Microsoft Security Operations Analyst SC200 Overview

Microsoft Security Operations Analyst SC200 Course Outline

Module 1: Introduction to Microsoft 365 Threat Protection

  • Introduction
  • Explore Extended Detection and Response (XDR) Response Use Cases
  • Understand Microsoft 365 Defender in a Security Operations Centre (SOC)
  • Explore Microsoft Security Graph
  • Investigate Security Incident in Microsoft 365 Defender

Module 2: Mitigate Incidents Using Microsoft 365 Defender

  • Introduction
  • Use the Microsoft 365 Defender Portal
  • Manage Incidents
  • Investigate Incidents
  • Manage and Investigate Alerts
  • Manage Automated Investigations
  • Use the Action Centre
  • Explore Advanced Hunting
  • Investigate Azure AD Sign-In Logs
  • Understand Microsoft Secure Score
  • Analyse Threat Analytics
  • Analyse Reports
  • Configure the Microsoft 365 Defender Portal

Module 3: Protect Your Identities with Azure AD Identity Protection

  • Introduction
  • Azure AD Identity Protection Overview
  • Detect Risks with Azure AD Identity Protection Policies
  • Investigate and Remediate Risks Detected by Azure AD Identity Protection

Module 4: Remediate Risks with Microsoft Defender for Office 365

  • Introduction to Microsoft Defender for Office 365
  • Automate, Investigate, and Remediate
  • Configure, Protect, and Detect
  • Simulate Attacks

Module 5: Safeguard Your Environment with Microsoft Defender for Identity

  • Introduction to Microsoft Defender for Identity
  • Configure Microsoft Defender for Identity Sensors
  • Review Compromised Accounts or Data
  • Integrate with Other Microsoft Tools

Module 6: Secure Your Cloud Apps and Services with Microsoft Defender for Cloud Apps

  • Introduction
  • Understand the Defender for Cloud Apps Framework
  • Explore Your Cloud Apps with Cloud Discovery
  • Protect Your Data and Apps with Conditional Access App Control
  • Walk Through Discovery and Access Control with Microsoft Defender for Cloud Apps
  • Classify and Protect Sensitive Information
  • Detect Threats

Module 7: Respond to Data Loss Prevention Alerts Using Microsoft 365

  • Introduction
  • Describe Data Loss Prevention Alerts
  • Investigate Data Loss Prevention Alerts in Microsoft Purview
  • Investigate Data Loss Prevention Alerts in Microsoft Defender for Cloud Apps

Module 8: Manage Insider Risk in Microsoft Purview

  • Insider Risk Management Overview
  • Introduction to Managing Insider Risk Policies
  • Create and Manage Insider Risk Policies
  • Knowledge Check
  • Investigate Insider Risk Alerts
  • Take Action on Insider Risk Alerts through Cases
  • Manage Insider Risk Management Forensic Evidence
  • Create Insider Risk Management Notice Templates

Module 9: Investigate Threats by Using Audit Features in Microsoft 365 Defender and Microsoft Purview Standard

  • Introduction to Threat Investigation with the Unified Audit Log (UAL)
  • Explore Microsoft Purview Audit Solutions
  • Implement Microsoft Purview Audit (Standard)
  • Start Recording Activity in the Unified Audit Log
  • Search the Unified Audit Log (UAL)
  • Export, Configure, and View Audit Log Records
  • Use Audit Log Searching to Investigate Common Support Issues

Module 10: Investigate Threats Using Audit in Microsoft 365 Defender and Microsoft Purview (Premium)

  • Introduction to Threat Investigation with the Unified Audit Log (UAL)
  • Explore Microsoft Purview Audit Solutions
  • Implement Microsoft Purview Audit (Standard)
  • Start Recording Activity in the Unified Audit Log
  • Search the Unified Audit Log (UAL)
  • Export, Configure, and View Audit Log Records
  • Use Audit Log Searching to Investigate Common Support Issues

