deploying and configuring Microsoft Sentinel for threat monitoring and detection.
At ITTA, a Microsoft Learning Partner based in Geneva and Lausanne, this training is delivered by an MCT certified trainer with hands-on labs on the official Microsoft cloud environment. Unlike the SC-200 training which covers all security operations over four days, the SC-5001 focuses specifically on the operational configuration of Microsoft Sentinel in an intensive day.
The first step in any Microsoft Sentinel deployment is creating and configuring the workspace in Azure Log Analytics. The training teaches you to structure your workspace according to Microsoft best practices, configure log retention settings, and manage permissions and roles.
Data connectors are the mechanism through which Microsoft Sentinel ingests logs from your infrastructure. You will configure connectors for Microsoft services (Microsoft 365, Microsoft Entra ID, Azure Activity) and for third-party sources via Syslog, Common Event Format (CEF), and Windows agents. The goal is to centralize all security events in a single platform to enable threat correlation and detection.
Analytics rules are the detection engine of Microsoft Sentinel. They transform KQL (Kusto Query Language) queries into automated alerts that trigger when suspicious behavior is identified. The training teaches you to create rules from Microsoft-provided templates, customize KQL queries for your specific needs, and manage the rule lifecycle (activation, deactivation, update).
The hands-on labs include attack simulations to validate the proper functioning of detection rules. You will verify that alerts trigger correctly, that incidents are created in Microsoft Sentinel, and that integration with Microsoft Defender XDR works for a unified view of threats.
Automation is an essential component of SOC (Security Operations Center) efficiency. The SC-5001 training teaches you to configure automation rules in Microsoft Sentinel to execute automatic actions in response to alerts: incident assignment, severity changes, triggering Logic Apps playbooks for alert enrichment or team notification.
The connection between Microsoft Sentinel and Microsoft Defender XDR is also covered, enabling you to benefit from a unified incident management platform that correlates alerts from Sentinel (SIEM) and Defender (XDR) in a single portal.
The SC-5001 training prepares for the Microsoft Applied Skills credential, which validates practical skills on a specific scenario. This format differs from traditional certifications: there is no multiple-choice exam, but an assessment based on completing concrete tasks in a cloud environment.
This training is ideal for professionals who want to specialize quickly on Microsoft Sentinel before considering the full SC-200 (Security Operations Analyst) certification. It is also suitable for IT teams deploying Sentinel who need a fast, operational skill upgrade at our centers in Geneva, Lausanne, or across French-speaking Switzerland more broadly.
What are the prerequisites for the SC-5001 training?
Basic knowledge in Microsoft security, Azure, and KQL language is recommended. The SC-900 certification is a plus but is not mandatory.
What is the difference between SC-5001 and SC-200?
SC-5001 focuses on configuring Microsoft Sentinel in one day with an operational and practical focus. SC-200 covers all Microsoft security operations (Sentinel, Defender XDR, Defender for Cloud, KQL) over four days and prepares for an associate-level certification.
Does the training lead to a certification?
The SC-5001 training prepares for the Microsoft Applied Skills credential, which is a practical skills validation different from traditional certifications. There is no multiple-choice exam.
Is the training available as a virtual class?
Yes, in-person in Geneva or Lausanne, or as a virtual class with the same MCT certified trainer and the same Microsoft cloud labs.
Is Microsoft Sentinel the same as Azure Sentinel?
Yes. Azure Sentinel was renamed Microsoft Sentinel. The service remains identical, but the name reflects its integration into the unified Microsoft security platform.
Can you take SC-5001 without cybersecurity experience?
The training requires a foundation in IT security and Azure. If you are a complete beginner, the SC-900 training is a recommended prerequisite to acquire the fundamentals.
Monday to Friday
8:30 AM to 6:00 PM
Tel. 058 307 73 00
ITTA
Route des jeunes 35
1227 Carouge, Suisse
Monday to Friday, from 8:30 am to 06:00 pm.
