SC-200: Microsoft Security Operations Analyst

Loading...
icon

icon
Loading...
course-icon

Course

org-logo
SC-200: Microsoft Security Operations Analyst

SC-200: Microsoft Security Operations Analyst

Learn how to defend against threats with Microsoft 365 Defender, Azure Defender, and Azure Sentinel.

Benefit from instructor-led preparation for the SC-200 certification exam with tips, tricks, guidance, and mentored support.

vILT

Mentored

INTERMEDIATE

flag-icon

Starts on

Dec 16, 2024

time-icon

Duration

4 days, online
8 hours/day
fee-icon

Fee

Loading...

SC-200: Microsoft Security Operations Analyst is a four-day associate-level course designed for professionals who work in security operations or security administrator job roles. This course focuses specifically on the knowledge and skills required to secure IT systems for an organization, reduce organizational risk by rapidly remediating active attacks in the environment, and advise on improvements to threat protection practices.

During this course, you will learn how to investigate, respond, and hunt for threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. You will explore how to mitigate cyberthreats using these technologies. And you will configure and use Azure Sentinel, as well as utilize Kusto Query Language (KQL), to perform detection, analysis, and reporting.

Overall, this course will help you to prepare for the SC-200 certification exam. Entry for the exam is not included. However, you will get a clear overview of the Microsoft certification process, plus you will get tips and tricks, testing strategies, practice questions, and useful information to help you pass the exam successfully. Once you have certification, you will then be able to delve more into Azure security by taking SC-900 and SC-300 training. If you certify in AZ-500 training, you will then be proficient in Azure Security.

This course comprises eight purposely designed modules that take you on a carefully defined learning journey.

It is an instructor-led course which runs to a fixed schedule, with set start and finish dates. It is driven forward by your instructor and features live sessions that are aired at a set time. You will, however, have time to complete certain activities at your own pace outside of the live sessions.

The materials for each module are accessible from the start of the course and will remain available for the duration of your enrollment. Methods of learning and assessment will include reading material, hands-on labs, and online exam questions.

As part of our mentoring service you will have access to valuable guidance and support throughout the course. We provide a dedicated discussion space where you can ask questions, chat with your peers, and resolve issues.

Once you have successfully completed the course, you will earn your Certificate of Completion.

You will be able to:

  • Explain how Microsoft Defender for Endpoint can remediate risks in your environment.
  • Create a Microsoft Defender for an Endpoint environment.
  • Configure Attack Surface Reduction rules on Windows 10 devices.
  • Perform actions on a device using Microsoft Defender for Endpoint.
  • Investigate user accounts in Microsoft Defender for Endpoint.
  • Configure alert settings in Microsoft Defender for Endpoint.
  • Explain how the threat landscape is evolving.
  • Conduct advanced hunting in Microsoft 365 Defender.
  • Manage incidents in Microsoft 365 Defender.
  • Explain how Microsoft Defender for Identity can remediate risks in your environment.
  • Investigate DLP alerts in Microsoft Cloud App Security.
  • Explain the types of actions you can take on an insider risk management case.
  • Configure auto-provisioning in Azure Defender. Remediate alerts in Azure Defender.
  • Construct KQL statements.
  • Filter searches based on event time, severity, domain, and other relevant data using KQL.
  • Extract data from unstructured string fields using KQL. Manage an Azure Sentinel workspace.
  • Use KQL to access the watchlist in Azure Sentinel.
  • Manage threat indicators in Azure Sentinel.
  • Explain the Common Event Format and Syslog connector differences in Azure Sentinel.
  • Connect Azure Windows Virtual Machines to Azure Sentinel.
  • Configure Log Analytics agent to collect Sysmon events.
  • Create new analytics rules and queries using the analytics rule wizard.
  • Create a playbook to automate an incident response.
  • Use queries to hunt for threats.
  • Observe threats over time with livestream.

  • Individuals seeking to prepare for the Microsoft SC-200 certification exam.
  • Individuals keen to learn Azure concepts and technologies.
  • Experienced security operations analysts who want to extend their skills.
  • Individuals seeking to extend their knowledge to include security engineer technologies.

  • An understanding of the basics of cloud computing.

This course will help you to prepare for the SC-200: Microsoft Security Operations Analyst certification exam.

It is ideal for learners who are just beginning to work with cloud-based solutions and services and are looking to become a Security Operations Analyst.

  • It will provide you with the foundational knowledge you need of Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products.
  • You will learn how to reduce organizational risk by rapidly remediating active attacks in the environment.
  • You will learn how to advise on improvements to threat protection practices and how to refer violations of organizational policies to appropriate stakeholders.

