SC-200T00: Microsoft Security Operations Analyst

This course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

Description

Overview

Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

Who Should Attend

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

Course Outline

Lesson 1 - Mitigate threats using Microsoft Defender for Endpoint

  • Protect against threats with Microsoft Defender for Endpoint
  • Deploy the Microsoft Defender for Endpoint environment
  • Implement Windows 10 security enhancements with Microsoft Defender for Endpoint
  • Manage alerts and incidents in Microsoft Defender for Endpoint
  • Perform device investigations in Microsoft Defender for Endpoint
  • Perform actions on a device using Microsoft Defender for Endpoint
  • Perform evidence and entities investigations using Microsoft Defender for Endpoint
  • Configure and manage automation using Microsoft Defender for Endpoint
  • Configure for alerts and detections in Microsoft Defender for Endpoint
  • Utilize Threat and Vulnerability Management in Microsoft Defender for Endpoint

Labs

  • Mitigate threats using Microsoft Defender for Endpoint
  • Deploy Microsoft Defender for Endpoint
  • Mitigate Attacks using Defender for Endpoint

After completing this module, students will be able to:

  • Define the capabilities of Microsoft Defender for Endpoint
  • Configure Microsoft Defender for Endpoint environment settings
  • Configure Attack Surface Reduction rules on Windows 10 devices
  • Investigate alerts in Microsoft Defender for Endpoint
  • Describe device forensics information collected by Microsoft Defender for Endpoint
  • Conduct forensics data collection using Microsoft Defender for Endpoint
  • Investigate user accounts in Microsoft Defender for Endpoint
  • Manage automation settings in Microsoft Defender for Endpoint
  • Manage indicators in Microsoft Defender for Endpoint
  • Describe Threat and Vulnerability Management in Microsoft Defender for Endpoint

Lesson 2: Mitigate threats using Microsoft 365 Defender

  • Introduction to threat protection with Microsoft 365
  • Mitigate incidents using Microsoft 365 Defender
  • Protect your identities with Azure AD Identity Protection
  • Remediate risks with Microsoft Defender for Office 365
  • Safeguard your environment with Microsoft Defender for Identity
  • Secure your cloud apps and services with Microsoft Cloud App Security
  • Respond to data loss prevention alerts using Microsoft 365
  • Manage insider risk in Microsoft 365

Labs

  • Mitigate threats using Microsoft 365 Defender
  • Mitigate Attacks with Microsoft 365 Defender

After completing this module, students will be able to:

  • Explain how the threat landscape is evolving
  • Manage incidents in Microsoft 365 Defender
  • Conduct advanced hunting in Microsoft 365 Defender
  • Describe the investigation and remediation features of Azure Active Directory Identity Protection
  • Define the capabilities of Microsoft Defender for Endpoint
  • Explain how Microsoft Defender for Endpoint can remediate risks in your environment
  • Define the Cloud App Security framework
  • Explain how Cloud Discovery helps you see what's going on in your organization

Lesson 3: Mitigate threats using Azure Defender

  • Plan for cloud workload protections using Azure Defender
  • Explain cloud workload protections in Azure Defender
  • Connect Azure assets to Azure Defender
  • Connect non-Azure resources to Azure Defender
  • Remediate security alerts using Azure Defender

Labs

  • Mitigate threats using Azure Defender
  • Deploy Azure Defender
  • Mitigate Attacks with Azure Defender

After completing this module, students will be able to:

  • Describe Azure Defender features
  • Explain Azure Security Center features
  • Explain which workloads are protected by Azure Defender
  • Explain how Azure Defender protections function
  • Configure auto-provisioning in Azure Defender
  • Describe manual provisioning in Azure Defender
  • Connect non-Azure machines to Azure Defender
  • Describe alerts in Azure Defender
  • Remediate alerts in Azure Defender
  • Automate responses in Azure Defender

Lesson 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)

  • Construct KQL statements for Azure Sentinel
  • Analyze query results using KQL
  • Build multi-table statements using KQL
  • Work with data in Azure Sentinel using Kusto Query Language

