SC-200 Microsoft Security Operations Analyst Course & SIMs

Overview

Get prepared for the SC-200 exam with instructor led labs and hands on simulations available 24/7 What you'll learn:

Learn the concepts and perform hands on activities needed to pass the SC-200 examGain a tremendous amount of knowledge involving securing Microsoft 365 and Azure ServicesGet loads of hands on experience with Security Operations for Microsoft 365Utilize hands on simulations that can be access anytime, anywhere! We really hope you'll agree, this training is way more then the average course on Udemy!

Have access to the following:

Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified TrainerLecture that explains the concepts in an easy to learn method for someone that is just starting out with this materialInstructor led hands on and simulations to practice that can be followed even if you have little to no experienceTOPICS COVEREDINCLUDINGHANDSONLECTUREANDPRACTICETUTORIALS:

IntroductionWelcome to the courseUnderstanding the Microsoft EnvironmentFoundations of Active Directory DomainsFoundations of RAS, DMZ, and VirtualizationFoundations of the Microsoft Cloud ServicesDONT SKIP:

The first thing to know about Microsoft cloud servicesDONT SKIP:

Azure AD is now renamed to Entra IDQuestions for John ChristopherOrder of concepts covered in the coursePerforming hands on activitiesDONT SKIP:

Using Assignments in the courseCreating a free Microsoft 365 AccountActivating licenses for Defender for Endpoint and VulnerabilitiesGetting your free Azure creditConfigure settings in Microsoft Defender XDRIntroduction to Microsoft 365 DefenderConcepts of the purpose of extended detection and response (XDR)Microsoft Defender and Microsoft Purview admin centersConcepts of Microsoft SentinelConcepts of management with Microsoft Defender for EndpointManage assets and environmentsSetup a Windows 11 virtual machine endpointEnrolling to Intune for attack surface reduction (ASR) supportOnboarding to manage devices using Defender for EndpointA note about extra features in your Defender for EndpointIncidents, alert notifications, and advanced feature for endpointsReview and respond to endpoint vulnerabilitiesRecommend attack surface reduction (ASR) for devicesConfigure and manage device groupsOverview of Microsoft Defender for CloudIdentify devices at risk using the Microsoft Defender Vulnerability ManagementManage endpoint threat indicatorsIdentify unmanaged devices by using device discoveryDesign and configure a Microsoft Sentinel workspacePlan a Microsoft Sentinel workspaceConfigure Microsoft Sentinel rolesDesign and configure Microsoft Sentinel data storage, log types and log retentionIngest data sources in Microsoft SentinelIdentify data sources to be ingested for Microsoft SentinelConfigure and use MS Sentinel connectors, Azure Policy & diagnostic settingsConfigure Microsoft Sentinel connectors for MS 365 Defender & Defender for CloudDesign and configure Syslog and Common Event Format (CEF) event collectionsDesign and configure Windows security event collectionsConfigure threat intelligence connectorsCreate custom log tables in the workspace to store ingested dataConfigure protections in Microsoft Defender security technologiesPlan and configure Microsoft Defender for Cloud settingsConfigure Microsoft Defender for Cloud rolesAssess and recommend cloud workload protection and enable plansConfigure automated onboarding of Azure resourcesConnect multi-cloud resources by using Environment settingsConfigure detection in Microsoft Defender XDRSetup a simulation lab using Microsoft 365 DefenderRun an attack against a device in the simulation labManage incidents & automated investigations in the Microsoft 365 Defender portalRun an attack simulation email campaign in Microsoft 365 DefenderManage actions and submissions in the Microsoft 365 Defender portalIdentify threats by using Kusto Query Language (KQL)Identify and remediate security risks by using Microsoft Secure ScoreAnalyze threat analytics in the Microsoft 365 Defender portalConfigure and manage custom detections and alertsConfigure detections in Microsoft SentinelConcepts of Microsoft Sentinel analytics rulesConfigure the Fusion ruleConfigure Microsoft security analytics rulesConfigure built-in scheduled query rulesConfigure custom scheduled query rulesConfigure near-real-time (NRT) analytics rulesManage analytics rules from Content hubManage and use watchlistsManage and use threat indicatorsRespond to alerts and incidents in the Microsoft Defender portalUsing polices to remediate threats with Email, Teams, SharePoint & OneDriveInvestigate, respond, and remediate threats with Defender for Office 365Understanding data loss prevention (DLP) in Microsoft 365 DefenderImplement data loss prevention policies (DLP) to respond and alertInvestigate & respond to alerts generated by data loss prevention (DLP) policiesUnderstanding insider risk policiesGenerating an insider risk policyInvestigate and respond to alerts generated by insider risk policiesDiscover and manage apps by using Microsoft Defender for Cloud AppsIdentify, investigate, & remediate security risks by using Defender for Cloud AppsRespond to alerts and incidents identified by Microsoft Defender for EndpointConfigure User and Entity Behavior Analytics settingsInvestigate threats by using entity pagesConfigure anomaly detection analytics rulesInvestigate Microsoft 365 activitiesUnderstanding unified audit log licensing and requirementsSetting unified audit permissions and enabling supportInvestigate threats by using unified audit LogInvestigate threats by using Content SearchPerform threat hunting by using Microsoft Graph activity logsRespond to incidents in Microsoft SentinelConfigure an incident generationTriage incidents in Microsoft SentinelInvestigate incidents in Microsoft SentinelRespond to incidents in Microsoft SentinelInvestigate multi-workspace incidentsImplement and use Copilot for SecurityWhat is Copilot for Security?Onboarding Copilot for SecurityCreate and use promptbooksManage sources for Copilot for Security, including plugins and filesManage permissions and roles in Copilot for SecurityMonitor Copilot for Security capacity and costIdentify threats and risks by using Copilot for SecurityInvestigate incidents by using Copilot for SecurityConfigure security orchestration, automation, and response (SOAR) in Microsoft SentinelCreate and configure automation rulesCreate and configure Microsoft Sentinel playbooksConfigure analytic rules to trigger automation rulesTrigger playbooks from alerts and incidentsHunt for threats by using Microsoft Defender XDRIdentify threats by using Kusto Query Language (KQL)Interpret threat analytics in the Microsoft Defender portalCreate custom hunting queries by using KQLHunt for threats by using Microsoft SentinelAnalyze attack vector coverage by using MITRE ATT&CK in Microsoft SentinelCustomize content gallery hunting queriesCreate custom hunting queriesUse hunting bookmarks for data investigationsMonitor hunting queries by using LivestreamRetrieve and manage archived log dataCreate and manage search jobsRespond to alerts and incidents in Microsoft Defender for CloudSet up email notificationsCreate and manage alert suppression rulesDesign and configure workflow automation in Microsoft Defender for CloudGenerate sample alerts and incidents in Microsoft Defender for CloudRemediate alerts and incidents by using MS Defender for Cloud recommendationsManage security alerts and incidentsAnalyze Microsoft Defender for Cloud threat intelligence reportsCreate and configure Microsoft Sentinel workbooksActivate and customize Microsoft Sentinel workbook templatesCreate custom workbooksConfigure advanced visualizationsConclusionCleaning up your lab environmentGetting a Udemy certificateBONUS Where do I go from here?

