cross

BIGGEST CHRISTMAS SALE !

red-starWHO WILL BE FUNDING THE COURSE?

close

close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

close

close

Press esc to close

close close

Back to course information

Thank you for your enquiry!

One of our training experts will be in touch shortly to go overy your training requirements.

close close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

Course Information

Microsoft Security Operations Analyst SC200 Course Outline

Module 1: Introduction to Microsoft 365 Threat Protection

  • Introduction
  • Explore Extended Detection and Response (XDR) Response Use Cases
  • Understand Microsoft 365 Defender in a Security Operations Centre (SOC)
  • Explore Microsoft Security Graph
  • Investigate Security Incident in Microsoft 365 Defender

Module 2: Mitigate Incidents Using Microsoft 365 Defender

  • Introduction
  • Use the Microsoft 365 Defender Portal
  • Manage Incidents
  • Investigate Incidents
  • Manage and Investigate Alerts
  • Manage Automated Investigations
  • Use the Action Centre
  • Explore Advanced Hunting
  • Investigate Azure AD Sign-In Logs
  • Understand Microsoft Secure Score
  • Analyse Threat Analytics
  • Analyse Reports
  • Configure the Microsoft 365 Defender Portal

Module 3: Protect Your Identities with Azure AD Identity Protection

  • Introduction
  • Azure AD Identity Protection Overview
  • Detect Risks with Azure AD Identity Protection Policies
  • Investigate and Remediate Risks Detected by Azure AD Identity Protection

Module 4: Remediate Risks with Microsoft Defender for Office 365

  • Introduction to Microsoft Defender for Office 365
  • Automate, Investigate, and Remediate
  • Configure, Protect, and Detect
  • Simulate Attacks

Module 5: Safeguard Your Environment with Microsoft Defender for Identity

  • Introduction to Microsoft Defender for Identity
  • Configure Microsoft Defender for Identity Sensors
  • Review Compromised Accounts or Data
  • Integrate with Other Microsoft Tools

Module 6: Secure Your Cloud Apps and Services with Microsoft Defender for Cloud Apps

  • Introduction
  • Understand the Defender for Cloud Apps Framework
  • Explore Your Cloud Apps with Cloud Discovery
  • Protect Your Data and Apps with Conditional Access App Control
  • Walk Through Discovery and Access Control with Microsoft Defender for Cloud Apps
  • Classify and Protect Sensitive Information
  • Detect Threats

Module 7: Respond to Data Loss Prevention Alerts Using Microsoft 365

  • Introduction
  • Describe Data Loss Prevention Alerts
  • Investigate Data Loss Prevention Alerts in Microsoft Purview
  • Investigate Data Loss Prevention Alerts in Microsoft Defender for Cloud Apps

Module 8: Manage Insider Risk in Microsoft Purview

  • Insider Risk Management Overview
  • Introduction to Managing Insider Risk Policies
  • Create and Manage Insider Risk Policies
  • Knowledge Check
  • Investigate Insider Risk Alerts
  • Take Action on Insider Risk Alerts through Cases
  • Manage Insider Risk Management Forensic Evidence
  • Create Insider Risk Management Notice Templates

Module 9: Investigate Threats by Using Audit Features in Microsoft 365 Defender and Microsoft Purview Standard

  • Introduction to Threat Investigation with the Unified Audit Log (UAL)
  • Explore Microsoft Purview Audit Solutions
  • Implement Microsoft Purview Audit (Standard)
  • Start Recording Activity in the Unified Audit Log
  • Search the Unified Audit Log (UAL)
  • Export, Configure, and View Audit Log Records
  • Use Audit Log Searching to Investigate Common Support Issues

Module 10: Investigate Threats Using Audit in Microsoft 365 Defender and Microsoft Purview (Premium)

  • Introduction to Threat Investigation with the Unified Audit Log (UAL)
  • Explore Microsoft Purview Audit Solutions
  • Implement Microsoft Purview Audit (Standard)
  • Start Recording Activity in the Unified Audit Log
  • Search the Unified Audit Log (UAL)
  • Export, Configure, and View Audit Log Records
  • Use Audit Log Searching to Investigate Common Support Issues

Module 11: Investigate Threats with Content Search in Microsoft Purview

  • Introduction
  • Explore Microsoft Purview eDiscovery Solutions
  • Create a Content Search
  • View the Search Results and Statistics
  • Export the Search Results and Search Report
  • Configure Search Permissions Filtering
  • Search for and Delete Email Messages

