You dont have javascript enabled! Please enable it! Microsoft Press Learning Course – Exam SC-200 Microsoft Security Operations Analyst - CHARBEL NEMNOM - MVP | MCT | CCSP | CISM - Cloud & CyberSecurity

Microsoft Press Learning Course – Exam SC-200 Microsoft Security Operations Analyst

6 Min. Read

DISCLOSURE: This post may contain affiliate links, meaning we receive a commission when you click the links and make a purchase. Thank you for your support!

Kickstart your Microsoft security journey with the Exam SC-200 Microsoft Security Operations Analyst preparation and build the beginning foundation for your journey to becoming a Microsoft Certified Security Operations Analyst Associate.

Over the last 8 months, I’ve been actively working on my second Microsoft Press learning video course – Exam SC-200 Microsoft Security Operations Analyst.

I am so happy and grateful to share that the video course is officially published at the Microsoft Press store, Inform IT by Pearson, and the LinkedIn Learning platforms.

Introduction

The Microsoft Security Operations Analyst reduces organizational risk by quickly responding to active attacks, improving threat protection practices, and reporting policy violations. They use various security solutions and tools, such as Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft Defender XDR, to investigate, monitor, and respond to threats. The Security Analyst is also involved in configuring and deploying these technologies.

SC-200 is a crucial exam because it can help you understand the advanced concepts of managing infrastructure security using Microsoft Defender XDR, Microsoft Defender for Cloud, and Microsoft Sentinel. This course covers every SC-200 Microsoft Security Operations Analyst certification exam objective.

Exam SC-200 Microsoft Security Operations Analyst
Exam SC-200 Microsoft Security Operations Analyst

// Related: Microsoft Press Learning Course – Exam AZ-700 Designing and Implementing Azure Networking.

The course is divided into 15 lessons to ensure it’s aligned with the official exam requirements by Microsoft Learn.

Who Should Take This Course

This course is designed for Security Operations analysts, Azure administrators, and Windows and Linux operators. It is also for IT professionals looking to enhance their knowledge of Microsoft Defender XDR, Microsoft Defender for Cloud, and Microsoft Sentinel.

This is an intermediate-level course.

Exam SC-200 Sample Content

Feel free to watch the floating sample videos on this page for a sneak peek at what you will learn in this course.

Course Requirements

To get the maximum out of this training course, you should be familiar with the following concepts:

• Basic understanding of Microsoft 365, Azure cloud services, Windows and Linux operating systems, and security information and event management (SIEM) solutions.
• Fundamental understanding of Microsoft security, compliance, and identity products.

What You Will Learn

What you will learn in this course?

Check out the following Table of Contents and details on what this course covers and what to expect to learn after watching it:

Lesson 1: Configure Settings in Microsoft Defender XDR

1.1 Configure a connection from Defender XDR to a Sentinel workspace
1.2 Configure alert and vulnerability notification rules
1.3 Configure Microsoft Defender for Endpoint Advanced Features
1.4 Configure endpoint rules settings, including indicators and web content filtering
1.5 Manage automated investigation and response capabilities in Microsoft Defender XDR
1.6 Configure automatic attack disruption in Microsoft Defender XDR

Lesson 2: Manage Assets and Environments

2.1 Configure and manage device groups, permissions, and automation levels in Microsoft Defender for Endpoint
2.2 Identify and remediate unmanaged devices in Microsoft Defender for Endpoint
2.3 Manage resources by using Azure Arc
2.4 Connect environments to Microsoft Defender for Cloud (by using multi-cloud account management)
2.5 Discover and remediate unprotected resources by using Defender for Cloud
2.6 Identify and remediate devices at risk by using Microsoft Defender Vulnerability Management

Lesson 3: Design and Configure a Microsoft Sentinel Workspace

3.1 Plan a Microsoft Sentinel workspace
3.2 Configure Microsoft Sentinel roles
3.3 Specify Azure RBAC roles for Microsoft Sentinel configuration
3.4 Design and configure Microsoft Sentinel data storage, including log types and log retention
3.5 Manage multiple workspaces by using Workspace Manager and Azure Lighthouse