Module 11: Investigate Threats with Content Search in Microsoft Purview

  • Introduction
  • Explore Microsoft Purview eDiscovery Solutions
  • Create a Content Search
  • View the Search Results and Statistics
  • Export the Search Results and Search Report
  • Configure Search Permissions Filtering
  • Search for and Delete Email Messages

Module 12: Protect Against Threats with Microsoft Defender for Endpoint

  • Introduction to Microsoft Defender for Endpoint
  • Practice Security Administration
  • Hunt Threats within Your Network

Module 13: Deploy the Microsoft Defender for Endpoint Environment

  • Introduction
  • Create Your Environment
  • Understand Operating Systems Compatibility and Features
  • Onboard Devices
  • Manage Access
  • Create and Manage Roles for Role-Based Access Control
  • Configure Device Groups
  • Configure Environment Advanced Features

Module 14: Implement Windows Security Enhancements with Microsoft Defender for Endpoint

  • Introduction
  • Understand Attack Surface Reduction
  • Enable Attack Surface Reduction Rules

Module 15: Perform Device Investigations in Microsoft Defender for Endpoint

  • Introduction
  • Use the Device Inventory List
  • Investigate the Device
  • Use Behavioral Blocking
  • Detect Devices with Device Discovery

Module 16: Perform Actions on a Device Using Microsoft Defender for Endpoint

  • Introduction
  • Explain Device Actions
  • Run Microsoft Defender Antivirus Scan on Devices
  • Collect Investigation Package from Devices
  • Initiate Live Response Session

Module 17: Perform Evidence and Entities Investigations Using Microsoft Defender for Endpoint

  • Introduction
  • Investigate a File
  • Investigate a User Account
  • Investigate an IP Address
  • Investigate a Domain

Module 18: Configure and Manage Automation Using Microsoft Defender for Endpoint

  • Introduction
  • Configure Advanced Features
  • Manage Automation Upload and Folder Settings
  • Configure Automated Investigation and Remediation Capabilities
  • Block At-Risk Devices

Module 19: Configure for Alerts and Detections in Microsoft Defender for Endpoint

  • Introduction
  • Configure Advanced Features
  • Configure Alert Notifications
  • Manage Alert Suppression
  • Manage Indicators

Module 20: Utilise Vulnerability Management in Microsoft Defender for Endpoint

  • Introduction
  • Understand Vulnerability Management
  • Explore Vulnerabilities on Your Devices
  • Manage Remediation

Module 21: Plan for Cloud Workload Protections Using Microsoft Defender for Cloud

  • Introduction
  • Explain Microsoft Defender for Cloud
  • Describe Microsoft Defender for Cloud Workload Protections
  • Exercise – Microsoft Defender for Cloud Interactive Guide
  • Enable Microsoft Defender for Cloud

Module 22: Connect Azure Assets to Microsoft Defender for Cloud

  • Introduction
  • Explore and Manage Your Resources with Asset Inventory
  • Configure Auto Provisioning
  • Manual Log Analytics Agent Provisioning

Module 23: Connect Non-Azure Resources to Microsoft Defender for Cloud

  • Introduction
  • Protect Non-Azure Resources
  • Connect Non-Azure Machines
  • Connect Your AWS Accounts
  • Connect Your GCP Accounts

Module 24: Manage Your Cloud Security Posture Management

  • Introduction
  • Explore Secure Score
  • Explore Recommendations
  • Measure and Enforce Regulatory Compliance
  • Understand Workbooks

Module 25: Explain Cloud Workload Protections in Microsoft Defender for Cloud

  • Introduction
  • Understand Microsoft Defender for Servers
  • Understand Microsoft Defender for App Service
  • Understand Microsoft Defender for Storage
  • Understand Microsoft Defender for SQL
  • Understand Microsoft Defender for Open-Source Databases
  • Understand Microsoft Defender for Key Vault
  • Understand Microsoft Defender for Resource Manager
  • Understand Microsoft Defender for DNS
  • Understand Microsoft Defender for Containers
  • Understand Microsoft Defender Additional Protections