Module 12: Protect Against Threats with Microsoft Defender for Endpoint

  • Introduction to Microsoft Defender for Endpoint
  • Practice Security Administration
  • Hunt Threats within Your Network

Module 13: Deploy the Microsoft Defender for Endpoint Environment

  • Introduction
  • Create Your Environment
  • Understand Operating Systems Compatibility and Features
  • Onboard Devices
  • Manage Access
  • Create and Manage Roles for Role-Based Access Control
  • Configure Device Groups
  • Configure Environment Advanced Features

Module 14: Implement Windows Security Enhancements with Microsoft Defender for Endpoint

  • Introduction
  • Understand Attack Surface Reduction
  • Enable Attack Surface Reduction Rules

Module 15: Perform Device Investigations in Microsoft Defender for Endpoint

  • Introduction
  • Use the Device Inventory List
  • Investigate the Device
  • Use Behavioral Blocking
  • Detect Devices with Device Discovery

Module 16: Perform Actions on a Device Using Microsoft Defender for Endpoint

  • Introduction
  • Explain Device Actions
  • Run Microsoft Defender Antivirus Scan on Devices
  • Collect Investigation Package from Devices
  • Initiate Live Response Session

Module 17: Perform Evidence and Entities Investigations Using Microsoft Defender for Endpoint

  • Introduction
  • Investigate a File
  • Investigate a User Account
  • Investigate an IP Address
  • Investigate a Domain

Module 18: Configure and Manage Automation Using Microsoft Defender for Endpoint

  • Introduction
  • Configure Advanced Features
  • Manage Automation Upload and Folder Settings
  • Configure Automated Investigation and Remediation Capabilities
  • Block At-Risk Devices

Module 19: Configure for Alerts and Detections in Microsoft Defender for Endpoint

  • Introduction
  • Configure Advanced Features
  • Configure Alert Notifications
  • Manage Alert Suppression
  • Manage Indicators

Module 20: Utilise Vulnerability Management in Microsoft Defender for Endpoint

  • Introduction
  • Understand Vulnerability Management
  • Explore Vulnerabilities on Your Devices
  • Manage Remediation

Module 21: Plan for Cloud Workload Protections Using Microsoft Defender for Cloud

  • Introduction
  • Explain Microsoft Defender for Cloud
  • Describe Microsoft Defender for Cloud Workload Protections
  • Exercise – Microsoft Defender for Cloud Interactive Guide
  • Enable Microsoft Defender for Cloud

Module 22: Connect Azure Assets to Microsoft Defender for Cloud

  • Introduction
  • Explore and Manage Your Resources with Asset Inventory
  • Configure Auto Provisioning
  • Manual Log Analytics Agent Provisioning

Module 23: Connect Non-Azure Resources to Microsoft Defender for Cloud

  • Introduction
  • Protect Non-Azure Resources
  • Connect Non-Azure Machines
  • Connect Your AWS Accounts
  • Connect Your GCP Accounts

Module 24: Manage Your Cloud Security Posture Management

  • Introduction
  • Explore Secure Score
  • Explore Recommendations
  • Measure and Enforce Regulatory Compliance
  • Understand Workbooks

Module 25: Explain Cloud Workload Protections in Microsoft Defender for Cloud

  • Introduction
  • Understand Microsoft Defender for Servers
  • Understand Microsoft Defender for App Service
  • Understand Microsoft Defender for Storage
  • Understand Microsoft Defender for SQL
  • Understand Microsoft Defender for Open-Source Databases
  • Understand Microsoft Defender for Key Vault
  • Understand Microsoft Defender for Resource Manager
  • Understand Microsoft Defender for DNS
  • Understand Microsoft Defender for Containers
  • Understand Microsoft Defender Additional Protections

Module 26: Remediate Security Alerts Using Microsoft Defender for Cloud

  • Introduction
  • Understand Security Alerts
  • Remediate Alerts and Automate Responses
  • Suppress Alerts from Defender for Cloud
  • Generate Threat Intelligence Reports
  • Respond to Alerts from Azure Resources

Module 27: Construct KQL Statements for Microsoft Sentinel

  • Introduction
  • Understand the Kusto Query Language Statement Structure
  • Use the Search Operator
  • Use the Where Operator
  • Use the Let Statement
  • Use the Extend Operator
  • Use the Order By Operator
  • Use the Project Operators

