Sc-200: Microsoft Security Operations Analyst

Elevate your SOC career and get certified now! Learn through practical labs aligned with the official study guide

What you'll learn

Pass the SC-200 Exam

Mitigate threats by using Defender for Cloud (15–20%)

Mitigate threats by using Microsoft Sentinel (50–55%)

Mitigate threats by using Defender XDR (25–30%)

Requirements

Basic IT Knowledge

No Azure or Cyber Security experience necessary

Willingness to learn cool stuff!

Description

In the role of a Microsoft Security Operations Analyst, you play a pivotal role in minimizing organizational risk through the following key responsibilities:Swiftly addressing active attacks within the environment.Providing recommendations for enhancing threat protection practices.Reporting violations of organizational policies to the relevant stakeholders.Your tasks encompass:TriageIncident responseVulnerability managementThreat huntingCyber threat intelligence analysisAs a Microsoft Security Operations Analyst, your focus is on monitoring, identifying, investigating, and responding to threats across multicloud environments. This involves utilizing tools such as Microsoft Sentinel, Microsoft Defender for Cloud, Defender XDR, and third-party security solutions.Collaboration is a crucial aspect of this role, as you work closely with business stakeholders, architects, identity administrators, Azure administrators, and endpoint administrators to fortify the security of IT systems within the organization.Candidates for this position should possess familiarity with:Microsoft 365Azure cloud servicesWindows and Linux operating systemsSkills Overview:Mitigate threats using Microsoft Defender XDR (25–30%)Mitigate threats using Defender for Cloud (15–20%)Mitigate threats using Microsoft Sentinel (50–55%)Mitigate threats within the Microsoft 365 environment by leveraging Microsoft Defender XDR (25–30%). This involves investigating, responding to, and remediating threats across Microsoft Teams, SharePoint Online, and OneDrive. Additionally, address email threats through the utilization of Microsoft Defender for Office 365, respond to alerts generated by data loss prevention (DLP) policies, and handle alerts related to insider risk policies.Manage and discover apps using Microsoft Defender for Cloud Apps, identifying, investigating, and remediating security risks in this area. Ensure endpoint security by utilizing Microsoft Defender for Endpoint, covering tasks such as managing data retention, alert notification, and advanced features, recommending attack surface reduction (ASR) for devices, responding to incidents and alerts, configuring and managing device groups, identifying devices at risk through Defender Vulnerability Management, and managing endpoint threat indicators.Mitigate identity threats by addressing security risks related to Microsoft Entra ID events, Microsoft Entra Identity Protection events, and Active Directory Domain Services (AD DS) using Microsoft Defender for Identity.Handle extended detection and response (XDR) in Microsoft Defender XDR, managing incidents and automated investigations in the portal, overseeing actions and submissions, identifying threats with Kusto Query Language (KQL), remediating security risks with Microsoft Secure Score, analyzing threat analytics, and configuring custom detections and alerts.Additionally, mitigate threats with Defender for Cloud (15–20%). This involves implementing and maintaining cloud security posture management, assigning and managing regulatory compliance policies, improving the Microsoft Defender for Cloud secure score, configuring plans and agents for Defender for Servers and DevOps, managing External Attack Surface Management (EASM), configuring environment settings, and responding to alerts and incidents.Lastly, address threats using Microsoft Sentinel (50–55%). Design and configure a Microsoft Sentinel workspace, plan roles, configure data storage, and implement data connectors for ingestion. Manage analytics rules, develop ASIM parsers, configure security orchestration automated response (SOAR), and manage incidents. Utilize workbooks to analyze and interpret data, hunt for threats with custom queries, and monitor using Livestream. Manage threats with User and Entity Behavior Analytics by configuring settings, investigating threats through entity pages, and setting up anomaly detection analytics rules.

Overview

Section 1: Introduction

Lecture 1 Welcome & About your Instructor

Lecture 2 Course Content & SC-200 Exam

Lecture 3 FAQs

Lecture 4 IMPORTANT - Defender M365 is now Defender XDR

Section 2: SOC Basics

Lecture 5 Complexity and Cyber Security Challenges

Lecture 6 What is a SOC?