Lesson 4: Ingest Data Sources in Microsoft Sentinel

4.1 Identify data sources to be ingested for Microsoft Sentinel and implement Content Hub solutions
4.2 Configure and use Microsoft connectors for Azure resources, including Azure Policy and diagnostic settings
4.3 Configure bidirectional synchronization between Microsoft Sentinel and Microsoft Defender XDR
4.4 Configure bidirectional synchronization between Microsoft Sentinel and Microsoft Defender for Cloud
4.5 Plan and configure Syslog and Common Event Format (CEF) event collections
4.6 Plan and configure collection of Windows Security events by using data collection rules, including Windows Event Forwarding (WEF)
4.7 Configure threat intelligence connectors, including platform, TAXII, upload indicators API, and MISP
4.8 Create custom log tables in the workspace to store ingested data

Lesson 5: Configure Protections in Microsoft Defender Security Technologies

5.1 Configure policies for Microsoft Defender for Cloud Apps
5.2 Configure policies for Microsoft Defender for Office
5.3 Configure security policies for Microsoft Defender for Endpoints, including attack surface reduction (ASR) rules
5.4 Configure cloud workload protections in Microsoft Defender for Cloud

Lesson 6: Configure Detection in Microsoft Defender XDR

6.1 Configure and manage custom detections
6.2 Configure alert tuning
6.3 Configure deception rules in Microsoft Defender XDR

Lesson 7: Configure Detections in Microsoft Sentinel

7.1 Classify and analyze data by using entities
7.2 Configure scheduled query rules, including KQL
7.3 Configure near-real-time (NRT) query rules, including KQL
7.4 Manage analytics rules from the Content hub
7.5 Configure anomaly detection analytics rules
7.6 Configure the Fusion rule
7.7 Query Microsoft Sentinel data by using ASIM parsers
7.8 Manage and use threat indicators

Lesson 8: Respond to Alerts and Incidents in Microsoft Defender XDR

8.1 Investigate and remediate threats to Microsoft Teams, SharePoint Online, and OneDrive
8.2 Investigate and remediate threats in email by using Microsoft Defender for Office
8.3 Investigate and remediate ransomware and business email compromise incidents identified by automatic attack disruption
8.4 Investigate and remediate compromised entities identified by Microsoft Purview data loss prevention (DLP) policies
8.5 Investigate and remediate threats identified by Microsoft Purview insider risk policies

8.6 Investigate and remediate alerts and incidents identified by Microsoft Defender for Cloud
8.7 Investigate and remediate security risks identified by Microsoft Defender for Cloud Apps
8.8 Investigate and remediate compromised identities in Microsoft Entra ID
8.9 Investigate and remediate security alerts from Microsoft Defender for Identity
8.10 Manage actions and submissions in the Microsoft Defender portal

Lesson 9: Respond to Alerts and Incidents Identified by Microsoft Defender for Endpoint

9.1 Investigate timeline of compromised devices
9.2 Perform actions on the device, including live response and collecting investigation packages
9.3 Perform evidence and entity investigation

Lesson 10: Enrich Investigations by Using Other Microsoft Tools

10.1 Investigate threats by using unified audit Log
10.2 Investigate threats by using Content Search
10.3 Perform threat hunting by using Microsoft Graph activity logs

Lesson 11: Manage Incidents in Microsoft Sentinel

11.1 Triage incidents in Microsoft Sentinel
11.2 Investigate incidents in Microsoft Sentinel
11.3 Respond to incidents in Microsoft Sentinel

Lesson 12: Configure Security Orchestration, Automation, and Response (SOAR) in Microsoft Sentinel