Module 26: Remediate Security Alerts Using Microsoft Defender for Cloud

  • Introduction
  • Understand Security Alerts
  • Remediate Alerts and Automate Responses
  • Suppress Alerts from Defender for Cloud
  • Generate Threat Intelligence Reports
  • Respond to Alerts from Azure Resources

Module 27: Construct KQL Statements for Microsoft Sentinel

  • Introduction
  • Understand the Kusto Query Language Statement Structure
  • Use the Search Operator
  • Use the Where Operator
  • Use the Let Statement
  • Use the Extend Operator
  • Use the Order By Operator
  • Use the Project Operators

Module 28: Analyse Query Results Using KQL

  • Introduction
  • Use the Summarise Operator
  • Use the Summarise Operator to Filter Results
  • Use the Summarise Operator to Prepare Data
  • Use the Render Operator to Create Visualisations

Module 29: Build Multi-Table Statements Using KQL

  • Introduction
  • Use the Union Operator
  • Use the Join Operator

Module 30: Work with Data in Microsoft Sentinel Using Kusto Query Language

  • Introduction
  • Extract Data from Unstructured String Fields
  • Extract Data from Structured String Data
  • Integrate External Data
  • Create Parsers with Functions

Module 31: Introduction to Microsoft Sentinel

  • Introduction
  • What is Microsoft Sentinel?
  • How Microsoft Sentinel Works?
  • When to Use Microsoft Sentinel?

Module 32: Create and Manage Microsoft Sentinel Workspaces

  • Introduction
  • Plan for the Microsoft Sentinel Workspace
  • Create a Microsoft Sentinel Workspace
  • Manage Workspaces Across Tenants Using Azure Lighthouse
  • Understand Microsoft Sentinel Permissions and Roles
  • Manage Microsoft Sentinel Settings
  • Configure Logs

Module 33: Query Logs in Microsoft Sentinel

  • Introduction
  • Query Logs in the Logs Page
  • Understand Microsoft Sentinel Tables
  • Understand Common Tables
  • Understand Microsoft 365 Defender Tables

Module 34: Use Watchlists in Microsoft Sentinel

  • Introduction
  • Plan for Watchlists
  • Create a Watchlist
  • Manage Watchlists

Module 35: Utilise Threat Intelligence in Microsoft Sentinel

  • Introduction
  • Define Threat Intelligence
  • Manage Your Threat Indicators
  • View Your Threat Indicators with KQL

Module 36: Connect Data to Microsoft Sentinel Using Data Connectors

  • Introduction
  • Ingest Log Data with Data Connectors
  • Understand Data Connector Providers
  • View Connected Hosts

Module 37: Connect Microsoft Services to Microsoft Sentinel

  • Introduction
  • Plan for Microsoft Services Connectors
  • Connect the Microsoft Office 365 Connector
  • Connect the Azure Active Directory Connector
  • Connect the Azure Active Directory Identity Protection Connector
  • Connect the Azure Activity Connector

Module 38: Connect Microsoft 365 Defender to Microsoft Sentinel

  • Introduction
  • Plan for Microsoft 365 Defender Connectors
  • Connect the Microsoft 365 Defender Connector
  • Connect Microsoft Defender for Cloud Connector
  • Connect Microsoft Defender for IoT
  • Connect Microsoft Defender Legacy Connectors

Module 39: Connect Windows Hosts to Microsoft Sentinel

  • Introduction
  • Plan for Windows Hosts Security Events Connector
  • Connect Using the Windows Security Events via AMA Connector
  • Connect Using the Security Events via Legacy Agent Connector
  • Collect Sysmon Event Logs