Lecture 7 SOC Tier Model

Lecture 8 Cyber Security Incident Reponse Process

Lecture 9 EDR, XDR, SIEM & SOAR

Section 3: Azure Basics

Lecture 10 Cloud Types

Lecture 11 Shared Responsibility Model

Lecture 12 Azure Resource Hierarchy

Section 4: Microsoft Security Basics

Lecture 13 The Microsoft Security Cosmos

Lecture 14 Defending Across Attack Chains

Section 5: Setup Lab Environment

Lecture 15 Demo: Install VirtualBox

Lecture 16 Demo: Configure Kali Keyboard Layout

Lecture 17 Install Tor Browser on Kali

Lecture 18 Deployment Prerequisites for Sentinel

Lecture 19 Demo: Create an Azure Resource Group for Sentinel

Lecture 20 Demo: Create a Log Analytics Workspace

Lecture 21 Demo: Create a Sentinel Workspace

Lecture 22 Demo: Create an Azure Resource Group for Defender for Cloud

Lecture 23 Demo: Enable All Plans in Defender for Cloud

Lecture 24 Demo: Create Virtual Machines

Lecture 25 Demo: Create a Storage Account

Lecture 26 Demo: Create a SQL Database

Lecture 27 Demo: Create an AKS Cluster

Lecture 28 Demo: Create an Azure Key Vault

Section 6: Defender for Cloud - Implement and maintain cloud security posture management

Lecture 29 What is Microsoft Defender for Cloud

Lecture 30 CSPM & CWP

Lecture 31 What is CSPM?

Lecture 32 CSPM Plans

Lecture 33 Asset Inventory

Lecture 34 Demo: Asset Inventory

Lecture 35 Security Recommendations

Lecture 36 Demo: Security Recommendations

Lecture 37 Secure Score

Lecture 38 Demo: Secure Score

Lecture 39 Remediation

Lecture 40 Demo: Remediation

Lecture 41 DevOps Security

Lecture 42 What is Defender for Servers?

Lecture 43 Agents

Lecture 44 Threat Detection for OS Level

Lecture 45 Alerts for Windows Machines

Lecture 46 Alerts for Linux Machines

Lecture 47 Demo: Brute Force SSH

Section 7: Defender for Cloud - Configure environment settings in Defender for Cloud

Lecture 48 Defender for Cloud RBAC

Lecture 49 What is CWP?

Lecture 50 Defender for Databases

Lecture 51 Defender for Storage

Lecture 52 Demo: Defender for Storage

Lecture 53 Defender for Containers

Lecture 54 Demo: Defender for Containers

Lecture 55 Defender for Key Vault

Lecture 56 Demo: Defender for Key Vault

Lecture 57 Defender for Resource Manager

Lecture 58 Demo: Defender for Resource Manager

Lecture 59 Azure Arc

Section 8: Defender for Cloud - Respond to alerts and incidents in Defender for Cloud

Lecture 60 Demo: Manage Alerts and Incidents

Lecture 61 Email Notifications

Lecture 62 Demo: Create Suppression Rules

Lecture 63 Workflow Automation

Lecture 64 Demo: Malware Scanning Response with Workflow Automation & Azure Logic Apps

Lecture 65 Demo: Generate Sample Alerts

Section 9: Sentinel - Design and configure a Microsoft Sentinel workspace

Lecture 66 Azure RBAC & Sentinel

Lecture 67 Demo: Azure RBAC & Sentinel

Section 10: Sentinel - Plan and implement the use of data connectors for ingestion

Lecture 68 Overview

Lecture 69 Typical data sources for a SIEM

Lecture 70 Demo: Content Hub

Lecture 71 Demo: Ingesting Threat Intelligence into Sentinel

Lecture 72 Demo: Verify Threat Intelligence Log Ingestion

Lecture 73 Demo: Ingesting Entra ID into Sentinel

Lecture 74 Demo: Deploy Sentinel Training Lab

Lecture 75 AMA and DCR

Lecture 76 Demo: Ingesting Windows Security Event Logs with AMA and DCR

Section 11: Sentinel - Manage Microsoft Sentinel analytics rules

Lecture 77 Sentinel Workflow

Lecture 78 Analytic rules

Lecture 79 Demo: Analytic Rules

Lecture 80 Scheduled Analytic Rules

Lecture 81 Demo: Scheduled Analytic Rules - Entra ID

Lecture 82 Demo: Scheduled Analytic Rules - Windows Security Events

Lecture 83 Near-Real-Time-Rules (NRT)

