Embedded Files
Course Name
SC-200: Microsoft Security Operations Analyst
Exam code
SC-200
Duration
4 Days
Certification
Microsoft Certified: Security Operations Analyst Associate
Overview
Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR and Microsoft Defender for Cloud. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.
Audience Profile
The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.
Prerequisites
Before attending this course, students must have knowledge of:
Basic understanding of Microsoft 365
Fundamental understanding of Microsoft security, compliance, and identity products
Intermediate understanding of Windows 10
Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
Familiarity with Azure virtual machines and virtual networking
Basic understanding of scripting concepts.
Course Outline
Module 1: Introduction to Microsoft Defender XDR threat protection
Module 2: Mitigate incidents using Microsoft Defender
Module 3: Remediate risks with Microsoft Defender for Office 365
Module 4: Manage Microsoft Entra Identity Protection
Module 5: Safeguard your environment with Microsoft Defender for Identity
Module 6: Secure your cloud apps and services with Microsoft Defender for Cloud
Module 7: Fundamentals of Generative AI
Module 8: Describe Microsoft Security Copilot
Module 9: Describe the core features of Microsoft Security Copilot
Module 10: Describe the embedded experiences of Microsoft Security Copilot
Module 11: Explore use cases of Microsoft Security Copilot
Module 12: Respond to data loss prevention alerts using Microsoft 365
Module 13: Manage insider risk in Microsoft Purview
Module 14: Search and investigate with Microsoft Purview Audit
Module 15: Investigate threats with Content search in Microsoft Purview
Module 16: Protect against threats with Microsoft Defender for Endpoint
Module 17: Deploy the Microsoft Defender for Endpoint environment
Module 18: Implement Windows security enhancements with Microsoft Defender for Endpoint
Module 19: Perform device investigations in Microsoft Defender for Endpoint
Module 20: Perform actions on a device using Microsoft Defender for Endpoint
Module 21: Perform evidence and entities investigations using Microsoft Defender for Endpoint
Module 22: Configure and manage automation using Microsoft Defender for Endpoint
Module 23: Configure for alerts and detections in Microsoft Defender for Endpoint
Module 24: Utilize Vulnerability Management in Microsoft Defender for Endpoint
Module 25: Plan for cloud workload protections using Microsoft Defender for Cloud
Module 26: Connect Azure assets to Microsoft Defender for Cloud
Module 27: Connect non-Azure resources to Microsoft Defender for Cloud
Module 28: Manage your cloud security posture management
Module 29: Explain cloud workload protections in Microsoft Defender for Cloud
Module 30: Remediate security alerts using Microsoft Defender for Cloud
Module 31: Construct KQL statements for Microsoft Sentinel
Module 32: Analyze query results using KQL
Module 33: Build multi-table statements using KQL
Module 34: Work with data in Microsoft Sentinel using Kusto Query Language
Module 35: Introduction to Microsoft Sentinel
Module 36: Create and manage Microsoft Sentinel workspaces
Module 37: Query logs in Microsoft Sentinel
Module 38: Use watchlists in Microsoft Sentinel
Module 39: Utilize threat intelligence in Microsoft Sentinel
Module 40: Integrate Microsoft Defender XDR with Microsoft Sentinel
Module 41: Connect data to Microsoft Sentinel using data connectors
Module 42: Connect Microsoft services to Microsoft Sentinel
Module 43: Connect Microsoft Defender XDR to Microsoft Sentinel
Module 44: Connect Windows hosts to Microsoft Sentinel
Module 45: Connect Common Event Format logs to Microsoft Sentinel
Module 46: Connect syslog data sources to Microsoft Sentinel
Module 47: Connect threat indicators to Microsoft Sentinel
Module 48: Threat detection with Microsoft Sentinel analytics
Module 49: Automation in Microsoft Sentinel
Module 50: Threat response with Microsoft Sentinel playbooks
Module 51: Security incident management in Microsoft Sentinel
Module 52: Identify threats with Behavioral Analytics
Module 53: Data normalization in Microsoft Sentinel
Module 54: Query, visualize, and monitor data in Microsoft Sentinel
Module 55: Manage content in Microsoft Sentinel
Module 56: Explain threat hunting concepts in Microsoft Sentinel
Module 57: Threat hunting with Microsoft Sentinel
Module 58: Use Search jobs in Microsoft Sentinel
Module 59: Hunt for threats using notebooks in Microsoft Sentinel
All Microsoft certification courses are conducted by certified trainers from Iverson.
Digital Methods acts as the official training partner and assists with program consultation, registration, coordination, scheduling, and administrative arrangements to ensure a seamless and professionally managed training experience.
Page updated
Google Sites
Report abuse