Module 40: Connect Common Event Format Logs to Microsoft Sentinel

  • Introduction
  • Plan for Common Event Format Connector
  • Connect Your External Solution Using the Common Event Format Connector

Module 41: Connect Syslog Data Sources to Microsoft Sentinel

  • Introduction
  • Plan for Syslog Data Collection
  • Collect Data from Linux-Based Sources Using Syslog
  • Configure the Data Collection Rule for Syslog Data Sources
  • Parse Syslog Data with KQL

Module 42: Connect Threat Indicators to Microsoft Sentinel

  • Introduction
  • Plan for Threat Intelligence Connectors
  • Connect the Threat Intelligence TAXII Connector
  • Connect the Threat Intelligence Platforms Connector
  • View Your Threat Indicators with KQL

Module 43: Threat Detection with Microsoft Sentinel Analytics

  • Introduction
  • Exercise - Detect Threats with Microsoft Sentinel Analytics
  • What is Microsoft Sentinel Analytics?
  • Types of Analytics Rules
  • Create an Analytics Rule from Templates
  • Create an Analytics Rule from Wizard
  • Manage Analytics Rules
  • Exercise - Detect Threats with Microsoft Sentinel Analytics

Module 44: Automation in Microsoft Sentinel

  • Introduction
  • Understand Automation Options
  • Create Automation Rules

Module 45: Security Incident Management in Microsoft Sentinel

  • Introduction
  • Exercise - Set Up the Azure Environment
  • Understand Incidents
  • Incident Evidence and Entities
  • Incident Management
  • Exercise - Investigate an Incident

Module 46: Identify Threats with Behavioral Analytics

  • Introduction
  • Understand Behavioral Analytics
  • Explore Entities
  • Display Entity Behavior Information
  • Use Anomaly Detection Analytical Rule Templates

Module 47: Data Normalisation in Microsoft Sentinel

  • Introduction
  • Understand Data Normalisation
  • Use ASIM Parsers
  • Understand Parameterised KQL Functions
  • Create an ASIM Parser
  • Configure Azure Monitor Data Collection Rules

Module 48: Query, Visualise, and Monitor Data in Microsoft Sentinel

  • Introduction
  • Exercise - Query and Visualise Data with Microsoft Sentinel Workbooks
  • Monitor and Visualise Data
  • Query Data Using Kusto Query Language
  • Use Default Microsoft Sentinel Workbooks
  • Create a New Microsoft Sentinel Workbook
  • Exercise - Visualise Data Using Microsoft Sentinel Workbooks

Module 49: Manage Content in Microsoft Sentinel

  • Introduction
  • Use Solutions from the Content Hub
  • Use Repositories for Deployment

Module 50: Explain Threat Hunting Concepts in Microsoft Sentinel

  • Introduction
  • Understand Cybersecurity Threat Hunts
  • Develop a Hypothesis
  • Explore MITRE ATT and CK

Module 51: Threat Hunting with Microsoft Sentinel

  • Introduction
  • Exercise Setup
  • Explore Creation and Management of Threat-Hunting Queries
  • Save Key Findings with Bookmarks
  • Observe Threats Over Time with Livestream
  • Exercise - Hunt for Threats by Using Microsoft Sentinel

Module 52: Use Search Jobs in Microsoft Sentinel

  • Introduction
  • Hunt with a Search Job
  • Restore Historical Data

Module 53: Hunt for Threats Using Notebooks in Microsoft Sentinel

  • Introduction
  • Access Azure Sentinel Data with External Tools
  • Hunt with Notebooks
  • Create a Notebook
  • Explore Notebook Code

Show moredowndown

Who should attend this Microsoft Security Operations Analyst SC200 Training Course?

