Course Description: SC-200: Microsoft Security Operations Analyst Associate

Learn how to investigate, find, and respond to threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. In this course you will learn how to mitigate cyber threats using these technologies. Specifically, you will configure and use Microsoft Sentinel, as well as Kusto Query Language (KQL), to perform detection, analysis, and reporting. The course is designed for individuals in a security operations job role and helps students prepare for the SC-200: Microsoft Security Operations Analyst exam.

Audience profile

The Microsoft Security Operations Analyst role collaborates with organizational stakeholders to protect the organization's information technology systems. Its goal is to reduce organizational risks by quickly remediating active attacks in the environment, advising on improvements to threat protection procedures, and communicating violations of organizational policies to relevant stakeholders. Their responsibilities include managing and monitoring threats and responding to them through different security solutions in the environment. The role primarily involves investigating, detecting, and responding to threats using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security products. Since the security operations analyst is the one who will make use of the operational results of these tools, they are also a critical stakeholder in the configuration and implementation of these technologies.

Items in this collection

• Introduction to Microsoft 365 Threat Protection (6 Units)
• Incident mitigation with Microsoft 365 Defender (15 Units)
• Protecting identities with Azure AD Identity Protection (5 Units)
• Remediate risks with Microsoft Defender for Office 365 (5 Units)
• Protect your environment with Microsoft Defender for Identity (5 Units)
• Protect applications and services in the cloud with Microsoft Defender for Cloud Apps (9 Units)
• Response to data loss prevention alerts using Microsoft 365 (6 Units)
• Manage insider risk in Microsoft Purview (7 Units)
• Protect against threats with Microsoft Defender for Endpoint (4 Units)
• Microsoft Defender Endpoint Environment Deployment (10 Units)
• Deploy Windows security improvements with Microsoft Defender for Endpoint (5 Units)
• Perform device investigations in Microsoft Defender for Endpoint (7 Units)
• Perform actions on a device with Microsoft Defender for Endpoint (7 Units)
• Conduct investigations into evidence and entities with Microsoft Defender for Endpoint (7 Units)
• Configure and manage automation with Microsoft Defender for Endpoint (7 Units)
• Configuring alerts and detections in Microsoft Defender for Endpoint (7 Units)
• Using Vulnerability Management in Microsoft Defender for Endpoint (6 Units)
• Cloud workload protections explained in Microsoft Defender for the Cloud (7 Units)
• Connect Azure resources to Microsoft Defender for the cloud (6 Units)
• Connect non-Azure resources to Microsoft Defender for Cloud (7 Units)
• Cloud Security Posture Management (7 Units)
• Cloud workload protections explained in Microsoft Defender for Cloud (13 Units)
• Correction of security alerts using Microsoft Defender for Cloud (8 Units)
• Building KQL instructions for Microsoft Sentinel (10 Units)
• Using KQL to analyze query results (7 Units)
• Using KQL to create multi-table statements (5 Units)
• Work with data in Microsoft Sentinel using the Kusto query language (7 Units)
• Introduction to Microsoft Sentinel (6 Units)
• Creating and managing Microsoft Sentinel workspaces (9 Units)
• Query logs in Microsoft Sentinel (7 Units)
• Using Playlists in Microsoft Sentinel (6 Units)
• Using threat intelligence in Microsoft Sentinel (6 Units)
• Data connection to Microsoft Sentinel using data connectors (6 Units)
• Connection of Microsoft services to Microsoft Sentinel (8 Units)
• Connection of Microsoft 365 Defender to Microsoft Sentinel (10 Units)
• Connecting Windows Hosts to Microsoft Sentinel (7 Units)
• Connecting Common Event Format Logs to Microsoft Sentinel (5 Units)
• Connecting Syslog Data Sources to Microsoft Sentinel (7 Units)
• Connecting threat indicators to Microsoft Sentinel (7 Units)
• Threat detection with Microsoft Sentinel analysis (9 Units)
• Automation in Microsoft Sentinel (5 Units)
• Respond to Threats with Microsoft Sentinel Playbooks (7 Units)
• Security incident management in Microsoft Sentinel (7 Units)
• Identification of threats with Behavior Analysis (7 Units)
• Data normalization in Microsoft Sentinel (8 Units)
• Query, display and monitor data in Microsoft Sentinel (8 Units)
• Content Management in Microsoft Sentinel (5 Units)
• Explanation of threat hunting concepts in Microsoft Sentinel (6 Units)
• Threat hunting with Microsoft Sentinel (7 Units)
• Using search jobs in Microsoft Sentinel (5 Units)
• Search for threats with notebooks in Microsoft Sentinel (7 Units)