Labs

  • Create queries for Azure Sentinel using Kusto Query Language (KQL)
  • Construct Basic KQL Statements
  • Analyze query results using KQL
  • Build multi-table statements using KQL
  • Work with string data using KQL statements

After completing this module, students will be able to:

  • Construct KQL statements
  • Search log files for security events using KQL
  • Filter searches based on event time, severity, domain, and other relevant data using KQL
  • Summarize data using KQL statements
  • Render visualizations using KQL statements
  • Extract data from unstructured string fields using KQL
  • Extract data from structured string data using KQL
  • Create Functions using KQL

Lesson 5: Configure your Azure Sentinel environment

  • Introduction to Azure Sentinel
  • Create and manage Azure Sentinel workspaces
  • Query logs in Azure Sentinel
  • Use watchlists in Azure Sentinel
  • Utilize threat intelligence in Azure Sentinel

Labs

  • Configure your Azure Sentinel environment
  • Create an Azure Sentinel Workspace
  • Create a Watchlist
  • Create a Threat Indicator

After completing this module, students will be able to:

  • Identify the various components and functionality of Azure Sentinel
  • Identify use cases where Azure Sentinel would be a good solution
  • Describe Azure Sentinel workspace architecture
  • Install Azure Sentinel workspace
  • Manage an Azure Sentinel workspace
  • Create a watchlist in Azure Sentinel
  • Use KQL to access the watchlist in Azure Sentinel
  • Manage threat indicators in Azure Sentinel
  • Use KQL to access threat indicators in Azure Sentinel

Lesson 6: Connect logs to Azure Sentinel

  • Connect data to Azure Sentinel using data connectors
  • Connect Microsoft services to Azure Sentinel
  • Connect Microsoft 365 Defender to Azure Sentinel
  • Connect Windows hosts to Azure Sentinel
  • Connect Common Event Format logs to Azure Sentinel
  • Connect syslog data sources to Azure Sentinel
  • Connect threat indicators to Azure Sentinel

Labs

  • Connect logs to Azure Sentinel
  • Connect Microsoft services to Azure Sentinel
  • Connect Windows hosts to Azure Sentinel
  • Connect Linux hosts to Azure Sentinel
  • Connect Threat intelligence to Azure Sentinel

After completing this module, students will be able to:

  • Explain the use of data connectors in Azure Sentinel
  • Explain the Common Event Format and Syslog

Similar courses

This course was built to incorporate a unique, in-depth, and interactive hands-on environment and systematic process across each ethical hacking domain and methodology, giving you the opportunity to work towards proving the required knowledge and skills needed to achieve the CEH credential.

More Information

The CCISO program is a first-of-its-kind training and certification course that aims to produce cybersecurity executives of the highest caliber and ethics.

More Information

This course introduces tools and tactics to manage cybersecurity risks, identify various types of common threats, evaluate the organization's security, collect and analyze cybersecurity intelligence, and handle incidents as they occur.

More Information

This course teaches Azure Solution Architects how to design infrastructure solutions. Course topics cover governance, compute, application architecture, storage, data integration, authentication, networks, business continuity, and migrations. The course combines lecture with case studies to demonstrate basic architect design principles.

More Information

This course will teach you how to build apps with low-code techniques to simplify, automate, and transform business tasks and processes using Microsoft Power Platform. This course contains a 1-day Applied Workshop. This workshop will allow you to practice your App Maker skills by creating an end-to-end solution to solve a problem for a fictitious company. The solution will include a Microsoft Dataverse database, Power Apps canvas app, and Power Automate flows.

More Information

Certified Information Systems Auditor (CISA) Boot Camp is a five-day training focused on preparing you for the ISACA CISA exam. You’ll leave with the knowledge and domain expertise needed to pass the CISA exam the first time you take it.

