Microsoft Security Operations Analyst
Learn to investigate, respond to and proactively hunt for threats using Microsoft Sentinel, Microsoft Defender XDR and Microsoft Defender for Cloud. This hands-on course equips Security Operations professionals with practical skills in threat detection, KQL analysis and incident response and prepares learners for the SC-200 certification exam.
R10,500.00 Excl. VAT
Product Details
Learn how to investigate, respond to and proactively hunt for threats using Microsoft Sentinel, Microsoft Defender XDR and Microsoft Defender for Cloud. This course provides practical, hands-on experience in identifying, analysing and mitigating cyberthreats with Microsoft’s advanced security tools. You will configure and use Microsoft Sentinel and apply Kusto Query Language (KQL) to conduct threat detection, deep analysis and reporting. Designed for Security Operations professionals, this course also prepares learners for the SC-200: Microsoft Security Operations Analyst certification exam.
Discover More
Download Course Outline ➤ MS-SC200T00 Defend against cyberthreats with Microsoft’s security operations platform
Watch an informative video ➤ Learn how Microsoft defends against threats
Associated Certifications and Exam
This course will prepare delegates to write the SC-200 Microsoft Certified: Security Operations Analyst Associate Exam.
COURSE CONTENT
Module 1: Mitigate threats using Microsoft Defender XDR
Analyse threat data across domains and rapidly remediate threats with built-in orchestration and automation in Microsoft Defender XDR. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.
Module 1.1: Introduction to Microsoft Defender XDR threat protectionIn this module you will learn how to use the Microsoft Defender XDR integrated threat protection suite. |
Module 1.2: Mitigate incidents using Microsoft DefenderLearn how the Microsoft Defender portal provides a unified view of incidents from the Microsoft Defender family of products. |
Module 1.3: Remediate risks with Microsoft Defender for Office 365Learn about the Microsoft Defender for Office 365 component of Microsoft Defender XDR. |
Module 1.4: Manage Microsoft Entra Identity ProtectionProtecting a user’s identity by monitoring their usage and sign-in patterns helps ensure a secure cloud solution. Explore how to design and implement Microsoft Entra Identity Protection. |
Module 1.5: Safeguard your environment with Microsoft Defender for IdentityLearn about the Microsoft Defender for Identity component of Microsoft Defender XDR. |
Module 1.6: Secure your cloud apps and services with Microsoft Defender for Cloud AppsMicrosoft Defender for Cloud Apps is a cloud access security broker that provides visibility, data control and analytics to identify and combat cyberthreats across cloud services. |
Module 2: Mitigate threats using Microsoft Security Copilot
Get started with Microsoft Security Copilot. You are introduced to basic terminology, how Microsoft Security Copilot processes prompts, the elements of an effective prompt and how to enable the solution. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.
Module 2.1: Introduction to generative AI and agentsGenerative AI powers applications that can create content, answer questions and assist with tasks. In this module you explore the fundamentals of generative AI including large language models, prompts and AI agents. |
Module 2.2: Describe Microsoft Security CopilotGet acquainted with Microsoft Security Copilot. You are introduced to basic terminology, how Microsoft Security Copilot processes prompts, the elements of an effective prompt and how to enable the solution. |
Module 2.3: Describe the core features of Microsoft Security CopilotMicrosoft Security Copilot has a rich set of features. Learn about available plugins, promptbooks, the ways you can export and share information from Copilot and more. |
Module 2.4: Describe the embedded experiences of Microsoft Security CopilotMicrosoft Security Copilot is accessible directly from some Microsoft security products. This is referred to as the embedded experience. Learn about the scenarios supported by the Copilot embedded experience in Microsoft’s security solutions. |
Module 2.5: Explore use cases of Microsoft Security CopilotExplore use cases of Microsoft Security Copilot in standalone and embedded experiences through lab-like exercises. |
Module 3: Mitigate threats using Microsoft Purview
In this learning path you focus on Microsoft Purview’s risk and compliance solutions that assist security operations analysts in detecting threats to organisations, identifying, classifying and protecting sensitive data as well as monitoring and reporting on compliance. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.
Module 3.1: Investigate and respond to Microsoft Purview Data Loss Prevention alertsMicrosoft Purview and Microsoft Defender XDR help organisations detect potential data loss risks and respond quickly to protect sensitive information. Investigation and response activities include reviewing DLP alerts, applying appropriate remediation actions and documenting findings in a structured and consistent way. |
Module 3.2: Investigate insider risk alerts and related activityInvestigate insider risk alerts and manage related cases in Microsoft Purview to assess user behaviour, take appropriate action and coordinate deeper reviews across teams. |
Module 3.3: Search and investigate with Microsoft Purview AuditEnhance data security and compliance with Microsoft Purview Audit by configuring detailed audits, managing logs and analysing access patterns. |
Module 3.4: Search for content with Microsoft Purview eDiscoveryUse Microsoft Purview eDiscovery to search for content across Microsoft 365. This module covers how to configure cases, define search criteria and locate messages, files and other organisational data. |
Module 4: Mitigate threats using Microsoft Defender for Endpoint
Implement the Microsoft Defender for Endpoint platform to detect, investigate and respond to advanced threats. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.
