pds-it
['Product detail page','no']
Microsoft Technology / Security, Compliance and Identity
The illustrations were created in cooperation between humans and artificial intelligence. They show a future in which technology is omnipresent, but people remain at the center.
AI-generated illustration

Microsoft Security Operations Analyst (SC-200)

Online
4 days
German
Download PDF
€ 2.590,-
plus VAT.
€ 3.082,10
incl. VAT.
Booking number
33806
Venue
Online
3 dates
€ 2.590,-
plus VAT.
€ 3.082,10
incl. VAT.
Booking number
33806
Venue
Online
3 dates
Become a certified
Machine Learning Engineer
This course is part of the certified Master Class "Machine Learning Engineer". If you book the entire Master Class, you save over 15 percent compared to booking this individual module.
To the Master Class
In-house training
In-house training for your Employees only - exclusive and effective.
Inquiries
In cooperation with
You will learn how to use Microsoft Azure Sentinel, Azure Defender and Microsoft 365 Defender to investigate, respond to and detect threats.
Contents

In this course, you will learn how to use these technologies to defend against cyber threats. In particular, you will configure and use Azure Sentinel and use Kusto Query Language (KQL) to detect, analyze and report. The course is designed for individuals working in a security operations job role and will help you prepare for the SC-200: Microsoft Security Operations Analyst exam.

Module 1: Defending against threats using Microsoft 365 Defender

Analyze threat data across domains and quickly remediate threats using the built-in orchestration and automation in Microsoft 365 Defender. Learn more about cybersecurity threats and how Microsoft's new threat protection tools protect your organization's users, devices and data. Use advanced identity-based threat detection and remediation to protect your Azure Active Directory identities and applications from attacks.

Lessons

  • Introduction to threat protection with Microsoft 365
  • Mitigating incidents with the help of Microsoft 365 Defender
  • Minimize risks with Microsoft Defender for Office 365
  • Microsoft Defender for Identity
  • Protect your identities with Azure AD Identity Protection
  • Microsoft Defender for Cloud Apps
  • Respond to alerts to prevent data loss using Microsoft 365
  • Managing insider risk in Microsoft 365

Lab: Defense against threats with the help of Microsoft 365 Defender

  • Explore Microsoft 365 Defender

 

Module 2: Defending against threats using Microsoft Defender for Endpoint

Deploy the Microsoft Defender for Endpoint platform to detect, investigate and respond to advanced threats. Learn how Microsoft Defender for Endpoint can improve your organization's security. Learn how to deploy the Microsoft Defender for Endpoint environment, including device onboarding and security configuration. Learn how to investigate incidents and alerts using Microsoft Defender for Endpoint. You will be able to perform an advanced threat scan and consult with threat experts. You will also learn how to configure automation in Microsoft Defender for Endpoint by managing environment settings. Finally, you will learn about the vulnerabilities of your environment through threat and vulnerability management in Microsoft Defender for Endpoint.

Lessons

  • Protect against threats with Microsoft Defender for Endpoint
  • Deploy Microsoft Defender for endpoint environment
  • Implement Windows security enhancements
  • Carrying out device inspections
  • Performing actions on a device
  • Carrying out evidence and entity investigations
  • Configuring and managing automation
  • Configuring warnings and detections
  • Benefits of threat and security risk management

Lab: Defend against threats with Microsoft 365 Defender for Endpoint

  • Deploy Microsoft Defender for Endpoint
  • Mitigate attacks with Defender for Endpoint

 

Module 3: Defending against threats with Microsoft Defender for Cloud

Using Microsoft Defender for Cloud, for Azure, Hybrid Cloud and on-premises workload protection and on-premises security. Learn more about the purpose of Microsoft Defender for Cloud and how to enable it. Also learn more about the protection and detection capabilities provided by Microsoft Defender for Cloud for each cloud workload. Learn how to add Microsoft Defender for Cloud features to your hybrid environment.

Lessons

  • Planning workload protection in the cloud with Microsoft Defender for Cloud
  • Protect workloads with Microsoft Defender for Cloud
  • Connecting Azure resources with Microsoft Defender for Cloud
  • Connect non-Azure resources with Microsoft Defender for Cloud
  • Fixing security alerts with Microsoft Defender for Cloud

Lab: Defending against threats with Microsoft Defender for Cloud

  • Deploy Microsoft Defender for Cloud
  • Mitigating attacks with Microsoft Defender for Cloud

 

Module 4: Creating queries for Microsoft Sentinel using Kusto Query Language (KQL)

Write the KQL (Kusto Query Language) statements to query log data to perform detection, analysis and reporting in Microsoft Sentinel. This module focuses on the most commonly used operators. Security-related table queries are presented in the KQL sample instructions. KQL is the query language used to explore data to create analytics and workbooks and perform hunting operations in Microsoft Sentinel. Below you will find information on how to create complex statements using the basic KQL statement structure. Here you will learn how to summarize and visualize data in a KQL statement. This is the basis for creating detections in Microsoft Sentinel. Learn how to use the Kusto Query Language (KQL) to manipulate string data collected from log sources.

Lessons

  • Creating KQL statements for Microsoft Sentinel
  • Analyzing query results with the help of KQL
  • Creating statements with multiple tables using KQL
  • Working with string data using KQL statements

Lab: Creating queries for Microsoft Sentinel using Kusto Query Language (KQL)


Module 5: Configuring your Microsoft Sentinel environment

Getting started with Microsoft Sentinel by properly configuring the Microsoft Sentinel workspace. Setting up and configuring traditional SIEM (Security Information & Event Management) systems usually takes a lot of time. In addition, these systems are not necessarily designed for cloud workloads. Microsoft Sentinel allows you to quickly gain valuable security insights from your cloud and local data. This module will help you get started. Below you will find information on how to use the Microsoft Sentinel workspace architecture to configure your system to meet your organization's security requirements. As a Security Operations Analyst, you need to understand the tables, fields and data that are captured in your workspace. Learn how to query the most commonly used data tables in Microsoft Sentinel.

