Cours et SIMs Analyste des opérations de sécurité Microsoft SC-200

Aperçu

Get prepared for the SC-200 exam with instructor led labs and hands on simulations available 24/7 What you'll learn:

Learn the concepts and perform hands on activities needed to pass the SC-200 examGain a tremendous amount of knowledge involving securing Microsoft 365 and Azure ServicesGet loads of hands on experience with Security Operations for Microsoft 365Utilize hands on simulations that can be access anytime, anywhere! We really hope you'll agree, this training is way more then the average course on Udemy!

Have access to the following:

Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified TrainerLecture that explains the concepts in an easy to learn method for someone that is just starting out with this materialInstructor led hands on and simulations to practice that can be followed even if you have little to no experienceTOPICS COVEREDINCLUDINGHANDSONLECTUREANDPRACTICETUTORIALS:

IntroductionWelcome to the courseUnderstanding the Microsoft EnvironmentFoundations of Active Directory DomainsFoundations of RAS, DMZ, and VirtualizationFoundations of the Microsoft Cloud ServicesDONT SKIP:

The first thing to know about Microsoft cloud servicesDONT SKIP:

Azure AD is now renamed to Entra IDQuestions for John ChristopherOrder of concepts covered in the coursePerforming hands on activitiesDONT SKIP:

Using Assignments in the courseCreating a free Microsoft 365 AccountActivating licenses for Defender for Endpoint and VulnerabilitiesGetting your free Azure creditConfigure settings in Microsoft Defender XDRIntroduction to Microsoft 365 DefenderConcepts of the purpose of extended detection and response (XDR)Microsoft Defender and Microsoft Purview admin centersConcepts of Microsoft SentinelConcepts of management with Microsoft Defender for EndpointManage assets and environmentsSetup a Windows 11 virtual machine endpointEnrolling to Intune for attack surface reduction (ASR) supportOnboarding to manage devices using Defender for EndpointA note about extra features in your Defender for EndpointIncidents, alert notifications, and advanced feature for endpointsReview and respond to endpoint vulnerabilitiesRecommend attack surface reduction (ASR) for devicesConfigure and manage device groupsOverview of Microsoft Defender for CloudIdentify devices at risk using the Microsoft Defender Vulnerability ManagementManage endpoint threat indicatorsIdentify unmanaged devices by using device discoveryDesign and configure a Microsoft Sentinel workspacePlan a Microsoft Sentinel workspaceConfigure Microsoft Sentinel rolesDesign and configure Microsoft Sentinel data storage, log types and log retentionIngest data sources in Microsoft SentinelIdentify data sources to be ingested for Microsoft SentinelConfigure and use MS Sentinel connectors, Azure Policy & diagnostic settingsConfigure Microsoft Sentinel connectors for MS 365 Defender & Defender for CloudDesign and configure Syslog and Common Event Format (CEF) event collectionsDesign and configure Windows security event collectionsConfigure threat intelligence connectorsCreate custom log tables in the workspace to store ingested dataConfigure protections in Microsoft Defender security technologiesPlan and configure Microsoft Defender for Cloud settingsConfigure Microsoft Defender for Cloud rolesAssess and recommend cloud workload protection and enable plansConfigure automated onboarding of Azure resourcesConnect multi-cloud resources by using Environment settingsConfigure detection in Microsoft Defender XDRSetup a simulation lab using Microsoft 365 DefenderRun an attack against a device in the simulation labManage incidents & automated investigations in the Microsoft 365 Defender portalRun an attack simulation email campaign in Microsoft 365 DefenderManage actions and submissions in the Microsoft 365 Defender portalIdentify threats by using Kusto Query Language (KQL)Identify and remediate security risks by using Microsoft Secure ScoreAnalyze threat analytics in the Microsoft 365 Defender portalConfigure and manage custom detections and alertsConfigure detections in Microsoft SentinelConcepts of Microsoft Sentinel analytics rulesConfigure the Fusion ruleConfigure Microsoft security analytics rulesConfigure built-in scheduled query rulesConfigure custom scheduled query rulesConfigure near-real-time (NRT) analytics rulesManage analytics rules from Content hubManage and use watchlistsManage and use threat indicatorsRespond to alerts and incidents in the Microsoft Defender portalUsing polices to remediate threats with Email, Teams, SharePoint & OneDriveInvestigate, respond, and remediate threats with Defender for Office 365Understanding data loss prevention (DLP) in Microsoft 365 DefenderImplement data loss prevention policies (DLP) to respond and alertInvestigate & respond to alerts generated by data loss prevention (DLP) policiesUnderstanding insider risk policiesGenerating an insider risk policyInvestigate and respond to alerts generated by insider risk policiesDiscover and manage apps by using Microsoft Defender for Cloud AppsIdentify, investigate, & remediate security risks by using Defender for Cloud AppsRespond to alerts and incidents identified by Microsoft Defender for EndpointConfigure User and Entity Behavior Analytics settingsInvestigate threats by using entity pagesConfigure anomaly detection analytics rulesInvestigate Microsoft 365 activitiesUnderstanding unified audit log licensing and requirementsSetting unified audit permissions and enabling supportInvestigate threats by using unified audit LogInvestigate threats by using Content SearchPerform threat hunting by using Microsoft Graph activity logsRespond to incidents in Microsoft SentinelConfigure an incident generationTriage incidents in Microsoft SentinelInvestigate incidents in Microsoft SentinelRespond to incidents in Microsoft SentinelInvestigate multi-workspace incidentsImplement and use Copilot for SecurityWhat is Copilot for Security?Onboarding Copilot for SecurityCreate and use promptbooksManage sources for Copilot for Security, including plugins and filesManage permissions and roles in Copilot for SecurityMonitor Copilot for Security capacity and costIdentify threats and risks by using Copilot for SecurityInvestigate incidents by using Copilot for SecurityConfigure security orchestration, automation, and response (SOAR) in Microsoft SentinelCreate and configure automation rulesCreate and configure Microsoft Sentinel playbooksConfigure analytic rules to trigger automation rulesTrigger playbooks from alerts and incidentsHunt for threats by using Microsoft Defender XDRIdentify threats by using Kusto Query Language (KQL)Interpret threat analytics in the Microsoft Defender portalCreate custom hunting queries by using KQLHunt for threats by using Microsoft SentinelAnalyze attack vector coverage by using MITRE ATT&CK in Microsoft SentinelCustomize content gallery hunting queriesCreate custom hunting queriesUse hunting bookmarks for data investigationsMonitor hunting queries by using LivestreamRetrieve and manage archived log dataCreate and manage search jobsRespond to alerts and incidents in Microsoft Defender for CloudSet up email notificationsCreate and manage alert suppression rulesDesign and configure workflow automation in Microsoft Defender for CloudGenerate sample alerts and incidents in Microsoft Defender for CloudRemediate alerts and incidents by using MS Defender for Cloud recommendationsManage security alerts and incidentsAnalyze Microsoft Defender for Cloud threat intelligence reportsCreate and configure Microsoft Sentinel workbooksActivate and customize Microsoft Sentinel workbook templatesCreate custom workbooksConfigure advanced visualizationsConclusionCleaning up your lab environmentGetting a Udemy certificateBONUS Where do I go from here?