When you take this course, you will also get information and guidance on the Microsoft certification process, knowledge checks and practice questions, and useful tips on how to pass the exam.

Course Outline

Why Learn with SkillUp Online?

We believe every learner is an individual and every course is an opportunity to build job-ready skills. Through our human-centered approach to learning, we will empower you to fulfil your professional and personal goals and enjoy career success.

tick

Reskilling into tech? We’ll support you.

tick

Upskilling for promotion? We’ll help you.

tick

Cross-skilling for your career? We’ll guide you.

icon

Personalized Mentoring & Support

1-on-1 mentoring, live classes, webinars, weekly feedback, peer discussion, and much more.

icon

Practical Experience

Hands-on labs and projects tackling real-world challenges. Great for your resumé and LinkedIn profile.

icon

Best-in-Class Course Content

Designed by the industry for the industry so you can build job-ready skills.

icon

Job-Ready Skills Focus

Competency building and global certifications employers are actively looking for.

Course Offering

certificate

Type of certificate

Certificate of Completion

course

About this course

08 Modules

02 Skills

includes

Includes

Discussion space

08 Knowledge checks

01 Practice exam

08 Labs

create

Create

Virtual machine

Azure account

Azure Active directory

Storage Account

Create an Azure Sentinel workspace

Watchlist

Detect threats with Azure Sentinel analytics

Analytics rule from wizard

Create an Azure Sentinel playbook

Create a notebook

exercises

Exercises to explore

Configure auto provisioning

Connect non-Azure machines

Connect AWS accounts

Connect GCP accounts

Explore KQL

Investigate an incident

Visualize data using Azure Sentinel Workbooks

Query and visualize data with Azure Sentinel Workbooks

Hunt for threats using Azure Sentinel

You’ll learn with these experts

profile-image

Microsoft

This course is led by experienced Microsoft Certified Trainers (MCTs).

Newsletters & Updates

Subscribe to get the latest tech career trends, guidance, and tips in your inbox.

FAQs

This course is 100% online. You will not need to attend classes in person. However, it is instructor-led, so to be able to complete this course, you will need access to the internet for the live sessions. You will also need the required technology to be able to use the course materials. The materials for the course are in the form of articles, videos, knowledge checks, and practice exam questions.

In addition to this, you will be actively encouraged to connect with your mentors and instructors on the course through the dedicated discussion space.

SC-200: Microsoft Security Operations Analyst is an instructor-led course. This means live sessions are aired at pre-set times, and the course starts and finishes on set dates. However, you will have the opportunity to enjoy some self-paced work as well, for you are able to complete certain activities in your own time. The course takes place over 4 consecutive days, for 8 hours each day.

The certification exam tests your ability to carry out certain security tasks, including using Microsoft 365 Defender to defend against threats, using Azure Defender to defend against threats, and additionally using Azure Sentinel to do the same.

We recommend that learners who wish to prepare for the Microsoft SC-200 certification exam should take this course. They will be able to refresh their knowledge and gain useful tips and tricks on how to pass the exam. Additionally, however, people who are seeking to learn about Azure concepts and technologies will find it extremely beneficial. And experienced security operations analysts who want to extend their skills will find it of great use too.

Learning online is an ideal option for individuals keen to learn in the comfort of their own home. It removes the need for you to travel and makes it much easier to manage your time. Though this course is online, you will still benefit from instructor-led training with certified trainers, who deliver the classes. You will also have access to our 24/7 discussion space, and our mentoring services are always there to help you out during your learning journey. You will not be learning alone!

SC-200: Microsoft Security Operations Analyst

Course Offering

certificate

Type of certificate

Certificate of Completion

course

About this course

08 Modules

02 Skills

includes

Includes

Discussion space

08 Knowledge checks

01 Practice exam

08 Labs

create

Create

Virtual machine

Azure account

Azure Active directory

Storage Account

Create an Azure Sentinel workspace

Watchlist

Detect threats with Azure Sentinel analytics

Analytics rule from wizard

Create an Azure Sentinel playbook

Create a notebook

exercises

Exercises to explore

Configure auto provisioning

Connect non-Azure machines

Connect AWS accounts

Connect GCP accounts

Explore KQL

Investigate an incident

Visualize data using Azure Sentinel Workbooks

Query and visualize data with Azure Sentinel Workbooks

Hunt for threats using Azure Sentinel

You’ll learn with these experts

profile-image

Microsoft

This course is led by experienced Microsoft Certified Trainers (MCTs).

Newsletters & Updates

Subscribe to get the latest tech career trends, guidance, and tips in your inbox.