Defend Against Cyberthreats with Microsoft’s Security Operations Platform (SC-200)
Course 8591
4 DAY COURSE
Course Outline
Learn how to investigate, respond to, and remediate threats using Microsoft's security operations tools and services. In this hands-on course, you'll use Microsoft Defender XDR, Microsoft Sentinel, Microsoft Defender for Endpoint, Microsoft Defender for Cloud, Microsoft Security Copilot, and Microsoft Purview to identify threats, analyze attack activity, and support incident response activities across hybrid and cloud environments.
You'll learn how to collect and analyze security data, create detections, investigate incidents, automate response actions, and proactively hunt for threats using Microsoft Sentinel and Kusto Query Language (KQL). The course also covers identity protection, endpoint security, cloud workload protection, data security investigations, and the use of AI-powered security tools to improve analyst productivity and investigation workflows.
This course helps prepare students for the Microsoft Certified: Security Operations Analyst Associate certification.
Defend Against Cyberthreats with Microsoft’s Security Operations Platform (SC-200) Benefits
-
You Will Learn How To
After completing this course, you will be able to:
- Mitigate threats using Microsoft Defender XDR
- Investigate and remediate incidents across Microsoft security solutions
- Use Microsoft Security Copilot to support security operations workflows
- Investigate data security and insider risk activities using Microsoft Purview
- Protect and investigate endpoints using Microsoft Defender for Endpoint
- Secure cloud workloads using Microsoft Defender for Cloud
- Create and optimize Kusto Query Language (KQL) queries for Microsoft Sentinel
- Configure and manage Microsoft Sentinel environments
- Connect data sources and security logs to Microsoft Sentinel
- Create detections, automate response actions, and investigate incidents
- Perform proactive threat hunting using Microsoft Sentinel
- Analyze security alerts, evidence, and threat intelligence to identify malicious activity
-
Prerequisites
Before attending this course, students should have:
• A basic understanding of Microsoft security technologies
• Familiarity with networking concepts and operating systems
• Knowledge of cloud computing concepts
• Experience with security operations concepts such as monitoring, investigation, and incident response
Defend Against Cyberthreats with Microsoft’s Security Operations Platform (SC-200) Training Outline
Course Outline
Mitigate Threats Using Microsoft Defender XDR
• Introduction to Microsoft Defender XDR threat protection
• Mitigate incidents using Microsoft Defender
• Remediate threats using Microsoft Defender
• Manage Microsoft Entra Identity Protection
• Safeguard your environment with Microsoft Defender for Identity
• Secure your cloud apps and services with Microsoft Defender for Cloud Apps
Mitigate Threats Using Microsoft Security Copilot
• Introduction to generative AI and agents
• Describe Microsoft Security Copilot
• Describe the core features of Microsoft Security Copilot
• Describe the embedded experiences of Microsoft Security Copilot
• Experience Security Copilot through guided simulations
Mitigate Threats Using Microsoft Purview
• Investigate and respond to Microsoft Purview Data Loss Prevention alerts
• Investigate insider risk alerts and related activity
• Search and investigate with Microsoft Purview Audit
• Search for content with Microsoft Purview eDiscovery
Mitigate Threats Using Microsoft Defender for Endpoint
• Protect against threats with Microsoft Defender for Endpoint
• Deploy the Microsoft Defender for Endpoint environment
• Implement Windows security enhancements
• Perform device investigations
• Perform device response actions
• Investigate evidence and entities
• Configure and manage automation
• Configure alerts and detections
• Utilize Vulnerability Management
Mitigate Threats Using Microsoft Defender for Cloud
• Plan cloud workload protections
• Connect Azure resources
• Connect non-Azure resources
• Manage cloud security posture
• Understand workload protection capabilities
• Remediate security alerts
Create Queries for Microsoft Sentinel Using Kusto Query Language
• Construct KQL statements
• Analyze query results
• Build multi-table queries
• Work with Microsoft Sentinel data using KQL
Configure Your Microsoft Sentinel Environment
• Introduction to Microsoft Sentinel
• Create and manage Sentinel workspaces
• Query logs in Microsoft Sentinel
• Use watchlists
• Utilize threat intelligence
• Integrate Microsoft Defender XDR with Microsoft Sentinel
Connect Logs to Microsoft Sentinel
• Connect data using data connectors
• Connect Microsoft services
• Connect Microsoft Defender XDR
• Connect Windows hosts
• Connect Common Event Format (CEF) logs
• Connect Syslog data sources
• Connect threat intelligence indicators
Create Detections and Perform Investigations Using Microsoft Sentinel
• Threat detection with analytics rules
• Automation in Microsoft Sentinel
• Threat response with playbooks
• Security incident management
• Behavioral analytics
• Data normalization
• Query, visualize, and monitor data
• Manage Microsoft Sentinel content
Perform Threat Hunting in Microsoft Sentinel
• Explain threat hunting concepts
• Threat hunting with Microsoft Sentinel
• Use Search Jobs
• Hunt for threats using notebooks
Private Team Training
Interested in this course for your team? Please complete and submit the form below and we will contact you to discuss your needs and budget.
- choosing a selection results in a full page refresh