Syllabus

• Introduction to Microsoft Security Operations
Overview of Microsoft's Security Ecosystem
Role of a Microsoft Security Operations Analyst
Key Skills and Concepts
• Microsoft Security Solutions
Microsoft Defender for Endpoint
Microsoft 365 Defender
Microsoft Cloud App Security
Azure Security Center
• Implementing Threat Protection
Strategies for Threat Prevention
Incident Detection and Investigation
Response and Recovery Techniques
• Managing Security Operations
Configuring Security Policies
Monitoring Security Posture
Using Security Information and Event Management (SIEM) Tools
• Performing Threat Analysis and Investigations
Identifying Threats and Vulnerabilities
Investigative Techniques
Analyzing Security Data and Logs
• Configuring and Managing Security Tools
Microsoft Threat Protection Tools Overview
Integrating Tools for Enhanced Security
Customizing Alerts and Security Indicators
• Best Practices for Security Operations
Security Incident Lifecycle
Compliance and Reporting
Continuous Improvement in Security Operations
• Hands-on Simulations and Labs
Configuring a Simulated Security Environment
Practical Exercises in Security Monitoring and Threat Response
Scenario-based Simulations
• Exam Preparation and Strategies
SC-200 Exam Overview
Exam-taking Strategies
Review of Key Topics and Concepts
• Conclusion and Next Steps
Career Pathways in Security Operations
Next Steps for Continued Learning and Certification
Resources and Support for Ongoing Development

Taught by

John Christopher

Subjects

Information Security (InfoSec)