IL-SC-200: Microsoft Security Operations Analyst
The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. This course will target and prepare you with these skills to pass the SC-200 exam and earn the Microsoft Security Operations Analyst Associate certification.
- Duration: 4 Days
- Level: 300
Who this course is designed for
- Security Engineer
- Mitigate threats using Microsoft 365 Defender
- Mitigate threats using Azure Defender
- Mitigate threats using Azure Sentinel
- Basic understanding of Microsoft 365
- Intermediate understanding of Windows 10
Module 1: Protect against threats with Microsoft Defender for Endpoint
Learn how Microsoft Defender for Endpoint can help your organization stay secure.
Module 2: Deploy the Microsoft Defender for Endpoint environment
Learn how to deploy the Microsoft Defender for Endpoint environment, including onboarding devices and configuring security.
Module 3: Implement Windows 10 security enhancements with Microsoft Defender for Endpoint
Microsoft Defender for Endpoint gives you various tools to eliminate risks by reducing the surface area for attacks without blocking user productivity. Learn about Attack Surface Reduction (ASR) with
Module 4: Manage alerts and incidents in Microsoft Defender for Endpoint
Learn how to investigate incidents and alerts using Microsoft Defender for Endpoints. Perform advanced hunting and consult with threat experts.
Module 5: Perform device investigations in Microsoft Defender for Endpoint
Microsoft Defender for Endpoint provides detailed device information, including forensics information. Learn about information available to you through Microsoft Defender for Endpoint that will aid in your investigations.
Module 6: Perform actions on a device using Microsoft Defender for Endpoint
Learn how Microsoft Defender for Endpoint provides the remote capability to contain devices and collect forensics data.
Module 7: Perform evidence and entities investigations using Microsoft Defender for Endpoint
Learn about the artifacts in your environment and how they relate to other artifacts and alerts that will provide you insight to understand the overall impact to your environment.
Module 8: Configure and manage automation using Microsoft Defender for Endpoint
Learn how to configure automation in Microsoft Defender for Endpoint by managing environmental settings.
Module 9: Configure for alerts and detections in Microsoft Defender for Endpoint
Learn how to configure settings to manage alerts and notifications. You will also learn to enable indicators as part of the detection process.
Module 10: Utilize Threat and Vulnerability Management in Microsoft Defender for Endpoint
Learn about your environment's weaknesses by using Threat and Vulnerability Management in Microsoft Defender for Endpoint.
Module 11: Introduction to threat protection with Microsoft 365
Learn about cybersecurity threats and how the new threat protection tools from Microsoft protect your organization’s users, devices, and data.
Module 12: Mitigate incidents using Microsoft 365 Defender
Learn how the Microsoft Security center portal provides a unified view of incidents from the Microsoft 365 Defender family of products.
Module 13: Protect your identities with Azure AD Identity Protection
Use the advanced detection and remediation of identity-based threats to protect your Azure Active Directory identities and applications from compromise.
Module 14: Remediate risks with Microsoft Defender for Office 365
Learn about the Microsoft Defender for Office 365 component of Microsoft 365 Defender.
Module 15: Safeguard your environment with Microsoft Defender for Identity
Learn about the Microsoft Defender for Identity component of Microsoft 365 Defender.
Module 16: Secure your cloud apps and services with Microsoft Cloud App Security
Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services. Learn how to use Cloud App Security in your organization.
Module 17: Respond to data loss prevention alerts using Microsoft 365
As a Security Operations Analyst, you need to understand compliance related terminology and alerts. Learn how the data loss prevention alerts will help in your investigation to find the full scope of the incident.
Module 18: Manage insider risk in Microsoft 365
Insider risk management in Microsoft 365 helps organizations address internal risks, such as IP theft, fraud, and sabotage. Learn about insider risk management and how Microsoft technologies can help you detect, investigate, and take action on risky activities in your organization.
Module 19: Plan for cloud workload protections using Azure Defender
Learn the purpose of Azure Defender, Azure Defender's relationship to Azure Security Center, and how to enable Azure Defender.
Module 20: Explain cloud workload protections in Azure Defender
Learn about the protections and detections provided by Azure Defender for each cloud workload.
Module 21: Connect Azure assets to Azure Defender
Learn how to connect your various Azure assets to Azure Defender to detect threats.
Module 22: Connect non-Azure resources to Azure Defender
Learn how you can add Azure Defender capabilities to your hybrid environment.
Module 23: Remediate security alerts using Azure Defender
Learn how to remediate security alerts in Azure Defender.
Module 24: Construct KQL statements for Azure Sentinel
KQL is the query language used to perform analysis on data to create analytics, workbooks, and perform hunting in Azure Sentinel. Learn how basic KQL statement structure provides the foundation to build more complex statements.
Module 25: Analyze query results using KQL
Learn how to summarize and visualize data with a KQL statement provides the foundation to build detections in Azure Sentinel.
Module 26: Build multi-table statements using KQL
Learn how to work with multiple tables using KQL.
Module 27: Work with data in Azure Sentinel using Kusto Query Language
Learn how to use the Kusto Query Language (KQL) to manipulate string data ingested from log sources.
Module 28: Introduction to Azure Sentinel
Traditional security information and event management (SIEM) systems typically take a long time to set up and configure. They're also not necessarily designed with cloud workloads in mind. Azure Sentinel enables you to start getting valuable security insights from your cloud and on-premises data quickly. This module helps you get started.
Module 29: Create and manage Azure Sentinel workspaces
Learn about the architecture of Azure Sentinel workspaces to ensure you configure your system to meet your organization's security operations requirements.
Module 30: Query logs in Azure Sentinel
As a Security Operations Analyst, you must understand the tables, fields, and data ingested in your workspace. Learn how to query the most used data tables in Azure Sentinel.
Module 31: Use watchlists in Azure Sentinel
Learn how to create Azure Sentinel watchlists that are a named list of imported data. Once created, you can easily use the named watchlist in KQL queries.
Module 32: Utilize threat intelligence in Azure Sentinel
Learn how the Azure Sentinel Threat Intelligence page enables you to manage threat indicators.
This course can be delivered dedicated to your team either virtually or onsite. A dedicated delivery allows deeper discussion with your team and our instructor on projects and workloads that are specific to your environment.
This course can be customized by adding or removing topics, going deeper on specific topics, or by customizing the delivery schedule to make it easier for your team to attend the training.Contact a Cloud Training Specialist