Microsoft Security Operations Analyst (SC-200)


Course Number: MOC-SC-200
Duration: 4 days (26 hours)
Format: Live, hands-on

Microsoft Security Operations Analyst Training Overview

This live online or in-person Microsoft Security Operations Analyst training course (SC-200) teaches teams how to find and mitigate threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. Attendees learn how to use Kusto Query Language (KQL) to perform threat detection, analysis, and reporting. This course prepares students for the SC-200 exam for which every attendee receives a voucher.

Location and Pricing

Accelebrate offers instructor-led enterprise training for groups of 3 or more online or at your site. Most Accelebrate classes can be flexibly scheduled for your group, including delivery in half-day segments across a week or set of weeks. To receive a customized proposal and price quote for private corporate training on-site or online, please contact us.

In addition, some courses are available as live, instructor-led training from one of our partners.

Objectives

All students will learn how to:

  • Investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender
  • Utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting
  • Perform actions on a device using Microsoft Defender for Endpoint
  • Conduct advanced hunting in Microsoft 365 Defender
  • Configure auto-provisioning in Azure Defender
  • Filter searches based on event time, severity, domain, and other relevant data using KQL
  • Manage an Azure Sentinel workspace
  • Manage threat indicators in Azure Sentinel
  • Connect Azure Windows Virtual Machines to Azure Sentinel
  • Use queries to hunt for threats
  • Observe threats over time with livestream

Prerequisites

  • Basic understanding of Microsoft 365
  • Fundamental understanding of Microsoft security, compliance, and identity products
  • Intermediate understanding of Windows 10
  • Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
  • Familiarity with Azure virtual machines and virtual networking
  • Basic understanding of scripting

Outline

Introduction to Microsoft 365 threat protection
Mitigate incidents using Microsoft 365 Defender
Protect your identities with Azure AD Identity Protection
Remediate risks with Microsoft Defender for Office 365
Safeguard your environment with Microsoft Defender for Identity
Secure your cloud apps and services with Microsoft Defender for Cloud Apps
Respond to data loss prevention alerts using Microsoft 365
Manage insider risk in Microsoft Purview
Investigate threats by using audit features in Microsoft 365 Defender and Microsoft Purview Standard
Investigate threats using audit in Microsoft 365 Defender and Microsoft Purview (Premium)
Investigate threats with Content search in Microsoft Purview
Protect against threats with Microsoft Defender for Endpoint
Deploy the Microsoft Defender for Endpoint environment
Implement Windows security enhancements with Microsoft Defender for Endpoint
Perform device investigations in Microsoft Defender for Endpoint
Perform actions on a device using Microsoft Defender for Endpoint
Perform evidence and entities investigations using Microsoft Defender for Endpoint
Configure and manage automation using Microsoft Defender for Endpoint
Configure for alerts and detections in Microsoft Defender for Endpoint
Utilize Vulnerability Management in Microsoft Defender for Endpoint
Plan for cloud workload protections using Microsoft Defender for Cloud
Connect Azure assets to Microsoft Defender for Cloud
Connect non-Azure resources to Microsoft Defender for Cloud
Manage your cloud security posture management‚Äč
Explain cloud workload protections in Microsoft Defender for Cloud
Remediate security alerts using Microsoft Defender for Cloud
Construct KQL statements for Microsoft Sentinel
Analyze query results using KQL
Build multi-table statements using KQL
Work with data in Microsoft Sentinel using Kusto Query Language
Security Operations Analyst
Microsoft Sentinel
Introduction to Microsoft Sentinel
Create and manage Microsoft Sentinel workspaces
Query logs in Microsoft Sentinel
Use watchlists in Microsoft Sentinel
Conclusion

Training Materials

All Microsoft training students receive Microsoft official courseware.

For all Microsoft Official Courses taught in their entirety that have a corresponding certification exam, an exam voucher is included for each participant.

Software Requirements

Attendees will not need to install any software on their computer for this class. The class will be conducted in a remote environment that Accelebrate will provide; students will only need a local computer with a web browser and a stable Internet connection. Any recent version of Microsoft Edge, Mozilla Firefox, or Google Chrome will be fine.



Learn faster

Our live, instructor-led lectures are far more effective than pre-recorded classes

Satisfaction guarantee

If your team is not 100% satisfied with your training, we do what's necessary to make it right

Learn online from anywhere

Whether you are at home or in the office, we make learning interactive and engaging

Multiple Payment Options

We accept check, ACH/EFT, major credit cards, and most purchase orders



Recent Training Locations

Alabama

Birmingham

Huntsville

Montgomery

Alaska

Anchorage

Arizona

Phoenix

Tucson

Arkansas

Fayetteville

Little Rock

California

Los Angeles

Oakland

Orange County

Sacramento

San Diego

San Francisco

San Jose

Colorado

Boulder

Colorado Springs

Denver

Connecticut

Hartford

DC

Washington

Florida

Fort Lauderdale

Jacksonville

Miami

Orlando

Tampa

Georgia

Atlanta

Augusta

Savannah

Hawaii

Honolulu

Idaho

Boise

Illinois

Chicago

Indiana

Indianapolis

Iowa

Cedar Rapids

Des Moines

Kansas

Wichita

Kentucky

Lexington

Louisville

Louisiana

New Orleans

Maine

Portland

Maryland

Annapolis

Baltimore

Frederick

Hagerstown

Massachusetts

Boston

Cambridge

Springfield

Michigan

Ann Arbor

Detroit

Grand Rapids

Minnesota

Minneapolis

Saint Paul

Mississippi

Jackson

Missouri

Kansas City

St. Louis

Nebraska

Lincoln

Omaha

Nevada

Las Vegas

Reno

New Jersey

Princeton

New Mexico

Albuquerque

New York

Albany

Buffalo

New York City

White Plains

North Carolina

Charlotte

Durham

Raleigh

Ohio

Akron

Canton

Cincinnati

Cleveland

Columbus

Dayton

Oklahoma

Oklahoma City

Tulsa

Oregon

Portland

Pennsylvania

Philadelphia

Pittsburgh

Rhode Island

Providence

South Carolina

Charleston

Columbia

Greenville

Tennessee

Knoxville

Memphis

Nashville

Texas

Austin

Dallas

El Paso

Houston

San Antonio

Utah

Salt Lake City

Virginia

Alexandria

Arlington

Norfolk

Richmond

Washington

Seattle

Tacoma

West Virginia

Charleston

Wisconsin

Madison

Milwaukee

Alberta

Calgary

Edmonton

British Columbia

Vancouver

Manitoba

Winnipeg

Nova Scotia

Halifax

Ontario

Ottawa

Toronto

Quebec

Montreal

Puerto Rico

San Juan