SC-200 Microsoft Security Operations Analyst Course & SIMs

Get prepared for the SC-200 exam with instructor led labs and hands on simulations available 24/7

What you'll learn
Learn the concepts and perform hands on activities needed to pass the SC-200 exam
Gain a tremendous amount of knowledge involving securing Microsoft 365 and Azure Services
Get loads of hands on experience with Security Operations for Microsoft 365
Utilize hands on simulations that can be access anytime, anywhere!
Requirements
Willingness to put in the time and practice the steps shown in the course
Description
We really hope you'll agree, this training is way more then the average course on Udemy!
Have access to the following:
Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer
Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material
Instructor led hands on and simulations to practice that can be followed even if you have little to no experience
TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS:
Introduction
Welcome to the course
Understanding the Microsoft Environment
Foundations of Active Directory Domains
Foundations of RAS, DMZ, and Virtualization
Foundations of the Microsoft Cloud Services
DONT SKIP: The first thing to know about Microsoft cloud services
DONT SKIP: Azure AD is now renamed to Entra ID
Questions for John Christopher
Order of concepts covered in the course
Performing hands on activities
DONT SKIP: Using Assignments in the course
Creating a free Microsoft 365 Account
Activating licenses for Defender for Endpoint and Vulnerabilities
Getting your free Azure credit
Mitigate threats to the Microsoft 365 environment by using Microsoft 365 Defender
Microsoft Defender and Microsoft Purview admin centers
Introduction to Microsoft 365 Defender
Using polices to remediate threats with Email ,Teams, SharePoint & OneDrive
Investigate, respond, and remediate threats with Defender for Office 365
Understanding data loss prevention (DLP) in Microsoft 365 Defender
Implement data loss prevention policies (DLP) to respond and alert
Investigate & respond to alerts generated by data loss prevention (DLP) policies
Understanding insider risk policies
Generating an insider risk policy
Investigate and respond to alerts generated by insider risk policies
Discover and manage apps by using Microsoft Defender for Cloud Apps
Identify, investigate, & remediate security risks by using Defender for Cloud Apps
Mitigate endpoint threats by using Microsoft Defender for Endpoint
Concepts of management with Microsoft Defender for Endpoint
Setup a Windows 11 virtual machine endpoint
Enrolling to Intune for attack surface reduction (ASR) support
Onboarding to manage devices using Defender for Endpoint
A note about extra features in your Defender for Endpoint
Incidents, alert notifications, and advanced feature for endpoints
Review and respond to endpoint vulnerabilities
Recommend attack surface reduction (ASR) for devices
Configure and manage device groups
Identify devices at risk using the Microsoft Defender Vulnerability Management
Manage endpoint threat indicators
Identify unmanaged devices by using device discovery
Mitigate identity threats
Mitigate security risks related to events for Microsoft Entra ID
Concepts of using Microsoft Entra Identity Protection
Mitigate security risks related to Microsoft Entra Identity Protection events
Mitigate risks related to Microsoft Entra Identity Protection inside Microsoft Defender
Understanding Microsoft Defender for Identity
Mitigate security risks related to Active Directory Domain Services (AD DS) using Microsoft Defender for Identity
Manage extended detection and response (XDR) in Microsoft 365 Defender
Concepts of the purpose of extended detection and response (XRD)
Setup a simulation lab using Microsoft 365 Defender
Run an attack against a device in the simulation lab
Manage incidents & automated investigations in the Microsoft 365 Defender portal
Run an attack simulation email campaign in Microsoft 365 Defender
Manage actions and submissions in the Microsoft 365 Defender portal
Identify threats by using Kusto Query Language (KQL)
Identify and remediate security risks by using Microsoft Secure Score
Analyze threat analytics in the Microsoft 365 Defender portal
Configure and manage custom detections and alerts
Investigate threats by using audit features in Microsoft 365 Defender and Microsoft Purview
