Exam SC-200: Microsoft Security Operations Analyst Bootcamp
Published by O'Reilly Media, Inc.
Investigate, respond to, and remediate threats using Microsoft Defender and Azure Sentinel
The goal of this bootcamp is to help you prepare and pass the Microsoft Security Operations Analyst exam!
This bootcamp is designed to help you confidently prepare for and pass the Microsoft Security Operations Analyst exam by focusing on the essential skills required for modern security professionals. You’ll learn to identify, mitigate, and respond to threats across cloud and on-premises environments using tools like Microsoft Defender XDR, Microsoft Sentinel, Microsoft Defender for Cloud, and Copilot for Security. The course also covers using Kusto Query Language (KQL) for threat hunting, reporting, and investigations, along with designing and configuring solutions to automate remediation and enhance organizational security.
Hands-on demos are integrated throughout the bootcamp, allowing you to practice real-world scenarios and reinforce your understanding of key exam objectives. You’ll also gain insights into collaborating with leadership to establish security standards, improve your organization's security posture, and promote awareness, ensuring you’re equipped to excel as a security operations analyst.
What you’ll learn and how you can apply it
- How to identify and mitigate security threats using Microsoft Defender for XDR, Office 365, and Endpoint to safeguard your environment.
- Advanced threat hunting with Kusto Query Language (KQL), enabling precise identification and response to potential threats.
- How to conduct efficient incident response with Microsoft Sentinel, including investigation, remediation, and resolution of security incidents.
- How to leverage Microsoft Copilot for Security to enhance threat detection and streamline your response workflows with AI-driven tools.
And you’ll be able to:
- Identify and mitigate threats using Microsoft Defender for XDR, Office 365, and Endpoint.
- Perform advanced threat hunting with Kusto Query Language (KQL).
- Conduct effective incident response using Microsoft Sentinel.
- Leverage Microsoft Copilot for Security to enhance threat detection capabilities.
This live event is for you because...
- Preparing for the SC-200 Microsoft Security Operations Analyst exam.
- Current or aspiring security specialists looking to enhance their skills in mitigating threats using Microsoft Azure security services.
- Those eager to stay ahead with cutting-edge security practices and technologies.
- Microsoft Partners or consultants seeking certification to meet partnership requirements and improve ratings.
Prerequisites
- A Microsoft account (necessary to set up a 30-day trial Azure account)
- A Microsoft Azure account (necessary to practice course exercises)
- A web browser and working internet connection
- A basic understanding of security concepts such as defense in depth, least privileged access, threats, SIEM, and SOAR
- Fundamental knowledge of Microsoft security, compliance, and identity products
- Familiarity with Microsoft 365 and Azure Cloud
Recommended preparation:
- Read “Principles and Concepts” (chapter 1 of Practical Cloud Security)
- Attend Zero Trust Security Fundamentals by Razi Rais (live online course)
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Day 1: Microsoft Defender
Introduction (15 minutes)
- Presentation: Day 1 content overview; understanding exam objectives; study tips and resources for the exam
Mitigate threats using Microsoft Defender (75 minutes)
- Presentation: Introduction to threat protection with Microsoft 365; mitigating incidents using Microsoft 365 Defender; remediating risks with Microsoft Defender for Office 365; Microsoft Defender for Identity; Azure AD Identity Protection; Microsoft Cloud App Security; responding to data loss prevention alerts; managing insider risk in Microsoft 365; managing cross-domain investigations in the Microsoft 365 Defender portal
- Hands-on exercises: Mitigate threats using Microsoft Defender
- Break
- Group discussion: How to tackle advanced scenario based multiple choice questions in the exam
- Q&A
Mitigate threats using Microsoft 365 Defender for Endpoint (75 minutes)
- Presentation: Protecting against threats with Microsoft Defender for Endpoint; deploying the environment; implementing Windows 10 security enhancements; performing device investigations; performing actions on a device; performing evidence and entities investigations; configuring for alerts and detections; managing insider risk in Microsoft 365; utilizing threat and vulnerability management
- Hands-on exercises: Mitigate threats using Microsoft 365 Defender for Endpoint
- Break
- Group discussion: How to effectively prepare for drag and drop-style exam questions
Wrap-up and Q&A (15 minutes)
- Hands-on exercise: Take practice exam
- Presentation: Takeaways; topic coverage for Day 2
Day 2: Microsoft Defender for Cloud and Azure Sentinel
Introduction (10 minutes)
- Presentation: Recap of Day 1 topics; Day 2 content overview
- Q&A
Mitigate threats using Microsoft Defender for Cloud (75 minutes)
- Presentation: Designing and configuring a Microsoft Defender for Cloud implementation; planning and implementing the use of data connectors for ingestion of data sources; managing Microsoft Defender for Cloud alert rules; configuring automation and remediation; investigating Microsoft Defender for Cloud alerts and incidents
- Break
- Hands-on exercises: Mitigate threats using Microsoft Defender for Cloud
- Group discussion: Techniques for removing incorrect choices from multiple choice questions
- Q&A
Mitigate threats using Azure Sentinel (60 minutes)
- Presentation: Designing and configuring an Azure Sentinel workspace; planning and implementing data connectors for ingestion of data sources; managing Azure Sentinel analytics rules; configuring security orchestration automation and response (SOAR); managing Azure Sentinel incidents; using Azure Sentinel workbooks to analyze and interpret data: hunting for threats using the Azure Sentinel portal
- Hands-on exercises: Mitigate threats using Azure Sentinel
- Q&A
- Break
Exam SC-200 Certification practice and tips (30 minutes)
- Presentation: Developing an effective study plan; resources to prepare for the exam; exam registration process; what happens after the exam
- Hands-on exercise: Practice exam questions
- Q&A
Wrap-up (5 minutes)
Your Instructor
Razi Rais
Razi Rais is a cybersecurity and AI leader at Microsoft, with over 20 years of experience building secure, resilient systems for Fortune 500 companies worldwide. He brings a globally informed perspective to enterprise-scale security, shaped by hands-on experience living and working in Singapore, UAE, France, and the United States. His background spans engineering, architecture, and product management, giving him a unique lens on the evolving intersection of AI and cybersecurity. He drives enterprise efforts to secure AI at scale and address emerging threats using frameworks like the NIST AI Risk Management Framework, OWASP Top 10 for LLMs, and MITRE ATLAS. Razi has coauthored several books, including Zero Trust Networks, second edition, and Azure Confidential Computing and Zero Trust and is a frequent speaker at conferences such as RSA and Identiverse. He serves on the GIAC advisory board, is a Microsoft Certified Trainer and delivers AI and cybersecurity training worldwide. Connect with him on LinkedIn to follow his latest work.