Extended detection and response (XDR) is the modern approach to cybersecurity that correlates threat signals across endpoints, identities, emails, and cloud applications. The Defend Against Cyberthreats with Microsoft Defender XDR training (SC-5004) teaches you in one day to operate the Microsoft Defender XDR platform for incident management, threat investigation, and automated response. You will configure detection policies, investigate multi-stage attack chains, and implement remediation actions across the unified security portal.
Delivered by an MCT-certified trainer at ITTA in Geneva or Lausanne, this SC-5004 training is entirely hands-on with labs on the official Microsoft cloud environment. You will work in the Microsoft Defender portal to manage real-world attack scenarios, investigate alerts across Defender for Endpoint, Defender for Identity, and Defender for Office 365, and configure automated investigation and response. This training prepares for the Microsoft Applied Skills credential.
Module 1: Mitigate incidents using Microsoft Defender
Module 2: Deploy the Microsoft Defender for Endpoint environment
Module 3: Configure for alerts and detections in Microsoft Defender for Endpoint
Module 4: Configure and manage automation using Microsoft Defender for Endpoint
Module 5: Perform device investigations in Microsoft Defender for Endpoint
Module 6: Defend against Cyberthreats with Microsoft Defender XDR lab exercises
Modern cyberattacks no longer target a single vector. They combine email phishing techniques, identity compromise, endpoint vulnerability exploitation, and lateral movement in cloud applications. To face this complexity, Swiss organizations need a platform capable of correlating signals from all these sources and providing a unified view of each incident. Microsoft Defender XDR (Extended Detection and Response) addresses precisely this need by integrating data from Defender for Endpoint, Defender for Office 365, Defender for Identity, and Defender for Cloud Apps into a single portal. The SC-5004 training allows you to master this platform in a practical framework, guided by MCT trainers in Geneva or Lausanne.
The Microsoft Defender XDR portal is your command center for security incident management. During the SC-5004 training, you will learn to navigate efficiently through this interface that consolidates the incident queue, alerts, advanced hunting, and threat analysis reports. Each incident in the portal is an automatic correlation of multiple alerts from different Defender services, allowing you to understand the complete attack chain without having to switch between multiple consoles. You will discover how to prioritize incidents by severity, status, and impacted entities, and how to assign investigations to your SOC team members for structured cyber threat management.
One of the major strengths of Microsoft Defender XDR is its ability to automate investigations. When an incident is detected, the platform automatically launches an investigation that analyzes the involved entities (files, processes, user accounts, mailboxes) and determines the necessary remediation actions. You will learn to configure automation levels, from simple notification to complete remediation without human intervention, including manual approval of critical actions. This feature is particularly valuable for security teams in Switzerland managing a high volume of alerts who want to reduce their mean time to respond (MTTR). The Microsoft labs will allow you to simulate incidents and see the automated investigation process in action.
Advanced Hunting transforms your security team from a reactive to a proactive posture. Through the Kusto Query Language (KQL), you can query raw telemetry data collected by all Defender services to search for indicators of compromise, suspicious behaviors, or anomalies that have not yet triggered an alert. The SC-5004 training teaches you the fundamentals of KQL applied to security and guides you through creating effective hunting queries. You will learn to transform your most relevant queries into custom detection rules that automatically generate alerts when conditions are met, thus enriching your detection coverage beyond Microsoft Defender XDR’s built-in rules.
Microsoft Defender XDR integrates a Threat Analytics module that provides detailed reports on active threat campaigns and emerging vulnerabilities. For each threat identified by Microsoft’s security research teams, the report presents a campaign description, associated MITRE ATT&CK techniques, indicators of compromise, and most importantly an assessment of your exposure. You will discover how to use these reports to prioritize your remediation actions and verify that your environment is protected against the latest threats. This integrated intelligence capability is a decisive advantage for organizations based in Geneva or Lausanne that want to maintain their security posture up to date against a constantly evolving threat landscape.
The SC-5004 training prepares for the Microsoft Applied Skills credential, a practical assessment that validates your operational skills in cyber threat detection and response with Microsoft Defender XDR. The assessment takes place in a lab environment where you must demonstrate your ability to manage incidents, conduct investigations, and apply remediation actions. This credential attests to your expertise for your employer or clients. ITTA, a Microsoft Learning Partner in Switzerland, offers this training with official MOC course materials and guidance from experienced MCT trainers.
This training is designed for Security Operations Center (SOC) analysts, security engineers, IT administrators in charge of incident response, and professionals who want to build skills in extended detection and response. Prior knowledge of cybersecurity concepts and familiarity with the Microsoft 365 environment are recommended. ITTA delivers the SC-5004 training in-person in Geneva and Lausanne as well as virtually, to suit your schedule and location in Switzerland.
What is Microsoft Defender XDR?
Microsoft Defender XDR (Extended Detection and Response) is a security platform that automatically correlates alerts from Defender for Endpoint, Defender for Office 365, Defender for Identity, and Defender for Cloud Apps to provide a unified view of security incidents and automate investigations.
What is advanced hunting in Microsoft Defender XDR?
Advanced hunting is a feature that allows proactively searching for threats in raw telemetry data using the Kusto Query Language (KQL). It enables detecting suspicious behaviors before they trigger an automatic alert.
Do you need coding skills to use advanced hunting?
No, coding skills are not required. KQL is an accessible query language that can be learned quickly. The SC-5004 training teaches you the basics of KQL applied to security so you can create your own hunting queries.
What is the difference between Microsoft Defender XDR and Microsoft Sentinel?
Microsoft Defender XDR is an XDR platform that correlates alerts from Microsoft’s Defender products. Microsoft Sentinel is a cloud SIEM that collects and analyzes security data from all sources, including non-Microsoft products. The two solutions are complementary.
Does the SC-5004 training prepare for a certification?
The SC-5004 training prepares for the Microsoft Applied Skills credential, a practical validation of your skills in a lab. It is not a traditional certification but a concrete assessment of your ability to use Microsoft Defender XDR in real-world conditions.
Where does this training take place in Switzerland?
ITTA offers the SC-5004 training in-person in Geneva and Lausanne, as well as virtually. Microsoft cloud labs and MOC materials are included in all formats.
What are the prerequisites for the SC-5004 training?
Basic cybersecurity knowledge and familiarity with the Microsoft 365 environment are recommended. Prior experience with Microsoft security tools or a SOC analyst role is a plus.
Monday to Friday
8:30 AM to 6:00 PM
Tel. 058 307 73 00
ITTA
Route des jeunes 35
1227 Carouge, Suisse
Monday to Friday, from 8:30 am to 06:00 pm.
