Course

Microsoft Security Operations Analyst – Intensive Training («SC200»)

Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR and Microsoft Defender for Cloud.
Vendor code

SC-200

Duration 4 days
Price 3'400.–
Course documents Official Microsoft Courseware and Microsoft Learn

Course facts

Key Learnings
  • Managing a security operations environment
  • Configuring protections and detections
  • Managing incident response
  • Performing threat hunting
Content

In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Azure Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

1 Mitigate threats using Microsoft Defender XDR
Analyze threat data across domains and rapidly remediate threats with built-in orchestration and automation in Microsoft Defender XDR.

2 Mitigate threats using Microsoft Copilot for Security
Get started with Microsoft Copilot for Security. You're introduced to basic terminology, how Microsoft Copilot for Security processes prompts, the elements of an effective prompt, and how to enable the solution.

3 Mitigate threats using Microsoft Purview
In this Learning Path we focus on Microsoft Purview's risk and compliance solutions that assist security operations analysts detect threats to organizations and identify, classify, and protect sensitive data, as well as monitor and report on compliance.

4 Mitigate threats using Microsoft Defender for Endpoint
Implement the Microsoft Defender for Endpoint platform to detect, investigate, and respond to advanced threats.

5 Mitigate threats using Microsoft Defender for Cloud
Use Microsoft Defender for Cloud, for Azure, hybrid cloud, and on-premises workload protection and security.

6 Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Write Kusto Query Language (KQL) statements to query log data to perform detections, analysis, and reporting in Microsoft Sentinel. This learning path will focus on the most used operators. The example KQL statements will showcase securityrelated table queries.

7 Configure your Microsoft Sentinel environment
Get started with Microsoft Sentinel by properly configuring the Microsoft Sentinel workspace.

8 Connect logs to Microsoft Sentinel
Connect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds to Microsoft Sentinel.

9 Create detections and perform investigations using Microsoft Sentinel
Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Microsoft Sentinel.

10 Perform threat hunting in Microsoft Sentinel
Proactively hunt for security threats using the Microsoft Sentinel powerful threat hunting tools.

Methodology & didactics

Digicomp Flexible Learning Approach:

  • Training modality: During a period of 4 weeks, 6-8 half-day (3h each) virtual live sessions with our Azure MCT experts will take place. The sessions are already planned and can be easily combined with the daily work routine. Between the sessions there is enough time to process the learned knowledge.
  • Detailed Session Plan: Click «Timetable» at the bottom of the page where you select your desired date.
Target audience

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

Requirements
  • Basic understanding of Microsoft 365
  • Intermediate understanding of Windows 10 devices
  • Fundamental understanding of Microsoft security, compliance, and identity products
  • Working knowledge of Microsoft security, compliance, and identity products
  • Working knowledge of security operations and incident response
  • Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
  • Familiarity with Azure virtual machines and virtual networking
  • Basic understanding of scripting concepts

Basic knowledge gained in the following course is recommended:

    Microsoft Security, Compliance, and Identity Fundamentals – Intensive Training («SC900»)

    1 day
    • Berne, Geneva, Lausanne, Zürich
    CHF
    900.–

    Microsoft Security, Compliance, and Identity Fundamentals – Flexible Training («SC900V»)

    1 day
    CHF
    900.–
Certification

This intensive training prepares you for:

Download

Questions

Any questions?
First name
Last name
Company optional
Email
Phone
I would like to book this course as a company course
First name
Last name
Company optional
Email
Phone
Number of participants
Desired course location
Start date (DD.MM.YYYY)
End date (DD.MM.YYYY)

Choose your date

14
Apr
2025
17
Apr
2025
Lausanne
French
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
14
Apr
2025
17
Apr
2025
Zürich
English
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
14
Apr
2025
17
Apr
2025
Berne
English
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
14
Apr
2025
17
Apr
2025
Basel
English
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
13
May
2025
16
May
2025
Zürich
German
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
19
May
2025
22
May
2025
Geneva
French
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
10
Jun
2025
13
Jun
2025
Zürich
English
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
10
Jun
2025
13
Jun
2025
Berne
English
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
10
Jun
2025
13
Jun
2025
Basel
English
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
10
Jun
2025
13
Jun
2025
Berne
German
Timetable
Guaranteed to take place. Register now!
CHF 3’400.-
exkl. 8.1% Mwst.
Guaranteed to take place. Register now!
CHF 3’400.-
exkl. 8.1% Mwst.
7
Jul
2025
10
Jul
2025
Lausanne
French
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
7
Jul
2025
10
Jul
2025
Zürich
German
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
18
Aug
2025
21
Aug
2025
Geneva
French
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
8
Sep
2025
11
Sep
2025
Virtual Training
English
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
9
Sep
2025
12
Sep
2025
Zürich
German
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
29
Sep
2025
2
Oct
2025
Lausanne
French
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
10
Nov
2025
13
Nov
2025
Geneva
French
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.
Next date
14
Apr
2025
17
Apr
2025
Lausanne
French
Timetable
CHF 3’400.-
exkl. 8.1% Mwst.
CHF 3’400.-
exkl. 8.1% Mwst.

Further courses

Microsoft Cybersecurity Architect – Intensive Training («SC100»)

4 days
CHF
3'400.–