SC-200: Microsoft Security Operations Analyst

Prepare to earn the Microsoft Security Operations Analyst certification in just 3 hours a week! Next cohort starts April 17, 2025! 

Why Hybrid Training?

Flexible Hybrid Format

Experience the perfect blend of live instruction and self-paced learning, allowing you to stay engaged without disrupting your schedule.

Hands-On Learning

Gain practical experience through assignments, simulations, and labs, all designed to prepare you for real-world applications.

Consistent Instructor Support

Enjoy weekly live sessions that provide direct access to expert guidance, feedback, and support.

Certification Preparation

Prepare to earn Microsoft validated certifications that validate your skills, making you more attractive to career-focused employers.

Course Description

Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR and  Microsoft Defender for Cloud. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

Audience Profile

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

About this Course

Skills at a glance

  • Manage a security operations environment (20–25%)

  • Configure protections and detections (15–20%)

  • Manage incident response (25–30%)

  • Manage security threats (15–20%)

Manage a security operations environment

Configure settings in Microsoft Defender XDR

  • Configure alert and vulnerability notification rules

  • Configure Microsoft Defender for Endpoint advanced features

  • Configure endpoint rules settings

  • Manage automated investigation and response capabilities in Microsoft Defender XDR

  • Configure automatic attack disruption in Microsoft Defender XDR

Manage assets and environments

  • Configure and manage device groups, permissions, and automation levels in Microsoft Defender for Endpoint

  • Identify unmanaged devices in Microsoft Defender for Endpoint

  • Discover unprotected resources by using Defender for Cloud

  • Identify and remediate devices at risk by using Microsoft Defender Vulnerability Management

  • Mitigate risk by using Exposure Management in Microsoft Defender XDR

Design and configure a Microsoft Sentinel workspace

  • Plan a Microsoft Sentinel workspace

  • Configure Microsoft Sentinel roles

  • Specify Azure RBAC roles for Microsoft Sentinel configuration

  • Design and configure Microsoft Sentinel data storage, including log types and log retention

Ingest data sources in Microsoft Sentinel

  • Identify data sources to be ingested for Microsoft Sentinel

  • Implement and use Content hub solutions

  • Configure and use Microsoft connectors for Azure resources, including Azure Policy and diagnostic settings

  • Plan and configure Syslog and Common Event Format (CEF) event collections

  • Plan and configure collection of Windows Security events by using data collection rules, including Windows Event Forwarding (WEF)

  • Create custom log tables in the workspace to store ingested data

  • Monitor and optimize data ingestion

Configure protections and detections

Configure protections in Microsoft Defender security technologies

  • Configure policies for Microsoft Defender for Cloud Apps

  • Configure policies for Microsoft Defender for Office 365

  • Configure security policies for Microsoft Defender for Endpoints, including attack surface reduction (ASR) rules

  • Configure cloud workload protections in Microsoft Defender for Cloud

Configure detections in Microsoft Defender XDR

  • Configure and manage custom detection rules

  • Manage alerts, including tuning, suppression, and correlation

  • Configure deception rules in Microsoft Defender XDR

Configure detections in Microsoft Sentinel

  • Classify and analyze data by using entities

  • Configure and manage analytics rules

  • Query Microsoft Sentinel data by using ASIM parsers

  • Implement behavioral analytics

Manage incident response

Respond to alerts and incidents in the Microsoft Defender portal

  • Investigate and remediate threats by using Microsoft Defender for Office 365

  • Investigate and remediate ransomware and business email compromise incidents identified by automatic attack disruption

  • Investigate and remediate compromised entities identified by Microsoft Purview data loss prevention (DLP) policies

  • Investigate and remediate threats identified by Microsoft Purview insider risk policies

  • Investigate and remediate alerts and incidents identified by Microsoft Defender for Cloud workload protections

  • Investigate and remediate security risks identified by Microsoft Defender for Cloud Apps

  • Investigate and remediate compromised identities that are identified by Microsoft Entra ID

  • Investigate and remediate security alerts from Microsoft Defender for Identity

Respond to alerts and incidents identified by Microsoft Defender for Endpoint

  • Investigate device timelines

  • Perform actions on the device, including live response and collecting investigation packages

  • Perform evidence and entity investigation

Investigate Microsoft 365 activities

  • Investigate threats by using the unified audit log

  • Investigate threats by using Content Search

  • Investigate threats by using Microsoft Graph activity logs

Respond to incidents in Microsoft Sentinel

  • Investigate and remediate incidents in Microsoft Sentinel

  • Create and configure automation rules

  • Create and configure Microsoft Sentinel playbooks

  • Run playbooks on on-premises resources

Implement and use Copilot for Security

  • Create and use promptbooks

  • Manage sources for Copilot for Security, including plugins and files

  • Integrate Copilot for Security by implementing connectors

  • Manage permissions and roles in Copilot for Security

  • Monitor Copilot for Security capacity and cost

  • Identify threats and risks by using Copilot for Security

  • Investigate incidents by using Copilot for Security

Manage security threats

Hunt for threats by using Microsoft Defender XDR

  • Identify threats by using Kusto Query Language (KQL)

  • Interpret threat analytics in the Microsoft Defender portal

  • Create custom hunting queries by using KQL

Hunt for threats by using Microsoft Sentinel

  • Analyze attack vector coverage by using the MITRE ATT&CK matrix

  • Manage and use threat indicators

  • Create and manage hunts

  • Create and monitor hunting queries

  • Use hunting bookmarks for data investigations

  • Retrieve and manage archived log data

  • Create and manage search jobs

Create and configure Microsoft Sentinel workbooks

  • Activate and customize workbook templates

  • Create custom workbooks that include KQL

  • Configure visualizations

 

4 Weeks

Intermediate

  • Microsoft Azure
  • Microsoft 365
  • Security Engineer
  • Security Operations Analyst

Hybrid Course Schedule

CourseStart DateEnd DateMeets onStart TimeEnd TimeTime ZoneWeeksWeekly Live TrainingWeekly Self Paced
SC-900: Security, Identity and Compliance FundamentalsMarch 6thApril 10thThursday12:00 PM1:00 PMCentral41 Hour2 Hours
SC-200: Microsoft Security Operations AnalystApril 17thJune 6thThursday12:00 PM1:00 PMCentral81 Hour2 Hours

Microsoft Cybersecurity Track

Security, Identity and Compliance Fundamentals

Start Date: March 6, 2025
Duration: 4 Weeks
Format: Live + On-demand
Price: $299

View Course Description

Microsoft Security Operations Analyst

Start Date: April 17, 2025
Duration: 8 Weeks
Format: Live + On-demand
Price: $699

View Course Description

Have Questions?

We’re here to help! If you have any questions about our programs or need assistance with enrollment, please contact us.