Understanding unified audit log licensing and requirements
Setting unified audit permissions and enabling support
Perform threat hunting by using unified audit log
Perform threat hunting by using Content Search
Implement and maintain cloud security posture management
Overview of Microsoft Defender for Cloud
Assign and manage regulatory compliance policies, including MCSB
Improve the Microsoft Defender for Cloud secure score by applying remediation's
Configure plans and agents for Microsoft Defender for Servers
Configure and manage Microsoft Defender for DevOps
Configure & manage Microsoft Defender External Attack Surface Management (EASM)
Configure environment settings in Microsoft Defender for Cloud
Plan and configure Microsoft Defender for Cloud settings
Configure Microsoft Defender for Cloud roles
Assess and recommend cloud workload protection and enable plans
Configure automated onboarding of Azure resources
Connect compute resources by using Azure Arc
Connect multi-cloud resources by using Environment settings
Respond to alerts and incidents in Microsoft Defender for Cloud
Set up email notifications
Create and manage alert suppression rules
Design and configure workflow automation in Microsoft Defender for Cloud
Generate sample alerts and incidents in Microsoft Defender for Cloud
Remediate alerts and incidents by using MS Defender for Cloud recommendations
Manage security alerts and incidents
Analyze Microsoft Defender for Cloud threat intelligence reports
Design and configure a Microsoft Sentinel workspace
Concepts of Microsoft Sentinel
Plan a Microsoft Sentinel workspace
Configure Microsoft Sentinel roles
Design and configure Microsoft Sentinel data storage, log types and log retention
Plan and implement the use of data connectors for ingestion of data sources in Microsoft Sentinel
Identify data sources to be ingested for Microsoft Sentinel
Configure and use MS Sentinel connectors, Azure Policy & diagnostic settings
Configure Microsoft Sentinel connectors for MS 365 Defender & Defender for Cloud
Design and configure Syslog and Common Event Format (CEF) event collections
Design and configure Windows security event collections
Configure threat intelligence connectors
Create custom log tables in the workspace to store ingested data
Manage Microsoft Sentinel analytics rules
Concepts of Microsoft Sentinel analytics rules
Configure the Fusion rule
Configure Microsoft security analytics rules
Configure built-in scheduled query rules
Configure custom scheduled query rules
Configure near-real-time (NRT) analytics rules
Manage analytics rules from Content hub
Manage and use watchlists
Manage and use threat indicators
Perform data classification and normalization
Classify and analyze data by using entities
Query Microsoft Sentinel data by using Advanced Security Information Model(ASIM)
Develop and manage ASIM parsers
Configure security orchestration automated response (SOAR) in Microsoft Sentinel
Create and configure automation rules
Create and configure Microsoft Sentinel playbooks
Configure analytic rules to trigger automation rules
Trigger playbooks from alerts and incidents
Manage Microsoft Sentinel incidents
Configure an incident generation
Triage incidents in Microsoft Sentinel
Investigate incidents in Microsoft Sentinel
Respond to incidents in Microsoft Sentinel
Investigate multi-workspace incidents
Use Microsoft Sentinel workbooks to analyze and interpret data
Activate and customize Microsoft Sentinel workbook templates
Create custom workbooks
Configure advanced visualizations
Hunt for threats by using Microsoft Sentinel
Analyze attack vector coverage by using MITRE ATT&CK in Microsoft Sentinel
Customize content gallery hunting queries
Create custom hunting queries
Use hunting bookmarks for data investigations
Monitor hunting queries by using Livestream
Retrieve and manage archived log data
Create and manage search jobs
Manage threats by using User and Entity Behavior Analytics
Configure User and Entity Behavior Analytics settings
Investigate threats by using entity pages
Configure anomaly detection analytics rules
Conclusion
Cleaning up your lab environment
Getting a Udemy certificate
BONUS Where do I go from here?
Who this course is for:
IT people interested in learning and passing the Microsoft SC-200 Exam
People interested in learning a tremendous amount about Security Operations for Microsoft 365


More Info