Course HighlightsCOURSE
SC-200: Microsoft Security Operations Analyst

SC-200: Microsoft Security Operations Analyst

Learn how to defend against threats with Microsoft 365 Defender, Azure Defender, and Azure Sentinel.

Benefit from instructor-led preparation for the SC-200 certification exam with tips, tricks, guidance, and mentored support.

SC-200: Microsoft Security Operations Analyst Highlights

Course Enrollment

Starts on

19 September 2022

Enrollment closes on
28 August 2022

  Course duration

Duration

  • 4 days, online
    8 hours/day
  Course Fee

Fee

US$ 2,220

Course Enrollment

Starts on

19 September 2022

Enrollment closes on
28 August 2022

Course duration

Duration

  • 4 days, online
    8 hours/day
Course Fee

Fee

US$ 2,220

SC-200: Microsoft Security Operations Analyst is a four-day associate-level course designed for professionals who work in security operations or security administrator job roles. This course focuses specifically on the knowledge and skills required to secure IT systems for an organization, reduce organizational risk by rapidly remediating active attacks in the environment, and advise on improvements to threat protection practices.

During this course, you will learn how to investigate, respond, and hunt for threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. You will explore how to mitigate cyberthreats using these technologies. And you will configure and use Azure Sentinel, as well as utilize Kusto Query Language (KQL), to perform detection, analysis, and reporting.

Overall, this course will help you to prepare for the SC-200 certification exam. Entry for the exam is not included. However, you will get a clear overview of the Microsoft certification process, plus you will get tips and tricks, testing strategies, practice questions, and useful information to help you pass the exam successfully. Once you have certification, you will then be able to delve more into Azure security by taking SC-900 and SC-300 training. If you certify in AZ-500 training, you will then be proficient in Azure Security.

This course comprises eight purposely designed modules that take you on a carefully defined learning journey.

It is an instructor-led course which runs to a fixed schedule, with set start and finish dates. It is driven forward by your instructor and features live sessions that are aired at a set time. You will, however, have time to complete certain activities at your own pace outside of the live sessions.

The materials for each module are accessible from the start of the course and will remain available for the duration of your enrollment. Methods of learning and assessment will include reading material, hands-on labs and online exam questions.

As part of our mentoring service you will have access to valuable guidance and support throughout the course. We provide a dedicated discussion space where you can ask questions, chat with your peers, and resolve issues.

Once you have successfully completed the course, you will earn your Certificate of Completion.

You will be able to:

  • Explain how Microsoft Defender for Endpoint can remediate risks in your environment.
  • Create a Microsoft Defender for an Endpoint environment.
  • Configure Attack Surface Reduction rules on Windows 10 devices.
  • Perform actions on a device using Microsoft Defender for Endpoint.
  • Investigate domains and IP addresses in Microsoft Defender for Endpoint.
  • Investigate user accounts in Microsoft Defender for Endpoint.
  • Configure alert settings in Microsoft Defender for Endpoint.
  • Explain how the threat landscape is evolving.
  • Conduct advanced hunting in Microsoft 365 Defender.
  • Manage incidents in Microsoft 365 Defender.
  • Explain how Microsoft Defender for Identity can remediate risks in your environment.
  • Investigate DLP alerts in Microsoft Cloud App Security.
  • Explain the types of actions you can take on an insider risk management case.
  • Configure auto-provisioning in Azure Defender. Remediate alerts in Azure Defender.
  • Construct KQL statements.
  • Filter searches based on event time, severity, domain, and other relevant data using KQL.
  • Extract data from unstructured string fields using KQL. Manage an Azure Sentinel workspace.
  • Use KQL to access the watchlist in Azure Sentinel.
  • Manage threat indicators in Azure Sentinel.
  • Explain the Common Event Format and Syslog connector differences in Azure Sentinel.
  • Connect Azure Windows Virtual Machines to Azure Sentinel.
  • Configure Log Analytics agent to collect Sysmon events.
  • Create new analytics rules and queries using the analytics rule wizard.
  • Create a playbook to automate an incident response.
  • Use queries to hunt for threats.
  • Observe threats over time with livestream.
  • Individuals seeking to prepare for the Microsoft SC-200 certification exam.
  • Individuals keen to learn Azure concepts and technologies.
  • Experienced security operations analysts who want to extend their skills.
  • Individuals seeking to extend their knowledge to include security engineer technologies.
  • An understanding of the basics of cloud computing.

This course will help you to prepare for the SC-200: Microsoft Security Operations Analyst certification exam.

It is ideal for learners who are just beginning to work with cloud-based solutions and services and are looking to become a Security Operations Analyst.

  • It will provide you with the foundational knowledge you need of Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products.
  • You will learn how to reduce organizational risk by rapidly remediating active attacks in the environment.
  • You will learn how to advise on improvements to threat protection practices and how to refer violations of organizational policies to appropriate stakeholders.