Module 28: Analyse Query Results Using KQL

  • Introduction
  • Use the Summarise Operator
  • Use the Summarise Operator to Filter Results
  • Use the Summarise Operator to Prepare Data
  • Use the Render Operator to Create Visualisations

Module 29: Build Multi-Table Statements Using KQL

  • Introduction
  • Use the Union Operator
  • Use the Join Operator

Module 30: Work with Data in Microsoft Sentinel Using Kusto Query Language

  • Introduction
  • Extract Data from Unstructured String Fields
  • Extract Data from Structured String Data
  • Integrate External Data
  • Create Parsers with Functions

Module 31: Introduction to Microsoft Sentinel

  • Introduction
  • What is Microsoft Sentinel?
  • How Microsoft Sentinel Works?
  • When to Use Microsoft Sentinel?

Module 32: Create and Manage Microsoft Sentinel Workspaces

  • Introduction
  • Plan for the Microsoft Sentinel Workspace
  • Create a Microsoft Sentinel Workspace
  • Manage Workspaces Across Tenants Using Azure Lighthouse
  • Understand Microsoft Sentinel Permissions and Roles
  • Manage Microsoft Sentinel Settings
  • Configure Logs

Module 33: Query Logs in Microsoft Sentinel

  • Introduction
  • Query Logs in the Logs Page
  • Understand Microsoft Sentinel Tables
  • Understand Common Tables
  • Understand Microsoft 365 Defender Tables

Module 34: Use Watchlists in Microsoft Sentinel

  • Introduction
  • Plan for Watchlists
  • Create a Watchlist
  • Manage Watchlists

Module 35: Utilise Threat Intelligence in Microsoft Sentinel

  • Introduction
  • Define Threat Intelligence
  • Manage Your Threat Indicators
  • View Your Threat Indicators with KQL

Module 36: Connect Data to Microsoft Sentinel Using Data Connectors

  • Introduction
  • Ingest Log Data with Data Connectors
  • Understand Data Connector Providers
  • View Connected Hosts

Module 37: Connect Microsoft Services to Microsoft Sentinel

  • Introduction
  • Plan for Microsoft Services Connectors
  • Connect the Microsoft Office 365 Connector
  • Connect the Azure Active Directory Connector
  • Connect the Azure Active Directory Identity Protection Connector
  • Connect the Azure Activity Connector

Module 38: Connect Microsoft 365 Defender to Microsoft Sentinel

  • Introduction
  • Plan for Microsoft 365 Defender Connectors
  • Connect the Microsoft 365 Defender Connector
  • Connect Microsoft Defender for Cloud Connector
  • Connect Microsoft Defender for IoT
  • Connect Microsoft Defender Legacy Connectors

Module 39: Connect Windows Hosts to Microsoft Sentinel

  • Introduction
  • Plan for Windows Hosts Security Events Connector
  • Connect Using the Windows Security Events via AMA Connector
  • Connect Using the Security Events via Legacy Agent Connector
  • Collect Sysmon Event Logs

Module 40: Connect Common Event Format Logs to Microsoft Sentinel

  • Introduction
  • Plan for Common Event Format Connector
  • Connect Your External Solution Using the Common Event Format Connector

Module 41: Connect Syslog Data Sources to Microsoft Sentinel

  • Introduction
  • Plan for Syslog Data Collection
  • Collect Data from Linux-Based Sources Using Syslog
  • Configure the Data Collection Rule for Syslog Data Sources
  • Parse Syslog Data with KQL

Module 42: Connect Threat Indicators to Microsoft Sentinel

  • Introduction
  • Plan for Threat Intelligence Connectors
  • Connect the Threat Intelligence TAXII Connector
  • Connect the Threat Intelligence Platforms Connector
  • View Your Threat Indicators with KQL

Module 43: Threat Detection with Microsoft Sentinel Analytics

  • Introduction
  • Exercise - Detect Threats with Microsoft Sentinel Analytics
  • What is Microsoft Sentinel Analytics?
  • Types of Analytics Rules
  • Create an Analytics Rule from Templates
  • Create an Analytics Rule from Wizard
  • Manage Analytics Rules
  • Exercise - Detect Threats with Microsoft Sentinel Analytics

Module 44: Automation in Microsoft Sentinel

  • Introduction
  • Understand Automation Options
  • Create Automation Rules

Module 45: Security Incident Management in Microsoft Sentinel

  • Introduction
  • Exercise - Set Up the Azure Environment
  • Understand Incidents
  • Incident Evidence and Entities
  • Incident Management
  • Exercise - Investigate an Incident