Module 4.1: Protect against threats with Microsoft Defender for EndpointLearn how Microsoft Defender for Endpoint can help your organisation stay secure. |
Module 4.2: Deploy the Microsoft Defender for Endpoint environmentLearn how to deploy the Microsoft Defender for Endpoint environment including onboarding devices and configuring security. |
Module 4.3: Implement Windows security enhancements with Microsoft Defender for EndpointMicrosoft Defender for Endpoint gives you various tools to eliminate risks by reducing the surface area for attacks without blocking user productivity. Learn about Attack Surface Reduction (ASR) with Microsoft Defender for Endpoint. |
Module 4.4: Perform device investigations in Microsoft Defender for EndpointMicrosoft Defender for Endpoint provides detailed device information including forensics information. Learn about information available to you through Microsoft Defender for Endpoint that aids in your investigations. |
Module 4.5: Perform actions on a device using Microsoft Defender for EndpointLearn how Microsoft Defender for Endpoint provides the remote capability to contain devices and collect forensics data. |
Module 4.6: Perform evidence and entities investigations using Microsoft Defender for EndpointLearn about the artefacts in your environment and how they relate to other artefacts and alerts that provide you with insight to understand the overall impact to your environment. |
Module 4.7: Configure and manage automation using Microsoft Defender for EndpointLearn how to configure automation in Microsoft Defender for Endpoint by managing environmental settings. |
Module 4.8: Configure for alerts and detections in Microsoft Defender for EndpointLearn how to configure settings to manage alerts and notifications. You also learn how to enable indicators as part of the detection process. |
Module 4.9: Utilise Vulnerability Management in Microsoft Defender for EndpointLearn about your environment’s weaknesses by using Vulnerability Management in Microsoft Defender for Endpoint. |
Module 5: Mitigate threats using Microsoft Defender for Cloud
Use Microsoft Defender for Cloud for Azure, hybrid cloud and on-premises workload protection and security.
Module 5.1: Plan for cloud workload protections using Microsoft Defender for CloudLearn the purpose of Microsoft Defender for Cloud and how to enable the system. |
Module 5.2: Connect Azure assets to Microsoft Defender for CloudLearn how to connect your various Azure assets to Microsoft Defender for Cloud to detect threats. |
Module 5.3: Connect non-Azure resources to Microsoft Defender for CloudLearn how you can add Microsoft Defender for Cloud capabilities to your hybrid environment. |
Module 5.4: Manage your cloud security posture managementMicrosoft Defender for Cloud Cloud Security Posture Management (CSPM) provides visibility into vulnerable resources and provides hardening guidance. |
Module 5.5: Explain cloud workload protections in Microsoft Defender for CloudLearn about the protections and detections provided by Microsoft Defender for Cloud with each cloud workload. |
Module 5.6: Remediate security alerts using Microsoft Defender for CloudLearn how to remediate security alerts in Microsoft Defender for Cloud. |
Module 6: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Write Kusto Query Language (KQL) statements to query log data to perform detections, analysis and reporting in Microsoft Sentinel. This learning path focuses on the most used operators. The example KQL statements showcase security related table queries.
Module 6.1: Construct KQL statements for Microsoft SentinelKusto Query Language (KQL) is the query language used to perform analysis on data to create analytics, workbooks and perform hunting in Microsoft Sentinel. Learn how basic KQL statement structure provides the foundation to build more complex statements. |
Module 6.2: Analyse query results using KQLLearn how summarising and visualising data with a KQL statement provides the foundation to build detections in Microsoft Sentinel. |
Module 6.3: Build multi-table statements using KQLLearn how to work with multiple tables using KQL. |
Module 6.4: Work with data in Microsoft Sentinel using Kusto Query LanguageLearn how to use the Kusto Query Language (KQL) to manipulate string data ingested from log sources. |
Module 7: Configure your Microsoft Sentinel environment
Get started with Microsoft Sentinel by properly configuring the Microsoft Sentinel workspace.
