Microsoft Azure Security Technologies (AZ-500) – Official Course

Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automated response (SOAR) solution. Designed to help organizations proactively identify, investigate, and respond to security threats, it integrates with other Microsoft and third-party services to offer comprehensive visibility and intelligent analytics. Automation within Sentinel allows security teams to scale their response capabilities, reduce manual work, and improve reaction times against threats.

Benefits of Automating Threat Response in Microsoft Sentinel

Automation enhances the efficiency of security operations centers (SOCs) by streamlining incident response workflows. One of the key benefits includes faster response time to threats, which helps in minimizing potential damage. Automation also reduces the burden on security analysts by managing routine and repetitive tasks. This allows teams to focus on more complex investigations and proactive threat hunting. Additionally, automation ensures consistency in handling incidents, leading to a more reliable security posture across the organization.

Core Components of Automation in Microsoft Sentinel

Automation in Microsoft Sentinel is primarily implemented through playbooks, analytics rules, and alert triggers. Playbooks are collections of pre-defined actions that run in response to alerts or incidents. These actions are built using Azure Logic Apps and can include tasks such as sending notifications, creating tickets, isolating users or devices, and gathering forensic data. Analytics rules help generate incidents based on defined conditions and act as the starting point for playbook execution. Triggers define the specific events or thresholds that initiate automation workflows.

Understanding Microsoft Sentinel Playbooks

A playbook is an automated workflow created using Azure Logic Apps and designed to respond to specific incidents or alerts. It can include actions such as sending emails, blocking IP addresses, or integrating with ticketing systems. Playbooks can be simple or complex, depending on the needs of the organization. For example, a basic playbook might just notify an analyst when an alert is triggered, while a more advanced one could automate the entire incident response process, including remediation.

Creating and Configuring Playbooks

To create a playbook, you start by accessing Microsoft Sentinel and navigating to the Automation section. After selecting the option to create a new playbook, you define the trigger, which is typically an alert or incident generated by Sentinel. You then add actions to the playbook, such as sending a message through Microsoft Teams, blocking a suspicious IP address using a firewall rule, or creating an incident ticket in a service management tool. Each action in the playbook can include conditions and logic flows to control execution paths.

Integration with Azure Logic Apps

Microsoft Sentinel leverages Azure Logic Apps for building and managing automation workflows. Logic Apps provide a visual designer that simplifies the process of configuring automated tasks. Users can drag and drop connectors, define control flows, and manage logic branches. There are hundreds of connectors available, including those for Microsoft 365, Azure, and third-party platforms. This integration enables seamless automation across cloud and on-premises environments.

Incident Triggering and Alert Mapping

Automation in Microsoft Sentinel begins with an alert, which is mapped to incidents using analytics rules. These rules are customizable and allow users to define the criteria that convert an alert into an incident. Once an incident is generated, it can automatically trigger a playbook. Mapping alerts to the right playbook ensures that the appropriate response is executed, tailored to the type and severity of the threat. For instance, a malware alert might trigger a playbook that isolates the affected device and starts an antivirus scan.

Enhancing Security with Custom Analytics Rules

Custom analytics rules are essential for tuning Sentinel’s detection capabilities and ensuring that only relevant alerts are generated. These rules use Kusto Query Language (KQL) to analyze data from various sources. By customizing rules, security teams can reduce false positives and focus on meaningful threats. Additionally, rules can include logic to trigger specific playbooks based on alert conditions, enabling more precise and targeted responses.

Automation Rules vs. Analytics Rules

While both automation and analytics rules contribute to incident management, they serve different purposes. Analytics rules are used to detect threats and generate incidents, while automation rules define when and how to run playbooks after an incident occurs. Automation rules can be prioritized, filtered by incident properties, and configured to execute one or multiple playbooks. Understanding the distinction between these rule types is important for designing effective response workflows.

Monitoring and Managing Automated Workflows

Once playbooks are deployed, it’s important to monitor their execution to ensure proper operation. Microsoft Sentinel provides execution logs that detail the status of each step in the playbook. These logs can help diagnose issues, optimize workflows, and ensure compliance with organizational policies. In addition, performance metrics can be used to evaluate the efficiency of automated responses, such as average response time and incident resolution duration.

