SC-200: Microsoft Security Operations Analyst (beta)

Log in to Enroll

Summary

  • intermediate
  • azure
  • azure-sentinel
  • m365
  • m365-threat-protection
  • The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders.Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.Beta exams are not scored immediately because we are gathering data on the quality of the questions and the exam. Learn more about the value and importance of beta exams.*The first 300 people who register, using code SC200PELHAM, can take this exam for an 80% discount! The seats are offered on a first-come, first-served basis. You must register for the exam on or before March 8, 2021. Take the exam as soon as possible, so we can leverage your comments, feedback, and exam data in our evaluation of the quality of the questions. This is NOT a private access code. You can use this code to register for and take the exam on or before March 8, 2021.You should also be aware that there are some countries where the beta code will not work (including Turkey, Pakistan, India, and China). You will not be able to take the beta exam in those countries.

Learning paths

6 hr 46 min
SC-200 part 1: Mitigate threats using Microsoft Defender for Endpoint

Modules in this learning path

  • Protect against threats with Microsoft Defender Advanced Threat Protection
    4 Units
    26 min

    Learn how new threat protection tools from Microsoft protect your organization’s users, devices, and data from attempted attacks.

  • Manage alerts and incidents in Microsoft Defender for Endpoint
    10 Units
    57 min

    Manage alerts and incidents in Microsoft Defender for Endpoint

  • Configure and manage automation using Microsoft Defender for Endpoint
    7 Units
    34 min

    Configure and manage automation using Microsoft Defender for Endpoint

  • Utilize Threat and Vulnerability Management in Microsoft Defender for Endpoint
    6 Units
    30 min

    Utilize Threat and Vulnerability Management in Microsoft Defender for Endpoint

  • Perform device investigations in Microsoft Defender for Endpoint
    6 Units
    32 min

    Perform device investigations in Microsoft Defender for Endpoint

  • Perform actions on a device using Microsoft Defender for Endpoint
    7 Units
    35 min

    Perform actions on a device using Microsoft Defender for Endpoint

  • Configure for alerts and detections in Microsoft Defender for Endpoint
    8 Units
    36 min

    Configure for alerts and detections in Microsoft Defender for Endpoint

  • Deploy the Microsoft Defender for Endpoint environment
    9 Units
    43 min

    Deploy the Microsoft Defender for Endpoint environment

  • Perform evidence and entities investigations using Microsoft Defender for Endpoint
    7 Units
    36 min

    Perform evidence and entities investigations using Microsoft Defender for Endpoint

  • Implement Windows 10 security enhancements with Microsoft Defender for Endpoint
    5 Units
    31 min

    Implement Windows 10 security enhancements with Microsoft Defender for Endpoint

5 hr 58 min
SC-200 part 2: Mitigate threats using Microsoft 365 Defender

Modules in this learning path

  • Introduction to threat protection with Microsoft 365
    4 Units
    11 min

    Learn about how attackers most commonly breach organizations–and the Microsoft tools that protect your organization in an ever shifting landscape.

  • Manage insider risk in Microsoft 365
    7 Units
    59 min

    Insider risk management in Microsoft 365 helps organizations address internal risks, such as IP theft, fraud, and sabotage. Learn about insider risk management and how Microsoft technologies can help you detect, investigate, and take action on risky activities in your organization.

  • Remediate risks with Office 365 Advanced Threat Protection
    5 Units
    49 min

    Learn about the Office 365 Advanced Threat Protection component of Microsoft Threat Protection.

  • Respond to data loss prevention alerts using Microsoft 365
    6 Units
    28 min

    Respond to data loss prevention alerts using Microsoft 365

  • Safeguard your environment with Azure Advanced Threat Protection
    5 Units
    1 hr 2 min

    Learn about the Azure Advanced Threat Protection component of Microsoft Threat Protection.

  • Protect your identities with Azure AD Identity Protection
    5 Units
    34 min

    Use the advanced detection and remediation of identity-based threats to protect your Azure Active Directory identities and applications from compromise.

  • Mitigate incidents using Microsoft 365 Defender
    7 Units
    40 min

    Mitigate incidents using Microsoft 365 Defender

  • Secure your cloud apps and services with Microsoft Cloud App Security
    9 Units
    58 min

    Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services. Learn how to use Cloud App Security in your organization.

