Video description
In this comprehensive course, you will embark on a journey to master the various components of Microsoft Security Operations. Starting with Microsoft 365 Defender, you will learn to protect your organization from threats targeting Office 365, cloud apps, and endpoints. Through a series of practical lessons, you'll gain hands-on experience with security baselines, extended detection, and response mechanisms, and the action center for efficient threat mitigation.
The course then transitions to Microsoft Defender for Cloud, guiding you through planning and configuring cloud security measures. You will learn to assess cloud workload protection, configure workflow automation, and integrate multi-cloud and on-prem resources. Emphasis is placed on understanding the Microsoft Secure Score and implementing robust security and regulatory policies to maintain compliance.
Finally, you will delve into Microsoft Sentinel, where you will configure resources, roles, and data connectors. The course covers advanced topics such as incident creation logic, automation rules, threat hunting, and developing custom logs in Azure Log Analytics. By the end of this course, you will be proficient in using Microsoft's powerful security tools to protect your organization's digital assets.
What you will learn
- Implement and manage Microsoft 365 Defender for comprehensive security.
- Configure and optimize Microsoft Defender for Cloud.
- Deploy and utilize Microsoft Sentinel for advanced threat detection.
- Conduct threat hunting and analyze security data effectively.
- Integrate security solutions across multi-cloud and on-prem environments.
Audience
This course is ideal for IT professionals, security analysts, and systems administrators who have a foundational understanding of cybersecurity concepts. Prerequisites include basic knowledge of Microsoft 365 and Azure services.
About the Authors
ACI Learning: ACI Learning trains leaders in Cybersecurity, Audit, and Information Technology. Whether starting an IT career, mastering a profession, or developing a team, they provide essential support at every step.
Anthony Sequeira: Anthony Sequeira, CCIE #15626, is a seasoned tech trainer and author with expertise in cloud, cybersecurity, and IT. His IT journey began in 1994 at IBM in Tampa, Florida. He later founded Computer Solutions but discovered his true passion for teaching and writing about technology. In 1996, he joined Mastering Computers, which evolved into KnowledgeNet, where he continued to share the latest tech advancements. Today, he serves as a full-time Edutainer at ACI Learning, delivering global training and authoring textbooks on chrmodern technologies. He holds certifications like CCIE R&S #15626, as well as numerous others from AWS, CompTIA, Juniper, and Microsoft, among others. Anthony's expertise spans the IT landscape.
Lauren Deal: With a decade of in-classroom teaching experience, work as a national television host on the Home Shopping Network, and a background as a talk show producer and host, Lauren Deal possesses a perfect blend of skills and interests in IT. This unique combination makes her an ideal learner advocate for ACI Learning training. She excels in asking clarifying questions related to exam objectives and enthusiastically learns alongside ACI Learning audiences. Additionally, Lauren has been studying the evolving use of AI technology and the development process of Augmented and Virtual Reality. Her certifications include AWS Certified Cloud Practitioner.
Table of contents
-
Chapter 1 : Use Microsoft 365 Defender to Mitigate Threats
- Course Overview
- Introducing Microsoft 365 Defender
- Introducing Microsoft Defender for Office 365
- Using Defender for Office 365
- Introducing Microsoft Defender for Cloud Apps
- Using Defender for Cloud Apps
- Introducing Microsoft Defender for Endpoint
- Use Security Baselines for Devices
- Using Additional Features in Defender for Endpoints
- Introducing Microsoft Defender for Identity
- Use Defender for Identity to Protect Active Directory
- Introducing Extended Detection and Response in Defender
- Use the Action Center for Security
- Understanding the Microsoft Secure Score
- Perform Threat Hunting/Analytics
-
Chapter 2 : Use Microsoft Defender for Cloud to Mitigate Threats
- Introducing Microsoft Defender for Cloud
- Plan and Configure Defender for Cloud
- Configure Defender for Cloud Roles
- Assess Cloud Workload Protection
- Use Microsoft Defender for Cloud Secure Score
- Setting Security and Regulatory Policy
- Configure Workflow Automation
- Connect Multi-Cloud and On-Prem Resources
- Defender for Cloud Data Collection
- Working with Alerts and Email Notifications
- Configure Automated Onboarding
- Reporting in Defender and User Data Management
-
Chapter 3 : Use Microsoft Sentinel to Mitigate Threats
- Planning a Microsoft Sentinel Deployment
- Configure Sentinel Resources
- Configure Sentinel Roles
- Planning for Data Sources and Data Connectors
- Data Connectors, Event Collectors, and Custom Connectors
- Configure Queries and Analytics Rules
- Define Incident Creation Logic
- Use Watchlists and Threat Indicators
- Analyze Data Using Entities
- Create Custom Logs in Azure Log Analytics
- Develop and Manage ASIM Parsers
- Configure Automation Rules
- Use Automation in Microsoft Sentinel
- Investigate Multi-Workspace Incidents
- User and Entity Behavior Analytics
- Use Workbooks
- Configure Advanced Visualizations
- Use Hunting Queries
- Threat Hunt Using Notebooks and Bookmarks
Product information
- Title: SC-200 Microsoft Security Operations Analyst
- Author(s):
- Release date: May 2024
- Publisher(s): Packt Publishing
- ISBN: 9781836201632
You might also like
video
SC-200: Microsoft Security Operations Analyst
The Microsoft security operations analyst works with organizational stakeholders to secure the organization’s information technology systems. …
book
Exam Ref SC-200 Microsoft Security Operations Analyst
Prepare for Microsoft Exam SC-200 and help demonstrate your real-world mastery of skills and knowledge required …
video
SC-900: Microsoft Security, Compliance, and Identity Fundamentals
Identity is the new perimeter. Application developers and infrastructure teams must focus on identity and the …
book
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide
Remediate active attacks to reduce risk to the organization by investigating, hunting, and responding to threats …