More Information

This course provides students with the knowledge and skills to administer a SQL Server database infrastructure for cloud, on-premises and hybrid relational databases and who work with the Microsoft PaaS relational database offerings. Additionally, it will be of use to individuals who develop applications that deliver content from SQL-based relational databases.

More Information

In this 5-day course, you will learn day-to-day management tasks, including how to manage applications, client health, hardware and software inventory, operating system deployment, and software updates by using Configuration Manager. You also will learn how to optimize Endpoint Protection, manage compliance, and create management queries and reports. Although this course and the associated labs are written for Windows Server 2022, the skills taught will also be backwards compatible for Server 2016 and 2019.

More Information

The course is appropriate for existing SharePoint on-premises administrators and new administrators to Office 365 who need to understand how to correctly setup SharePoint Online for their company. The course will also help SharePoint on-premise administrators understand the differences between SharePoint on-premises and SharePoint Online.

More Information

This course gives a detailed overview of Microsoft Intune and how it is used in organizations.

More Information

As an endpoint administrator, you collaborate with architects, Microsoft 365 administrators, security administrators, and other workload administrators to plan and implement a modern workplace strategy that meets the business needs of an organization. This course will also prepare you for the Endpoint Administrator Associate Microsoft certification.

More Information

In this course, you will use Copilot to streamline communication, power up your content creation, and maximize the potential of generative AI.

More Information

CompTIA Security+ is a global certification that validates the foundational cybersecurity skills necessary to perform core security functions and pursue an IT security career. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs. CompTIA Security+ is compliant with ISO 17024 standards and approved by the U.S. DoD to meet Directive 8140.03M requirements.

More Information

This course provides foundational knowledge on the considerations and benefits of adopting cloud services and the Software as a Service (SaaS) cloud model, with a specific focus on Microsoft 365 cloud service offerings.

More Information

Gain fundamental knowledge and skills to use PowerShell for administering and automating administration of Windows servers.

More Information

Learn how to make SharePoint online relevant to your team by using a sites functionality to help you share information and collaborate with your colleagues.

More Information

Gain a broad view of how to respond to a cybersecurity incident while preparing for the CyberSec First Responder certification.

More Information

In this course, you will use Microsoft Power Apps to build and deploy low-code business apps.

More Information

In this course, you will use generative AI tools to help you develop text and images that you can use in your word processor or desktop publishing application.

More Information

This course begins by examining the Microsoft Copilot for Microsoft 365 design. Its main focus, however, is on the security and compliance features that administrators must configure in their Microsoft 365 tenant to protect their company's organizational data before they implement Copilot for Microsoft 365.

More Information

This course will teach students who are new or unfamiliar with Microsoft Copilot how to use it effectively in common situations. The course focuses on Copilot for Microsoft 365, using the AI in applications like Word, PowerPoint, Excel, Outlook, OneNote and Teams. It also covers other popular Copilot experiences found in Windows 11, Edge and the Copilot website.

More Information

This five-day instructor-led course teaches IT professionals the fundamental administration skills required to deploy and support Windows Server in most organizations. It is designed primarily for IT professionals who have some experience with Windows Server and will be responsible for managing identity, networking, storage and compute by using Windows Server, and who need to understand the scenarios, requirements, and options that are available and applicable to Windows Server.

More Information

This four-day course is intended for Windows Server Hybrid Administrators who have experience working with Windows Server and want to extend the capabilities of their on-premises environments by combining on-premises and hybrid technologies. Windows Server Hybrid Administrators implement and manage on-premises and hybrid solutions such as identity, management, compute, networking, and storage in a Windows Server hybrid environment.

More Information

Our Exam Cram sessions are intensive, focused review sessions designed to help your team master key concepts and pass their CompTIA certification exams with confidence. Led by expert instructors, these sessions provide in-depth, targeted hands-on practice to ensure your team is fully prepared for exam day. Security+ covers the most in-demand skills related to current threats, automation, zero trust, IoT, risk – and more. This exam cram session is included with the Security+ course.

