Microsoft Security Operations Analyst (SC-200)

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

• Explain how Microsoft Defender for Endpoint can remediate risks in your environment
• Create a Microsoft Defender for Endpoint environment
• Configure Attack Surface Reduction rules on Windows 10 devices
• Perform actions on a device using Microsoft Defender for Endpoint
• Investigate domains and IP addresses in Microsoft Defender for Endpoint
• Investigate user accounts in Microsoft Defender for Endpoint
• Configure alert settings in Microsoft Defender for Endpoint
• Explain how the threat landscape is evolving
• Conduct advanced hunting in Microsoft 365 Defender
• Manage incidents in Microsoft 365 Defender
• Explain how Microsoft Defender for Identity can remediate risks in your environment.
• Investigate DLP alerts in Microsoft Cloud App Security
• Explain the types of actions you can take on an insider risk management case.
• Configure auto-provisioning in Azure Defender
• Remediate alerts in Azure Defender
• Construct KQL statements
• Filter searches based on event time, severity, domain, and other relevant data using KQL
• Extract data from unstructured string fields using KQL
• Manage an Azure Sentinel workspace
• Use KQL to access the watchlist in Azure Sentinel
• Manage threat indicators in Azure Sentinel
• Explain the Common Event Format and Syslog connector differences in Azure Sentinel
• Connect Azure Windows Virtual Machines to Azure Sentinel
• Configure Log Analytics agent to collect Sysmon events
• Create new analytics rules and queries using the analytics rule wizard
• Create a playbook to automate an incident response
• Use queries to hunt for threats
• Observe threats over time with livestream

• Basic understanding of Microsoft 365
• Fundamental understanding of Microsoft security, compliance, and identity products
• Intermediate understanding of Windows 10
• Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
• Familiarity with Azure virtual machines and virtual networking
• Basic understanding of scripting concepts.

100s of Microsoft Training Courses

Microsoft is one of the largest and most renowned companies in the computing world. They are responsible for designing, developing, manufacturing and licensing an ever-increasing array of different software products. The two most notable ones are the Windows operating system and the Office suite of applications. In addition they provide comprehensive support for all users, ensuring they can use their products effectively. 

Whatever your area of interest, whether it is system architecture, development, administration, web applications, communications, networking, project management, security or design, there is Microsoft software you can utilise. The products are high quality and reliable. In addition they also receive regular updates to improve features, performance and security. 

CourseMonster understand the value Microsoft software can offer. That is why we encourage businesses to make use of it. To help them with this we offer over a directory of 500 different Microsoft training courses. Each of them is organised, detailed, and will help learners to build their skills. We have fantastic customer satisfaction rates and ensure that every learner receives the support they need. 

We are able to provide either public or customised training, adapting to suit the specific needs of each business. Whether it is a large class or a smaller group, we will ensure they are trained to a very high standard.

Over the years we have provided Microsoft training courses for respected companies from a wide array of different industries. We can cater for each of their needs and build long lasting relationships because they know we are a reliable training provider.

We hold training dates spanning: 

Whether your interest is in architecture, development, system administration, web applications, design, communications, security, networking, project management, or business applications, with over 500 Microsoft training courses in our directory you will can quickly find the training you need on CM Training. 

Contact us to get more information the vast array of Microsoft certification and training available through CM training.