Team Quest -The Compliance Games

Participants should have:

• Working knowledge of security operations and incident response processes.
• Working knowledge of Microsoft Defender for XDR.
• Working knowledge of Microsoft Purview.
• Working knowledge of Microsoft Entra.
• Working knowledge of Microsoft Intune.

Target audience

This course is suited for:

• Security operations centre analysts and incident responders.
• Security engineers working with Microsoft security stack tools, including Defender, Purview, Entra, and Intune.
• IT professionals responsible for threat monitoring, detection, and response.
• Security architects designing secure systems and integrating generative AI into security workflows.
• Cybersecurity managers or team leads seeking to understand how Microsoft Security Copilot can improve operational efficiency and threat response.

By the end of this course, learners will be able to:

• Explain the role of generative AI in the broader development of artificial intelligence and intelligent systems.
• Describe large language models and how they power modern AI-driven applications and copilots.
• Explain how Azure OpenAI supports the creation of intelligent, secure, and scalable applications.
• Identify examples of copilots and distinguish between effective and ineffective prompting techniques.
• Describe a responsible generative AI development lifecycle from design through deployment and operation.
• Identify and prioritise potential harms relevant to generative AI solutions in security contexts.
• Measure and evaluate the presence of harms in a generative AI solution.
• Apply mitigation strategies to reduce risks and improve trust in generative AI outputs.
• Prepare to deploy and operate a generative AI solution responsibly within an organisation.
• Describe what Microsoft Copilot for Security is and the problems it is designed to solve.
• Explain core terminology used within Microsoft Copilot for Security.
• Describe how Microsoft Copilot for Security processes prompt requests and security signals.
• Identify the elements of an effective prompt for security investigations.
• Describe how to enable Microsoft Copilot for Security within an organisation.
• Explain how Microsoft Copilot integrates with Microsoft Defender XDR, Microsoft Purview, Microsoft Entra, and Microsoft Intune.

Understanding The Fog and human–AI misalignment

• Introduction to The Fog as a behavioural and organisational pattern.
• How vague requests and weak context reduce AI effectiveness.
• The role of human judgement in guiding machine intelligence.

Foundations of generative AI for security teams

• Overview of generative AI and its evolution within artificial intelligence.
• Understanding large language models and how they generate responses.
• Strengths and limitations of generative AI in security scenarios.

Responsible AI and risk management

• Principles of responsible generative AI development.
• Identifying potential harms in AI-assisted security workflows.
• Measuring bias, inaccuracies, and unintended outcomes.
• Mitigation strategies to improve reliability and trust.

Introduction to Microsoft Copilot for Security

• What Microsoft Copilot for Security is and how it supports analysts.
• Core terminology and concepts used within the platform.
• How Copilot processes prompts, context, and security signals.

Prompting strategies that cut through The Fog

• Elements of an effective prompt for security investigations.
• Providing context, constraints, and clarity in prompts.
• Common prompting mistakes and how to avoid them.
• Adapting prompts for different security use cases.

Copilot integration across the Microsoft security stack

• Using Microsoft Copilot with Microsoft Defender XDR for threat investigation.
• Applying Copilot insights within Microsoft Purview for compliance and governance.
• Supporting identity and access decisions with Microsoft Entra and Copilot.
• Enhancing endpoint and device management with Microsoft Intune and Copilot.

TeamQuest missions and applied collaboration

• Team-based missions simulating real security operations scenarios.
• Cross-functional collaboration to solve complex security challenges.
• Applying improved prompting and analysis under time pressure.
• Translating lessons learned back into day-to-day security workflows.

Exams and assessments

There are no formal exams included in this course. Learning is reinforced through team-based challenges, scenario-driven missions, and instructor-led discussions that assess understanding through application rather than written testing.

Hands-on learning

This course includes:

• Gamified, team-based missions aligned to real security operations scenarios.
• Guided exercises using Microsoft Copilot for Security across multiple tools.
• Instructor-led facilitation and feedback throughout each mission.