Securing Automation Workflows

Security is a critical aspect of automation. Playbooks should follow best practices to prevent unauthorized access and ensure data integrity. This includes using managed identities for authentication, securing sensitive information in Logic Apps, and applying role-based access control to restrict who can create or modify automation workflows. Organizations should regularly audit automation configurations and test workflows to verify expected behavior in response to simulated threats.

Common Use Cases for Automation in Sentinel

There are numerous scenarios where automation provides significant value in Microsoft Sentinel. One example is phishing response, where a playbook can automatically extract indicators from an email, check them against threat intelligence feeds, and block malicious URLs. Another common use case is brute-force attack detection, where failed login attempts trigger a playbook to disable accounts or restrict IP ranges. Automated ticketing, user notification, and incident escalation are also widely implemented use cases.

Challenges and Considerations

Despite its benefits, automation in Sentinel comes with challenges. Designing effective playbooks requires a clear understanding of security operations and incident response procedures. Over-automation can lead to unintended consequences, such as mistakenly blocking legitimate users. Therefore, it’s crucial to implement approval workflows for high-impact actions. Additionally, organizations must ensure that playbooks are regularly updated to align with evolving threat landscapes and compliance requirements.

Advanced Integration and Optimization of Sentinel Automation

Deep Dive into Logic App Workflows

Logic Apps serve as the foundation for creating sophisticated workflows in Sentinel. They allow integration with diverse systems such as threat intelligence platforms, security information databases, and IT service management tools. By leveraging conditional branching, looping, and parallel execution, Logic Apps enable complex decision-making within playbooks. For instance, a playbook can check if an alert matches a known threat actor’s indicators before taking remediation actions. This capability is crucial for reducing false positives and ensuring targeted responses.

Leveraging Threat Intelligence for Automated Decisions

Integrating threat intelligence feeds into Sentinel playbooks allows security teams to validate alerts against known malicious IPs, URLs, or file hashes. This real-time enrichment helps prioritize incidents based on the threat severity. For example, when a suspicious domain is detected, a playbook can query the Microsoft Threat Intelligence API to determine its reputation. If classified as high-risk, the playbook can immediately block the domain across the firewall, notify SOC analysts, and open a high-priority incident.

Connecting Third-Party Tools with Sentinel

Microsoft Sentinel supports connectors to integrate with third-party solutions such as ServiceNow, Jira, Splunk, and PagerDuty. These integrations enhance the flexibility of automated workflows. For example, when an alert is raised, a playbook can automatically create a ticket in Jira and assign it to the relevant analyst. Similarly, integration with PagerDuty allows real-time escalation and on-call notifications. These capabilities streamline collaboration across teams and improve the efficiency of incident management.

Multi-Cloud and Hybrid Environment Automation

Organizations operating in hybrid and multi-cloud environments need unified security monitoring. Sentinel enables automation across Azure, AWS, and on-premises systems through connectors and APIs. For example, a Sentinel playbook can react to an alert in AWS GuardDuty by triggering an AWS Lambda function to quarantine a compromised instance. Similarly, automation can extend to on-premise infrastructure using Azure Arc, which allows seamless management of non-Azure resources.

Utilizing Custom Connectors for Enhanced Flexibility

When native connectors are not available, custom connectors in Logic Apps allow Sentinel to interact with any RESTful API. This is especially useful for bespoke applications or niche services. Creating a custom connector involves defining the API schema and authentication details, after which the Logic App can send and receive data. Custom connectors empower organizations to fully automate their unique incident response requirements.

Case Study: Automating Ransomware Detection and Containment

In a ransomware scenario, automation can drastically reduce response time. A custom analytics rule in Sentinel detects abnormal file encryption behavior using log data from endpoints. This rule triggers a playbook that immediately isolates the infected machine via Microsoft Defender for Endpoint. The playbook then collects forensic data, notifies incident responders, and updates a central threat dashboard. Automating such a high-impact use case ensures rapid containment and reduces the risk of widespread damage.

Role of Machine Learning in Automation

Microsoft Sentinel includes machine learning models to detect anomalies and behavioral patterns. These models enhance automation by identifying sophisticated threats that traditional rules may miss. For example, user behavior analytics (UBA) can detect a user accessing resources in an unusual pattern. A playbook linked to such analytics can prompt multi-factor authentication or temporarily revoke access until verified. Incorporating AI improves the intelligence and adaptability of automated responses.