This Microsoft Security Operations Analyst SC200 Course is designed for individuals who are interested in developing their skills and expertise in the field of Security Operations and Threat Detection and Response using Microsoft technologies. This training course is especially beneficial for the following professionals:

  • Cybersecurity Analysts
  • Threat Detection Specialists
  • Security Engineers
  • Incident Responders
  • IT Administrators
  • Network Administrators
  • Cloud Security Analysts

Prerequisites of the Microsoft Security Operations Analyst SC200 Training Course

There are no formal prerequisites for this Microsoft Security Operations Analyst SC200 Course. However, basic knowledge of Cybersecurity and IT concepts would be beneficial for the delegates.

Microsoft Security Operations Analyst SC200 Course Overview

The Microsoft Security Operations Analyst SC200 Training Course is a vital course that equips professionals with the knowledge and skills needed to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. In today's cybersecurity landscape, the ability to mitigate cyberthreats is of utmost importance, making this course highly relevant and valuable.

Professionals involved in Security Operations roles, including Security Engineers, Analysts, and those responsible for safeguarding digital assets, should aim to master this subject. With the increasing sophistication of cyber threats, knowing how to effectively use these technologies and Kusto Query Language (KQL) is crucial for ensuring the security and resilience of an organisation's digital infrastructure.

The 4-day training course offered by the Knowledge Academy is designed to empower delegates with the practical skills and knowledge necessary to excel in a Security Operations job role. This course focuses on configuring and using Microsoft Sentinel and utilising KQL for detection, analysis, and reporting. It also prepares learners for the SC-200: Microsoft Security Operations Analyst exam, making it a comprehensive and valuable training opportunity.

Course Objectives

  • To investigate and respond to threats using Microsoft Sentinel
  • To utilise Kusto Query Language (KQL) for threat detection and analysis
  • To configure Microsoft Sentinel for effective threat mitigation
  • To enhance threat hunting capabilities using Microsoft Defender for Cloud and Microsoft 365 Defender
  • To master the practical skills necessary for a Security Operations job role

Upon completion of this Microsoft Security Engineer Training Course, delegates will benefit from an advanced skill set and in-depth knowledge of threat mitigation using Microsoft security technologies. They will be well-prepared to effectively respond to cyber threats, enhancing their organisation's security posture and contributing to a safer digital environment.

Show moredowndown

What’s included in this Microsoft Security Operations Analyst SC200 Training Course?

  • World-Class Training Sessions from Experienced Instructors
  • Microsoft Security Operations Analyst SC200 Certificate
  • Digital Delegate Pack

Show moredowndown

Why choose us

Ways to take this course

Experience live, interactive learning from home with The Knowledge Academy's Online Instructor-led Microsoft Security Operations Analyst SC200. Engage directly with expert instructors, mirroring the classroom schedule for a comprehensive learning journey. Enjoy the convenience of virtual learning without compromising on the quality of interaction.

Unlock your potential with The Knowledge Academy's Microsoft Security Operations Analyst SC200, accessible anytime, anywhere on any device. Enjoy 90 days of online course access, extendable upon request, and benefit from the support of our expert trainers. Elevate your skills at your own pace with our Online Self-paced sessions.

Experience the most sought-after learning style with The Knowledge Academy's Microsoft Security Operations Analyst SC200. Available in 490+ locations across 190+ countries, our hand-picked Classroom venues offer an invaluable human touch. Immerse yourself in a comprehensive, interactive experience with our expert-led Microsoft Security Operations Analyst SC200 sessions.

best_trainers

Highly experienced trainers

Boost your skills with our expert trainers, boasting 10+ years of real-world experience, ensuring an engaging and informative training experience

venues

State of the art training venues

We only use the highest standard of learning facilities to make sure your experience is as comfortable and distraction-free as possible

small_classes

Small class sizes

Our Classroom courses with limited class sizes foster discussions and provide a personalised, interactive learning environment

value_for_money

Great value for money

Achieve certification without breaking the bank. Find a lower price elsewhere? We'll match it to guarantee you the best value