Lessons

  • Introduction to Microsoft Sentinel
  • Create and manage Microsoft Sentinel workspaces
  • Querying logs in Microsoft Sentinel
  • Using watchlists in Microsoft Sentinel
  • Using threat intelligence in Microsoft Sentinel

Lab: Configuring your Microsoft Sentinel environment

Module 6: Connecting logs to Microsoft Sentinel

Connect data at cloud level with Microsoft Sentinel - across users, applications and infrastructures as well as locally and in multiple clouds. The data connectors provided by Microsoft Sentinel are primarily used to connect log data. This module provides an overview of the available data connectors. You will learn about the configuration options and data provided by Microsoft Sentinel connectors for Microsoft 365 Defender.

Lessons

  • Connecting data with Microsoft Sentinel using data connectors
  • Establishing a connection from Microsoft services with Microsoft Sentinel
  • Connecting Microsoft 365 Defender with Microsoft Sentinel
  • Connecting Windows hosts with Microsoft Sentinel
  • Connecting Common Event Format logs with Microsoft Sentinel
  • Connecting syslog data sources with Microsoft Sentinel
  • Connecting threat indicators with Microsoft Sentinel

Lab: Connecting protocols with Microsoft Sentinel

  • Connecting data with Microsoft Sentinel using data connectors
  • Connecting Windows devices to Microsoft Sentinel via data connectors
  • Connecting Linux hosts to Microsoft Sentinel via data connectors
  • Connecting Threat Intelligence with Microsoft Sentinel via data connectors

 

Module 7: Creating detections and conducting investigations using Microsoft Sentinel

Detect previously undetected threats and quickly remediate threats with built-in orchestration and automation in Microsoft Sentinel. Learn how to respond to security threats with Microsoft Sentinel playbooks. You will look at incident management in Microsoft Sentinel, get information about events and entities in Microsoft Sentinel and learn ways to resolve incidents. You will also learn more about querying, visualizing and monitoring data in Microsoft Sentinel.

Lessons

  • Threat detection with Microsoft Sentinel analyses
  • Management of security incidents in Microsoft Sentinel
  • Responding to threats with Microsoft Sentinel playbooks
  • User and Entity Behavior Analytics in Microsoft Sentinel
  • Query, visualize and monitor data in Microsoft Sentinel

Lab: Create detections and perform investigations using Microsoft Sentinel

  • Activate a Microsoft security rule
  • Creating a playbook
  • Creating a planned query
  • Understanding recognition modeling
  • Carrying out attacks
  • Creating recognitions
  • Investigating incidents
  • Creating workbooks

 

Module 8: Executing a threat scan in Microsoft Sentinel

In this module, you will learn how to proactively identify threat behaviors using Microsoft Sentinel queries. You will also learn how to use bookmarks and live streams to search for threats. You will also learn how to use notebooks in Microsoft Sentinel for advanced threat hunting.

Lessons

  • Concepts for threat hunting in Microsoft Sentinel
  • Threat hunting with Microsoft Sentinel
  • Search for threats using notebooks in Microsoft Sentinel

Lab: Running a threat scan in Microsoft Sentinel

  • Executing a threat scan in Microsoft Sentinel
  • Threat hunting using notebooks with Microsoft Sentinel
Your benefit
  • Defense against threats with Microsoft 365 Defender
  • Defending against threats with Azure Defender for Cloud
  • Defense against threats with Azure Sentinel

This intensive training prepares you for:
Exam: " SC-200: Microsoft Security Operations Analyst (beta) " for the
Certification: " Microsoft Certified: Security Operations Analyst Associate "

trainer
Sébastien Hausammann
Martin Weber
Methods

This course consists of training training and is led by a trainer who supervises the participants live. Theory and practice are taught with live demonstrations and practical exercises. The video conferencing software Zoom is used.

Final examination
Recommended for

Microsoft Security Operations Analysts work with the organization's stakeholders to secure the organization's information technology systems. Their goal is to reduce enterprise risk by quickly remediating active attacks in the environment, advising on improvements to threat protection practices, and escalating violations of company policies to the appropriate stakeholders.
Responsibilities include threat management, monitoring, and responding to threats by deploying a variety of security solutions across the environment. The role primarily investigates, responds to and searches for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender and third party security products. As Security Operations Analysts utilize the operational output of these tools, they are also key stakeholders in the configuration and deployment of these technologies.

Requirements

  • Basic understanding of Microsoft 365
  • Basic understanding of Microsoft's security, compliance and identity products
  • Intermediate understanding of Windows 10
  • Familiarity with Azure services, especially Azure SQL Database and Azure Storage
  • Familiarity with virtual machines and virtual networks in Azure
  • Basic understanding of scripting concepts

The basic knowledge acquired in the following course is recommended:

  • Microsoft Security, Compliance, and Identity Fundamentals
Start dates and details

Form of learning

Learning form

10.6.2025
Online
Places free
Implementation secured
Online
Places free
Implementation secured
7.7.2025
Online
Places free
Implementation secured
Online
Places free
Implementation secured
9.9.2025
Online
Places free
Implementation secured
Online
Places free
Implementation secured

This training is conducted in cooperation with the authorized training organization Digicomp Academy AG.
For the purpose of conducting the training, participants' data will be transmitted to them and processed there under their own responsibility.
Please take note of the corresponding privacy policy.

Do you have questions about training?
Call us on +49 761 595 33900 or write to us at service@haufe-akademie.de or use the contact form.