Books for Microsoft Sentinel

Despite sometimes feeling like I read 10 books a day already from the emails, Teams messages, and web links I manage, I do like to sit down with an actual book. Well…I take that back. I do prefer to read eBooks instead of holding a stack of bound papers in my hand. But, still.

And, I know there are many more like me. Its good to get away from screens, find a quiet or favorite nook, and just focus on learning.

There’s not a huge mass of Microsoft Sentinel books available to choose from, but the ones that are available are good and each has its own distinct value. So, I thought I’d start a live blog post to capture those that are available and supply some commentary so you can decide which to start with.

I’ll update this post as new books are available and after I’ve read them. If you have commentary on any of them – whether you agree with my own assessment or not – let me know over Twitter (@rodtrent).

(click on each image to view the book on

Microsoft Sentinel in Action: Architect, design, implement, and operate Microsoft Sentinel as the core of your security solutions, 2nd Edition

Despite an entirely different name, this book is the 2nd edition of “Learn Azure Sentinel: Integrate Azure security with artificial intelligence to build secure cloud systems.” The band was put back together for this one, including the authoring (Richard and Gary) and tech editing (myself) and is a solid refresh, including the new concepts introduced through the updated, enhanced, and new features of Microsoft Sentinel delivered over the past year. Again, because of tech editing, I’ve already read this one and it’s a grand effort.

Must Learn KQL

This is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you’d like the 90-second post-commercial recap that seems to be a standard part of every TV show these days…

The full series index (including code and queries) is located here:

This book is updated every time a new part of this series is posted. The most current edition of this book will always be located at:

Microsoft Azure Sentinel: Planning and implementing Microsoft’s cloud-native SIEM solution (IT Best Practices – Microsoft Press)

The following book is the official Microsoft Press edition for Azure Sentinel. Originally, it was a great entry, but Sentinel has changed so significantly since it was released that a lot of the content is dated. However, for those just wanting a base understanding of the product, it might be a worthy grab. Or…if you ever get a chance to meet Yuri, you might want to have a hard copy on hand as I’m sure he’d love to sign it for you.

Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

This book is on its way and being written and delivered in part by a trusted colleague, Trevor Stuart. This is intended as a guide to help pass the SC-200 security path and exam, but there’s lots of awesome Microsoft Sentinel learning to be had as part of that endeavor. This title is intended to officially release on May 10, 2022.

From the book description: Remediate active attacks to reduce risk to the organization by investigating, hunting, and responding to threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender

Exam Ref SC-200 Microsoft Security Operations Analyst

If you want the official, Microsoft Press edition for passing the SC-200 path, this is the book. This book probably needs a refresh by now, as the SC-200 learning path is updated regularly, but it’s still a great option. And the authors are all trusted experts (and good friends) on Microsoft Defender for Cloud and Microsoft Sentinel.

Cloud Defense Strategies with Azure Sentinel: Hands-on Threat Hunting in Cloud Logs and Services

I only purchased the following book a couple days ago, so I’m still reading it. However, there’s some great discussion in it already around architecture, costs, and KQL. I’ll provide a better summation once I’ve finished it.

Microsoft 365 Security for IT Pros

The following book is put together by several leading, expert community members. It covers the full spectrum of the Microsoft security platform, but has a special section for Azure Sentinel. The beauty of this book is that its updated MONTHLY! So, this reference should be as close to up-to-date as possible. Read more about it at the accompanying website and then jump out HERE to become a monthly subscriber.

Cloud-native security: a comprehensive overview on Microsoft’s cloud SIEM

The following book is FREE! But, that’s not the best thing about it. This book is written by the folks at Wortell who is an amazingly excellent partner and well-versed in delivering and managing Azure Sentinel. This book takes real-world scenarios and use cases and delivers a proper field guide. To obtain the book, you have to fill out a short form.

And, while not written for Azure Sentinel coverage, the following will serve as books I recommend for gathering knowledge around topics important to using Azure Sentinel better.

Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Azure Sentinel Newsletter]

[Subscribe to the Bi-Weekly Azure Security Center Newsletter]