SC-200 Microsoft Security Operations Analyst

Duration

4 Days

24 CPD hours

About this course

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

Description

Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

Prerequisites

Basic understanding of Microsoft 365

Fundamental understanding of Microsoft security, compliance, and identity products

Intermediate understanding of Windows 10

Familiarity with Azure services, specifically Azure SQL Database and Azure Storage

Familiarity with Azure virtual machines and virtual networking

Basic understanding of scripting concepts.

1 - Introduction to Microsoft 365 threat protection

Explore Extended Detection & Response (XDR) response use cases
Understand Microsoft Defender XDR in a Security Operations Center (SOC)
Explore Microsoft Security Graph
Investigate security incidents in Microsoft Defender XDR

2 - Mitigate incidents using Microsoft 365 Defender

Use the Microsoft Defender portal
Manage incidents
Investigate incidents
Manage and investigate alerts
Manage automated investigations
Use the action center
Explore advanced hunting
Investigate Microsoft Entra sign-in logs
Understand Microsoft Secure Score
Analyze threat analytics
Analyze reports
Configure the Microsoft Defender portal

3 - Protect your identities with Microsoft Entra ID Protection

Microsoft Entra ID Protection overview
Detect risks with Microsoft Entra ID Protection policies
Investigate and remediate risks detected by Microsoft Entra ID Protection

4 - Remediate risks with Microsoft Defender for Office 365

Automate, investigate, and remediate
Configure, protect, and detect
Simulate attacks

5 - Safeguard your environment with Microsoft Defender for Identity

Configure Microsoft Defender for Identity sensors
Review compromised accounts or data
Integrate with other Microsoft tools

6 - Secure your cloud apps and services with Microsoft Defender for Cloud Apps

Understand the Defender for Cloud Apps Framework
Explore your cloud apps with Cloud Discovery
Protect your data and apps with Conditional Access App Control
Walk through discovery and access control with Microsoft Defender for Cloud Apps
Classify and protect sensitive information
Detect Threats

7 - Respond to data loss prevention alerts using Microsoft 365

Describe data loss prevention alerts
Investigate data loss prevention alerts in Microsoft Purview
Investigate data loss prevention alerts in Microsoft Defender for Cloud Apps

8 - Manage insider risk in Microsoft Purview

Insider risk management overview
Create and manage insider risk policies
Investigate insider risk alerts
Take action on insider risk alerts through cases
Manage insider risk management forensic evidence
Create insider risk management notice templates

9 - Investigate threats by using audit features in Microsoft Defender XDR and Microsoft Purview Standard

Explore Microsoft Purview Audit solutions
Implement Microsoft Purview Audit (Standard)
Start recording activity in the Unified Audit Log
Search the Unified Audit Log (UAL)
Export, configure, and view audit log records
Use audit log searching to investigate common support issues

10 - Investigate threats using audit in Microsoft Defender XDR and Microsoft Purview (Premium)

Explore Microsoft Purview Audit (Premium)
Implement Microsoft Purview Audit (Premium)
Manage audit log retention policies
Investigate compromised email accounts using Purview Audit (Premium)

11 - Investigate threats with Content search in Microsoft Purview

Explore Microsoft Purview eDiscovery solutions
Create a content search
View the search results and statistics
Export the search results and search report
Configure search permissions filtering
Search for and delete email messages

12 - Protect against threats with Microsoft Defender for Endpoint

Practice security administration
Hunt threats within your network

13 - Deploy the Microsoft Defender for Endpoint environment

Create your environment
Understand operating systems compatibility and features
Onboard devices
Manage access
Create and manage roles for role-based access control
Configure device groups
Configure environment advanced features

14 - Implement Windows security enhancements with Microsoft Defender for Endpoint

Understand attack surface reduction
Enable attack surface reduction rules

15 - Perform device investigations in Microsoft Defender for Endpoint

Use the device inventory list
Investigate the device
Use behavioral blocking
Detect devices with device discovery

16 - Perform actions on a device using Microsoft Defender for Endpoint

Explain device actions
Run Microsoft Defender antivirus scan on devices
Collect investigation package from devices
Initiate live response session

17 - Perform evidence and entities investigations using Microsoft Defender for Endpoint

Investigate a file
Investigate a user account
Investigate an IP address
Investigate a domain

18 - Configure and manage automation using Microsoft Defender for Endpoint

Configure advanced features
Manage automation upload and folder settings
Configure automated investigation and remediation capabilities
Block at risk devices

19 - Configure for alerts and detections in Microsoft Defender for Endpoint

Configure advanced features
Configure alert notifications
Manage alert suppression
Manage indicators

20 - Utilize Vulnerability Management in Microsoft Defender for Endpoint

Understand vulnerability management
Explore vulnerabilities on your devices
Manage remediation

21 - Plan for cloud workload protections using Microsoft Defender for Cloud

Explain Microsoft Defender for Cloud
Describe Microsoft Defender for Cloud workload protections
Enable Microsoft Defender for Cloud

