2026
2026 Goals and Objectives
This page tracks key cyber defense training goals and objectives for 2026. The focus of this section is Microsoft Defender for Endpoint, Microsoft security operations, and foundational Azure knowledge. Items are organized by priority and intended audience level.
Core Microsoft Defender for Endpoint Training
These modules support foundational and operational knowledge for analysts and team members working at the L1, L2, and long-term development levels.
| Training Module | Level | Source | Priority |
|---|---|---|---|
| Introduction to Microsoft Defender for Endpoint | L1 / L2 / LT | Microsoft | Mandatory |
| Investigate Alerts in Microsoft Defender XDR | L1 / L2 / LT | Microsoft | Mandatory |
| Investigate Devices in Microsoft Defender for Endpoint | L1 / L2 / LT | YouTube | Mandatory |
| Device Actions in Microsoft Defender for Endpoint | L1 / L2 / LT | YouTube | Mandatory |
| Evidence and Entities Investigations | L1 / L2 / LT | YouTube | Mandatory |
| User Account Investigations | L1 / L2 / LT | YouTube | Mandatory |
| IP Address Investigations | L1 / L2 / LT | YouTube | Mandatory |
| Domain Investigation | L1 / L2 / LT | YouTube | Mandatory |
Long-Term Objectives
These learning paths and certifications support broader professional development and longer-range skill growth.
| Objective | Level | Source | Timeline |
|---|---|---|---|
| SC-200 (Microsoft Certified: Security Operations Analyst Associate) | L1 / L2 / LT | Microsoft | Long-Term |
| SC-5001-A (Configure SIEM Security Operations Using Microsoft Sentinel) | L1 / L2 / LT | Microsoft | Long-Term |
| SC-5004 (Defend Against Cyber Threats with Microsoft Defender XDR) | L2 / LT | Microsoft | Long-Term |
| Microsoft Certified: Azure Fundamentals (AZ-900) | Foundational / LT | Microsoft | Long-Term |
Azure Fundamentals Resources
- Microsoft Certified: Azure Fundamentals Certification overview and official details
- AZ-900T00: Microsoft Azure Fundamentals Official Microsoft training course
- Schedule the AZ-900 Exam Through Pearson VUE Official scheduling page for the certification exam
Reference Materials
- Investigate Alerts in Microsoft Defender XDR Source: Microsoft Learn
- How to Investigate Devices in Microsoft Defender for Endpoint Source: YouTube
- What Are Device Actions in Microsoft Defender for Endpoint Source: YouTube
- Perform Evidence and Entities Investigations in Microsoft Defender for Endpoint Source: YouTube
- How to Investigate a User Account in Microsoft Defender for Endpoint Source: YouTube
- How to Investigate an IP Address in Microsoft Defender for Endpoint Source: YouTube
- How to Investigate a Domain in Microsoft Defender for Endpoint Source: YouTube
Note: This page can be updated throughout the year as training modules are completed, revised, or expanded.
| Introduction to Microsoft Defender for Endpoint | L1/L2/LT | Microsoft | Mandatory |
| Investigate alerts in Microsoft Defender XDR | L1/L2/LT | Microsoft | Mandatory |
| Investigate Devices In MDE | L1/L2/LT | YouTube | Mandatory |
| Device Actions in MDE | L1/L2/LT | YouTube | Mandatory |
| Evidence & Entities Investigations | L1/L2/LT | YouTube | Mandatory |
| User Account Investigations | L1/L2/LT | YouTube | Mandatory |
| IP Address Investigations | L1/L2/LT | YouTube | Mandatory |
| Domain Investigation | L1/L2/LT | YouTube | Mandatory |
| SC-200 (Microsoft Certified: Security Operations Analyst Associate) | L1/L2/LT | Microsoft | Long term |
| SC-5001-A (Configure SIEM security operations using Microsoft Sentinel) | L1/L2/LT | Microsoft | Long term |
| SC-5004 (Defend Against Cyber Threats with Microsoft Defender XDR) | L2/LT | Microsoft | Long term |
| Investigate alerts in Microsoft Defender XDR | Microsoft | Investigate alerts in Microsoft Defender XDR – Microsoft Defender XDR | Microsoft Learn |
| HOW TO INVESTIGATE THE DEVICES IN MICROSOFT DEFENDER FOR ENDPOINT | YouTube | HOW TO INVESTIGATE THE DEVICES IN MICROSOFT DEFENDER FOR ENDPOINT |
| WHAT ARE DEVICE ACTIONS IN MICROSOFT DEFENDER FOR ENDPOINT | YouTube | WHAT ARE DEVICE ACTIONS IN MICROSOFT DEFENDER FOR ENDPOINT |
| PERFORM EVIDENCE AND ENTITIES INVESTIGATIONS IN MICROSOFT DEFENDER FOR ENDPOINT | YouTube | PERFORM EVIDENCE AND ENTITIES INVESTIGATIONS IN MICROSOFT DEFENDER FOR ENDPOINT |
| HOW TO INVESTIGATE A USER ACCOUNT IN MICROSOFT DEFENDER FOR ENDPOINT | YouTube | HOW TO INVESTIGATE A USER ACCOUNT IN MICROSOFT DEFENDER FOR ENDPOINT |
| HOW TO INVESTIGATE AN IP ADDRESS IN MICROSOFT DEFENDER FOR ENDPOINT | YouTube | HOW TO INVESTIGATE AN IP ADDRESS IN MICROSOFT DEFENDER FOR ENDPOINT |
| HOW TO INVESTIGATE A DOMAIN IN MICROSOFT DEFENDER FOR ENDPOINT | YouTube | HOW TO INVESTIGATE A DOMAIN IN MICROSOFT DEFENDER FOR ENDPOINT |