Module 46: Identify Threats with Behavioral Analytics

  • Introduction
  • Understand Behavioral Analytics
  • Explore Entities
  • Display Entity Behavior Information
  • Use Anomaly Detection Analytical Rule Templates

Module 47: Data Normalisation in Microsoft Sentinel

  • Introduction
  • Understand Data Normalisation
  • Use ASIM Parsers
  • Understand Parameterised KQL Functions
  • Create an ASIM Parser
  • Configure Azure Monitor Data Collection Rules

Module 48: Query, Visualise, and Monitor Data in Microsoft Sentinel

  • Introduction
  • Exercise - Query and Visualise Data with Microsoft Sentinel Workbooks
  • Monitor and Visualise Data
  • Query Data Using Kusto Query Language
  • Use Default Microsoft Sentinel Workbooks
  • Create a New Microsoft Sentinel Workbook
  • Exercise - Visualise Data Using Microsoft Sentinel Workbooks

Module 49: Manage Content in Microsoft Sentinel

  • Introduction
  • Use Solutions from the Content Hub
  • Use Repositories for Deployment

Module 50: Explain Threat Hunting Concepts in Microsoft Sentinel

  • Introduction
  • Understand Cybersecurity Threat Hunts
  • Develop a Hypothesis
  • Explore MITRE ATT and CK

Module 51: Threat Hunting with Microsoft Sentinel

  • Introduction
  • Exercise Setup
  • Explore Creation and Management of Threat-Hunting Queries
  • Save Key Findings with Bookmarks
  • Observe Threats Over Time with Livestream
  • Exercise - Hunt for Threats by Using Microsoft Sentinel

Module 52: Use Search Jobs in Microsoft Sentinel

  • Introduction
  • Hunt with a Search Job
  • Restore Historical Data

Module 53: Hunt for Threats Using Notebooks in Microsoft Sentinel

  • Introduction
  • Access Azure Sentinel Data with External Tools
  • Hunt with Notebooks
  • Create a Notebook
  • Explore Notebook Code

Show moredowndown

Who should attend this Microsoft Security Operations Analyst SC200 Training Course?

This Microsoft Security Operations Analyst SC200 Course is designed for individuals who are interested in developing their skills and expertise in the field of Security Operations and Threat Detection and Response using Microsoft technologies. This training course is especially beneficial for the following professionals:

  • Cybersecurity Analysts
  • Threat Detection Specialists
  • Security Engineers
  • Incident Responders
  • IT Administrators
  • Network Administrators
  • Cloud Security Analysts

Prerequisites of the Microsoft Security Operations Analyst SC200 Training Course

There are no formal prerequisites for this Microsoft Security Operations Analyst SC200 Course. However, basic knowledge of Cybersecurity and IT concepts would be beneficial for the delegates.

Microsoft Security Operations Analyst SC200 Course Overview

The Microsoft Security Operations Analyst SC200 Training is a vital course that equips professionals with the knowledge and skills needed to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. In today's cybersecurity landscape, the ability to mitigate cyberthreats is of utmost importance, making this course highly relevant and valuable.

Professionals involved in Security Operations roles, including Security Engineers, Analysts, and those responsible for safeguarding digital assets, should aim to master this subject. With the increasing sophistication of cyber threats, knowing how to effectively use these technologies and Kusto Query Language (KQL) is crucial for ensuring the security and resilience of an organisation's digital infrastructure.

The 4-day training course offered by the Knowledge Academy is designed to empower delegates with the practical skills and knowledge necessary to excel in a Security Operations job role. This course focuses on configuring and using Microsoft Sentinel and utilising KQL for detection, analysis, and reporting. It also prepares learners for the SC-200: Microsoft Security Operations Analyst exam, making it a comprehensive and valuable training opportunity.

Course Objectives:

  • To investigate and respond to threats using Microsoft Sentinel
  • To utilise Kusto Query Language (KQL) for threat detection and analysis
  • To configure Microsoft Sentinel for effective threat mitigation
  • To enhance threat hunting capabilities using Microsoft Defender for Cloud and Microsoft 365 Defender
  • To master the practical skills necessary for a Security Operations job role

Upon completion of this Microsoft Security Engineer Training Course, delegates will benefit from an advanced skill set and in-depth knowledge of threat mitigation using Microsoft security technologies. They will be well-prepared to effectively respond to cyber threats, enhancing their organisation's security posture and contributing to a safer digital environment.

