[Update Course] SC-200 Microsoft Security Operations Analyst Course & SIMs | Udemy

We really hope you’ll agree, this training is way more then the average course on Udemy!

Have access to the following:

• Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer
• Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material
• Instructor led hands on and simulations to practice that can be followed even if you have little to no experience

TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS:

Introduction

• Welcome to the course
• Understanding the Microsoft Environment
• Foundations of Active Directory Domains
• Foundations of RAS, DMZ, and Virtualization
• Foundations of the Microsoft Cloud Services
• DONT SKIP: The first thing to know about Microsoft cloud services
• DONT SKIP: Azure AD is now renamed to Entra ID
• Questions for John Christopher
• Order of concepts covered in the course

Performing hands on activities

• DONT SKIP: Using Assignments in the course
• Creating a free Microsoft 365 Account
• Activating licenses for Defender for Endpoint and Vulnerabilities
• Getting your free Azure credit

Configure settings in Microsoft Defender XDR

• Introduction to Microsoft 365 Defender
• Concepts of the purpose of extended detection and response (XDR)
• Microsoft Defender and Microsoft Purview admin centers
• Concepts of Microsoft Sentinel
• Concepts of management with Microsoft Defender for Endpoint

Manage assets and environments

• Setup a Windows 11 virtual machine endpoint
• Enrolling to Intune for attack surface reduction (ASR) support
• Onboarding to manage devices using Defender for Endpoint
• A note about extra features in your Defender for Endpoint
• Incidents, alert notifications, and advanced feature for endpoints
• Review and respond to endpoint vulnerabilities
• Recommend attack surface reduction (ASR) for devices
• Configure and manage device groups
• Overview of Microsoft Defender for Cloud
• Identify devices at risk using the Microsoft Defender Vulnerability Management
• Manage endpoint threat indicators
• Identify unmanaged devices by using device discovery

Design and configure a Microsoft Sentinel workspace

• Plan a Microsoft Sentinel workspace
• Configure Microsoft Sentinel roles
• Design and configure Microsoft Sentinel data storage, log types and log retention

Ingest data sources in Microsoft Sentinel

• Identify data sources to be ingested for Microsoft Sentinel
• Configure and use MS Sentinel connectors, Azure Policy & diagnostic settings
• Configure Microsoft Sentinel connectors for MS 365 Defender & Defender for Cloud
• Design and configure Syslog and Common Event Format (CEF) event collections
• Design and configure Windows security event collections
• Configure threat intelligence connectors
• Create custom log tables in the workspace to store ingested data

Configure protections in Microsoft Defender security technologies

• Plan and configure Microsoft Defender for Cloud settings
• Configure Microsoft Defender for Cloud roles
• Assess and recommend cloud workload protection and enable plans
• Configure automated onboarding of Azure resources
• Connect multi-cloud resources by using Environment settings

Configure detection in Microsoft Defender XDR

• Setup a simulation lab using Microsoft 365 Defender
• Run an attack against a device in the simulation lab
• Manage incidents & automated investigations in the Microsoft 365 Defender portal
• Run an attack simulation email campaign in Microsoft 365 Defender
• Manage actions and submissions in the Microsoft 365 Defender portal
• Identify threats by using Kusto Query Language (KQL)
• Identify and remediate security risks by using Microsoft Secure Score
• Analyze threat analytics in the Microsoft 365 Defender portal
• Configure and manage custom detections and alerts

Configure detections in Microsoft Sentinel

• Concepts of Microsoft Sentinel analytics rules
• Configure the Fusion rule
• Configure Microsoft security analytics rules
• Configure built-in scheduled query rules
• Configure custom scheduled query rules
• Configure near-real-time (NRT) analytics rules
• Manage analytics rules from Content hub
• Manage and use watchlists
• Manage and use threat indicators

Respond to alerts and incidents in the Microsoft Defender portal

• Using polices to remediate threats with Email, Teams, SharePoint & OneDrive
• Investigate, respond, and remediate threats with Defender for Office 365
• Understanding data loss prevention (DLP) in Microsoft 365 Defender
• Implement data loss prevention policies (DLP) to respond and alert
• Investigate & respond to alerts generated by data loss prevention (DLP) policies
• Understanding insider risk policies
• Generating an insider risk policy
• Investigate and respond to alerts generated by insider risk policies
• Discover and manage apps by using Microsoft Defender for Cloud Apps
• Identify, investigate, & remediate security risks by using Defender for Cloud Apps

Respond to alerts and incidents identified by Microsoft Defender for Endpoint

• Configure User and Entity Behavior Analytics settings
• Investigate threats by using entity pages
• Configure anomaly detection analytics rules

Investigate Microsoft 365 activities

• Understanding unified audit log licensing and requirements
• Setting unified audit permissions and enabling support
• Investigate threats by using unified audit Log
• Investigate threats by using Content Search
• Perform threat hunting by using Microsoft Graph activity logs

Respond to incidents in Microsoft Sentinel

• Configure an incident generation
• Triage incidents in Microsoft Sentinel
• Investigate incidents in Microsoft Sentinel
• Respond to incidents in Microsoft Sentinel
• Investigate multi-workspace incidents

Implement and use Copilot for Security

• What is Copilot for Security?
• Onboarding Copilot for Security
• Create and use promptbooks
• Manage sources for Copilot for Security, including plugins and files
• Manage permissions and roles in Copilot for Security
• Monitor Copilot for Security capacity and cost
• Identify threats and risks by using Copilot for Security
• Investigate incidents by using Copilot for Security

Configure security orchestration, automation, and response (SOAR) in Microsoft Sentinel

• Create and configure automation rules
• Create and configure Microsoft Sentinel playbooks
• Configure analytic rules to trigger automation rules
• Trigger playbooks from alerts and incidents

Hunt for threats by using Microsoft Defender XDR

• Identify threats by using Kusto Query Language (KQL)
• Interpret threat analytics in the Microsoft Defender portal
• Create custom hunting queries by using KQL

Hunt for threats by using Microsoft Sentinel

• Analyze attack vector coverage by using MITRE ATT&CK in Microsoft Sentinel
• Customize content gallery hunting queries
• Create custom hunting queries
• Use hunting bookmarks for data investigations
• Monitor hunting queries by using Livestream
• Retrieve and manage archived log data
• Create and manage search jobs

Respond to alerts and incidents in Microsoft Defender for Cloud

• Set up email notifications
• Create and manage alert suppression rules
• Design and configure workflow automation in Microsoft Defender for Cloud
• Generate sample alerts and incidents in Microsoft Defender for Cloud
• Remediate alerts and incidents by using MS Defender for Cloud recommendations
• Manage security alerts and incidents
• Analyze Microsoft Defender for Cloud threat intelligence reports

Create and configure Microsoft Sentinel workbooks

• Activate and customize Microsoft Sentinel workbook templates
• Create custom workbooks
• Configure advanced visualizations

Conclusion

• Cleaning up your lab environment
• Getting a Udemy certificate
• BONUS Where do I go from here?