Optimizing Playbook Performance and Scalability

As playbooks grow in complexity, performance optimization becomes essential. Techniques such as minimizing unnecessary actions, reusing workflows, and implementing modular design improve efficiency. Logic Apps supports nested workflows, enabling the reuse of common tasks like alert enrichment or ticket creation. Monitoring the performance of each playbook action using built-in metrics helps identify bottlenecks and areas for improvement.

Implementing Approval Workflows for Critical Actions

Not all automated actions should occur without human oversight. Sentinel playbooks can include manual approval steps for high-impact responses, such as account suspension or firewall rule changes. These steps generate an approval request via email or a collaboration tool, allowing an analyst to review and approve or reject the action. Implementing such checkpoints ensures control over automation while maintaining operational agility.

Advanced Conditional Logic in Playbooks

Advanced logic can make automation more context-aware. For example, a playbook can route an alert to different response paths based on criteria such as alert severity, affected asset type, or user role. Logic Apps supports switch cases, conditions, and expressions to define these decision trees. This capability enables adaptive responses tailored to the incident context, improving overall incident handling quality.

Managing Automation at Scale

Large enterprises may deploy hundreds of playbooks. Effective governance is crucial to managing them efficiently. Using naming conventions, version control, and documentation helps maintain clarity. Role-based access control ensures that only authorized personnel can edit or execute playbooks. Automation management tools within Sentinel, such as tagging and grouping, further aid in organizing playbooks and tracking their usage.

Compliance and Audit Considerations

Automated workflows must align with compliance requirements. Sentinel’s integration with Azure Monitor and Log Analytics allows detailed logging of each playbook action. These logs support audit trails and help demonstrate compliance during regulatory reviews. Organizations should ensure that playbooks adhere to data handling policies, especially when dealing with personally identifiable information (PII) or sensitive configurations.

Automation in Incident Lifecycle Management

Automation supports all phases of the incident lifecycle, from detection to recovery. During detection, analytics rules and threat intelligence automate alert generation. In the response phase, playbooks execute remediation actions. For recovery, automation can help restore systems from backups, reset credentials, and verify system integrity. Ensuring continuity across this lifecycle enhances security resilience.

Future Trends in Security Automation

The future of Sentinel automation lies in deeper integration with AI and predictive analytics. Emerging capabilities will include proactive threat anticipation based on global threat signals, automated remediation plans based on past incident patterns, and self-healing systems that adapt to threats without human intervention. These advancements will transform the way SOCs operate, making automation a central pillar of cybersecurity defense.

Intelligent Incident Orchestration in Microsoft Sentinel

Incident orchestration in Microsoft Sentinel is the strategic coordination of multiple automated responses to a single security incident. It involves collecting contextual data, executing predefined response actions, and managing stakeholder communications. This process ensures that security teams can efficiently respond to threats with minimal manual effort while maintaining high accuracy and oversight.

Structuring Incidents for Effective Automation

Incidents in Sentinel are automatically generated from analytics rules. These incidents contain correlated alerts, entities, and additional context. Structuring incidents correctly is key to effective automation. Analysts should define a rule logic that filters noise and combines relevant signals into a unified incident. This structure enables playbooks to operate on meaningful data, ensuring that subsequent automated steps are relevant and actionable.

Building Comprehensive Playbooks for Incident Handling

Comprehensive playbooks should include steps for incident enrichment, triage, response, and closure. Enrichment involves pulling additional data such as geo-location, user behavior logs, and historical alerts. Triage steps assess the severity and scope of the threat. Response actions may include isolation of assets, account disabling, and firewall updates. Closure steps ensure proper documentation and post-incident analysis.

Leveraging Entity Behavior for Context-Aware Automation

Entity behavior analysis is vital in incident response. Entities like users, IP addresses, or hosts often exhibit patterns that indicate compromise. Sentinel’s user and entity behavior analytics (UEBA) help detect deviations from baseline behavior. For example, if a user accesses sensitive files at odd hours, it could indicate an insider threat. Playbooks can use this insight to escalate or modify their response actions, making automation context-aware and precise.

Coordinating Multiple Playbooks for Complex Incidents

For large-scale incidents, multiple playbooks may be needed. Sentinel allows chaining and parallel execution of playbooks. One playbook may perform asset isolation, another may handle notification and ticketing, and a third may manage log archiving. Coordinating these workflows ensures a timely and holistic response. Developers can use HTTP triggers and callbacks to synchronize playbook execution.

