Course
Microsoft Security Operations Analyst – Intensive Training («SC200»)
SC-200
Course facts
- Managing a security operations environment
- Configuring protections and detections
- Managing incident response
- Performing threat hunting
In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Azure Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.
1 Mitigate threats using Microsoft Defender XDR
Analyze threat data across domains and rapidly remediate threats with built-in orchestration and automation in Microsoft Defender XDR.
2 Mitigate threats using Microsoft Copilot for Security
Get started with Microsoft Copilot for Security. You're introduced to basic terminology, how Microsoft Copilot for Security processes prompts, the elements of an effective prompt, and how to enable the solution.
3 Mitigate threats using Microsoft Purview
In this Learning Path we focus on Microsoft Purview's risk and compliance solutions that assist security operations analysts detect threats to organizations and identify, classify, and protect sensitive data, as well as monitor and report on compliance.
4 Mitigate threats using Microsoft Defender for Endpoint
Implement the Microsoft Defender for Endpoint platform to detect, investigate, and respond to advanced threats.
5 Mitigate threats using Microsoft Defender for Cloud
Use Microsoft Defender for Cloud, for Azure, hybrid cloud, and on-premises workload protection and security.
6 Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Write Kusto Query Language (KQL) statements to query log data to perform detections, analysis, and reporting in Microsoft Sentinel. This learning path will focus on the most used operators. The example KQL statements will showcase securityrelated table queries.
7 Configure your Microsoft Sentinel environment
Get started with Microsoft Sentinel by properly configuring the Microsoft Sentinel workspace.
8 Connect logs to Microsoft Sentinel
Connect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds to Microsoft Sentinel.
9 Create detections and perform investigations using Microsoft Sentinel
Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Microsoft Sentinel.
10 Perform threat hunting in Microsoft Sentinel
Proactively hunt for security threats using the Microsoft Sentinel powerful threat hunting tools.
Digicomp Flexible Learning Approach:
- Training modality: During a period of 4 weeks, 6-8 half-day (3h each) virtual live sessions with our Azure MCT experts will take place. The sessions are already planned and can be easily combined with the daily work routine. Between the sessions there is enough time to process the learned knowledge.
- Detailed Session Plan: Click «Timetable» at the bottom of the page where you select your desired date.
The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.
- Basic understanding of Microsoft 365
- Intermediate understanding of Windows 10 devices
- Fundamental understanding of Microsoft security, compliance, and identity products
- Working knowledge of Microsoft security, compliance, and identity products
- Working knowledge of security operations and incident response
- Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
- Familiarity with Azure virtual machines and virtual networking
- Basic understanding of scripting concepts
Basic knowledge gained in the following course is recommended:
This intensive training prepares you for:
- Exam: «SC-200: Microsoft Security Operations Analyst» for the
- Certification: «Microsoft Certified: Security Operations Analyst Associate»
We recommend SC-5001: Configure SIEM Security Operations Using Microsoft Sentinel as self-study preparation for this course.