Lecture 84 Demo: Near-Real-Time-Rules (NRT)

Lecture 85 Fusion

Lecture 86 Demo: Fusion

Lecture 87 ML Behavior Analytics

Lecture 88 Demo: ML Behavior Analytics

Lecture 89 Threat Intelligence Rules

Lecture 90 Demo: Threat Intelligence Rules

Lecture 91 Microsoft Security Rules

Lecture 92 Demo: Microsoft Security Rules

Section 12: Sentinel - Configure security orchestration automated response (SOAR)

Lecture 93 Automation Capabilities in Sentinel

Lecture 94 Automation rules

Lecture 95 Demo: Automation rules

Lecture 96 Playbooks

Lecture 97 Automation rules vs. Playbooks

Lecture 98 Azure Logic Apps

Lecture 99 Demo: Playbooks & Azure Logic Apps

Lecture 100 Demo: Playbook with MITRE ATT&CK & ChatGPT

Lecture 101 Sentinel REST API

Section 13: Sentinel - Manage Microsoft Sentinel incidents

Lecture 102 Demo: Incident Dashboard

Section 14: Sentinel - Use Microsoft Sentinel workbooks to analyze and interpret data

Lecture 103 Workbooks in Sentinel

Lecture 104 Demo: Create Workbooks

Section 15: Sentinel - Hunt for threats by using Microsoft Sentinel

Lecture 105 Overview on MITRE ATT&CK

Lecture 106 Demo: MITRE ATT&CK

Lecture 107 Demo: ATT&CK in Sentinel

Lecture 108 What is Threat Hunting?

Lecture 109 KQL 101

Lecture 110 Demo: KQL 101

Lecture 111 Demo: Threat Hunting in Sentinel

Lecture 112 Demo: Hunt for Entra ID Events

Lecture 113 Notebooks

Lecture 114 Demo: Notebooks with MSTICPy

Section 16: Sentinel - Manage threats by using entity behavior analytics

Lecture 115 UEBA in Sentinel

Lecture 116 Demo: UEBA in Sentinel

Section 17: Defender XDR - Manage extended detection and response (XDR) in Defender XDR

Lecture 117 What is XDR?

Lecture 118 Demo: Manage Incidents and Alerts

Lecture 119 Demo: Secure Score

Section 18: Defender XDR - Mitigate threats to the Microsoft 365 environment

Lecture 120 What is Defender for Office 365?

Lecture 121 Defender for Office 365 - Edge Protection

Lecture 122 Defender for Office 365 - Sender Intelligence

Lecture 123 Defender for Office 365 - Content Filtering

Lecture 124 Defender for Office 365 - Post Delivery Protection

Lecture 125 Demo: Preset Security Policies

Lecture 126 Demo: Anti-Phishing Policy

Lecture 127 Demo: Anti-Spam Policy

Lecture 128 Demo: Anti-Malware Policy

Lecture 129 Demo: Safe Attachments

Lecture 130 Demo: Safe Links

Lecture 131 Demo: Tenant Allow/Block Lists

Lecture 132 What is Defender for Cloud Apps?

Lecture 133 Demo: Cloud App Catalog

Lecture 134 Demo: Cloud App Policies

Lecture 135 What is Microsoft Purview?

Lecture 136 Demo: Data Loss Prevention Policies

Lecture 137 Demo: Insider Risk Policies

Section 19: Defender XDR - Mitigate endpoint threats by using Defender for Endpoint

Lecture 138 What is Defender for Endpoint?

Lecture 139 Demo: Management and Administration

Lecture 140 Demo: Vulnerability Management

Section 20: Defender XDR - Mitigate identity threats

Lecture 141 Identities are the new security perimeter!

Lecture 142 NTLM

Lecture 143 Pass-the-Hash Attacks

Lecture 144 Kerberos

Lecture 145 Pass-The-Ticket Attacks

Lecture 146 Brute Force Attacks

Lecture 147 Remote Code Execution Attacks

Lecture 148 What is Defender for Identity?

SOC Analyst,Security Engineer,Security Consultant,Security Architect,Security Manager,Cloud Engineer,Cloud Architect,IT Manager