Microsoft Security Operations Analyst Training (SC-200)

What Will You Learn?

• In this course, you will learn how to:
• Explain how Microsoft Defender for Endpoint can remediate risks in your environment.
• Create a Microsoft Defender for Endpoint environment.
• Configure Attack Surface Reduction rules on Windows 10 devices.
• Perform actions on a device using Microsoft Defender for Endpoint.
• Investigate domains and IP addresses in Microsoft Defender for Endpoint.
• Investigate user accounts in Microsoft Defender for Endpoint.
• Configure alert settings in Microsoft Defender for Endpoint.
• Explain how the threat landscape is evolving.
• Conduct advanced hunting in Microsoft 365 Defender.
• Manage incidents in Microsoft 365 Defender.
• Explain how Microsoft Defender for Identity can remediate risks in your environment.
• Investigate DLP alerts in Microsoft Cloud App Security.
• Explain the types of actions you can take on an insider risk management case.
• Configure auto-provisioning in Azure Defender.
• Remediate alerts in Azure Defender.
• Construct KQL statements.
• Filter searches based on event time, severity, domain, and other relevant data using KQL.
• Extract data from unstructured string fields using KQL.
• Manage an Azure Sentinel workspace.
• Use KQL to access the watchlist in Azure Sentinel.
• Manage threat indicators in Azure Sentinel.
• Explain the Common Event Format and Syslog connector differences in Azure Sentinel.
• Connect Azure Windows Virtual Machines to Azure Sentinel.
• Configure Log Analytics agent to collect Sysmon events.
• Create new analytics rules and queries using the analytics rule wizard.
• Create a playbook to automate an incident response.
• Use queries to hunt for threats.
• Observe threats over time with livestream.