Module 7.1: Introduction to Microsoft SentinelTraditional security information and event management (SIEM) systems typically take a long time to set up and configure. They are also not necessarily designed with cloud workloads in mind. Microsoft Sentinel enables you to start getting valuable security insights from your cloud and on-premises data quickly. This module helps you get started. |
Module 7.2: Create and manage Microsoft Sentinel workspacesLearn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organisation’s security operations requirements. |
Module 7.3: Query logs in Microsoft SentinelAs a Security Operations Analyst you must understand the tables, fields and data ingested in your workspace. Learn how to query the most used data tables in Microsoft Sentinel. |
Module 7.4: Use watchlists in Microsoft SentinelLearn how to create Microsoft Sentinel watchlists that are a named list of imported data. Once created, you can easily use the named watchlist in KQL queries. |
Module 7.5: Utilise threat intelligence in Microsoft SentinelLearn how the Microsoft Sentinel Threat Intelligence page enables you to manage threat indicators. |
Module 7.6: Integrate Microsoft Defender XDR with Microsoft SentinelIn this module you learn how the Microsoft Defender portal integrates Microsoft Defender XDR with Microsoft Sentinel. |
Module 8: Connect logs to Microsoft Sentinel
Connect data at cloud scale across all users, devices, applications and infrastructure, on-premises and in multiple clouds to Microsoft Sentinel.
Module 8.1: Connect data to Microsoft Sentinel using data connectorsThe primary approach to connect log data is using the Microsoft Sentinel provided data connectors. This module provides an overview of the available data connectors. |
Module 8.2: Connect Microsoft services to Microsoft SentinelLearn how to connect Microsoft 365 and Azure service logs to Microsoft Sentinel. |
Module 8.3: Connect Microsoft Defender XDR to Microsoft SentinelLearn about the configuration options and data provided by Microsoft Sentinel connectors for Microsoft Defender XDR. |
Module 8.4: Connect Windows hosts to Microsoft SentinelTwo of the most common logs to collect are Windows security events and Sysmon. Learn how Microsoft Sentinel makes this easy with the Microsoft Windows Events data connectors. |
Module 8.5: Connect Common Event Format logs to Microsoft SentinelMost vendor-provided connectors utilise the CEF connector. Learn about the Common Event Format (CEF) connector’s configuration options. |
Module 8.6: Connect syslog data sources to Microsoft SentinelLearn about the Azure Monitor Agent Linux Syslog Data Collection Rule configuration options that enable you to parse Syslog data. |
Module 8.7: Connect threat indicators to Microsoft SentinelLearn how to connect Threat Intelligence Indicators to the Microsoft Sentinel workspace using the provided data connectors. |
Module 9: Create detections and perform investigations using Microsoft Sentinel
Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Microsoft Sentinel.
Module 9.1: Threat detection with Microsoft Sentinel analyticsLearn how Microsoft Sentinel Analytics can help the Security Operations team identify and stop cyberattacks. |
Module 9.2: Automation in Microsoft SentinelBy the end of this module you are able to use automation rules in Microsoft Sentinel to automate incident management. |
Module 9.3: Threat response with Microsoft Sentinel playbooksThis module describes how to create Microsoft Sentinel playbooks to respond to security threats. |
Module 9.4: Security incident management in Microsoft SentinelLearn about security incidents, incident evidence and entities, incident management and how to use Microsoft Sentinel to handle incidents. |
Module 9.5: Identify threats with Behavioral AnalyticsLearn how to use entity behaviour analytics in Microsoft Sentinel to identify threats inside your organisation. |
Module 9.6: Data normalisation in Microsoft SentinelBy the end of this module you are able to use Advanced Security Information Model (ASIM) parsers to identify threats inside your organisation. |
Module 9.7: Query, visualise and monitor data in Microsoft SentinelThis module describes how to query, visualise and monitor data in Microsoft Sentinel. |
Module 9.8: Manage content in Microsoft SentinelBy the end of this module you are able to manage content in Microsoft Sentinel. |
Module 10: Perform threat hunting in Microsoft Sentinel
Proactively hunt for security threats using Microsoft Sentinel’s powerful threat hunting tools.
Module 10.1: Explain threat hunting concepts in Microsoft SentinelLearn the threat hunting process in Microsoft Sentinel. |
Module 10.2: Threat hunting with Microsoft SentinelIn this module you learn to proactively identify threat behaviours by using Microsoft Sentinel queries. You also learn to use bookmarks and livestream to hunt threats. |
Module 10.3: Use Search jobs in Microsoft SentinelIn Microsoft Sentinel you can search across long time periods in large datasets by using a search job. |
Module 10.4: Hunt for threats using notebooks in Microsoft SentinelLearn how to use notebooks in Microsoft Sentinel for advanced hunting. |
Disclaimer
Training4Every1 Course details and content may change without notice to stay aligned with current software updates and best practices.
By booking this training, you agree to our Training Terms and Conditions.
Click here to view Training T & C’s.
Got questions or feeling a bit lost in Excel, Word or Teams?
Don’t worry – we’ve got you! Reach out and we’ll help you find the perfect Microsoft training for you and your team.
Follow us and stay up to date with the latest training journeys, business solutions and powerful automation tools.
