What You Need to Know Before
You Start

Starts 3 June 2025 07:51

Ends 3 June 2025

00 days
00 hours
00 minutes
00 seconds
course image

SC-200 Microsoft Security Operations Analyst Course & SIMs

Get prepared for the SC-200 exam with instructor led labs and hands on simulations available 24/7
via Udemy

4052 Courses


12 hours 2 minutes

Optional upgrade avallable

Not Specified

Progress at your own speed

Paid Course

Optional upgrade avallable

Overview

Get prepared for the SC-200 exam with instructor led labs and hands on simulations available 24/7 What you'll learn:

Learn the concepts and perform hands on activities needed to pass the SC-200 examGain a tremendous amount of knowledge involving securing Microsoft 365 and Azure ServicesGet loads of hands on experience with Security Operations for Microsoft 365Utilize hands on simulations that can be access anytime, anywhere! We really hope you'll agree, this training is way more then the average course on Udemy!

Have access to the following:

Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified TrainerLecture that explains the concepts in an easy to learn method for someone that is just starting out with this materialInstructor led hands on and simulations to practice that can be followed even if you have little to no experienceTOPICS COVEREDINCLUDINGHANDSONLECTUREANDPRACTICETUTORIALS:

IntroductionWelcome to the courseUnderstanding the Microsoft EnvironmentFoundations of Active Directory DomainsFoundations of RAS, DMZ, and VirtualizationFoundations of the Microsoft Cloud ServicesDONT SKIP:

The first thing to know about Microsoft cloud servicesDONT SKIP:

Azure AD is now renamed to Entra IDQuestions for John ChristopherOrder of concepts covered in the coursePerforming hands on activitiesDONT SKIP:

