Microsoft Security Operations Analyst (SC-200)

Course Overview

In the comprehensive course titled “SC-200: Microsoft Security Operations Analyst,” participants will delve into the intricacies of investigating, responding to, and hunting for threats, all while harnessing the power of cutting-edge Microsoft technologies, including Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. This course is meticulously crafted to empower individuals who operate within the realm of Security Operations, providing them with invaluable insights and hands-on experience to effectively mitigate cyber threats.

Throughout this immersive learning experience, participants will gain proficiency in configuring and utilizing Microsoft Sentinel, a robust security information event management (SIEM) solution, to enhance their threat detection and response capabilities. Moreover, they will master the art of leveraging Kusto Query Language (KQL), a potent querying language tailored for big data analytics, enabling them to perform intricate detection, in-depth analysis, and comprehensive reporting on security incidents and potential threats.

Designed with the Security Operations job role in mind, this course not only equips learners with practical skills but also serves as an essential preparatory platform for the SC-200 exam: Microsoft Security Operations Analyst. By the end of this course, participants will emerge well-versed in the nuanced strategies and techniques required to safeguard digital environments from diverse and evolving cyber threats, positioning them as adept professionals within the dynamic landscape of cybersecurity.

Microsoft 365 Administrator (MS-102)
Who Is It For Outline Requirements Exam

The SC-200: Microsoft Security Operations Analyst certification is specifically designed for cybersecurity professionals who specialize in security operations roles.

  • Security Operations Center (SOC) Analysts security administrators
  • Incident responders
  • other security professionals
  • Module 1: Introduction to Microsoft 365 threat protection
  • Module 2: Mitigate incidents using Microsoft 365 Defender
  • Module 3: Protect your identities with Azure AD Identity Protection
  • Module 4: Remediate risks with Microsoft Defender for Office 365
  • Module 5: Safeguard your environment with Microsoft Defender for Identity
  • Module 6: Secure your cloud apps and services with Microsoft Defender for Cloud Apps
  • Module 7: Respond to data loss prevention alerts using Microsoft 365
  • Module 8: Manage insider risk in Microsoft Purview
  • Module 9: Investigate threats by using audit features in Microsoft 365 Defender and Microsoft Purview                              Standard
  • Module 10: Investigate threats using audit in Microsoft 365 Defender and Microsoft Purview (Premium)
  • Module 11: Investigate threats with Content search in Microsoft Purview
  • Module 12: Protect against threats with Microsoft Defender for Endpoint
  • Module 13: Deploy the Microsoft Defender for Endpoint environment
  • Module 14: Implement Windows security enhancements with Microsoft Defender for Endpoint
  • Module 15: Perform device investigations in Microsoft Defender for Endpoint
  • Module 16: Perform actions on a device using Microsoft Defender for Endpoint
  • Module 17: Perform evidence and entities investigations using Microsoft Defender for Endpoint
  • Module 18: Configure and manage automation using Microsoft Defender for Endpoint
  • Module 19: Configure for alerts and detections in Microsoft Defender for Endpoint
  • Module 20: Utilize Vulnerability Management in Microsoft Defender for Endpoint
  • Module 21: Plan for cloud workload protections using Microsoft Defender for Cloud
  • Module 22: Connect Azure assets to Microsoft Defender for Cloud
  • Module 23: Connect non-Azure resources to Microsoft Defender for Cloud
  • Module 24: Manage your cloud security posture management
  • Module 25: Explain cloud workload protections in Microsoft Defender for Cloud
  • Module 25: Explain cloud workload protections in Microsoft Defender for Cloud
  • Module 26: Remediate security alerts using Microsoft Defender for Cloud
  • Module 27: Construct KQL statements for Microsoft Sentinel
  • Module 28: Analyze query results using KQL
  • Module 29: Build multi-table statements using KQL
  • Module 30: Work with data in Microsoft Sentinel using Kusto Query Language
  • Module 31: Introduction to Microsoft Sentinel
  • Module 32: Create and manage Microsoft Sentinel workspaces
  • Module 33: Query logs in Microsoft Sentinel
  • Module 34: Use watchlists in Microsoft Sentinel
  • Module 35: Utilize threat intelligence in Microsoft Sentinel
  • Module 36: Connect data to Microsoft Sentinel using data connectors
  • Module 37: Connect Microsoft services to Microsoft Sentinel
  • Module 38: Connect Microsoft 365 Defender to Microsoft Sentinel
  • Module 39: Connect Windows hosts to Microsoft Sentinel
  • Module 40: Connect Common Event Format logs to Microsoft Sentinel
  • Module 41: Connect syslog data sources to Microsoft Sentinel
  • Module 42: Connect threat indicators to Microsoft Sentinel
  • Module 43: Threat detection with Microsoft Sentinel analytics
  • Module 44: Automation in Microsoft Sentinel
  • Module 45: Security incident management in Microsoft Sentinel
  • Module 46: Identify threats with Behavioral Analytics
  • Module 47: Data normalization in Microsoft Sentinel
  • Module 48: Query, visualize, and monitor data in Microsoft Sentinel
  • Module 49: Manage content in Microsoft Sentinel
  • Module 50: Explain threat hunting concepts in Microsoft Sentinel
  • Module 51: Threat hunting with Microsoft Sentinel
  • Module 52: Use Search jobs in Microsoft Sentinel
  • Module 53: Hunt for threats using notebooks in Microsoft Sentinel
  • Basic understanding of Microsoft 365
  • Fundamental understanding of Microsoft security, compliance, and identity products
  • Intermediate understanding of Microsoft Windows
  • Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
  • Familiarity with Azure virtual machines and virtual networking
  • Basic understanding of scripting concepts.

Exam Format: Multiple Choice Questions
Duration:  mins
Number of Questions: 
Passing Score: 


Unlock your potential with SysCare! Download our course brochures today and explore a world of knowledge and opportunities. Don’t miss out!.


No archives to show.


  • No categories

At vero eos et accusamus et iusto odio digni goikussimos ducimus qui to bonfo blanditiis praese. Ntium voluum deleniti atque.

Melbourne, Australia
(Sat - Thursday)
(10am - 05 pm)