SC-200T00-A: Microsoft Security Operations Analyst

Course Duration: 32 hours (4 days)

This intermediate-level course equips security professionals with the skills to investigate, respond to, and hunt for threats using Microsoft Sentinel, Defender XDR, Defender for Cloud, and Security Copilot. Learners will use Kusto Query Language (KQL) for threat detection and analysis, configure security tools, and apply best practices for incident response. The course prepares candidates for the SC-200 certification.

Subscribe to Access

Overview Prerequisites Skills You’ll Gain Self Study Materials Included Tools What You’ll Learn Course Modules FAQs

What’s Included?

High-Quality Video, E-book & Audiobook icon

Module Quizzes icon

AI Mentor

Access for Tablet & Phone

Prerequisites

- Experience with Microsoft 365 and Azure security tools
- Familiarity with threat protection and incident response
- Basic understanding of KQL and log analytics
- Knowledge of cloud security concepts and operations

Skills You’ll Gain

Threat Investigation with Sentinel
Incident Response via XDR
KQL-Based Detection
Threat Reporting Queries
Cloud Environment Monitoring
Defender for Cloud Integration
AI-Driven Security Insights
Security Copilot Utilization

Self Study Materials Included

Videos

Engaging visual content to enhance understanding and learning experience.

Podcasts

Insightful audio sessions featuring expert discussions and real-world cases.

Audiobooks

Listen and learn anytime with convenient audio-based knowledge sharing.

E-Books

Comprehensive digital guides offering in-depth knowledge and learning support.

Module Wise Quizzes

Interactive assessments to reinforce learning and test conceptual clarity.

Additional Resources

Supplementary references and list of tools to deepen knowledge and practical application.

Tools You’ll Master

Azure Portal

Microsoft Sentinel

Microsoft Defender XDR

Microsoft Defender for Cloud

Microsoft Security Copilot

Kusto Query Language (KQL)

What You’ll Learn

Detect and Investigate Threats

Use Microsoft Sentinel to identify and analyze security risks.

Respond with Defender and Copilot

Handle incidents using XDR and AI-powered assistance.

Analyze Data with KQL

Query security logs and events using Kusto Query Language.

Secure Cloud Workloads

Monitor and protect resources with Defender for Cloud.

Course Modules

Lesson 1: SC-200 – Mitigate Threats Using Microsoft Defender XDR

Module 1: Introduction to Microsoft Defender XDR Threat Protection

Module 2: Mitigate Incidents Using Microsoft Defender

Module 3: Remediate Risks with Microsoft Defender for Office 365

Module 4: Manage Microsoft Entra Identity Protection

Module 5: Safeguard Your Environment with Microsoft Defender for Identity

Module 6: Secure Your Cloud Apps and Services with Microsoft Defender for Cloud Apps

Lesson 2: SC-200 – Mitigate Threats Using Microsoft Security Copilot

Module 1: Fundamentals of Generative AI

Module 2: Describe Microsoft Security Copilot

Module 3: Describe the Core Features of Microsoft Security Copilot

Module 4: Describe the Embedded Experiences of Microsoft Security Copilot

Module 5: Explore Use Cases of Microsoft Security Copilot

Lesson 3: SC-200 – Mitigate Threats Using Microsoft Purview

Module 1: Respond to Data Loss Prevention Alerts Using Microsoft 365

Module 2: Manage Insider Risk in Microsoft Purview

Module 3: Search and Investigate with Microsoft Purview Audit

Module 4: Investigate Threats with Content Search in Microsoft Purview

Lesson 4: SC-200 – Mitigate Threats Using Microsoft Defender for Endpoint

Module 1: Protect Against Threats with Microsoft Defender for Endpoint

Module 2: Deploy the Microsoft Defender for Endpoint Environment

Module 3: Implement Windows Security Enhancements with Microsoft Defender for Endpoint

Module 4: Perform Device Investigations in Microsoft Defender for Endpoint

Module 5: Perform Actions on a Device Using Microsoft Defender for Endpoint

Module 6: Perform Evidence and Entities Investigations Using Microsoft Defender for Endpoint

Module 7: Configure and Manage Automation Using Microsoft Defender for Endpoint

Module 8: Configure for Alerts and Detections in Microsoft Defender for Endpoint

Module 9: Utilize Vulnerability Management in Microsoft Defender for Endpoint

Lesson 5: SC-200 – Mitigate Threats Using Microsoft Defender for Cloud

Module 1: Plan for Cloud Workload Protections Using Microsoft Defender for Cloud

Module 2: Connect Azure Assets to Microsoft Defender for Cloud

Module 3: Connect Non-Azure Resources to Microsoft Defender for Cloud

Module 4: Manage Your Cloud Security Posture Management

Module 5: Explain Cloud Workload Protections in Microsoft Defender for Cloud

Module 6: Remediate Security Alerts Using Microsoft Defender for Cloud

Lesson 6: SC-200 – Create Queries for Microsoft Sentinel Using Kusto Query Language (KQL)

Module 1: Construct KQL Statements for Microsoft Sentinel

Module 2: Analyze Query Results Using KQL

Module 3: Build Multi-Table Statements Using KQL

Module 4: Work with Data in Microsoft Sentinel Using Kusto Query Language

Lesson 7: SC-200 – Configure Your Microsoft Sentinel Environment

Module 1: Introduction to Microsoft Sentinel

Module 2: Create and Manage Microsoft Sentinel Workspaces

Module 3: Query Logs in Microsoft Sentinel

Module 4: Use Watchlists in Microsoft Sentinel

Module 5: Utilize Threat Intelligence in Microsoft Sentinel

Module 6: Integrate Microsoft Defender XDR with Microsoft Sentinel

Lesson 8: SC-200 – Connect Logs to Microsoft Sentinel

Module 1: Connect Data to Microsoft Sentinel Using Data Connectors

Module 2: Connect Microsoft Services to Microsoft Sentinel

Module 3: Connect Microsoft Defender XDR to Microsoft Sentinel

Module 4: Connect Windows Hosts to Microsoft Sentinel

Module 5: Connect Common Event Format Logs to Microsoft Sentinel

Module 6: Connect Syslog Data Sources to Microsoft Sentinel

Module 7: Connect Threat Indicators to Microsoft Sentinel

Lesson 9: SC-200 – Create Detections and Perform Investigations Using Microsoft Sentinel

Module 1: Threat Detection with Microsoft Sentinel Analytics

Module 2: Automation in Microsoft Sentinel

Module 3: Threat Response with Microsoft Sentinel Playbooks

Module 4: Security Incident Management in Microsoft Sentinel

Module 5: Identify Threats with Behavioral Analytics

Module 6: Data Normalization in Microsoft Sentinel

Module 7: Query, Visualize, and Monitor Data in Microsoft Sentinel

Module 8: Manage Content in Microsoft Sentinel

Lesson 10: SC-200 – Perform Threat Hunting in Microsoft Sentinel

Module 1: Explain Threat Hunting Concepts in Microsoft Sentinel

Module 2: Threat Hunting with Microsoft Sentinel

Module 3: Use Search Jobs in Microsoft Sentinel

Module 4: Hunt for Threats Using Notebooks in Microsoft Sentinel

Frequently Asked Questions

No, it’s designed for professionals with security operations experience.

It supports the Security Operations Analyst Associate certification.

Yes, KQL is a core part of threat detection and analysis.

Yes, Security Copilot is integrated into the course content.

Yes, both instructor-led and self-paced formats are available.