Search Results

Further Information

• SC-200: Course Overview

  Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR and  Microsoft Defender for Cloud. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilise Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

  As a candidate for this certification, you’re a Microsoft security operations analyst who reduces organisational risk by:

  • Rapidly remediating active attacks in cloud and on-premises environments.
  • Advising on improvements to threat protection practices.
  • Identifying violations of organisational policies.

  As a security operations analyst, you:

  • Perform triage.
  • Respond to incidents.
  • Mitigate risk by using exposure management.
  • Hunt for threats by using threat intelligence.
  • Use KQL for reporting, detections, and investigations

  You also monitor, identify, investigate, and respond to threats in cloud and on-premises environments by using:

  • Microsoft Defender XDR
  • Security Copilot
  • Microsoft Sentinel
  • Microsoft Defender for Cloud workload protections
  • Third-party security solutions

  You collaborate with business and security leadership to define security standards for the organisation. You work with other roles across the digital enterprise to implement the standards, to enhance the security posture of an organisation, and to raise security awareness.

• SC-200: Course Modules

  Module 1: Mitigate threats using Microsoft Defender XDR

  Module 2: Mitigate threats using Microsoft Security Copilot

  Module 3: Mitigate threats using Microsoft Purview

  Module 4: Mitigate threats using Microsoft Defender for Endpoint

  Module 5: Mitigate threats using Microsoft Defender for Cloud

  Module 6: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

  Module 7: Configure your Microsoft Sentinel environment

• SC-200: Course Objectives

  By the end of the course, you should be able to:

  • Manage threat mitigation using Microsoft Defender XDR
  • Manage threat mitigation using Microsoft Purview
  • Manage threat mitigation using Microsoft Defender for Endpoint
  • Manage threat mitigation using Microsoft Defender for Cloud
  • Create KQL queries for Microsoft Sentinel
  • Configure your environment in Microsoft Sentinel
  • Manage log connection to Microsoft Sentinel
  • Detect and remediate threats using Microsoft Sentinel
  • Manage threat hunting in Microsoft Sentinel.

• SC-200: Prerequisites

  The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

  As a candidate, you should be familiar with:

  • Microsoft 365
  • Azure cloud services
  • Windows, Linux, and mobile operating systems.

  Audience Profile

  The Microsoft Security Operations Analyst collaborates with organisational stakeholders to secure information technology systems for the organisation. Their goal is to reduce organisational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organisational policies to appropriate stakeholders.