22 - Connect Azure assets to Microsoft Defender for Cloud

Explore and manage your resources with asset inventory
Configure auto provisioning
Manual log analytics agent provisioning

23 - Connect non-Azure resources to Microsoft Defender for Cloud

Protect non-Azure resources
Connect non-Azure machines
Connect your AWS accounts
Connect your GCP accounts

24 - Manage your cloud security posture management

Explore Secure Score
Explore Recommendations
Measure and enforce regulatory compliance
Understand Workbooks

25 - Explain cloud workload protections in Microsoft Defender for Cloud

Understand Microsoft Defender for servers
Understand Microsoft Defender for App Service
Understand Microsoft Defender for Storage
Understand Microsoft Defender for SQL
Understand Microsoft Defender for open-source databases
Understand Microsoft Defender for Key Vault
Understand Microsoft Defender for Resource Manager
Understand Microsoft Defender for DNS
Understand Microsoft Defender for Containers
Understand Microsoft Defender additional protections

26 - Remediate security alerts using Microsoft Defender for Cloud

Understand security alerts
Remediate alerts and automate responses
Suppress alerts from Defender for Cloud
Generate threat intelligence reports
Respond to alerts from Azure resources

27 - Construct KQL statements for Microsoft Sentinel

Understand the Kusto Query Language statement structure
Use the search operator
Use the where operator
Use the let statement
Use the extend operator
Use the order by operator
Use the project operators

28 - Analyze query results using KQL

Use the summarize operator
Use the summarize operator to filter results
Use the summarize operator to prepare data
Use the render operator to create visualizations

29 - Build multi-table statements using KQL

Use the union operator
Use the join operator

30 - Work with data in Microsoft Sentinel using Kusto Query Language

Extract data from unstructured string fields
Extract data from structured string data
Integrate external data
Create parsers with functions

31 - Introduction to Microsoft Sentinel

What is Microsoft Sentinel
How Microsoft Sentinel works
When to use Microsoft Sentinel

32 - Create and manage Microsoft Sentinel workspaces

Plan for the Microsoft Sentinel workspace
Create a Microsoft Sentinel workspace
Manage workspaces across tenants using Azure Lighthouse
Understand Microsoft Sentinel permissions and roles
Manage Microsoft Sentinel settings
Configure logs

33 - Query logs in Microsoft Sentinel

Query logs in the logs page
Understand Microsoft Sentinel tables
Understand common tables
Understand Microsoft Defender XDR tables

34 - Use watchlists in Microsoft Sentinel

Plan for watchlists
Create a watchlist
Manage watchlists

35 - Utilize threat intelligence in Microsoft Sentinel

Define threat intelligence
Manage your threat indicators
View your threat indicators with KQL

36 - Connect data to Microsoft Sentinel using data connectors

Ingest log data with data connectors
Understand data connector providers
View connected hosts

37 - Connect Microsoft services to Microsoft Sentinel

Plan for Microsoft services connectors
Connect the Microsoft Office 365 connector
Connect the Microsoft Entra connector
Connect the Microsoft Entra ID Protection connector
Connect the Azure Activity connector

38 - Connect Microsoft Defender XDR to Microsoft Sentinel

Plan for Microsoft Defender XDR connectors
Connect the Microsoft Defender XDR connector
Connect Microsoft Defender for Cloud connector
Connect Microsoft Defender for IoT
Connect Microsoft Defender legacy connectors

39 - Connect Windows hosts to Microsoft Sentinel

Plan for Windows hosts security events connector
Connect using the Windows Security Events via AMA Connector
Connect using the Security Events via Legacy Agent Connector
Collect Sysmon event logs

40 - Connect Common Event Format logs to Microsoft Sentinel

Plan for Common Event Format connector
Connect your external solution using the Common Event Format connector

41 - Connect syslog data sources to Microsoft Sentinel

Plan for syslog data collection
Collect data from Linux-based sources using syslog
Configure the Data Collection Rule for Syslog Data Sources
Parse syslog data with KQL

42 - Connect threat indicators to Microsoft Sentinel

Plan for threat intelligence connectors
Connect the threat intelligence TAXII connector
Connect the threat intelligence platforms connector
View your threat indicators with KQL

43 - Threat detection with Microsoft Sentinel analytics

What is Microsoft Sentinel Analytics
Types of analytics rules
Create an analytics rule from templates
Create an analytics rule from wizard
Manage analytics rules

44 - Automation in Microsoft Sentinel

Understand automation options
Create automation rules

45 - Threat response with Microsoft Sentinel playbooks

What are Microsoft Sentinel playbooks
Trigger a playbook in real-time
Run playbooks on demand

46 - Security incident management in Microsoft Sentinel

Understand incidents
Incident evidence and entities
Incident management

47 - Identify threats with Behavioral Analytics

Understand behavioral analytics
Explore entities
Display entity behavior information
Use Anomaly detection analytical rule templates

48 - Data normalization in Microsoft Sentinel

Understand data normalization
Use ASIM Parsers
Understand parameterized KQL functions
Create an ASIM Parser
Configure Azure Monitor Data Collection Rules

