Defend against cyberthreats with Microsoft's security operations platform

Defend against cyberthreats with Microsoft's security operations platform (SC-200T00-A)

Delivery methods

On-Site, Virtual

Duration

4 days

Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR and Microsoft Defender for Cloud. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

Learning Objectives

Microsoft Defender Administration & Configuration: Administer environments and configure critical settings, including Attack Surface Reduction (ASR) rules, auto-provisioning, and alerts across Microsoft 365 Defender, Endpoint, Identity, and Cloud Apps.
Threat Investigation & Remediation: Investigate domains, IP addresses, user accounts, and DLP alerts to actively manage, resolve, and remediate incidents and insider risks across the entire Defender ecosystem.
Kusto Query Language (KQL) Mastery: Construct queries, filter searches, and extract unstructured data using KQL for advanced data analysis and Sentinel watchlist access.
Microsoft Sentinel Architecture & Data Collection: Manage Sentinel workspaces and threat indicators, and connect various data sources (Azure VMs, CEF, Syslog, and Sysmon events).
Proactive Threat Hunting & Automated Response: Conduct proactive threat hunting and livestreaming, create custom analytics rules, and automate incident response actions using playbooks in Microsoft Sentinel and M365 Defender.

Who Should Attend

Security Engineer, Security Operations Analyst.

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

Prerequisites

Microsoft Security, Compliance, & Identity: Working knowledge of Microsoft security, compliance, and identity products.
Microsoft Defender XDR: Practical understanding of Microsoft 365 and Defender XDR, including threat mitigation techniques (such as those covered in the SC-200 curriculum).
Microsoft Sentinel & KQL: Hands-on experience configuring Microsoft Sentinel, connecting logs, and writing Kusto Query Language (KQL) queries for detections and investigations.
Security Operations: Foundational knowledge of security operations, incident response, and threat detection.
Azure Infrastructure: Familiarity with core Azure services, including Virtual Machines, Virtual Networking, SQL Database, and Storage.
Systems & Networking: Solid understanding of computer networking concepts and Windows 10/11 devices.

1Mitigate threats using Microsoft Defender XDR

Introduction to Microsoft Defender XDR threat protection

Mitigate incidents using Microsoft Defender

Remediate threats using Microsoft Defender

Manage Microsoft Entra Identity Protection

Safeguard your environment with Microsoft Defender for Identity

Secure your cloud apps and services with Microsoft Defender for Cloud Apps

2Mitigate threats using Microsoft Security Copilot

Introduction to generative AI and agents

Describe Microsoft Security Copilot

Describe the core features of Microsoft Security Copilot

Describe the embedded experiences of Microsoft Security Copilot

Explore use cases of Microsoft Security Copilot

3Mitigate threats using Microsoft Purview

Investigate and respond to Microsoft Purview Data Loss Prevention alerts

Investigate insider risk alerts and related activity

Search and investigate with Microsoft Purview Audit

Search for content with Microsoft Purview eDiscovery

4Mitigate threats using Microsoft Defender for Endpoint

Protect against threats with Microsoft Defender for Endpoint

Deploy the Microsoft Defender for Endpoint environment

Implement Windows security enhancements with Microsoft Defender for Endpoint

Perform device investigations in Microsoft Defender for Endpoint

Perform actions on a device using Microsoft Defender for Endpoint

Perform evidence and entities investigations using Microsoft Defender for Endpoint

Configure and manage automation using Microsoft Defender for Endpoint

Configure for alerts and detections in Microsoft Defender for Endpoint

Utilize Vulnerability Management in Microsoft Defender for Endpoint

5Mitigate threats using Microsoft Defender for Cloud

Plan for cloud workload protections using Microsoft Defender for Cloud

Connect Azure assets to Microsoft Defender for Cloud

Connect non-Azure resources to Microsoft Defender for Cloud

Manage your cloud security posture management

Explain cloud workload protections in Microsoft Defender for Cloud

Remediate security alerts using Microsoft Defender for Cloud

Ready to accelerate your team's innovation?

Schedule a meeting

Unlock your team’s potential and get the most from your tech stack

Schedule a meeting