Show moredowndown

What’s included in this Microsoft Security Operations Analyst SC200 Training Course?

  • World-Class Training Sessions from Experienced Instructors
  • Microsoft Security Operations Analyst SC200 Certificate
  • Digital Delegate Pack

Show moredowndown

Why choose us

Ways to take this course

Our easy to use Virtual platform allows you to sit the course from home with a live instructor. You will follow the same schedule as the classroom course, and will be able to interact with the trainer and other delegates.

Our fully interactive online training platform is compatible across all devices and can be accessed from anywhere, at any time. All our online courses come with a standard 90 days access that can be extended upon request. Our expert trainers are constantly on hand to help you with any questions which may arise.

This is our most popular style of learning. We run courses in 1200 locations, across 200 countries in one of our hand-picked training venues, providing the all important ‘human touch’ which may be missed in other learning styles.

best_trainers

Highly experienced trainers

All our trainers are highly qualified, have 10+ years of real-world experience and will provide you with an engaging learning experience.

venues

State of the art training venues

We only use the highest standard of learning facilities to make sure your experience is as comfortable and distraction-free as possible

small_classes

Small class sizes

We limit our class sizes to promote better discussion and ensuring everyone has a personalized experience

value_for_money

Great value for money

Get more bang for your buck! If you find your chosen course cheaper elsewhere, we’ll match it!

This is the same great training as our classroom learning but carried out at your own business premises. This is the perfect option for larger scale training requirements and means less time away from the office.

tailored_learning_experience

Tailored learning experience

Our courses can be adapted to meet your individual project or business requirements regardless of scope.

budget

Maximise your training budget

Cut unnecessary costs and focus your entire budget on what really matters, the training.

team_building

Team building opportunity

This gives your team a great opportunity to come together, bond, and discuss, which you may not get in a standard classroom setting.

monitor_progress

Monitor employees progress

Keep track of your employees’ progression and performance in your own workspace.

What our customers are saying

Microsoft Security Operations Analyst SC200 FAQs

This Microsoft Security Training course will provide you with in-depth knowledge of threat management, tracking, and response and help you gain an in-depth understanding of Microsoft defender 365, Azure defender, Azure sentinel, etc. It will help you to advance your skills, get a valuable credential, and increase your salary. The Microsoft Security Course also provides hands-on experience with Microsoft security technologies, enabling practical application of learned concepts. Lastly, individuals pursuing this Microsoft Security Course get the opportunity to network and collaborate with industry peers fostering professional growth.
To attend this Microsoft Security Operations Analyst SC200 training course, delegates should have a basic to intermediate understanding of Microsoft 365, Windows 10, Microsoft security, compliance, and identity products, familiarity with Azure services, Azure VMs and virtual networking, and scripting concepts.
This Microsoft Security Certification Course – Microsoft Security Operations Analyst SC200 training course - is ideal for anyone who wants to gain in-depth knowledge of cyber threat mitigation technologies.
Yes, The Knowledge Academy is accredited by Microsoft to provide this training course.
Microsoft Azure sentinel is a scalable Security Information Event Management (SIEM) and Security Orchestration Automated Response (SOAR) solution that runs on the cloud.
During this Microsoft Security Operations Analyst SC200 training course, you will learn various essential topics such as how to query, visualise, and monitor data in Azure sentinel, connect Windows hosts to Azure sentinel, respond to data loss prevention alerts, manage insider risk in Microsoft 365, and many more.
The price for Microsoft Security Operations Analyst SC200 certification in the United Kingdom starts from £2495
The Knowledge Academy is the Leading global training provider for Microsoft Security Operations Analyst SC200.

Why choose us

icon

Best price in the industry

You won't find better value in the marketplace. If you do find a lower price, we will beat it.

icon

Many delivery methods

Flexible delivery methods are available depending on your learning style.

icon

High quality resources

Resources are included for a comprehensive learning experience.

barclays Logo
deloitte Logo
Thames Water Logo

"Really good course and well organised. Trainer was great with a sense of humour - his experience allowed a free flowing course, structured to help you gain as much information & relevant experience whilst helping prepare you for the exam"

Joshua Davies, Thames Water

santander logo
bmw Logo
Google Logo

Looking for more information on Microsoft Security Engineer Training?

backBack to course information

Get a custom course package

We may not have any package deals available including this course. If you enquire or give us a call on 01344203999 and speak to our training experts, we should be able to help you with your requirements.