More Information

The Certified Information Systems Security Manager (C-ISSM) course covers the skills and knowledge to assess threat analysis & risks, risk & incident management, security programs & CISO roles, IS security strategy & frameworks, audit & risk management creation of policies, compliance & awareness, as well as DR & BCP development, deployment & maintenance. This course not only covers ISACA®'s CISM exam, but will provide a measurable certification that demonstrates proficiency in the IS Management field.

More Information

This scenario-based course focuses on computer security as an applied process across job roles and industries. The course also helps to prepare students for achieving the widely regarded Certified Information Systems Security Professional (CISSP) certification.

More Information

This course is a continuation of AZ-040T00: Automating Administration with PowerShell, taking a deep dive into the development of PowerShell cmdlets and modules and features both hands on labs and challenging exercises to help you practice the skills presented in class. Time will be spent on the theory of how to design cmdlets as well as the proper structure of the programming code to facility cmdlets that work with the PowerShell piping in keeping with community standards.

More Information

This is a 4-day course is designed to provide you with the knowledge and skills required to support and troubleshoot Windows 11 PCs and devices in an on-premises Windows Server Active Directory domain environment.

More Information

This course introduces fundamental concepts related to artificial intelligence (AI), and the services in Microsoft Azure that can be used to create AI solutions. It is designed as a blended learning experience that combines instructor-led training with online materials. The hands-on exercises in the course are based on Learn modules, and students are encouraged to use the content on Learn as reference materials to reinforce what they learn in the class and to explore topics in more depth.

More Information

AI-102 Designing and Implementing an Azure AI Solution is intended for software developers wanting to build AI infused applications that leverage Azure Cognitive Services, Azure Cognitive Search, and Microsoft Bot Framework. The course will use C# or Python as the programming language.

More Information

This course teaches Network Engineers how to design, implement, and maintain Azure networking solutions. This course covers the process of designing, implementing, and managing core Azure networking infrastructure, Hybrid Networking connections, load balancing traffic, network routing, private access to Azure services, network security and monitoring.

More Information

Azure OpenAI Service provides access to OpenAI’s powerful large language models such as GPT; the model behind the popular ChatGPT service. These models enable various natural language processing (NLP) solutions to understand, converse, and generate content. Users can access the service through REST APIs, SDKs, and Azure OpenAI Studio. In this course, you’ll learn how to provision Azure OpenAI service, deploy models, and use them in generative AI applications.

More Information

This course teaches developers how to create end-to-end solutions in Microsoft Azure. Students will learn how to implement Azure compute solutions, create Azure Functions, implement and manage web apps, develop solutions utilizing Azure storage, implement authentication and authorization, and secure their solutions by using Key Vault and Managed Identities. The course also covers monitoring, troubleshooting, and optimizing Azure solutions.

More Information

This is an introductory course. Students will learn the fundamentals of database concepts in a cloud environment, get basic skilling in cloud data services, and build a foundational knowledge of cloud data services within Microsoft Azure. Students will identify and describe core data concepts such as relational, non-relational, big data, and analytics, and explore how this technology is implemented with Microsoft Azure. You will explore the roles, tasks, and responsibilities in the world of data.

More Information

This course provides the knowledge and skills to design and implement DevOps processes and practices. Students will learn how to plan for DevOps, use source control, scale Git for an enterprise, consolidate artifacts, design a dependency management strategy, manage secrets, implement continuous integration, implement a container build strategy, design a release strategy, set up a release management workflow, implement a deployment pattern, and optimize feedback mechanisms.

More Information

This course will provide foundational level knowledge on cloud concepts; core Azure services; and Azure management and governance features and tools.

More Information

This course provides IT Security Professionals with the knowledge and skills needed to implement security controls, maintain an organization’s security posture, and identify and remediate security vulnerabilities. This course includes security for identity and access, platform protection, data and applications, and security operations.

More Information

This course covers the following key elements of Microsoft 365 administration: Microsoft 365 tenant management, Microsoft 365 identity synchronization, and Microsoft 365 security and compliance.

