From the course: Microsoft Security Operations Analyst Associate (SC-200) Cert Prep by Microsoft Press
Exam SC-200 Microsoft Security Operations Analyst: Introduction
From the course: Microsoft Security Operations Analyst Associate (SC-200) Cert Prep by Microsoft Press
Exam SC-200 Microsoft Security Operations Analyst: Introduction
- Welcome to Exam SC-200, Microsoft Security Operations Analyst. I am Charbel Nemnom, Senior Cloud Architect. I have been an IT professional for over 21 years and a Microsoft certified trainer for over five years. For the last 10 years, I have been in Microsoft's Most Valuable Profession MVP in Microsoft Azure specialization. I spend my days securing Azure environments, and my primary focus is on Azure security, Azure governance, business continuity, and disaster recovery. I hold several Microsoft certifications. I'm a Certified Information Security Manager, a Certified Cloud Security Professional, CCSP, and a Certified Information Security Manager, CISM. The Microsoft Security Operations Analyst reduces organizational risk by quickly responding to active attacks, improving threat protection practices, and reporting policy violations. They use different security solutions and tools like Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft Defender XDR to investigate, monitor, and respond to threats. The security analyst is also involved in configuring and deploying these technologies. This course covers every objective in the SC-200 Microsoft Security Operations Analyst Certification Exam. I have passed the SC-200 exam, so I have the Security Operations Analyst Associate Certification. Visit my website at charbelnemnom.com to see that and my other IT certification batches. Let's now review the training course lessons one by one in order. The first lesson in this course provides how to configure settings in Microsoft Defender XDR. We learn how to set up Defender XDR with a Sentinel Workspace, customize alert rules, configure advanced features in Microsoft Defender For Endpoint, adjust endpoint rules for indicators and web content filtering, oversee automated investigation and response capabilities, and implement automatic attack disruption. In the second lesson, we move on to learning how to manage assets and environments, we discuss how to administer device groups, permissions, and automation levels in Microsoft Defender For Endpoint, address unmanaged devices, utilize Azure Arc for resource management, connect environments through multi-cloud account management in Microsoft Defender For Cloud, rectify unprotected resources, and manage devices at risk using Microsoft Defender Vulnerability Management. Next, we learn how to design and configure a Microsoft Sentinel Workspace, including roles and Azure RBAC roles, define data storage with log types and retention, and utilize Workspace Manager and Azure Lighthouse for managing multiple workspaces. After that, we take a look at how to identify and ingest data sources for Microsoft Sentinel, implement content Hub solutions, use Microsoft Connector for Azure resources, establish bidirectional synchronization with Microsoft Defender XDR and Defender For Cloud, plan and configure Syslog and self event collections, set up Windows security events collection with data collection rules, configure threat intelligence connectors. And finally, we look at how to create custom log tables for storing ingested data in the workspace. In lesson five, we switch gears and move to look at how to configure protections and detections. We learn how to establish security policies for Microsoft Defender for cloud apps, Microsoft Defender For Office, and Microsoft Defender For Endpoint including attack surface reduction rules, as well as configure cloud workload protections in Microsoft Defender for cloud. In lesson six, we dive deep into how to configure and manage custom detections, fine tune alerts, and configure deception rules in Microsoft Defender XDR. After that, we end our discussion about configuring protections and detection in lesson seven, and we take a look at how to analyze and classify data using entities, set up scheduled and near real-time query rules with KQL, manage analytics rules through the Content Hub, configure anomaly detection and infusion rules, utilize ASIM parsers for querying Microsoft Sentinel data, and effectively manage threat indicators. In lesson eight, we shift to manage incident response, which is a major focus of this course. We discuss how to investigate and remediate threat across Microsoft Teams, SharePoint Online, OneDrive, email using Microsoft Defender For Office, ransomware, business email compromised incidents through automatic attack disruption, compromised entities via Microsoft Purview DLP policies, inside the risks from Purview, alerts and incidents with Microsoft Defender For Cloud, security risk with Defender For Cloud Apps, compromise Identities in Microsoft Entra ID, security alerts from Defender For Identity, and manage actions and submissions in the Microsoft Defender Portal. Lesson nine, responding to alerts and incidents identified by Microsoft Defender for Endpoint teaches you how to conduct timeline investigations of compromised devices, execute actions such as life response and collection of investigation packages, and perform evidence and entity investigations. After that, we take a look at how to investigate threats utilizing the unified audit log and content search, and perform threat hunting with Microsoft Graph Activity logs. In lesson 11, where we see how to triage, investigate, and respond to incidents within Microsoft Sentinel. In lesson 12, you learn how to configure security orchestration, automation, and response In Microsoft Sentinel, we see how to establish and customize automation rules, design Microsoft Sentinel playbooks, configure analytical rules to initiate automation, manually trigger playbooks from alerts and incidents, and execute playbooks on on-premises resources. In lesson 13, we switch gears and move to look at how to perform threat hunting. We discuss how to identify threats using Kusto Query Language, KQL, interpret threat analytics in the Microsoft Defender Portal, and craft custom hunting queries with KQL. After that, we move on to see how to analyze attack vector coverage with MITRE ATT&CK in Microsoft Sentinel and customize content gallery hunting queries. We learn how to use the hunting bookmarks for data investigations, monitor hunting queries with livestream, retrieve and manage archive log data, and create and manage search jobs. And finally, we close out the course in lesson 15 by taking a look at how to activate and customize Microsoft Sentinel workbook templates, create custom workbooks incorporating KQL, and configure visualizations. If all this sounds like a lot of information, it certainly is. However, I you to stay strong and confident. I am here to walk you through every single one of these skills, and I can assure you you will emerge from this course much more proficient as a Microsoft Security Operations Analyst. So are you ready to become a Microsoft certified Security Operations Analyst? Good. Let's get to work.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.