Course

Microsoft Security Operations Analyst – Flexible Training («SC200V»)

Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR and Microsoft Defender for Cloud.
Vendor code

SC-200

Duration 4 days
Price 3'400.–
Course documents Official Microsoft Courseware and Microsoft Learn
Modality: Virtual classes are split into half-day sessions (see additional information)

Course facts

Key Learnings
  • Managing a security operations environment
  • Configuring protections and detections
  • Managing incident response
  • Performing threat hunting
Content

In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Azure Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

1 Mitigate threats using Microsoft Defender XDR
Analyze threat data across domains and rapidly remediate threats with built-in orchestration and automation in Microsoft Defender XDR.

2 Mitigate threats using Microsoft Copilot for Security
Get started with Microsoft Copilot for Security. You're introduced to basic terminology, how Microsoft Copilot for Security processes prompts, the elements of an effective prompt, and how to enable the solution.

3 Mitigate threats using Microsoft Purview
In this Learning Path we focus on Microsoft Purview's risk and compliance solutions that assist security operations analysts detect threats to organizations and identify, classify, and protect sensitive data, as well as monitor and report on compliance.

4 Mitigate threats using Microsoft Defender for Endpoint
Implement the Microsoft Defender for Endpoint platform to detect, investigate, and respond to advanced threats.

5 Mitigate threats using Microsoft Defender for Cloud
Use Microsoft Defender for Cloud, for Azure, hybrid cloud, and on-premises workload protection and security.

6 Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Write Kusto Query Language (KQL) statements to query log data to perform detections, analysis, and reporting in Microsoft Sentinel. This learning path will focus on the most used operators. The example KQL statements will showcase securityrelated table queries.

7 Configure your Microsoft Sentinel environment
Get started with Microsoft Sentinel by properly configuring the Microsoft Sentinel workspace.

8 Connect logs to Microsoft Sentinel
Connect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds to Microsoft Sentinel.

9 Create detections and perform investigations using Microsoft Sentinel
Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Microsoft Sentinel.

10 Perform threat hunting in Microsoft Sentinel
Proactively hunt for security threats using the Microsoft Sentinel powerful threat hunting tools.

Target audience

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

Requirements
  • Basic understanding of Microsoft 365
  • Intermediate understanding of Windows 10 devices
  • Fundamental understanding of Microsoft security, compliance, and identity products
  • Working knowledge of Microsoft security, compliance, and identity products
  • Working knowledge of security operations and incident response
  • Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
  • Familiarity with Azure virtual machines and virtual networking
  • Basic understanding of scripting concepts

Basic knowledge gained in the following course is recommended:

    Microsoft Security, Compliance, and Identity Fundamentals – Intensive Training («SC900»)

    1 day
    • Berne, Geneva, Lausanne, Zürich
    CHF
    900.–

    Microsoft Security, Compliance, and Identity Fundamentals – Flexible Training («SC900V»)

    1 day
    CHF
    900.–
Certification

This flexible training prepares you for:

Additional information

We recommend SC-5001: Configure SIEM Security Operations Using Microsoft Sentinel as self-study preparation for this course.

Modality

The «flexible» live virtual course is scheduled over a period of 3-4 weeks. During this time, 6-8 instructor-led sessions of 3.5 hours each take place, i.e., the instructor supervises the participants live. All live sessions of a course will take place in the morning from 8:30 am - 12:00pm (CET) or afternoon from 1:30 pm - 5:00 pm (CET). This time is indicated on the respective course as a total of 1-5 days. 

By clicking on «Timetable» when enrolling, you can already see when the live sessions will take place. Of course, these sessions are recorded and therefore available for the class afterwards. 

Everything takes place on one Microsoft Teams channel per class. The participants have access to all sessions and information within the class for the duration of the course.

Download

Questions

Any questions?
First name
Last name
Company optional
Email
Phone
I would like to book this course as a company course
First name
Last name
Company
Email
Phone
Number of participants
Desired course location
Start date (DD.MM.YYYY)
End date (DD.MM.YYYY)

Choose your date

6
Oct
2025
16
Oct
2025
Virtual Training
English
Timetable
Guaranteed to take place. Register now!
CHF 3’400.-
exkl. 8.1% Mwst.
Guaranteed to take place. Register now!
CHF 3’400.-
exkl. 8.1% Mwst.
23
Feb
2026
5
Mar
2026
Virtual Training
English
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
Next date
6
Oct
2025
16
Oct
2025
Virtual Training
English
Timetable
Guaranteed to take place. Register now!
CHF 3’400.-
exkl. 8.1% Mwst.
Guaranteed to take place. Register now!
CHF 3’400.-
exkl. 8.1% Mwst.

Further courses

Microsoft Cybersecurity Architect – Flexible Training («SC100V»)

4 days
CHF
3'400.–