Microsoft Security Operations Analyst (SC-200)
Microsoft
The Microsoft Security Operations Analyst (SC-200) course teaches how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. In this course, you will learn how to mitigate cyberthreats using these technologies. You will configure and use Microsoft Sentinel and utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting.
Who Should Attend
- Security operations analysts
- SOC analysts
- Incident responders
- Threat hunters
- Anyone pursuing the Security Operations Analyst Associate certification
Prerequisites
- Understanding of security concepts
- Basic knowledge of Azure and Microsoft 365
- Familiarity with Windows and Linux operating systems
- Experience with security operations (helpful)
What You Will Learn
- Mitigate threats using Microsoft 365 Defender
- Mitigate threats using Microsoft Defender for Cloud
- Mitigate threats using Microsoft Sentinel
- Create queries for Microsoft Sentinel using KQL
- Configure and manage Microsoft Sentinel environment
- Prepare for the SC-200 certification exam
Course Outline
Labs & Practical Exercises
Hands-on labs covering Microsoft 365 Defender, Microsoft Defender for Cloud, Microsoft Sentinel configuration, KQL query writing, incident investigation, and threat hunting. Participants will work with real security scenarios and tools.
Certification & Assessment
Prepares candidates for the Microsoft Certified: Security Operations Analyst Associate (SC-200) certification exam — validates skills in investigating, responding to, and hunting for threats using Microsoft security technologies.