Learning Defender XDR group


  • 10 sessions, starting in August. 2 time slots available, One 11am-1pm eastern USA. One 5-7pm eastern USA.
  • Instructors: Paul Schnackenburg and Amy Babinchak
  • Small group of about 15
  • Discuss chapter content
  • Test configurations and deployments
  • Work in our lab tenant(s)
  • Recorded sessions
  • May build some shared best practice guides and SOPs
  • Same employer Multi-employee discount available. Sign up first student first then email amy@thirdtier.net

Category: Tags: ,


This learning group will be using the Ru Campbell and Viktor Hedberg’s Mastering Microsoft 365 Defender book as a framework for learning and exploring subject areas encompassing Defender XDR with the M365 Business Premium license. Over the course of six months, starting in August, we’ll be meeting every other week on Thursdays for 10 sessions to discuss chapter content, test configurations and deployments, and work in our lab tenant(s). The sessions will be recorded, and we may build some shared best practice guides and SOPs as an outgrowth of our work together. The instructors will facilitate the learning sessions and will provide supplemental resources to help us go deeper into the content. Each group is limited to about 15 participants.
When will we meet? We are planning for two options both of which will meet every other week once the class begins. One group will meet from 5-7pm eastern USA beginning August 1st. The other group will start a week later will meet at 11am – 1pm eastern USA time. The day of the week is yet to be determined. Once you have made your purchase, you’ll receive an email from amy@thirdtier.net containing a URL for the book purchase and a URL for group selection form. When the registrations have settled, you’ll then receive some calendar items for the course and an invitation to join Third Tier’s Microsoft Teams. We will run into USA, Australian and international holidays on this course. When that occurs for a significant number of attendees or the instructor, we’ll simply skip that session and pick up the course again at the next regular time.
Learning Group participation: Microsoft Teams is how we will meet. In addition, there will be a team for each course group that you will be invited to. Recording, recaps, transcripts and documents will all be housed there. These Learning Groups are successful because of your preparation for each session and your participation and information sharing. Each member of the group is expected to share their experiences with the material learned with other during class time. The two-hour sessions are divided into 1 hour of instruction and 1 hour of group Q&A, SOP development.


Paul Schnackenburg is a highly sought after instructor covering many Microsoft security technologies. He is also the owner of an MSP IT services firm for the past 25 years and a member of Third Tier’s peer groups. Paul resides in Australia. Find out more about Paul’s extensive list of certifications here.
Amy Babinchak is the owner of Third Tier and formerly the owner of an MSP for 23 years. She also blogs, writes, teaches and works with various vendors on education and certification projects. She is a self-described “security hobbyist” who has spent her career intensely interested in the practical pursuit of protecting SMB sized businesses from cyber criminals. Amy has been a Microsoft MVP for 18 years.


Ru Campbell is a Microsoft Security MVP and leads a Microsoft security consultancy practice in Ireland and the United Kingdom. He is author of Mastering Microsoft 365 Defender (Packt, 2023) and organizes the monthly Microsoft 365 Security & Compliance User Group. Ru also blogs on Microsoft security, compliance, identity, and management at Campbell.scot and industry publications such as Petri.com and Practical365.com.

Viktor Hedberg is a security consultant with a focus on Microsoft Security either on-prem or in the cloud, and a blue teamer at heart. Viktor has worked within IT for the past 10 years always within Cyber Security. Working for public sector in Sweden for years but now as a specialist at Truesec AB focusing on proactive security measures, DFIR and advises on all things cyber.