Streamline large-scale training requirements with The Knowledge Academy’s In-house/Onsite Microsoft Security Operations Analyst SC200 at your business premises. Experience expert-led classroom learning from the comfort of your workplace and engage professional development.

tailored_learning_experience

Tailored learning experience

Leverage benefits offered from a certification that fits your unique business or project needs

budget

Maximise your training budget

Cut unnecessary costs and focus your entire budget on what really matters, the training.

team_building

Team building opportunity

Our Microsoft Security Operations Analyst SC200 offers a unique chance for your team to bond and engage in discussions, enriching the learning experience beyond traditional classroom settings

monitor_progress

Monitor employees progress

The course know-how will help you track and evaluate your employees' progression and performance with relative ease

What our customers are saying

Microsoft Security Operations Analyst SC200 FAQs

This certification is tailored for security professionals who want to demonstrate their expertise in threat protection, incident response, and security operations. It validates skills in managing and mitigating security threats using Microsoft Defender and other security tools.
A Microsoft Security Operations Center (SOC) Analyst monitors, detects, analyses, and responds to security threats within an organisation's network infrastructure. They use tools like Microsoft Defender to identify and mitigate cybersecurity risks, ensuring the security of organisational data and systems.
The value of this course depends on your career goals and current skill set. If you aspire to work in cybersecurity operations and want to specialise in Microsoft technologies, this certification can be valuable for enhancing your credentials and advancing your career.
This certification course offers enhanced knowledge, career advancement, skill development, industry relevance, and job opportunities in security operations. It validates expertise in analysing and responding to security threats using Microsoft technologies.
There are no formal prerequisites for this Microsoft Security Operations Analyst SC200 Course. However, basic knowledge of Cybersecurity and IT concepts would be beneficial for the delegates.
This course comes with a 4-day training session from experienced trainers and a digital delegate pack.
The duration of this Microsoft Security Operations Analyst SC200 Training Course spans across 4 days.
From the Microsoft Security Operations Analyst SC200 Course, delegates can gain skills in threat detection, response, and mitigation techniques using Azure Sentinel. They will also develop proficiency in security incident analysis, threat hunting, and implementing security best practices in Azure environments.
After completing the course, individuals can pursue various career opportunities such as Security Operations Analyst, Threat Analyst, Security Engineer, Incident Responder, SOC Analyst, or Cloud Security Analyst in organizations utilizing Microsoft Azure and other cloud platforms.
Yes, The Knowledge Academy’s Microsoft Security Operations Analyst SC200 Certification is accredited by Microsoft.
The Knowledge Academy in the United Kingdom is a prestigious training provider known for its extensive course offerings, expert instructors, adaptable learning formats, and industry recognition. It's a dependable option for those seeking these courses.
The training fees for Microsoft Security Operations Analyst SC200 certification in the United Kingdom starts from £2495
The Knowledge Academy is the Leading global training provider for Microsoft Security Operations Analyst SC200.
Show more down

Why choose us

icon

Best price in the industry

You won't find better value in the marketplace. If you do find a lower price, we will beat it.

icon

Many delivery methods

Flexible delivery methods are available depending on your learning style.

icon

High quality resources

Resources are included for a comprehensive learning experience.

barclays Logo
deloitte Logo
Thames Water Logo

"Really good course and well organised. Trainer was great with a sense of humour - his experience allowed a free flowing course, structured to help you gain as much information & relevant experience whilst helping prepare you for the exam"

Joshua Davies, Thames Water

santander logo
bmw Logo
Google Logo
backBack to course information

Get a custom course package

We may not have any package deals available including this course. If you enquire or give us a call on 01344203999 and speak to our training experts, we should be able to help you with your requirements.

cross

OUR BIGGEST SPRING SALE!

Special Discounts

red-starWHO WILL BE FUNDING THE COURSE?

close

close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

close

close

Press esc to close

close close

Back to course information

Thank you for your enquiry!

One of our training experts will be in touch shortly to go overy your training requirements.

close close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.