In this 90-minute hands-on lab, you’ll work a real-world incident response scenario from initial detection through full containment using the Microsoft and Tanium Cloud ecosystem — all from a single unified workflow. You’ll watch Tanium Connect stream real-time endpoint telemetry into Microsoft Sentinel to sharpen SOC detections, fire the Tanium Incident Scoping Agent in Microsoft Security Copilot when a Defender incident lands to map the enterprise-wide blast radius, then pivot through the Edge for Business connector for browser-posture insight, Entra ID for identity enrichment by department, group, and role, and Intune for compliance state. By the end of the session, you’ll have experienced first-hand how Tanium turns your existing Microsoft investment into a coordinated, end-to-end incident response capability.

Pre-Req(s): Prior working knowledge of Tanium and the Tanium Cloud console, Working knowledge of Microsoft Entra ID (users, groups, and core identity concepts)

Additional details