Strengthen your cloud security expertise with new AI security training

As organizations accelerate their adoption of AI, the need for rigorous, cloud‑ready security skills has never been greater. To help meet that need, we’re releasing a wave of new and updated Microsoft Learn offerings this month, designed to help you secure AI workloads, modernize incident response, strengthen identity governance, optimize security operations across the Microsoft Cloud, and more.

New Microsoft Applied Skills: Secure AI Solutions in the Cloud

Microsoft Applied Skills: Secure AI Solutions in the Cloud validates your ability to secure AI workloads across Microsoft Defender for Cloud and Microsoft Foundry. In a live, lab-based assessment, you configure AI workload protections, apply model guardrails, secure Foundry environments, and implement identity and access controls. The assessment focuses on real tasks, like enabling Defender for Cloud AI plans, creating responsible AI safeguards, and securing connected resources, making this credential a practical way for you to prove that you can operationalize AI security in the Microsoft Cloud.

To prepare to earn this Applied Skills credential, complete the new learning path, Protect Microsoft Foundry solutions by using Microsoft Defender for Cloud.

Updated Microsoft Virtual Training Days event

Microsoft Virtual Training Days continue to expand as important upskilling opportunities, and the latest, Predict and Defend Against Cybersecurity Threats, brings an even richer learning experience for security professionals. This free, instructor-led, online training is designed to help you strengthen your expertise across Microsoft Defender and Microsoft Sentinel. 

In this session, you:

• Learn how to investigate, respond to, and hunt for threats using the unified extended detection and response (XDR) security platform Microsoft Defender and Microsoft Sentinel.
• Take a deep dive into how to deploy Microsoft Sentinel alongside Microsoft Defender for Endpoint and Microsoft Defender XDR to create a unified security operations center (SOC) experience.
• Find out about cyberattack mechanisms, alerts, and incident flows, along with how to use Microsoft Security Copilot to automate incident management.
• Explore how to improve your security posture by connecting Microsoft Defender with Microsoft Sentinel for end-to-end threat visibility.
• Engage with Microsoft security experts to get answers to real‑world defense challenges.

This updated Microsoft Virtual Training Days event reinforces experiential learning and operational readiness across SOC workflows, making it a powerful entry point for analysts, administrators, and chief information security officers (CISOs) working to elevate their threat defense strategies. Sign up for Microsoft Virtual Training Days.

Updated modules

Mitigate threats using Microsoft Defender XDR

Expanded incident response depth. We’ve updated the modules in this learning path to give security analysts a richer, more unified operational view across Defender XDR. The refreshed content now emphasizes how the Microsoft Defender portal provides a single incident queue that correlates signals from Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. In the modules, you now practice:

• Managing and triaging incidents through the unified Defender incident experience.
• Conducting guided and advanced investigations using device, user, and asset context.
• Executing advanced hunting queries to surface lateral movement and suspicious behavior.

These updates strengthen real‑world SOC alignment by teaching you how to move seamlessly from alert to incident to investigation and then to remediation inside Defender XDR.

Use Search Jobs in Microsoft Sentinel

Improved long-term log investigation. This module now teaches analysts how to perform deep historical investigations using Search Jobs, a capability purpose‑built for large, long‑retention datasets. Module updates include:

• How Search Jobs scan up to one year of data across extremely large datasets for events that exceed standard KQL query timeouts.
• How to restore archived logs into interactive mode for high‑performance KQL analysis.
• The distinction between Simple Mode and KQL Mode when building long‑term searches.
• How search results are written into dedicated _SRCH suffixed tables for downstream analysis.

These additions help teach you how to perform back-in-time investigations, threat hunts, and compliance lookbacks at enterprise scale.

Conditional Access: Continuous Access Evaluation

Real-time policy enforcement. We’ve refreshed the Microsoft Entra ID Continuous Access Evaluation (CAE) module in this learning path to reflect how CAE enforces Conditional Access in near real-time rather than waiting for tokens to expire. In the updated content, you explore:

• Why traditional OAuth tokens create security lag.
• How CAE establishes a two‑way conversation between Microsoft Entra and workloads to instantly react to critical events.
• Real‑time enforcement for conditions such as password resets, account disablement, high‑risk user flags, and network location changes.
• Immediate session revocation for sensitive workloads, such as Exchange, SharePoint, and Microsoft Teams.

These updates help you understand how CAE closes the gap between identity events and policy enforcement, reducing the window for token replay and unauthorized access.

Explore the Access Review Agent in Microsoft Entra

Expanded AI-driven governance automation. The updated Access Review Agent module introduces the new Security Copilot–powered access governance assistant. This significantly expands the original module by explaining:

• How the agent automatically gathers sign‑in activity, usage patterns, and peer‑group behaviors.
• How it generates AI‑driven approve/deny recommendations with justification summaries.
• How reviewers complete access reviews in Teams via natural language guidance.
• Supported review scenarios, limitations (such as decision count limits), and licensing prerequisites.

This update shifts access reviews from manual checkbox exercises to intelligent, context‑aware workflows, helping to reduce reviewer fatigue and improve the accuracy of least‑privilege governance.

Automate identity lifecycle using Lifecycle Workflows in Microsoft Entra

More templates and broader governance coverage. We’ve expanded this module to reflect the growing capabilities of Lifecycle Workflows in Microsoft Entra ID Governance for identity administrators. Updated content now explores:

• Automation across the complete Joiner, Mover, Leaver (JML) lifecycle.
• Enhanced workflow templates for onboarding, offboarding, prehire setup, and role changes.
• A deeper explanation of workflow components, including triggers, scopes, conditions, and tasks.
• How Lifecycle Workflows complement human resources–driven (HR‑driven) provisioning by automating tasks such as license assignment, group membership updates, notifications, disabling accounts, and scheduled deletions.

These updates give you clearer, more actionable guidance for building scalable, no‑code identity automation across cloud and hybrid environments.

Whether you're pursuing the new Applied Skills credential, securing AI workloads in Microsoft Foundry, or updating your Defender, Microsoft Sentinel, or Microsoft Entra expertise, AI Skills Navigator helps you build practical expertise that you can apply in real-world environments today—while staying current as technology evolves. 

To stay ahead of evolving cyberthreats, explore the revamped Security hub, where you can find security learning paths, credentials, events, and resources—all in one place—to help you skill up faster.