Using Assignments in the courseCreating a free Microsoft 365 AccountActivating licenses for Defender for Endpoint and VulnerabilitiesGetting your free Azure creditConfigure settings in Microsoft Defender XDRIntroduction to Microsoft 365 DefenderConcepts of the purpose of extended detection and response (XDR)Microsoft Defender and Microsoft Purview admin centersConcepts of Microsoft SentinelConcepts of management with Microsoft Defender for EndpointManage assets and environmentsSetup a Windows 11 virtual machine endpointEnrolling to Intune for attack surface reduction (ASR) supportOnboarding to manage devices using Defender for EndpointA note about extra features in your Defender for EndpointIncidents, alert notifications, and advanced feature for endpointsReview and respond to endpoint vulnerabilitiesRecommend attack surface reduction (ASR) for devicesConfigure and manage device groupsOverview of Microsoft Defender for CloudIdentify devices at risk using the Microsoft Defender Vulnerability ManagementManage endpoint threat indicatorsIdentify unmanaged devices by using device discoveryDesign and configure a Microsoft Sentinel workspacePlan a Microsoft Sentinel workspaceConfigure Microsoft Sentinel rolesDesign and configure Microsoft Sentinel data storage, log types and log retentionIngest data sources in Microsoft SentinelIdentify data sources to be ingested for Microsoft SentinelConfigure and use MS Sentinel connectors, Azure Policy & diagnostic settingsConfigure Microsoft Sentinel connectors for MS 365 Defender & Defender for CloudDesign and configure Syslog and Common Event Format (CEF) event collectionsDesign and configure Windows security event collectionsConfigure threat intelligence connectorsCreate custom log tables in the workspace to store ingested dataConfigure protections in Microsoft Defender security technologiesPlan and configure Microsoft Defender for Cloud settingsConfigure Microsoft Defender for Cloud rolesAssess and recommend cloud workload protection and enable plansConfigure automated onboarding of Azure resourcesConnect multi-cloud resources by using Environment settingsConfigure detection in Microsoft Defender XDRSetup a simulation lab using Microsoft 365 DefenderRun an attack against a device in the simulation labManage incidents & automated investigations in the Microsoft 365 Defender portalRun an attack simulation email campaign in Microsoft 365 DefenderManage actions and submissions in the Microsoft 365 Defender portalIdentify threats by using Kusto Query Language (KQL)Identify and remediate security risks by using Microsoft Secure ScoreAnalyze threat analytics in the Microsoft 365 Defender portalConfigure and manage custom detections and alertsConfigure detections in Microsoft SentinelConcepts of Microsoft Sentinel analytics rulesConfigure the Fusion ruleConfigure Microsoft security analytics rulesConfigure built-in scheduled query rulesConfigure custom scheduled query rulesConfigure near-real-time (NRT) analytics rulesManage analytics rules from Content hubManage and use watchlistsManage and use threat indicatorsRespond to alerts and incidents in the Microsoft Defender portalUsing polices to remediate threats with Email, Teams, SharePoint & OneDriveInvestigate, respond, and remediate threats with Defender for Office 365Understanding data loss prevention (DLP) in Microsoft 365 DefenderImplement data loss prevention policies (DLP) to respond and alertInvestigate & respond to alerts generated by data loss prevention (DLP) policiesUnderstanding insider risk policiesGenerating an insider risk policyInvestigate and respond to alerts generated by insider risk policiesDiscover and manage apps by using Microsoft Defender for Cloud AppsIdentify, investigate, & remediate security risks by using Defender for Cloud AppsRespond to alerts and incidents identified by Microsoft Defender for EndpointConfigure User and Entity Behavior Analytics settingsInvestigate threats by using entity pagesConfigure anomaly detection analytics rulesInvestigate Microsoft 365 activitiesUnderstanding unified audit log licensing and requirementsSetting unified audit permissions and enabling supportInvestigate threats by using unified audit LogInvestigate threats by using Content SearchPerform threat hunting by using Microsoft Graph activity logsRespond to incidents in Microsoft SentinelConfigure an incident generationTriage incidents in Microsoft SentinelInvestigate incidents in Microsoft SentinelRespond to incidents in Microsoft SentinelInvestigate multi-workspace incidentsImplement and use Copilot for SecurityWhat is Copilot for Security?Onboarding Copilot for SecurityCreate and use promptbooksManage sources for Copilot for Security, including plugins and filesManage permissions and roles in Copilot for SecurityMonitor Copilot for Security capacity and costIdentify threats and risks by using Copilot for SecurityInvestigate incidents by using Copilot for SecurityConfigure security orchestration, automation, and response (SOAR) in Microsoft SentinelCreate and configure automation rulesCreate and configure Microsoft Sentinel playbooksConfigure analytic rules to trigger automation rulesTrigger playbooks from alerts and incidentsHunt for threats by using Microsoft Defender XDRIdentify threats by using Kusto Query Language (KQL)Interpret threat analytics in the Microsoft Defender portalCreate custom hunting queries by using KQLHunt for threats by using Microsoft SentinelAnalyze attack vector coverage by using MITRE ATT&CK in Microsoft SentinelCustomize content gallery hunting queriesCreate custom hunting queriesUse hunting bookmarks for data investigationsMonitor hunting queries by using LivestreamRetrieve and manage archived log dataCreate and manage search jobsRespond to alerts and incidents in Microsoft Defender for CloudSet up email notificationsCreate and manage alert suppression rulesDesign and configure workflow automation in Microsoft Defender for CloudGenerate sample alerts and incidents in Microsoft Defender for CloudRemediate alerts and incidents by using MS Defender for Cloud recommendationsManage security alerts and incidentsAnalyze Microsoft Defender for Cloud threat intelligence reportsCreate and configure Microsoft Sentinel workbooksActivate and customize Microsoft Sentinel workbook templatesCreate custom workbooksConfigure advanced visualizationsConclusionCleaning up your lab environmentGetting a Udemy certificateBONUS Where do I go from here?

Syllabus

  • Introduction to Microsoft Security Operations
  • Overview of Microsoft's Security Ecosystem
    Role of a Microsoft Security Operations Analyst
    Key Skills and Concepts
  • Microsoft Security Solutions
  • Microsoft Defender for Endpoint
    Microsoft 365 Defender
    Microsoft Cloud App Security
    Azure Security Center
  • Implementing Threat Protection
  • Strategies for Threat Prevention
    Incident Detection and Investigation
    Response and Recovery Techniques
  • Managing Security Operations
  • Configuring Security Policies
    Monitoring Security Posture
    Using Security Information and Event Management (SIEM) Tools
  • Performing Threat Analysis and Investigations
  • Identifying Threats and Vulnerabilities
    Investigative Techniques
    Analyzing Security Data and Logs
  • Configuring and Managing Security Tools
  • Microsoft Threat Protection Tools Overview
    Integrating Tools for Enhanced Security
    Customizing Alerts and Security Indicators
  • Best Practices for Security Operations
  • Security Incident Lifecycle
    Compliance and Reporting
    Continuous Improvement in Security Operations
  • Hands-on Simulations and Labs
  • Configuring a Simulated Security Environment
    Practical Exercises in Security Monitoring and Threat Response
    Scenario-based Simulations
  • Exam Preparation and Strategies
  • SC-200 Exam Overview
    Exam-taking Strategies
    Review of Key Topics and Concepts
  • Conclusion and Next Steps
  • Career Pathways in Security Operations
    Next Steps for Continued Learning and Certification
    Resources and Support for Ongoing Development

Taught by

John Christopher


Subjects

Information Security (InfoSec)