Books for Azure Sentinel

Despite sometimes feeling like I read 10 books a day already from the emails, Teams messages, and web links I manage, I do like to sit down with an actual book. Well…I take that back. I do prefer to read eBooks instead of holding a stack of bound papers in my hand. But, still.

And, I know there are many more like me. Its good to get away from screens, find a quiet or favorite nook, and just focus on learning.

There’s not a huge mass of Azure Sentinel books available to choose from, but the ones that are available are good and each has its own distinct value. So, I thought I’d start a live blog post to capture those that are available and supply some commentary so you can decide which to start with.

I’ll update this post as new books are available and after I’ve read them. If you have commentary on any of them – whether you agree with my own assessment or not – let me know over Twitter (@rodtrent).

(click on each image to view the book on

Microsoft Azure Sentinel: Planning and implementing Microsoft’s cloud-native SIEM solution (IT Best Practices – Microsoft Press)

The following book is the official Microsoft Press edition for Azure Sentinel. Originally, it was a great entry, but Sentinel has changed so significantly since it was released that a lot of the content is dated. However, for those just wanting a base understanding of the product, it might be a worthy grab. Or…if you ever get a chance to meet Yuri, you might want to have a hard copy on hand as I’m sure he’d love to sign it for you.

Learn Azure Sentinel: Integrate Azure security with artificial intelligence to build secure cloud systems 1st Edition

The following book stood as the “manual” for Azure Sentinel for a long time. I know both of the authors and I provided tech editing for this book, so I was able to read it prior to official release. This book took learning Azure Sentinel to the next level. Like the MS Press version, its a bit dated, but there’s a full chapter on KQL that’s still worth the price of admission. There’s a 2nd edition of this book on the way and is shown below.

Cloud Defense Strategies with Azure Sentinel: Hands-on Threat Hunting in Cloud Logs and Services

I only purchased the following book a couple days ago, so I’m still reading it. However, there’s some great discussion in it already around architecture, costs, and KQL. I’ll provide a better summation once I’ve finished it.

Azure Sentinel in Action: Architect, design, implement, and operate Azure Sentinel as the core of your security solutions, 2nd Edition

Despite an entirely different name, this book is the 2nd edition of “Learn Azure Sentinel: Integrate Azure security with artificial intelligence to build secure cloud systems” shown above. The band was put back together for this one, including the authoring (Richard and Gary) and tech editing (myself) and is a solid refresh, including the new concepts introduced through the updated, enhanced, and new features of Azure Sentinel delivered over the past year. Again, because of tech editing, I’ve already read this one and its a good effort. It doesn’t officially release until January 2022, so it will make a worthy Christmas gift but you’ll need to print a copy of the book page and hand it to your yuletide recipient as proof you bought it.

Microsoft 365 Security for IT Pros

The following book is put together by several leading, expert community members. It covers the full spectrum of the Microsoft security platform, but has a special section for Azure Sentinel. The beauty of this book is that its updated MONTHLY! So, this reference should be as close to up-to-date as possible. Read more about it at the accompanying website and then jump out HERE to become a monthly subscriber.

Cloud-native security: a comprehensive overview on Microsoft’s cloud SIEM

The following book is FREE! But, that’s not the best thing about it. This book is written by the folks at Wortell who is an amazingly excellent partner and well-versed in delivering and managing Azure Sentinel. This book takes real-world scenarios and use cases and delivers a proper field guide. To obtain the book, you have to fill out a short form.

And, while not written for Azure Sentinel coverage, the following will serve as books I recommend for gathering knowledge around topics important to using Azure Sentinel better.

Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Azure Sentinel Newsletter]

[Subscribe to the Bi-Weekly Azure Security Center Newsletter]