SC-200: Microsoft Security Operations Analyst
Prepare to earn the Microsoft Security Operations Analyst certification in just 3 hours a week! Next cohort starts April 17, 2025!
Why Hybrid Training?
Flexible Hybrid Format
Experience the perfect blend of live instruction and self-paced learning, allowing you to stay engaged without disrupting your schedule.
Hands-On Learning
Gain practical experience through assignments, simulations, and labs, all designed to prepare you for real-world applications.
Consistent Instructor Support
Enjoy weekly live sessions that provide direct access to expert guidance, feedback, and support.
Certification Preparation
Prepare to earn Microsoft validated certifications that validate your skills, making you more attractive to career-focused employers.
Course Description
Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR and Microsoft Defender for Cloud. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.
Audience Profile
The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.
About this Course
Course Outline
Skills at a glance
Manage a security operations environment (20–25%)
Configure protections and detections (15–20%)
Manage incident response (25–30%)
Manage security threats (15–20%)
Manage a security operations environment
Configure settings in Microsoft Defender XDR
Configure alert and vulnerability notification rules
Configure Microsoft Defender for Endpoint advanced features
Configure endpoint rules settings
Manage automated investigation and response capabilities in Microsoft Defender XDR
Configure automatic attack disruption in Microsoft Defender XDR
Manage assets and environments
Configure and manage device groups, permissions, and automation levels in Microsoft Defender for Endpoint
Identify unmanaged devices in Microsoft Defender for Endpoint
Discover unprotected resources by using Defender for Cloud
Identify and remediate devices at risk by using Microsoft Defender Vulnerability Management
Mitigate risk by using Exposure Management in Microsoft Defender XDR
Design and configure a Microsoft Sentinel workspace
Plan a Microsoft Sentinel workspace
Configure Microsoft Sentinel roles
Specify Azure RBAC roles for Microsoft Sentinel configuration
Design and configure Microsoft Sentinel data storage, including log types and log retention
Ingest data sources in Microsoft Sentinel
Identify data sources to be ingested for Microsoft Sentinel
Implement and use Content hub solutions
Configure and use Microsoft connectors for Azure resources, including Azure Policy and diagnostic settings
Plan and configure Syslog and Common Event Format (CEF) event collections
Plan and configure collection of Windows Security events by using data collection rules, including Windows Event Forwarding (WEF)
Create custom log tables in the workspace to store ingested data
Monitor and optimize data ingestion
Configure protections and detections
Configure protections in Microsoft Defender security technologies
Configure policies for Microsoft Defender for Cloud Apps
Configure policies for Microsoft Defender for Office 365
Configure security policies for Microsoft Defender for Endpoints, including attack surface reduction (ASR) rules
Configure cloud workload protections in Microsoft Defender for Cloud
Configure detections in Microsoft Defender XDR
Configure and manage custom detection rules
Manage alerts, including tuning, suppression, and correlation
Configure deception rules in Microsoft Defender XDR
Configure detections in Microsoft Sentinel
Classify and analyze data by using entities
Configure and manage analytics rules
Query Microsoft Sentinel data by using ASIM parsers
Implement behavioral analytics
Manage incident response
Respond to alerts and incidents in the Microsoft Defender portal
Investigate and remediate threats by using Microsoft Defender for Office 365
Investigate and remediate ransomware and business email compromise incidents identified by automatic attack disruption
Investigate and remediate compromised entities identified by Microsoft Purview data loss prevention (DLP) policies
Investigate and remediate threats identified by Microsoft Purview insider risk policies
Investigate and remediate alerts and incidents identified by Microsoft Defender for Cloud workload protections
Investigate and remediate security risks identified by Microsoft Defender for Cloud Apps
Investigate and remediate compromised identities that are identified by Microsoft Entra ID
Investigate and remediate security alerts from Microsoft Defender for Identity
Respond to alerts and incidents identified by Microsoft Defender for Endpoint
Investigate device timelines
Perform actions on the device, including live response and collecting investigation packages
Perform evidence and entity investigation
Investigate Microsoft 365 activities
Investigate threats by using the unified audit log
Investigate threats by using Content Search
Investigate threats by using Microsoft Graph activity logs
Respond to incidents in Microsoft Sentinel
Investigate and remediate incidents in Microsoft Sentinel
Create and configure automation rules
Create and configure Microsoft Sentinel playbooks
Run playbooks on on-premises resources
Implement and use Copilot for Security
Create and use promptbooks
Manage sources for Copilot for Security, including plugins and files
Integrate Copilot for Security by implementing connectors
Manage permissions and roles in Copilot for Security
Monitor Copilot for Security capacity and cost
Identify threats and risks by using Copilot for Security
Investigate incidents by using Copilot for Security
Manage security threats
Hunt for threats by using Microsoft Defender XDR
Identify threats by using Kusto Query Language (KQL)
Interpret threat analytics in the Microsoft Defender portal
Create custom hunting queries by using KQL
Hunt for threats by using Microsoft Sentinel
Analyze attack vector coverage by using the MITRE ATT&CK matrix
Manage and use threat indicators
Create and manage hunts
Create and monitor hunting queries
Use hunting bookmarks for data investigations
Retrieve and manage archived log data
Create and manage search jobs
Create and configure Microsoft Sentinel workbooks
Activate and customize workbook templates
Create custom workbooks that include KQL
Configure visualizations
Duration
4 Weeks
Level
Intermediate
Product
- Microsoft Azure
- Microsoft 365
Role
- Security Engineer
- Security Operations Analyst
Hybrid Course Schedule
| Course | Start Date | End Date | Meets on | Start Time | End Time | Time Zone | Weeks | Weekly Live Training | Weekly Self Paced |
|---|---|---|---|---|---|---|---|---|---|
| SC-900: Security, Identity and Compliance Fundamentals | March 6th | April 10th | Thursday | 12:00 PM | 1:00 PM | Central | 4 | 1 Hour | 2 Hours |
| SC-200: Microsoft Security Operations Analyst | April 17th | June 6th | Thursday | 12:00 PM | 1:00 PM | Central | 4 | 1 Hour | 2 Hours |
Microsoft Cybersecurity Track
Security, Identity and Compliance Fundamentals
Start Date: March 6, 2025
Duration: 4 Weeks
Format: Live + On-demand
Price: $199
View Course Description
Microsoft Security Operations Analyst
Start Date: April 17, 2025
Duration: 4 Weeks
Format: Live + On-demand
Price: $599
View Course Description
Have Questions?
We’re here to help! If you have any questions about our programs or need assistance with enrollment, please contact us.