Course outline

Module 1: Mitigate threats using Microsoft Defender for Endpoint

• Protect against threats with Microsoft Defender for Endpoint
• Deploy the Microsoft Defender for Endpoint environment
• Implement Windows 10 security enhancements with Microsoft Defender for Endpoint
• Manage alerts and incidents in Microsoft Defender for Endpoint
• Perform device investigations in Microsoft Defender for Endpoint
• Perform actions on a device using Microsoft Defender for Endpoint
• Perform evidence and entities investigations using Microsoft Defender for Endpoint
• Configure and manage automation using Microsoft Defender for Endpoint
• Configure for alerts and detections in Microsoft Defender for Endpoint
• Use Threat and Vulnerability Management in Microsoft Defender for Endpoint

Lab: Mitigate threats using Microsoft Defender for Endpoint

Module 2

• Introduction to threat protection with Microsoft 365
• Mitigate incidents using Microsoft 365 Defender
• Protect your identities with Azure AD Identity Protection
• Remediate risks with Microsoft Defender for Office 365
• Safeguard your environment with Microsoft Defender for Identity
• Secure your cloud apps and services with Microsoft Cloud App Security
• Respond to data loss prevention alerts using Microsoft 365
• Manage insider risk in Microsoft 365

Lab: Mitigate threats using Microsoft 365 Defender

Module 3

• Plan for cloud workload protections using Azure Defender
• Explain cloud workload protections in Azure Defender
• Connect Azure assets to Azure Defender
• Connect non-Azure resources to Azure Defender
• Remediate security alerts using Azure Defender

Lab: Mitigate threats using Azure Defender

Module 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)

• Construct KQL statements for Azure Sentinel
• Analyze query results using KQL
• Build multi-table statements using KQL
• Work with data in Azure Sentinel using Kusto Query Language

Lab: Create queries for Azure Sentinel using Kusto Query Language (KQL)

Module 5: Configure your Azure Sentinel environment

• Introduction to Azure Sentinel
• Create and manage Azure Sentinel workspaces
• Query logs in Azure Sentinel
• Use watchlists in Azure Sentinel
• Use threat intelligence in Azure Sentinel

Lab: Configure your Azure Sentinel environment

Module 6: Connect logs to Azure Sentinel

• Connect data to Azure Sentinel using data connectors
• Connect Microsoft services to Azure Sentinel
• Connect Microsoft 365 Defender to Azure Sentinel
• Connect Windows hosts to Azure Sentinel
• Connect Common Event Format logs to Azure Sentinel
• Connect syslog data sources to Azure Sentinel
• Connect threat indicators to Azure Sentinel

Lab: Connect logs to Azure Sentinel

Module 7: Create detections and perform investigations using Azure Sentinel

• Threat detection with Azure Sentinel analytics
• Threat response with Azure Sentinel playbooks
• Security incident management in Azure Sentinel
• Use entity behavior analytics in Azure Sentinel
• Query, visualize, and monitor data in Azure Sentinel

Lab: Create detections and perform investigations using Azure Sentinel

Module 8: Perform threat hunting in Azure Sentinel

• Threat hunting with Azure Sentinel
• Hunt for threats using notebooks in Azure Sentinel

Lab: Threat hunting in Azure Sentinel

Previous requirements

• Basic knowledge of Microsoft 365
• Basic understanding of Microsoft identity, compliance, and security products
• Intermediate knowledge of Microsoft Windows
• Knowledge of Azure services, particularly Azure SQL Database and Azure Storage
• Familiarity with Azure virtual machines and virtual networks
• Basic knowledge of scripting concepts

Language

• Course: English/Spanish
• Labs: English

Current offer

Participate in the Microsoft 365 Copilot Security event in organizations on May 22 , 2024 and get a 30% discount on the official Microsoft course SC-200: Microsoft Security Operations Analyst Associate. *Offer valid only for webinar participants, for 15 days from the date of the event.