When you take this course, you will also get information and guidance on the Microsoft certification process, knowledge checks and practice questions, and useful tips on how to pass the exam.

Course Outline

Introduction
Grading Scheme
Pre-Requisite
Exam and Certification Details
About this module
Introduction to threat protection with Microsoft 365
Mitigate incidents using Microsoft 365 Defender
Remediate risks with Microsoft Defender for Office 365
Microsoft Defender for Identity
Protect your identities with Azure AD Identity Protection
Microsoft Defender for Cloud Apps
Respond to data loss prevention alerts using Microsoft 365
Manage insider risk in Microsoft 365
Knowledge Check
About this module
Protect against threats with Microsoft Defender for Endpoint
Deploy the Microsoft Defender for Endpoint environment
Unit
Perform device investigations
Perform actions on a device
Perform evidence and entities investigations
Configure and manage automation
Configure for alerts and detections
Utilize Threat and Vulnerability Management
Knowledge Check
Plan for cloud workload protections using Microsoft Defender for Cloud
Workload protections in Microsoft Defender for Cloud
Connect Azure assets to Microsoft Defender for Cloud
Connect non-Azure resources to Microsoft Defender for Cloud
Remediate security alerts using Microsoft Defender for Cloud
Knowledge Check
About this module
Construct KQL statements for Microsoft Sentinel
Analyze query results using KQL
Build multi-table statements using KQL
Work with string data using KQL statements
Knowledge Check
About this module
Introduction to Microsoft Sentinel
Create and manage Microsoft Sentinel workspaces
Query logs in Microsoft Sentinel
Use watchlists in Microsoft Sentinel
Utilize threat intelligence in Microsoft Sentinel
Knowledge Check
About this module
Connect data to Microsoft Sentinel using data connectors
Connect Microsoft services to Microsoft Sentinel
Connect Microsoft 365 Defender to Microsoft Sentinel
Connect Windows hosts to Microsoft Sentinel
Connect Common Event Format logs to Microsoft Sentinel
Connect syslog data sources to Microsoft Sentinel
Unit
Knowledge Check
About this module
Threat detection with Microsoft Sentinel analytics
Security incident management in Microsoft Sentinel
Threat response with Microsoft Sentinel playbooks
User and entity behavior analytics in Microsoft Sentinel
Query, visualize, and monitor data in Microsoft Sentinel
Knowledge Check
About this module
Threat hunting concepts in Microsoft Sentinel
Threat hunting with Microsoft Sentinel
Hunt for threats using notebooks in Microsoft Sentinel
Knowledge Check
Instructions
Mitigate threats using Microsoft 365 Defender
Mitigate threats using Microsoft Defender for Endpoint
Mitigate threats using Azure Defender
Create queries for Azure Sentinel using Kusto Query Language
Configure your Azure Sentinel environment
Connect Linux hosts to Azure Sentinel using data connectors
Activate a Microsoft Security rule
Create detections and perform investigations using Azure Sentinel & Perform threat hunting in Azure Sentinel
Practice Set 1
Practice Set 2
Download your certificate
Course Certificate

Earn your certificate

Once you have completed this course, you will earn your certificate.

Preview digital certificate
SC-200: Microsoft Security Operations Analyst

FAQs

This course is 100% online. You will not need to attend classes in person. However, it is instructor-led, so to be able to complete this course, you will need access to the internet for the live sessions. You will also need the required technology to be able to use the course materials. The materials for the course are in the form of articles, videos, knowledge checks, and practice exam questions.

In addition to this, you will be actively encouraged to connect with your mentors and instructors on the course through the dedicated discussion space.

SC-200: Microsoft Security Operations Analyst is an instructor-led course. This means live sessions are aired at pre-set times, and the course starts and finishes on set dates. However, you will have the opportunity to enjoy some self-paced work as well, for you are able to complete certain activities in your own time. The course takes place over 4 consecutive days, for 8 hours each day.

The certification exam tests your ability to carry out certain security tasks, including using Microsoft 365 Defender to defend against threats, using Azure Defender to defend against threats, and additionally using Azure Sentinel to do the same.

We recommend that learners who wish to prepare for the Microsoft SC-200 certification exam should take this course. They will be able to refresh their knowledge and gain useful tips and tricks on how to pass the exam. Additionally, however, people who are seeking to learn about Azure concepts and technologies will find it extremely beneficial. And experienced security operations analysts who want to extend their skills will find it of great use too.

Learning online is an ideal option for individuals keen to learn in the comfort of their own home. It removes the need for you to travel and makes it much easier to manage your time. Though this course is online, you will still benefit from instructor-led training with certified trainers, who deliver the classes. You will also have access to our 24/7 discussion space, and our mentoring services are always there to help you out during your learning journey. You will not be learning alone!