SC-200 Microsoft Security Operations Analyst Course & SIMs

Get prepared for the SC-200 exam with instructor led labs and hands on simulations available 24/7

We really hope you'll agree, this training is way more then the average course on Udemy!

Have access to the following:

• Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer

• Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material

• Instructor led hands on and simulations to practice that can be followed even if you have little to no experience

TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS:

Introduction

• Welcome to the course

• Understanding the Microsoft Environment

• Foundations of Active Directory Domains

• Foundations of RAS, DMZ, and Virtualization

• Foundations of the Microsoft Cloud Services

• DONT SKIP: The first thing to know about Microsoft cloud services

• DONT SKIP: Azure AD is now renamed to Entra ID

• Questions for John Christopher

• Order of concepts covered in the course

Performing hands on activities

• DONT SKIP: Using Assignments in the course

• Creating a free Microsoft 365 Account

• Activating licenses for Defender for Endpoint and Vulnerabilities

• Getting your free Azure credit

• How to setup an Azure virtual machine for practicing hands on

• Setting up Microsoft Entra for device management

• How to join our test virtual machine to Microsoft Entra

Configure settings in Microsoft Defender XDR

• Introduction to Microsoft 365 Defender

• Concepts of the purpose of extended detection and response (XDR)

• Microsoft Defender and Microsoft Purview admin centers

• Concepts of management with Microsoft Defender for Endpoint

• Setting up a Microsoft Defender Admin role for permissions

• Onboarding to manage devices using Defender for Endpoint

• Bulk automatic onboarding with Microsoft Intune

• How to verify Windows devices have been onboarded

• A note about extra features in your Defender for Endpoint

• Incidents, alert notifications, and advanced feature for endpoints

• Review and respond to endpoint vulnerabilities

Manage assets and environments

• Configure and manage device groups

• Identify devices at risk using the Microsoft Defender Vulnerability Management

• Overview of Microsoft Defender for Cloud

• Manage resources by using Azure Arc

• Connect environments to Microsoft Defender for Cloud (by using multi-cloud account management)

• Identify unmanaged devices by using device discovery

Design and configure a Microsoft Sentinel workspace

• Concepts of Microsoft Sentinel

• Plan a Microsoft Sentinel workspace

• Configure Microsoft Sentinel roles and specify Azure RBAC roles

• Design and configure Microsoft Sentinel data storage,log types and log retention

Ingest data sources in Microsoft Sentinel

• Identify data sources to be ingested for Microsoft Sentinel

• Implement and use Content hub solutions

• A note about Kusto Query Language (KQL)

• Configure & use MS connectors for Azure, including Azure Policy & diagnostics

• Plan and configure Azure Monitor Agent (AMA) and data collection rules

• Plan and configure Syslog and Common Event Format (CEF) event collections

• Collection of Windows Security events and Windows Event Forwarding (WEF)

• Create custom log tables in the workspace to store ingested data

• Configure Sentinel to ingest Azure and Entra ID data

• Monitor and optimize data ingestion

Configure protections in Microsoft Defender security technologies

• Plan and configure Microsoft Defender for Cloud settings

• Configure Microsoft Defender for Cloud roles

• Configure security policies including attack surface reduction (ASR) rules

• Assess and recommend cloud workload protection and enable plans

• Configure automated onboarding of Azure resources

Configure detection in Microsoft Defender XDR

• Run an attack simulation email campaign in Microsoft 365 Defender

• Identify threats by using Kusto Query Language (KQL)

• Identify and remediate security risks by using Microsoft Secure Score

• Analyze threat analytics in the Microsoft 365 Defender portal

• Configure and manage custom detections and alerts

Configure detections in Microsoft Sentinel

• Classify and analyze data by using entities

• Concepts of Microsoft Sentinel analytics rules

• Configure and manage analytics rules

• Query Microsoft Sentinel data by using ASIM parsers

• Implement behavioral analytics

Respond to alerts and incidents in Microsoft Defender XDR

• Using polices to remediate threats with Email ,Teams, SharePoint & OneDrive

• Investigate, respond, and remediate threats with Defender for Office 365

• Understanding data loss prevention (DLP) in Microsoft 365 Defender

• Implement data loss prevention policies (DLP) to respond and alert

• Investigate & respond to alerts generated by data loss prevention (DLP) policies

• Understanding insider risk policies

• Generating an insider risk policy

• Investigate and respond to alerts generated by insider risk policies

• Discover and manage apps by using Microsoft Defender for Cloud Apps

• Identify, investigate, & remediate security risks by using Defender for Cloud Apps

• Manage actions and submissions in the Microsoft 365 Defender portal

Respond to alerts and incidents identified by Microsoft Defender for Endpoint

• Configure anomaly detection analytics rules

• How to trigger some incidents using a client device for testing

• Investigate timeline of compromised devices

Investigate Microsoft 365 activities

• Understanding unified audit log licensing and requirements

• Setting unified audit permissions and enabling support

• Perform threat hunting by using unified audit log

• Perform threat hunting by using Content Search

• Perform threat hunting by using Microsoft Graph activity logs

Respond to incidents in Microsoft Sentinel

• Investigate and remediate incidents in Microsoft Sentinel

• Understanding automation rules and Microsoft Sentinel playbooks

• Create and configure automation rules

• Create and configure Microsoft Sentinel playbooks

• Run playbooks on on-premises resources

Implement and use Microsoft Security Copilot

• What is Copilot for Security?

• Onboarding Copilot for Security

• Create and use promptbooks

• Manage sources for Copilot for Security, including plugins and files

• Manage permissions and roles in Copilot for Security

• Monitor Copilot for Security capacity and cost

• Identify threats and risks by using Copilot for Security

• Investigate incidents by using Copilot for Security

Hunt for threats by using Microsoft Defender XDR

• Identify purposes of using Kusto Query Language (KQL)

• Practicing with KQL in Microsoft's Demo environment

• Searching for information using basic KQL syntax

• Summarizing KQL results and filtering based on time ranges

• Using KQL to display data based on columns, amounts and characters

• Implementing variables and combining output data with KQL

• Identify and interpret threats analytics by using KQL in Defender

• Customizing hunting queries using Microsoft's Sentinel and Defender repository

Hunt for threats by using Microsoft Sentinel

• Analyze attack vector coverage by using the MITRE ATT&CK matrix

• Manage and use threat indicators

• Create and manage hunts

• Create and monitor hunting queries

• Use hunting bookmarks for data investigations

• Retrieve and manage archived log data

• Create and manage search jobs

Create and configure Microsoft Sentinel workbooks

• Activate and customize workbook templates

• Create custom workbooks that include KQL

• Configure visualizations

Conclusion

• Cleaning up your lab environment

• Getting a Udemy certificate

• BONUS Where do I go from here?