49 - Query, visualize, and monitor data in Microsoft Sentinel

Monitor and visualize data
Query data using Kusto Query Language
Use default Microsoft Sentinel Workbooks
Create a new Microsoft Sentinel Workbook

50 - Manage content in Microsoft Sentinel

Use solutions from the content hub
Use repositories for deployment

51 - Explain threat hunting concepts in Microsoft Sentinel

Understand cybersecurity threat hunts
Develop a hypothesis
Explore MITRE ATT&CK

52 - Threat hunting with Microsoft Sentinel

Explore creation and management of threat-hunting queries
Save key findings with bookmarks
Observe threats over time with livestream

53 - Use Search jobs in Microsoft Sentinel

Hunt with a Search Job
Restore historical data

54 - Hunt for threats using notebooks in Microsoft Sentinel

Access Azure Sentinel data with external tools
Hunt with notebooks
Create a notebook
Explore notebook code

Additional course details:

Nexus Humans SC-200T00 Microsoft Security Operations Analyst training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward.

This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts.

Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success.

While we feel this is the best course for the SC-200T00 Microsoft Security Operations Analyst course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you.

Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Training Insurance Included!

When you organise training, we understand that there is a risk that some people may fall ill, become unavailable. To mitigate the risk we include training insurance for each delegate enrolled on our public schedule, they are welcome to sit on the same Public class within 6 months at no charge, if the case arises.

What people say about us

Booking process was very easy. Once initial contact was made everything happened smoothly.

Pfizer

Great course yesterday and can’t give enough amazing feedback for John. I’ve never had a teacher hold attention of a class from start to finish, but yesterday he did this.

Jennifer O'Connor

Vistra

Alan delivered the training in an easy to understand and pleasant manner which was broken down into manageable chunks with an appropriate number of breaks to give folk time away from their laptops and screens. It is never easy to do 2 days of training on a fairly in-depth subject involving Software even in a classroom environment and remaining focused and engaged so doing it remotely adds another level of complexity, but I have to say that personally this was one of the best Training Events that I have attended for some years. I have gained so much knowledge of MS Project and it will certainly make my job easier going forward.

A large part of what I gained has to be credited to Alan’s manner and delivery and I should be grateful if you could pass on my thanks to him.

Also, the support, together with joining instructions & training literature etc from Nexus Human has been excellent – thank you for that. I intend feeding that back to our People and ICT Teams too

Nexus Human - Project class

December 2023

This was my 2nd course with Nexus Human and I enjoy the format of the courses.
This was very well-run, the instructor was superb and i will get a lot of benefit from having access for the next 6 months, I look forward to the next course.

Cathal

Kerry, Ireland

I would like to thank the staff of Nexus Human, who were very helpful, prompt, friendly and professional in helping me attain my Microsoft certification. I would like to thank Abdul in particular for his guidance during the course and commend him on his knowledge of software development.

Paul

ITC Group
Dublin

This is the 3rd course I have done with Arun. He is very helpful and always supportive if I have other questions outside the lecture parameters. I have already recommended him and Nexus Human to work colleges and would do so again after this course.

Philip

Nexus Human Classroom Student

The instructor was excellent. Was willing to field any questions we had and deal with our specific queries.

Excel student

The class just finished and I just wanted to mention to you that it was absolutely amazing. The quality of the training had very high standards, the trainer explained amazingly well and we actually practiced (did) all the steps. It was not learning by watching a presentation but by actually doing. The training has been delivered from Atlanta (US) and I cannot wait to go tomorrow in the office and recommend it. The connection and the lab environment were running perfectly.
Once again thank you very much and looking forward for the next trainings scheduled. Enrolling via Nexus Human was the perfect choice.

Cristina, Nexus Human IT Course Attendee

Firstly I would like to say thanks, I found the course I sat yesterday extremely beneficial and the instructor was fantastic, she was enthusiastic and engaging and I would highly recommend the course to friends and colleagues. The post class services are also excellent!

Adobe Student

Sharon was lovely and has a fantastic knowledge. Honestly I didn't think I needed part 1 but I am SO glad I came. Thank you. Will be back in for part 2.

Nexus Human Student

Excellent interaction and answered all of my questions. Looking forward to being able to apply some of the tips and features learned today which hopefully should have real impact on some of the more time consuming tasks currently encountered.

Nexus Human Power BI Attendee

Brilliant
Wonderful teacher
Course presented extremely well indeed

Nexus Human Student feedback

Your Recommended Dates

Quick Email

13 May 25

09:30 - 17:00 Live Online 1,980

16 Dec 25

09:30 - 17:00 Live Online 1,980

Global Schedule

GTR = Guarenteed to Run

12 May 25

14:00 - 22:00Live Online2,494

Exam VoucherBook Now

FlexibleVarious165

Find out more about this course

Interested in alternative dates? Would like to book a private session of this course for your company? Or for any other queries please simply fill out the form below.

Popular Courses

Certifications

Skill Up Cards

Skill Up Card - Course Bundles