A curated collection of tools, portals, and references I use and recommend for Microsoft Cloud security work.
Microsoft Security Portals
| Portal | URL |
|---|---|
| Microsoft Defender XDR | security.microsoft.com |
| Microsoft Sentinel | portal.azure.com |
| Microsoft Defender for Cloud | portal.azure.com |
| Microsoft Entra ID | entra.microsoft.com |
| Microsoft Purview | purview.microsoft.com |
| All Microsoft Portals | msportals.io |
KQL Resources
| Resource | Description |
|---|---|
| KQL Quick Reference | Microsoft’s official KQL quick reference |
| Advanced Hunting Schema | All tables available in Microsoft Defender XDR Advanced Hunting |
| Sentinel KQL for Beginners | Community KQL query library for Microsoft Sentinel |
| KQL Search | Community-driven KQL query search engine |
Microsoft Learn Paths
| Path | Focus |
|---|---|
| SC-200: Security Operations Analyst | Microsoft Sentinel, Defender XDR |
| SC-300: Identity and Access Administrator | Microsoft Entra ID, identity protection |
| AZ-500: Azure Security Engineer | Azure security services |
| SC-400: Information Protection Administrator | Microsoft Purview |
Community & Tools
| Resource | Description |
|---|---|
| Microsoft Tech Community — Security | Official Microsoft security blog and community |
| GitHub — pthoor | My public scripts, KQL queries, and tools |
| Sessionize — Pierre Thoor | My speaker profile and session catalog |
My Book
Microsoft Defender for Identity in Depth — An exhaustive guide to ITDR, breach prevention, and cyberattack response. Published by Packt, December 2024.