More Information

The Microsoft Identity and Access Administrator course explores how to design, implement, and operate an organization’s identity and access management systems by using Microsoft Entra ID (Formerly Azure AD). Learn to manage tasks such as providing secure authentication and authorization access to enterprise applications. You will also learn to provide seamless experiences and self-service management capabilities for all users.

More Information

Learn how to protect information in your Microsoft 365 deployment. This course focuses on data governance and information protection within your organization. The course covers implementation of data loss prevention policies, sensitive information types, sensitivity labels, data retention policies and Office 365 message encryption among other related topics. The course helps learners prepare for the Microsoft Information Protection Administrator exam (SC-400).

More Information

The Cloud is being widely adopted today for a diverse set of reasons. However, many are finding that security in the cloud is a huge challenge. The C)CSO looks to fill the gap in cloud security education and give you the skills you need to develop strong cloud security.

More Information

The Certified Security Principles (C)SP) course is going to prepare you for security across the entire environment including understanding risk management, identity and access control, network and data security. This is just a short list of everything covered within this course, which will include new technologies like IoT and cloud services. This course is intended to prepare you to become a benefit to any company attempting to improve its security posture.

More Information

The Certified Cybersecurity Systems Auditor (C)CSSA) course covers the skills and knowledge to assess vulnerabilities, report on compliance and implement controls for private and public enterprises. Many organizations require a Cybersecurity System Auditor's expert knowledge when it comes to identifying critical issues and providing effective auditing solutions.

More Information

The CISSO addresses the broad range of industry best practices, knowledge and skills expected of a security manager/officer. You will learn in-depth theory pertaining to the practical implementation of core security concepts, practices, monitoring and compliance of IS management. Whether you’re responsible for the management of a Cybersecurity team, a Security Officer, an IT auditor or a Business Analyst, the C)ISSO certification course is an ideal way to increase your knowledge, expertise and skill.

More Information

To protect an information system you need to be able to see that system through the eyes of the attacker. The Certified Professional Ethical Hacker certification course is the foundational training to a line of penetration testing courses because it teaches you to think like a hacker. Therefore, you can set up dynamic defenses to prevent intrusion.

More Information

A Certified Penetration Testing Engineer (C)PTE) imagines all of the ways that a hacker can penetrate a data system. In this course you will learn 5 Key Elements of Pen Testing, discover the latest vulnerabilities and the techniques malicious hackers are using to acquire and destroy data and learn more about the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk.

More Information

The Certified Secure Web Application Engineer (C)SWAE) course is delivered by high level OWASP experts and students can expect to obtain real world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against application threats. You will learn how to develop web applications that aren't subject to common vulnerabilities, and how to test and validate that their applications are secure, reliable and resistant to attack.

More Information

This course is intended for power users and IT professionals who are tasked with working within the SharePoint 2016 environment and conduct site collection and site administration. This course is for an on-premise SharePoint environment.

More Information

The course focuses on common data engineering tasks such as orchestrating data transfer and transformation pipelines, working with data files in a data lake, creating and loading relational data warehouses, capturing and aggregating streams of real-time data, and tracking data assets and lineage.

More Information

This course teaches developers how to create applications using the SQL API and SDK for Azure Cosmos DB. Students will learn how to write efficient queries, create indexing policies, manage and provision resources, and perform common operations with the SDK.

More Information

In this course students will learn the various security, compliance, and identity concepts. After attending you will be able to describe the capabilities of Microsoft’s identity and access management solutions and Microsoft security and compliance solutions.

More Information

This five-day course describes how to set up, configure and manage an Office 365 tenant including identities, and the core services of Microsoft 365. In this five-day course, you will learn how to plan the configuration of an Office 365 tenant including integration with existing user identities; plan, configure and manage core services; and report on key metrics.

More Information

Learn to efficiently manage enterprise devices using Microsoft Intune, including enrollment, application deployment, endpoint security, and Windows Autopilot, to enhance productivity and security.

More Information