Microsoft Security Operations Analyst

Master the art of cybersecurity threat management and mitigation with the Microsoft Security Operations Analyst course, tailored for IT security professionals aiming to excel in leveraging Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender.

Course Category Icon

Essential Skills Gained

Checkmark

Investigate and respond to cyberthreats using Azure Sentinel.

Checkmark

Utilize Microsoft Defender solutions to enhance threat protection.

Checkmark

Perform advanced detection and analysis using Kusto Query Language.

Checkmark

Configure and manage Azure Security solutions for robust defense.

Format

  • Instructor-led
  • 4 days with lectures and hands-on labs.

Audience

  • Security Operations Analysts
  • IT Security Professionals
  • Cybersecurity Specialists
  • Network Security Engineers

Description

Learn how to investigate, respond to, and hunt for threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. In this course students will learn how to mitigate cyberthreats using these technologies. Specifically, students will configure and use Azure Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

Calendar icon

Upcoming Course Dates

August 5-8, 2025

9:00 AM - 5:00 PM

Virtual: Online - US/Eastern

Enroll

$2396

September 16-19, 2025

9:00 AM - 5:00 PM

Virtual: Online - US/Eastern

Enroll

$2396

October 21-24, 2025

9:00 AM - 5:00 PM

Virtual: Online - America/Los_Angeles

Enroll

$2396

Course Outline

Download PDF

Learning Path 1: Mitigate threats using Microsoft 365 Defender

  1. Introduction to threat protection with Microsoft 365

  2. Mitigate incidents using Microsoft 365 Defender

  3. Protect your identities with Azure AD Identity Protection

  4. Remediate risks with Microsoft Defender for Office 365

  5. Safeguard your environment with Microsoft Defender for Identity

  6. Secure your cloud apps and services with Microsoft Defender for Cloud Apps

Learning Path 2: Mitigate threats using Microsoft Purview

  1. Microsoft Purview Compliance Solutions

  2. Respond to data loss prevention alerts using Microsoft Purview

  3. Manage insider risk in Microsoft Purview

  4. Investigate threats using Microsoft Purview Audit (Standard)

  5. Investigate threats using Microsoft Purview Audit (Premium)

  6. Investigate threats using Content search in Microsoft Purview

Learning Path 3: Mitigate threats using Microsoft 365 Defender for Endpoint

  1. Protect against threats with Microsoft Defender for Endpoint

  2. Deploy the Microsoft Defender for Endpoint environment

  3. Implement Windows security enhancements

  4. Perform device investigations

  5. Perform actions on a device

  6. Perform evidence and entities investigations

  7. Configure and manage automation

  8. Configure for alerts and detections

  9. Utilize Threat and Vulnerability Management

Learning Path 4: Mitigate threats using Azure Defender for Cloud

  1. Plan for cloud workload protections using Azure Defender

  2. Explain cloud workload protections in Azure Defender

  3. Connect Azure assets to Azure Defender

  4. Connect non-Azure resources to Azure Defender

  5. Remediate security alerts using Azure Defender

Learning Path 5: Create queries for Azure Sentinel using Kusto Query Language (KQL)

  1. Construct KQL statements for Azure Sentinel

  2. Analyze query results using KQL

  3. Build multi-table statements using KQL

  4. Work with data in Azure Sentinel using Kusto Query Language

Learning Path 6: Configure your Azure Sentinel environment

  1. Introduction to Azure Sentinel

  2. Create and manage Azure Sentinel workspaces

  3. Query logs in Azure Sentinel

  4. Use watchlists in Azure Sentinel

  5. Utilize threat intelligence in Azure Sentinel

Learning Path 7: Connect logs to Azure Sentinel

  1. Connect data to Azure Sentinel using data connectors

  2. Connect Microsoft services to Azure Sentinel

  3. Connect Microsoft 365 Defender to Azure Sentinel

  4. Connect Windows hosts to Azure Sentinel

  5. Connect Common Event Format logs to Azure Sentinel

  6. Connect syslog data sources to Azure Sentinel

  7. Connect threat indicators to Azure Sentinel

Learning Path 8: Create detections and perform investigations using Azure Sentinel

  1. Threat detection with Azure Sentinel analytics

  2. Threat response with Azure Sentinel playbooks

  3. Security incident management in Azure Sentinel

  4. Use entity behavior analytics in Azure Sentinel

  5. Query, visualize, and monitor data in Azure Sentinel

Learning Path 9: Perform threat hunting in Azure Sentinel

  1. Threat hunting with Azure Sentinel

  2. Hunt for threats using notebooks in Azure Sentinel

  3. Threat Hunting in Azure Sentinel

  4. Threat Hunting using Notebooks

Your Team has Unique Training Needs.

Your team deserves training as unique as they are.

Let us tailor the course to your needs at no extra cost.