12.1 Create and configure automation rules
12.2 Create and configure Microsoft Sentinel Playbooks
12.3 Configure analytic rules to trigger automation
12.4 Trigger playbooks manually from alerts and incidents
12.5 Run playbooks on On-premises resources

Lesson 13: Hunt for Threats by Using KQL

13.1 Identify threats by using Kusto Query Language (KQL)
13.2 Interpret threat analytics in the Microsoft Defender portal
13.3 Create custom hunting queries by using KQL

Lesson 14: Hunt for Threats by Using Microsoft Sentinel

14.1 Analyze attack vector coverage by using the MITRE ATT&CK in Microsoft Sentinel
14.2 Customize content gallery hunting queries
14.3 Use hunting bookmarks for data investigations
14.4 Monitor hunting queries by using Livestream
14.5 Retrieve and manage archived log data
14.6 Create and manage search jobs

Lesson 15: Analyze and Interpret Data by Using Workbooks

15.1 Activate and customize Microsoft Sentinel workbook templates
15.2 Create custom workbooks that include KQL
15.3 Configure visualizations

Acknowledgments

Video learning courses don’t record, edit, and publish themselves. I would like to say a big thank you to my wife and family for their support and patience while I was busier than usual last year and for always supporting the crazy things I want to do. They are the reason that I can fulfill my dream and follow my passion. I also have to thank my employer, itnetX (Switzerland) AG, for their continuous support.

Certainly, the learning course wouldn’t have been possible without the Microsoft Press and Pearson Academic teams supporting all the instructors in running different projects simultaneously.

I want to say a big thank you to the Executive Editor, IT Professional Laura Lewin, Assistant Editor, IT Professional Jackleen Sougrakpam, Senior Producer Sean Donelson, Content Producer Mary Roth, Video Producer Pete Vilotti, and the entire designer, video editor, and graphics team (if I’ve missed anyone, I’m truly sorry).

Exam SC-200 Microsoft Security Operations Analyst

Explore over 10+ hours of comprehensive security training focusing on Microsoft Security Operations Analysts. This course addresses the importance of quickly responding to active attacks to reduce organizational risk, enhancing threat protection practices, and reporting policy violations. Security analysts will gain hands-on experience using security solutions and tools such as Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft Defender XDR to investigate, monitor, and respond to threats. Additionally, the Security Analyst will learn about configuring and deploying these technologies.

Exam SC-200: Microsoft Security Operations Analyst (Video)
Exam SC-200: Microsoft Security Operations Analyst (Video)

Are you ready to take the SC-200 exam?

We highly encourage you to get access to this course directly from the Microsoft Press store, Inform IT by Pearson, or the LinkedIn Learning platforms.

In Summary

In this course, you’ll learn how to manage a security operations environment using the Microsoft Defender XDR, a unified pre- and post-breach enterprise defense suite, to protect your modern workplace environment. You can manage assets and environments to maintain a cloud security posture and connect multi-cloud resources using Microsoft Defender for Cloud.

By taking this course, you can mitigate threats using Microsoft Sentinel, which delivers intelligent security analytics and threat intelligence across your estate. You can detect attacks, perform threat hunting, manage incidents, and respond to incidents with a single solution by automating common tasks using playbooks and automation rules.

We hope you enjoy watching this video course as much as we loved producing it.

__
Thank you for reading our blog.

Please let us know in the comments section below if you have any questions or feedback.

-Charbel Nemnom-

Photo of author
About the Author:
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect with 21+ years of IT experience. As a Swiss Certified Information Security Manager (ISM), CCSP, CISM, Microsoft MVP, and MCT, he excels in optimizing mission-critical enterprise systems. His extensive practical knowledge spans complex system design, network architecture, business continuity, and cloud security, establishing him as an authoritative and trustworthy expert in the field. Charbel frequently writes about Cloud, Cybersecurity, and IT Certifications.
Previous

CISO’s Guide: Using Copilot for Security Insights & Guidance

Comprehensive Guide to Convert OST to PST

Next

Let us know what you think, or ask a question...