SC-200 Microsoft Security Operations Analyst Course & SIMs

SC-200 Microsoft Security Operations Analyst Course & SIMs | Udemy [Update 11/2023]
English | Size: 6.6 GB
Genre: eLearning

Get prepared for the SC-200 exam with instructor led labs and hands on simulations available 24/7

What you’ll learn
Learn the concepts and perform hands on activities needed to pass the SC-200 exam
Gain a tremendous amount of knowledge involving securing Microsoft 365 and Azure Services
Get loads of hands on experience with Security Operations for Microsoft 365
Utilize hands on simulations that can be access anytime, anywhere!

We really hope you’ll agree, this training is way more then the average course on Udemy!

Have access to the following:

Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer

Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material

Instructor led hands on and simulations to practice that can be followed even if you have little to no experience

TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS:

Introduction

Welcome to the course

Understanding the Microsoft Environment

Foundations of Active Directory Domains

Foundations of RAS, DMZ, and Virtualization

Foundations of the Microsoft Cloud Services

DONT SKIP: The first thing to know about Microsoft cloud services

DONT SKIP: Azure AD is now renamed to Entra ID

Questions for John Christopher

Order of concepts covered in the course

Performing hands on activities

DONT SKIP: Using Assignments in the course

Creating a free Microsoft 365 Account

Activating licenses for Defender for Endpoint and Vulnerabilities

Getting your free Azure credit

Configure settings in Microsoft Defender XDR

Introduction to Microsoft 365 Defender

Concepts of the purpose of extended detection and response (XDR)

Microsoft Defender and Microsoft Purview admin centers

Concepts of Microsoft Sentinel

Concepts of management with Microsoft Defender for Endpoint

Manage assets and environments

Setup a Windows 11 virtual machine endpoint

Enrolling to Intune for attack surface reduction (ASR) support

Onboarding to manage devices using Defender for Endpoint

A note about extra features in your Defender for Endpoint

Incidents, alert notifications, and advanced feature for endpoints

Review and respond to endpoint vulnerabilities

Recommend attack surface reduction (ASR) for devices

Configure and manage device groups

Overview of Microsoft Defender for Cloud

Identify devices at risk using the Microsoft Defender Vulnerability Management

Manage endpoint threat indicators

Identify unmanaged devices by using device discovery

Design and configure a Microsoft Sentinel workspace

Plan a Microsoft Sentinel workspace

Configure Microsoft Sentinel roles

Design and configure Microsoft Sentinel data storage, log types and log retention

Ingest data sources in Microsoft Sentinel

Identify data sources to be ingested for Microsoft Sentinel

Configure and use MS Sentinel connectors, Azure Policy & diagnostic settings

Configure Microsoft Sentinel connectors for MS 365 Defender & Defender for Cloud

Design and configure Syslog and Common Event Format (CEF) event collections

Design and configure Windows security event collections

Configure threat intelligence connectors

Create custom log tables in the workspace to store ingested data

Configure protections in Microsoft Defender security technologies

Plan and configure Microsoft Defender for Cloud settings

Configure Microsoft Defender for Cloud roles

Assess and recommend cloud workload protection and enable plans

Configure automated onboarding of Azure resources

Connect multi-cloud resources by using Environment settings

Configure detection in Microsoft Defender XDR

Setup a simulation lab using Microsoft 365 Defender

Run an attack against a device in the simulation lab

Manage incidents & automated investigations in the Microsoft 365 Defender portal

Run an attack simulation email campaign in Microsoft 365 Defender

Manage actions and submissions in the Microsoft 365 Defender portal

Identify threats by using Kusto Query Language (KQL)

Identify and remediate security risks by using Microsoft Secure Score

Analyze threat analytics in the Microsoft 365 Defender portal

Configure and manage custom detections and alerts

Configure detections in Microsoft Sentinel

Concepts of Microsoft Sentinel analytics rules

Configure the Fusion rule

Configure Microsoft security analytics rules

Configure built-in scheduled query rules

Configure custom scheduled query rules

Configure near-real-time (NRT) analytics rules

Manage analytics rules from Content hub

Manage and use watchlists

Manage and use threat indicators

Respond to alerts and incidents in Microsoft Defender XDR

Using polices to remediate threats with Email, Teams, SharePoint & OneDrive

Investigate, respond, and remediate threats with Defender for Office 365

Understanding data loss prevention (DLP) in Microsoft 365 Defender

Implement data loss prevention policies (DLP) to respond and alert

Investigate & respond to alerts generated by data loss prevention (DLP) policies

Understanding insider risk policies

Generating an insider risk policy

Investigate and respond to alerts generated by insider risk policies

Discover and manage apps by using Microsoft Defender for Cloud Apps

Identify, investigate, & remediate security risks by using Defender for Cloud Apps

Respond to alerts and incidents identified by Microsoft Defender for Endpoint

Configure User and Entity Behavior Analytics settings

Investigate threats by using entity pages

Configure anomaly detection analytics rules

Enrich investigations by using other Microsoft tools

Understanding unified audit log licensing and requirements

Setting unified audit permissions and enabling support

Perform threat hunting by using unified audit log

Perform threat hunting by using Content Search

Manage incidents in Microsoft Sentinel

Configure an incident generation

Triage incidents in Microsoft Sentinel

Investigate incidents in Microsoft Sentinel

Respond to incidents in Microsoft Sentinel

Investigate multi-workspace incidents

Configure security orchestration, automation, and response (SOAR) in Microsoft Sentinel

Create and configure automation rules

Create and configure Microsoft Sentinel playbooks

Configure analytic rules to trigger automation rules

Trigger playbooks from alerts and incidents

Hunt for threats by using KQL

Identify threats by using Kusto Query Language (KQL)

Interpret threat analytics in the Microsoft Defender portal

Create custom hunting queries by using KQL

Hunt for threats by using Microsoft Sentinel

Analyze attack vector coverage by using MITRE ATT&CK in Microsoft Sentinel

Customize content gallery hunting queries

Create custom hunting queries

Use hunting bookmarks for data investigations

Monitor hunting queries by using Livestream

Retrieve and manage archived log data

Create and manage search jobs

Respond to alerts and incidents in Microsoft Defender for Cloud

Set up email notifications

Create and manage alert suppression rules

Design and configure workflow automation in Microsoft Defender for Cloud

Generate sample alerts and incidents in Microsoft Defender for Cloud

Remediate alerts and incidents by using MS Defender for Cloud recommendations

Manage security alerts and incidents

Analyze Microsoft Defender for Cloud threat intelligence reports

Analyze and interpret data by using workbooks

Activate and customize Microsoft Sentinel workbook templates

Create custom workbooks

Configure advanced visualizations

Conclusion

Cleaning up your lab environment

Getting a Udemy certificate

BONUS Where do I go from here?

Who this course is for:
IT people interested in learning and passing the Microsoft SC-200 Exam
People interested in learning a tremendous amount about Security Operations for Microsoft 365

DOWNLOAD FROM RAPIDGATOR

DOWNLOAD FROM TURBOBIT

If any links die or problem unrar, send request to
forms.gle/e557HbjJ5vatekDV9

Leave a Comment Cancel reply