Integrating Sentinel with Ticketing and Collaboration Platforms

Effective incident orchestration requires integration with tools like ServiceNow, Teams, or Jira. Sentinel’s built-in connectors allow real-time incident creation and updates within these platforms. Automation ensures that tickets are created with full context, assigned to appropriate personnel, and updated as the incident evolves. This reduces mean time to resolution and improves visibility across the organization.

Role of Automation in Incident Escalation and Reporting

Automation supports structured incident escalation based on severity, impact, or SLA. Playbooks can evaluate incident metrics and route them to different response teams. For example, high-severity incidents can be escalated to Tier 3 analysts with notifications sent to executive dashboards. Similarly, playbooks can generate incident summary reports, including timeline, impacted systems, and resolution steps, improving audit readiness.

Designing Incident Closure Playbooks

Closure is a critical phase often overlooked in automation. Closure playbooks ensure that all response steps are completed, logs are archived, affected systems are verified, and tickets are closed. They may also trigger retrospective tasks like root cause analysis or lessons-learned documentation. Automating closure maintains process discipline and supports continuous improvement.

Incorporating Threat Intelligence in Orchestration

Automated orchestration benefits from real-time threat intelligence feeds. Sentinel can enrich incidents with threat indicators, helping classify and prioritize incidents. For example, if an incident involves a file hash matching known ransomware, the response can be fast-tracked. This integration ensures threat-aware incident handling and minimizes impact.

Testing and Validating Automation Workflows

Thorough testing ensures automation reliability. Sentinel offers features for playbook testing using historical incidents or test alerts. Test workflows should simulate real-world scenarios, including both successful and failed paths. This helps identify logic flaws, response gaps, and integration issues. Continuous validation ensures that automation remains effective amid evolving threat landscapes.

Simulating Incidents for Playbook Development

Simulating incidents allows teams to develop and refine playbooks without live threats. Developers can manually trigger alerts or use sample data to generate incidents. Simulation helps test complex orchestration paths, approval workflows, and third-party integrations. It also serves as a training tool for analysts to understand automated response behavior.

Monitoring and Auditing Orchestrated Responses

Auditability is crucial in security operations. Sentinel logs every playbook action in Azure Monitor. These logs include timestamps, action outcomes, and data transformations. Analysts can create dashboards to monitor automation performance, failure rates, and execution timelines. Regular audits ensure compliance and reveal optimization opportunities.

Ensuring Secure and Compliant Automation

Security is essential when orchestrating sensitive operations. Role-based access control restricts who can edit or run playbooks. Secrets and credentials used in automation must be stored in Azure Key Vault. Developers should avoid hardcoding sensitive data and apply least privilege principles. These practices protect automation workflows from misuse and unauthorized changes.

Reducing Alert Fatigue through Intelligent Automation

One of the key benefits of orchestration is reducing alert fatigue. By automatically suppressing low-confidence alerts, enriching others, and only escalating high-severity incidents, automation allows SOC analysts to focus on meaningful threats. Sentinel’s alert grouping and incident rules help implement such intelligent suppression strategies.

Real-World Use Case: Insider Threat Detection and Response

Consider a scenario where an employee accesses confidential files unusually often. Sentinel Analytics detect this anomaly using UEBA. The resulting incident triggers a playbook that checks the user’s recent access history, cross-references threat intel for the user’s IP, and queries HR databases for recent grievances. Based on findings, the user is temporarily blocked, HR is notified, and an investigation is launched. This orchestration enables rapid and accurate insider threat mitigation.

Automation Strategy for Threat Containment

Automated containment strategies include endpoint isolation, credential revocation, and data access blocking. Playbooks should define containment logic based on asset criticality and incident type. For instance, a database server may require read-only mode instead of full isolation. Developing asset-specific playbooks improves containment precision without disrupting operations.

Optimizing Response Time through Automation

Time is critical in incident response. Automation eliminates delays from manual handovers. Sentinel playbooks initiate within seconds of alert generation. Optimization techniques such as parallel task execution, conditional logic minimization, and precompiled scripts reduce execution time. Rapid response minimizes attacker dwell time and reduces business impact.

Incident Response Metrics for Automation Evaluation

Metrics help evaluate automation performance. Key metrics include mean time to detect (MTTD), mean time to respond (MTTR), and incident closure rates. Sentinel dashboards can visualize these KPIs, helping SOC managers assess automation effectiveness. Trends in these metrics guide process refinement and justify automation investments.

