Get training on mitigating security threats and protecting your organization against security threats. SC-200 helps security professionals dive deep into configuring Microsoft Sentinel and using Microsoft Defender for Cloud and Microsoft 365 Defender to improve security practices and reduce risks.
SC-200 is a comprehensive training program designed to equip aspiring security professionals with the essential skills and knowledge required to excel as a Microsoft Security Operations Analyst. This course delves into various aspects of security operations, focusing on Microsoft technologies and tools to detect, investigate, and respond to security threats effectively. Participants will gain hands-on experience in utilizing Microsoft Defender for Endpoint, Azure Sentinel, Microsoft 365 Defender, and other key security solutions to protect organizational assets against cyber threats.
- Mitigate threats by using Microsoft 365 Defender
- Mitigate threats by using Defender for Cloud
- Mitigate threats by using Microsoft Sentinel
- Cybersecurity Specialist
- Security Engineer
Before attempting SC-200, attendees should have a:
- Basic understanding of Microsoft 365.
- Fundamental understanding of Microsoft security, compliance, and identity products.
- Intermediate understanding of Windows 10.
- Familiarity with Azure services, specifically Azure SQL Database and Azure Storage.
- Familiarity with Azure virtual machines and virtual networking.
- Fundamental understanding of scripting concepts.
- Module 1: Introduction to threat protection with Microsoft Defender XDR
- Module 2: Mitigate incidents using Microsoft Defender
- Module 3: Remediate risks with Microsoft Defender for Office 365
- Module 4: Microsoft Defender for Identity
- Module 5: Protect your identities with Entra ID Protection
- Module 6: Microsoft Defender for Cloud Apps
- Lab 01 – Mitigate threats using Microsoft Defender XDR
- Module 1: Microsoft Purview Compliance Solutions
- Module 2: Investigate and remediate insider risk threats identified by Microsoft Purview policies
- Module 3: Discover Risks with Content Search in Microsoft Purview
- Module 4: Investigate threats using Microsoft Purview Audit
- Module 1: Protect against threats with Microsoft Defender for Endpoint
- Module 2: Deploy the Microsoft Defender for Endpoint environment
- Module 3: Implement Windows security enhancements
- Module 4: Perform device investigations
- Module 5: Perform actions on a device
- Module 6: Perform evidence and entities investigations
- Module 7: Configure and manage automation
- Module 8: Configure for alerts and detections
- Module 9: Utilize Microsoft Defender Vulnerability Management
- Lab 01 – Mitigate threats using Microsoft Defender for Endpoint
- Module 1: Plan for cloud workload protections using Microsoft Defender for Cloud
- Module 2: Connect Azure assets to Microsoft Defender for Cloud
- Module 3: Connect non-Azure assets to Microsoft Defender for Cloud
- Module 4: Manage cloud security posture management in Microsoft Defender for Cloud
- Module 5: Workload protections in Microsoft Defender for Cloud
- Module 6: Remediate security alerts using Microsoft Defender for Cloud
- Lab 01 – Mitigate threats using Microsoft Defender for Cloud
- Module 1: Construct KQL statements for Microsoft Sentinel
- Module 2: Analyze query results using KQL
- Module 3: Build multi-table statements using KQL
- Module 4: Work with string data using KQL statements
- Lab 01 – Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
- Module 1: Introduction to Microsoft Sentinel
- Module 2: Create and manage Microsoft Sentinel workspaces
- Module 3: Query logs in Microsoft Sentinel
- Module 4: Use watchlists in Microsoft Sentinel
- Module 5: Utilize threat intelligence in Microsoft Sentinel
- Lab 01 – Configure your Microsoft Sentinel environment
- Module 1: Manage content in Microsoft Sentinel
- Module 2: Connect data to Microsoft Sentinel using data connectors
- Module 3: Connect Microsoft services to Microsoft Sentinel
- Module 4: Connect Microsoft Defender XDR to Microsoft Sentinel
- Module 5: Connect Windows hosts to Microsoft Sentinel
- Module 6: Connect Common Event Format logs to Microsoft Sentinel
- Module 7: Connect syslog data sources to Microsoft Sentinel
- Module 8: Connect threat indicators to Microsoft Sentinel
- Lab 01 – Connect logs to Microsoft Sentinel
- Module 1: Threat detection with Microsoft Sentinel analytics
- Module 2: Automation in Microsoft Sentinel
- Module 3: Threat response with Microsoft Sentinel playbooks
- Module 4: Security incident management in Microsoft Sentinel
- Module 5: User and Entity Behavior Analytics in Microsoft Sentinel
- Module 6: Data normalization in Microsoft Sentinel
- Module 7: Query, visualize, and monitor data in Microsoft Sentinel
- Lab 01 – Create detections and perform investigations using Microsoft Sentinel
- Module 1: Threat hunting concepts in Microsoft Sentinel
- Module 2: Threat hunting with Microsoft Sentinel
- Module 3: Use Search jobs in Microsoft Sentinel
- Module 4: Hunt for threats using notebooks in Microsoft Sentinel
- Lab 1 – Threat hunting in Microsoft Sentinel
Yes! This class prepares an attendee for the Microsoft Exam SC-200: Microsoft Security Operations Analyst.
The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders.
Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products.
Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.
A. Please reach out to info@industechservices.com after your course to obtain your exam voucher.
