Improvements & Errata - list of corrections
This is the code repository for Unified SecOps Playbook, First Edition, published by Packt.
Jose Lazaro, Marcus Burnap
In the evolving cybersecurity landscape, the integration of Microsoft Defender XDR and Security Copilot presents a game-changing approach to modern threat detection and response. With this book, you’ll understand how these tools, in conjunction with Microsoft’s extensive ecosystem, enable organizations to outpace emerging threats. Starting with core XDR concepts, security frameworks, and Microsoft’s competitive advantages in cybersecurity, you’ll master the foundational aspects of deploying Microsoft Sentinel, configuring security infrastructure, and optimizing security operations using AI-driven tools. Advanced topics, including Zero-Trust strategies, DevSecOps integration, and partner programs, prepare you for increasingly sophisticated scenarios in Microsoft cloud security. You’ll also explore practical deployment workflows, covering cost analysis, role-based access configurations, and fast-tracked Sentinel deployment using CI/CD pipelines. By the end of this book, you’ll have gained insights into security automation, threat detection, and AI integration with Security Copilot for optimized operations and have the confidence to implement and manage Microsoft Defender XDR and Sentinel in complex environments, driving scalable and secure solutions. *Email sign-up and proof of purchase required
- Deploy Microsoft Sentinel with RBAC, governance, and financial planning
- Align security programs with Zero Trust and global frameworks
- Automate assessments with ScubaGear, Maester, and Azure DevOps
- Build secure Sentinel foundations with Entra ID, PIM, and management groups
- Onboard customers and partners via Azure Lighthouse and GDAP
- Master the Sentinel workflow backbone: KQL, detections, automation, MITRE ATT&CK
- Accelerate rollouts using FastTrack deployment and CI/CD pipelines
- Harness Security Copilot for AI-assisted detection and investigation
- Microsoft Defender XDR in the Age of Security Copilot
- Aligning with Cybersecurity Frameworks
- Microsoft Security for Partners
- Core Foundations: Initial Setup, Strategic Financial Planning, and Business Insights
- Getting Ready for Action: Assess Your Microsoft 365 Tenant
- Foundational Architecture and Secure Access for Sentinel Deployments for MSSPs
- Customer Onboarding: The Power of Azure Lighthouse
- Joining the Dots: Microsoft Sentinel Deployment Plan and Features
- Microsoft Sentinel Fast-Track Deployment Options and CI/CD Pipelines
- Activate, Configure, Deploy: Your First Steps with Security Copilot
- A working knowledge of Microsoft Defender XDR, Microsoft 365 security, and core Azure concepts such as subscriptions, resource groups, and RBAC
- Familiarity with SOC processes for triage, investigation, and incident response (for example, how to interpret alerts, evidence, and timelines)
- Basic comfort with reading and adapting queries and scripts, including KQL, PowerShell, and YAML (you do not need to be a developer)
- Access to an Azure subscription and a Microsoft 365 tenant where you can evaluate Sentinel, Defender XDR, and (if available) Security Copilot in a lab or controlled environment Tooling such as Azure CLI, PowerShell, Git, and either GitHub or Azure DevOps for the automation and CI/CD examples
Jose Lazaro is a partner technical manager at Microsoft, where he leads a team of architects delivering next-generation security and AI business solutions. He works closely with partners and customers to design scalable, secure architectures that support modern cloud and hybrid environments. Before joining Microsoft, Jose held senior leadership roles, including head of security and vice president of consulting at leading UK managed security service providers. He brings deep hands-on experience across SIEM and XDR platforms, with a career focus on designing, deploying, and operating enterprise security solutions at scale. His technical contributions and community leadership led to his recognition as a Microsoft MVP for SIEM and XDR. Jose has worked with Microsoft security technologies for over a decade and is deeply passionate about cybersecurity, cloud adoption, and enabling digital transformation while maintaining a strong and practical security foundation. Outside of work, Jose is an avid cyclist who enjoys exploring some of the most beautiful landscapes in the UK on two wheels.
Marcus Burnap (CISSP, Microsoft MVP, MCT) is a cybersecurity leader and Microsoft security specialist with expertise in SIEM, extended detection and response (XDR), and AI-enabled security operations. His experience includes designing and deploying Microsoft Sentinel and Defender XDR at enterprise scale, guiding organisations through security transformation programmes, and embedding AI-driven detection and response with Microsoft Security Copilot. He is recognised as a Microsoft MVP for his contributions to the global security community, including scenario-based consulting, thought leadership, and event speaking. Marcus is also a contributing voice in advancing SecDevOps practices and AI adoption in modern security operations.