SC-200 Microsoft Security Operations Analyst Course & SIMs

SC-200 Microsoft Security Operations Analyst Course & SIMs free download

Get prepared for the SC-200 exam with instructor led labs and hands on simulations available 24/7

We really hope you'll agree, this training is way more then the average course on Udemy!

Have access to the following:

• Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer

• Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material

• Instructor led hands on and simulations to practice that can be followed even if you have little to no experience

TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS:

Introduction

• Welcome to the course

• Understanding the Microsoft Environment

• Foundations of Active Directory Domains

• Foundations of RAS, DMZ, and Virtualization

• Foundations of the Microsoft Cloud Services

• DONT SKIP: The first thing to know about Microsoft cloud services

• DONT SKIP: Azure AD is now renamed to Entra ID

• Questions for John Christopher

• Order of concepts covered in the course

Performing hands on activities

• DONT SKIP: Using Assignments in the course

• Creating a free Microsoft 365 Account

• Activating licenses for Defender for Endpoint and Vulnerabilities

• Getting your free Azure credit

Configure settings in Microsoft Defender XDR

• Introduction to Microsoft 365 Defender

• Concepts of the purpose of extended detection and response (XDR)

• Microsoft Defender and Microsoft Purview admin centers

• Concepts of Microsoft Sentinel

• Concepts of management with Microsoft Defender for Endpoint

Manage assets and environments

• Setup a Windows 11 virtual machine endpoint

• Enrolling to Intune for attack surface reduction (ASR) support

• Onboarding to manage devices using Defender for Endpoint

• A note about extra features in your Defender for Endpoint

• Incidents, alert notifications, and advanced feature for endpoints

• Review and respond to endpoint vulnerabilities

• Recommend attack surface reduction (ASR) for devices

• Configure and manage device groups

• Overview of Microsoft Defender for Cloud

• Identify devices at risk using the Microsoft Defender Vulnerability Management

• Manage endpoint threat indicators

• Identify unmanaged devices by using device discovery

Design and configure a Microsoft Sentinel workspace

• Plan a Microsoft Sentinel workspace

• Configure Microsoft Sentinel roles

• Design and configure Microsoft Sentinel data storage, log types and log retention

Ingest data sources in Microsoft Sentinel

• Identify data sources to be ingested for Microsoft Sentinel

• Configure and use MS Sentinel connectors, Azure Policy & diagnostic settings

• Configure Microsoft Sentinel connectors for MS 365 Defender & Defender for Cloud

• Design and configure Syslog and Common Event Format (CEF) event collections

• Design and configure Windows security event collections

• Configure threat intelligence connectors

• Create custom log tables in the workspace to store ingested data

Configure protections in Microsoft Defender security technologies

• Plan and configure Microsoft Defender for Cloud settings

• Configure Microsoft Defender for Cloud roles

• Assess and recommend cloud workload protection and enable plans

• Configure automated onboarding of Azure resources

• Connect multi-cloud resources by using Environment settings

Configure detection in Microsoft Defender XDR

• Setup a simulation lab using Microsoft 365 Defender

• Run an attack against a device in the simulation lab

• Manage incidents & automated investigations in the Microsoft 365 Defender portal

• Run an attack simulation email campaign in Microsoft 365 Defender

• Manage actions and submissions in the Microsoft 365 Defender portal

• Identify threats by using Kusto Query Language (KQL)

• Identify and remediate security risks by using Microsoft Secure Score

• Analyze threat analytics in the Microsoft 365 Defender portal

• Configure and manage custom detections and alerts

Configure detections in Microsoft Sentinel

• Concepts of Microsoft Sentinel analytics rules

• Configure the Fusion rule

• Configure Microsoft security analytics rules

• Configure built-in scheduled query rules

• Configure custom scheduled query rules

• Configure near-real-time (NRT) analytics rules

• Manage analytics rules from Content hub

• Manage and use watchlists

• Manage and use threat indicators

Respond to alerts and incidents in the Microsoft Defender portal

• Using polices to remediate threats with Email, Teams, SharePoint & OneDrive

• Investigate, respond, and remediate threats with Defender for Office 365

• Understanding data loss prevention (DLP) in Microsoft 365 Defender

• Implement data loss prevention policies (DLP) to respond and alert

• Investigate & respond to alerts generated by data loss prevention (DLP) policies

• Understanding insider risk policies

• Generating an insider risk policy

• Investigate and respond to alerts generated by insider risk policies

• Discover and manage apps by using Microsoft Defender for Cloud Apps

• Identify, investigate, & remediate security risks by using Defender for Cloud Apps

Respond to alerts and incidents identified by Microsoft Defender for Endpoint

• Configure User and Entity Behavior Analytics settings

• Investigate threats by using entity pages

• Configure anomaly detection analytics rules

Investigate Microsoft 365 activities

• Understanding unified audit log licensing and requirements

• Setting unified audit permissions and enabling support

• Investigate threats by using unified audit Log

• Investigate threats by using Content Search

• Perform threat hunting by using Microsoft Graph activity logs

Respond to incidents in Microsoft Sentinel

• Configure an incident generation

• Triage incidents in Microsoft Sentinel

• Investigate incidents in Microsoft Sentinel

• Respond to incidents in Microsoft Sentinel

• Investigate multi-workspace incidents

Implement and use Copilot for Security

• What is Copilot for Security?

• Onboarding Copilot for Security

• Create and use promptbooks

• Manage sources for Copilot for Security, including plugins and files

• Manage permissions and roles in Copilot for Security

• Monitor Copilot for Security capacity and cost

• Identify threats and risks by using Copilot for Security

• Investigate incidents by using Copilot for Security

Configure security orchestration, automation, and response (SOAR) in Microsoft Sentinel

• Create and configure automation rules

• Create and configure Microsoft Sentinel playbooks

• Configure analytic rules to trigger automation rules

• Trigger playbooks from alerts and incidents

Hunt for threats by using Microsoft Defender XDR

• Identify threats by using Kusto Query Language (KQL)

• Interpret threat analytics in the Microsoft Defender portal

• Create custom hunting queries by using KQL

Hunt for threats by using Microsoft Sentinel

• Analyze attack vector coverage by using MITRE ATT&CK in Microsoft Sentinel

• Customize content gallery hunting queries

• Create custom hunting queries

• Use hunting bookmarks for data investigations

• Monitor hunting queries by using Livestream

• Retrieve and manage archived log data

• Create and manage search jobs

Respond to alerts and incidents in Microsoft Defender for Cloud

• Set up email notifications

• Create and manage alert suppression rules

• Design and configure workflow automation in Microsoft Defender for Cloud

• Generate sample alerts and incidents in Microsoft Defender for Cloud

• Remediate alerts and incidents by using MS Defender for Cloud recommendations

• Manage security alerts and incidents

• Analyze Microsoft Defender for Cloud threat intelligence reports

Create and configure Microsoft Sentinel workbooks

• Activate and customize Microsoft Sentinel workbook templates

• Create custom workbooks

• Configure advanced visualizations

Conclusion

• Cleaning up your lab environment

• Getting a Udemy certificate

• BONUS Where do I go from here?