SC-200 Microsoft Security Operations Analyst

Video description

In this comprehensive course, you will embark on a journey to master the various components of Microsoft Security Operations. Starting with Microsoft 365 Defender, you will learn to protect your organization from threats targeting Office 365, cloud apps, and endpoints. Through a series of practical lessons, you'll gain hands-on experience with security baselines, extended detection, and response mechanisms, and the action center for efficient threat mitigation.

The course then transitions to Microsoft Defender for Cloud, guiding you through planning and configuring cloud security measures. You will learn to assess cloud workload protection, configure workflow automation, and integrate multi-cloud and on-prem resources. Emphasis is placed on understanding the Microsoft Secure Score and implementing robust security and regulatory policies to maintain compliance.

Finally, you will delve into Microsoft Sentinel, where you will configure resources, roles, and data connectors. The course covers advanced topics such as incident creation logic, automation rules, threat hunting, and developing custom logs in Azure Log Analytics. By the end of this course, you will be proficient in using Microsoft's powerful security tools to protect your organization's digital assets.

What you will learn

  • Implement and manage Microsoft 365 Defender for comprehensive security.
  • Configure and optimize Microsoft Defender for Cloud.
  • Deploy and utilize Microsoft Sentinel for advanced threat detection.
  • Conduct threat hunting and analyze security data effectively.
  • Integrate security solutions across multi-cloud and on-prem environments.


This course is ideal for IT professionals, security analysts, and systems administrators who have a foundational understanding of cybersecurity concepts. Prerequisites include basic knowledge of Microsoft 365 and Azure services.

About the Authors

ACI Learning: ACI Learning trains leaders in Cybersecurity, Audit, and Information Technology. Whether starting an IT career, mastering a profession, or developing a team, they provide essential support at every step.

Anthony Sequeira: Anthony Sequeira, CCIE #15626, is a seasoned tech trainer and author with expertise in cloud, cybersecurity, and IT. His IT journey began in 1994 at IBM in Tampa, Florida. He later founded Computer Solutions but discovered his true passion for teaching and writing about technology. In 1996, he joined Mastering Computers, which evolved into KnowledgeNet, where he continued to share the latest tech advancements. Today, he serves as a full-time Edutainer at ACI Learning, delivering global training and authoring textbooks on chrmodern technologies. He holds certifications like CCIE R&S #15626, as well as numerous others from AWS, CompTIA, Juniper, and Microsoft, among others. Anthony's expertise spans the IT landscape.

Lauren Deal: With a decade of in-classroom teaching experience, work as a national television host on the Home Shopping Network, and a background as a talk show producer and host, Lauren Deal possesses a perfect blend of skills and interests in IT. This unique combination makes her an ideal learner advocate for ACI Learning training. She excels in asking clarifying questions related to exam objectives and enthusiastically learns alongside ACI Learning audiences. Additionally, Lauren has been studying the evolving use of AI technology and the development process of Augmented and Virtual Reality. Her certifications include AWS Certified Cloud Practitioner.

Table of contents

  1. Chapter 1 : Use Microsoft 365 Defender to Mitigate Threats
    1. Course Overview
    2. Introducing Microsoft 365 Defender
    3. Introducing Microsoft Defender for Office 365
    4. Using Defender for Office 365
    5. Introducing Microsoft Defender for Cloud Apps
    6. Using Defender for Cloud Apps
    7. Introducing Microsoft Defender for Endpoint
    8. Use Security Baselines for Devices
    9. Using Additional Features in Defender for Endpoints
    10. Introducing Microsoft Defender for Identity
    11. Use Defender for Identity to Protect Active Directory
    12. Introducing Extended Detection and Response in Defender
    13. Use the Action Center for Security
    14. Understanding the Microsoft Secure Score
    15. Perform Threat Hunting/Analytics
  2. Chapter 2 : Use Microsoft Defender for Cloud to Mitigate Threats
    1. Introducing Microsoft Defender for Cloud
    2. Plan and Configure Defender for Cloud
    3. Configure Defender for Cloud Roles
    4. Assess Cloud Workload Protection
    5. Use Microsoft Defender for Cloud Secure Score
    6. Setting Security and Regulatory Policy
    7. Configure Workflow Automation
    8. Connect Multi-Cloud and On-Prem Resources
    9. Defender for Cloud Data Collection
    10. Working with Alerts and Email Notifications
    11. Configure Automated Onboarding
    12. Reporting in Defender and User Data Management
  3. Chapter 3 : Use Microsoft Sentinel to Mitigate Threats
    1. Planning a Microsoft Sentinel Deployment
    2. Configure Sentinel Resources
    3. Configure Sentinel Roles
    4. Planning for Data Sources and Data Connectors
    5. Data Connectors, Event Collectors, and Custom Connectors
    6. Configure Queries and Analytics Rules
    7. Define Incident Creation Logic
    8. Use Watchlists and Threat Indicators
    9. Analyze Data Using Entities
    10. Create Custom Logs in Azure Log Analytics
    11. Develop and Manage ASIM Parsers
    12. Configure Automation Rules
    13. Use Automation in Microsoft Sentinel
    14. Investigate Multi-Workspace Incidents
    15. User and Entity Behavior Analytics
    16. Use Workbooks
    17. Configure Advanced Visualizations
    18. Use Hunting Queries
    19. Threat Hunt Using Notebooks and Bookmarks

Product information

  • Title: SC-200 Microsoft Security Operations Analyst
  • Author(s): ACI Learning, Anthony Sequeira, Lauren Deal
  • Release date: May 2024
  • Publisher(s): Packt Publishing
  • ISBN: 9781836201632