SC-200: Microsoft Security Operations Analyst

This course comprises eight purposely designed modules that take you on a carefully defined learning journey.

It is an instructor-led course which runs to a fixed schedule, with set start and finish dates. It is driven forward by your instructor and features live sessions that are aired at a set time. You will, however, have time to complete certain activities at your own pace outside of the live sessions.

The materials for each module are accessible from the start of the course and will remain available for the duration of your enrollment. Methods of learning and assessment will include reading material, hands-on labs, and online exam questions.

As part of our mentoring service you will have access to valuable guidance and support throughout the course. We provide a dedicated discussion space where you can ask questions, chat with your peers, and resolve issues.

Once you have successfully completed the course, you will earn your Certificate of Completion.

You will be able to:

• Explain how Microsoft Defender for Endpoint can remediate risks in your environment.
• Create a Microsoft Defender for an Endpoint environment.
• Configure Attack Surface Reduction rules on Windows 10 devices.
• Perform actions on a device using Microsoft Defender for Endpoint.
• Investigate user accounts in Microsoft Defender for Endpoint.
• Configure alert settings in Microsoft Defender for Endpoint.
• Explain how the threat landscape is evolving.
• Conduct advanced hunting in Microsoft 365 Defender.
• Manage incidents in Microsoft 365 Defender.
• Explain how Microsoft Defender for Identity can remediate risks in your environment.
• Investigate DLP alerts in Microsoft Cloud App Security.
• Explain the types of actions you can take on an insider risk management case.
• Configure auto-provisioning in Azure Defender. Remediate alerts in Azure Defender.
• Construct KQL statements.
• Filter searches based on event time, severity, domain, and other relevant data using KQL.
• Extract data from unstructured string fields using KQL. Manage an Azure Sentinel workspace.
• Use KQL to access the watchlist in Azure Sentinel.
• Manage threat indicators in Azure Sentinel.
• Explain the Common Event Format and Syslog connector differences in Azure Sentinel.
• Connect Azure Windows Virtual Machines to Azure Sentinel.
• Configure Log Analytics agent to collect Sysmon events.
• Create new analytics rules and queries using the analytics rule wizard.
• Create a playbook to automate an incident response.
• Use queries to hunt for threats.
• Observe threats over time with livestream.

• Individuals seeking to prepare for the Microsoft SC-200 certification exam.
• Individuals keen to learn Azure concepts and technologies.
• Experienced security operations analysts who want to extend their skills.
• Individuals seeking to extend their knowledge to include security engineer technologies.

• An understanding of the basics of cloud computing.

This course will help you to prepare for the SC-200: Microsoft Security Operations Analyst certification exam.

It is ideal for learners who are just beginning to work with cloud-based solutions and services and are looking to become a Security Operations Analyst.

• It will provide you with the foundational knowledge you need of Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products.
• You will learn how to reduce organizational risk by rapidly remediating active attacks in the environment.
• You will learn how to advise on improvements to threat protection practices and how to refer violations of organizational policies to appropriate stakeholders.

When you take this course, you will also get information and guidance on the Microsoft certification process, knowledge checks and practice questions, and useful tips on how to pass the exam.