Programme

• Introduction aux opérations de sécurité Microsoft
Vue d'ensemble de l'écosystème de sécurité de Microsoft
Rôle d'un analyste des opérations de sécurité Microsoft
Compétences et concepts clés
• Solutions de sécurité Microsoft
Microsoft Defender pour l'endpoint
Microsoft 365 Defender
Microsoft Cloud App Security
Azure Security Center
• Mise en œuvre de la protection contre les menaces
Stratégies de prévention des menaces
Détection et investigation des incidents
Techniques de réponse et de récupération
• Gestion des opérations de sécurité
Configuration des politiques de sécurité
Surveillance de la posture de sécurité
Utilisation d'outils de gestion des informations et des événements de sécurité (SIEM)
• Réalisation d'analyses et d'enquêtes sur les menaces
Identifier les menaces et les vulnérabilités
Techniques d'investigation
Analyse de données de sécurité et de journaux
• Configuration et gestion des outils de sécurité
Aperçu des outils de protection contre les menaces Microsoft
Intégration des outils pour améliorer la sécurité
Personnalisation des alertes et indicateurs de sécurité
• Bonnes pratiques pour les opérations de sécurité
Cycle de vie des incidents de sécurité
Conformité et rapports
Amélioration continue dans les opérations de sécurité
• Simulations pratiques et laboratoires
Configuration d'un environnement de sécurité simulé
Exercices pratiques en surveillance de la sécurité et réponse aux menaces
Simulations basées sur des scénarios
• Préparation et stratégies pour l'examen
Aperçu de l'examen SC-200
Stratégies pour passer l'examen
Révision des sujets et concepts clés
• Conclusion et prochaines étapes
Parcours professionnels en opérations de sécurité
Prochaines étapes pour l'apprentissage continu et la certification
Ressources et soutien pour le développement en cours

---

Enseigné par

John Christopher

---

Matières

Information Security (InfoSec)