3 hr 59 min
SC-200 part 3: Mitigate threats using Azure Defender

Modules in this learning path

  • Plan for cloud workload protections using Azure Defender
    7 Units
    51 min

    Plan for cloud workload protections using Azure Defender

  • Connect Azure assets to Azure Defender
    6 Units
    35 min

    Connect Azure assets to Azure Defender

  • Connect non-Azure resources to Azure Defender
    7 Units
    44 min

    Connect non-Azure resources to Azure Defender

  • Remediate security alerts using Azure Defender
    8 Units
    52 min

    Remediate security alerts using Azure Defender

  • Explain cloud workload protections in Azure Defender
    13 Units
    57 min

    Explain cloud workload protections in Azure Defender

2 hr 3 min
SC-200 part 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)

Modules in this learning path

  • Build multi-table statements using KQL
    5 Units
    21 min

    Build multi-table statements using KQL

  • Work with data in Azure Sentinel using Kusto Query Language
    7 Units
    36 min

    Work with data in Azure Sentinel using Kusto Query Language

  • Analyze query results using KQL
    7 Units
    30 min

    Analyze query results using KQL

  • Construct KQL statements for Azure Sentinel
    10 Units
    36 min

    Construct KQL statements for Azure Sentinel

1 hr 54 min
SC-200 part 5: Configure your Azure Sentinel environment

Modules in this learning path

  • Query logs in Azure Sentinel
    7 Units
    18 min

    Query logs in Azure Sentinel

  • Create and manage Azure Sentinel workspaces
    8 Units
    31 min

    Create and manage Azure Sentinel workspaces

  • Utilize threat intelligence in Azure Sentinel
    6 Units
    18 min

    Utilize threat intelligence in Azure Sentinel

  • Use watchlists in Azure Sentinel
    5 Units
    18 min

    Use watchlists in Azure Sentinel

  • Introduction to Azure Sentinel
    6 Units
    29 min

    Get familiar with Azure Sentinel, a cloud native security information and event management (SIEM) service.

2 hr 44 min
SC-200 part 6: Connect logs to Azure Sentinel

Modules in this learning path

  • Connect Windows hosts to Azure Sentinel
    5 Units
    20 min

    Connect Windows hosts to Azure Sentinel

  • Connect syslog data sources to Azure Sentinel
    7 Units
    28 min

    Connect syslog data sources to Azure Sentinel

  • Connect Microsoft 365 Defender to Azure Sentinel
    7 Units
    28 min

    Connect Microsoft 365 Defender to Azure Sentinel

  • Connect data to Azure Sentinel using data connectors
    6 Units
    22 min

    Connect data to Azure Sentinel using data connectors

  • Connect Common Event Format logs to Azure Sentinel
    5 Units
    20 min

    Connect Common Event Format logs to Azure Sentinel

  • Connect Microsoft services to Azure Sentinel
    7 Units
    23 min

    Connect Microsoft services to Azure Sentinel

  • Connect threat indicators to Azure Sentinel
    7 Units
    23 min

    Connect threat indicators to Azure Sentinel

4 hr 22 min
SC-200 part 7: Create detections and perform investigations using Azure Sentinel

Modules in this learning path

  • Use entity behavior analytics in Azure Sentinel
    6 Units
    27 min

    Use entity behavior analytics in Azure Sentinel

  • Query, visualize, and monitor data in Azure Sentinel
    8 Units
    48 min

    Describe how to query, visualize, and monitor data in Azure Sentinel.

  • Threat response with Azure Sentinel playbooks
    7 Units
    52 min

    Provide an introduction to implementing threat response with Azure Sentinel playbooks.

  • Threat detection with Azure Sentinel analytics
    9 Units
    1 hr 10 min

    Threat detection with Azure Sentinel analytics

  • Security incident management in Azure Sentinel
    7 Units
    1 hr 5 min

    Security incident management in Azure Sentinel

1 hr 56 min
SC-200 part 8: Perform threat hunting in Azure Sentinel

Modules in this learning path

  • Threat hunting with Azure Sentinel
    7 Units
    1 hr 5 min

    Threat hunting with Azure Sentinel

  • Hunt for threats using notebooks in Azure Sentinel
    7 Units
    31 min

    Hunt for threats using notebooks in Azure Sentinel

  • Hunt for threats with Azure Sentinel
    5 Units
    20 min

    Hunt for threats with Azure Sentinel