Continuous Improvement and Adaptive Automation in Microsoft Sentinel

Embracing a Culture of Continuous Improvement

Continuous improvement in security automation is essential for adapting to evolving threats. Organizations should establish feedback loops where incident response outcomes inform updates to analytics rules, playbooks, and escalation policies. Post-incident reviews serve as a foundation for this improvement cycle, offering insights into what worked well and what needs refinement.

Post-Incident Reviews and Lessons Learned

A structured post-incident review identifies the root cause, evaluates the response timeline, and measures the effectiveness of automation. These reviews typically involve security analysts, system owners, and incident response managers. Findings are documented and translated into actionable changes, such as refining detection rules, updating response workflows, or revising user training protocols.

Automation Maturity Models in Sentinel

Organizations can assess their automation maturity using models that classify capabilities into stages, from basic alerting to fully autonomous response. These stages include manual response, rule-based automation, integrated workflows, and AI-driven decisions. Evaluating maturity helps set strategic goals, allocate resources, and benchmark against industry peers.

Threat Simulation for Automation Readiness

Threat simulation is a proactive way to evaluate the readiness of automated response workflows. Using tools like Microsoft Defender for Endpoint Attack Simulator, teams can execute controlled attacks such as phishing, malware delivery, and lateral movement. Sentinel’s response to these simulated incidents is observed and scored to validate automation logic.

Integrating Threat Simulation Platforms

Threat simulation platforms offer diverse scenarios for testing Sentinel automation. These platforms may integrate directly with Azure or use APIs to inject telemetry. They support red-teaming exercises and blue-teaming defense validations. Integration with Sentinel enables real-time evaluation of detection, enrichment, and response mechanisms.

Adaptive Analytics and Behavior-Based Rules

Adaptive automation in Sentinel uses behavior-based analytics rather than static thresholds. Machine learning models monitor baselines and identify deviations. For example, a user logging in from two different geographic locations within a short time triggers an anomaly alert. These adaptive rules reduce false positives and improve detection of sophisticated threats.

Automating the Tuning of Detection Rules

Over time, threat environments evolve, and so must detection logic. Sentinel supports automated tuning of rules through feedback mechanisms. Analysts can tag alerts as true or false positives, and this data trains machine learning models to adjust thresholds or rule parameters automatically. This dynamic adjustment enhances rule accuracy and reduces alert noise.

Using Machine Learning Models in Sentinel

Sentinel integrates with Azure Machine Learning to apply custom models for threat detection. These models analyze large volumes of logs, detect hidden patterns, and correlate subtle signals across sources. For example, a model might detect credential stuffing based on login velocity, IP reputation, and device fingerprinting. Incorporating ML elevates automation to predictive levels.

Threat Hunting to Inform Automation Gaps

Threat hunting identifies areas where automation may be lacking. Analysts manually search for threats using Kusto Query Language (KQL) in Sentinel. Findings from threat hunts inform updates to analytics rules and playbooks. For instance, a discovered PowerShell-based attack chain may lead to new detection logic and an automated isolation workflow.

Creating Automation Pipelines for Rule Updates

Automation pipelines streamline the deployment of updated detection rules and playbooks. These pipelines use infrastructure-as-code principles, storing logic in source control and deploying via CI/CD tools. Sentinel supports template-based deployments using Azure Resource Manager (ARM) templates or Bicep. This ensures consistent, auditable, and rapid updates.

Leveraging GitHub and DevOps Practices

Using GitHub repositories for playbook and rule management enables collaboration, version control, and rollback. Pull requests and automated testing validate changes before deployment. Integration with Azure DevOps allows scheduled deployments and automated quality checks. These DevOps practices enhance agility and reliability in security operations.

Metrics-Driven Automation Enhancements

Metric analysis guides where to improve automation. Trends in incident closure time, false positive rates, and analyst workload highlight bottlenecks and inefficiencies. Sentinel dashboards provide visualizations, while Power BI can generate executive reports. Data-driven decisions prioritize automation efforts that yield the greatest operational impact.

Implementing Feedback Mechanisms in Sentinel

Feedback from users, incidents, and threat intelligence is essential for automation evolution. Sentinel allows tagging of alerts and incidents, with notes for analyst commentary. This contextual input informs future rule updates and response logic. Structured feedback mechanisms promote engagement and continual learning.

Using Logic Apps for Continuous Integration

Logic Apps, the foundation of Sentinel playbooks, support dynamic updates and parameterized templates. Teams can build modular playbooks and reuse components like logging, ticketing, and alert suppression. Integration with Azure DevOps enables automatic updates based on feedback or simulation outcomes, ensuring that automation evolves without downtime.

Scaling Automation Across the Organization

Automation should not remain isolated within a small security team. Sentinel’s multi-tenant capabilities support centralized security operations for multiple departments or subsidiaries. Role-based access and custom workspaces allow localized automation while maintaining governance. Scaling requires standardization, training, and communication across teams.

Building an Automation Knowledge Base

Documentation is critical to sustainable automation. Organizations should maintain a knowledge base of detection rules, playbooks, test cases, and lessons learned. This repository enables onboarding of new analysts, facilitates audits, and preserves institutional knowledge. It also supports compliance by mapping automation workflows to regulatory requirements.

Handling Edge Cases in Automation

Not all scenarios can be fully automated. Edge cases with ambiguous signals, unusual data formats, or conflicting indicators may require manual intervention. Playbooks should detect these conditions and pause for human approval or route to senior analysts. Incorporating fail-safes and approval gates prevents missteps in complex environments.

Disaster Recovery and Automation Resilience

Automation systems must be resilient to outages or failures. Sentinel supports backup and export of playbooks, analytics rules, and configurations. Azure Site Recovery and region redundancy ensure availability. Playbooks should include retry logic, error handling, and status reporting to withstand transient issues and ensure continuity.

Ethics and Accountability in Automated Decisions

Automated security decisions carry ethical implications. Actions like user lockouts, data quarantine, or service disruptions must be justified and transparent. Sentinel playbooks should log rationale and context for every action. Role-based permissions restrict sensitive operations, and approvals are required for high-impact responses. Ethical automation upholds accountability and trust.

Trends in Security Automation

Security automation continues to evolve with advances in AI, threat intelligence, and integrated platforms. Future trends include autonomous SOAR systems, real-time collaboration bots, and proactive deception techniques. Sentinel’s open architecture positions it well to incorporate these innovations, offering scalable and adaptive protection against emerging threats.

Final Thoughts

As organizations increasingly migrate their operations to the cloud, the complexity and volume of cyber threats have grown exponentially. Microsoft Sentinel serves as a cornerstone for modern cloud-native security operations, enabling enterprises to scale their defenses with precision, speed, and automation. The full exploration of its capabilities from rule-based detections to adaptive, machine-learning-driven responses reveals how deeply Sentinel can integrate into a mature and proactive security architecture.

Adopting Microsoft Sentinel is not merely a technological implementation but a strategic evolution. It empowers security teams to shift from reactive to proactive postures, utilizing automation not just for response but also for prevention, optimization, and insight. By continuously refining detection rules, integrating feedback, and embracing DevOps practices, security operations can maintain agility while upholding the highest standards of protection.

Moreover, the journey toward automated threat response is iterative. Organizations must consistently assess their maturity, test their systems under simulated threats, and adapt their tools to an ever-changing threat landscape. This requires not only the right tools but also the right culture, one that values transparency, accountability, and continuous improvement.

In closing, Microsoft Sentinel offers a robust platform to unify security monitoring, threat detection, incident response, and automation. When harnessed effectively, it transforms security operations into a seamless, intelligent, and resilient ecosystem, one that evolves in lockstep with emerging technologies and adversarial tactics. For any organization committed to securing its digital estate, Microsoft Sentinel is not just a solution, it is a strategic imperative.

Related posts:

  1. CCIE Data Center v3.0 Exam Preparation Course
  2. CompTIA CySA+ Certification Training Course
  3. DP-700 Azure Data Engineer Certification: The Only Course Guide You’ll Need
  4. MB-700T00: Architecting Finance and Operations Apps with Microsoft Dynamics 365
  5. Microsoft Power Platform Functional Consultant – PL-200 (Course Code: PL-200T00-A)
  6. MS-900: Microsoft 365 Fundamentals Training (Course MS-900T01-A)
  7. Pass the CCIE Security v6.1 Lab Exam: Full Practical Guide
  8. SC-300 Course: Secure Identity and Access with Microsoft Technologies
  9. SC-400T00: Administering Compliance and Data Protection in Microsoft 365
  10. Unified Communications Systems Engineer (MS-721T00)