Microsoft Security Operations Analyst

Course SC-200T00

  • Duration:
    • 4 days

Dates:

  • Implementation planned - places still available
  • Implementation - probability high - still places available
  • There are no more seats available. For many courses, it may still be possible to participate online, via virtual classroom.
  • Course times: As a rule, our seminars are held from 10:00 am to 5:00 pm on day 1 and from 9:00 am to 4:00 pm on the following days. Changes are possible. The concrete seminar times you will find in the binding order confirmation.
16.06.2025 - 19.06.2025 Berlin
  • 2890 EUR / Person
 German
01.09.2025 - 04.09.2025 Virtual Classroom
  • 2890 EUR / Person
German
27.10.2025 - 30.10.2025 Virtual Classroom english
  • 2890 EUR / Person
English
03.11.2025 - 06.11.2025 Leipzig
  • 2890 EUR / Person
German
08.12.2025 - 11.12.2025 Cologne
  • 2890 EUR / Person
 German
Learn how to investigate, respond to and detect threats with Microsoft Sentinel, Microsoft Defender for Cloud and Microsoft 365 Defender. In this course, you will learn how to defend against cyber threats using these technologies. Specifically, you will configure and use Microsoft Sentinel and use Kusto Query Language (KQL) for detection, analysis and reporting. This course is designed for individuals working in the security operations field and will help students prepare for the SC-200: Microsoft Security Operations Analyst exam.

In this course, participants will gain the following skills:
  • Explain how Microsoft Defender for Endpoint can mitigate risks in your environment.
  • Administer a Microsoft Defender for Endpoint environment
  • Configure rules to reduce the attack surface on Windows devices
  • Perform actions on a device using Microsoft Defender for Endpoint
  • Scan domains and IP addresses in Microsoft Defender for Endpoint
  • Scan user accounts in Microsoft Defender for Endpoint
  • Configure alert settings in Microsoft 365 Defender
  • Explain how the threat landscape is evolving
  • Perform an advanced scan in Microsoft 365 Defender
  • Manage incidents in Microsoft 365 Defender
  • Explain how Microsoft Defender for Identity can mitigate risks in your environment
  • Examine DLP alerts in Microsoft Defender for Cloud Apps
  • Explain the types of actions you can take in an insider risk management case
  • Configure automatic deployment in Microsoft Defender for Cloud Apps
  • Resolve alerts in Microsoft Defender for Cloud Apps
  • Create KQL statements
  • Filter search results based on event time, severity, domain and other relevant data using KQL
  • Extract data from unstructured string fields using KQL
  • Manage a Microsoft Sentinel workspace
  • Accessing the watchlist in Microsoft Sentinel using KQL
  • Manage threat indicators in Microsoft Sentinel
  • Explain the differences between the Common Event Format and Syslog connectors in Microsoft Sentinel
  • Connect Azure Windows VMs to Microsoft Sentinel
  • Configure log analytics agents to capture Sysmon events
  • Create new analytics rules and queries using the analytics rule wizard
  • Create a playbook to automate incident response
  • Use queries to search for threats
  • Monitor threats over time with livestreams
Defending against threats using Microsoft 365 Defender
  • Introduction to threat protection with Microsoft 365
  • Mitigating incidents with Microsoft 365 Defender
  • Mitigating risks with Microsoft Defender for Office 365
  • Microsoft Defender for Identity
  • Protecting your identities with Azure AD Identity Protection
  • Microsoft Defender for Cloud Apps
  • Respond to alerts to prevent data loss with Microsoft 365
  • Manage insider risk in Microsoft 365
Defend against threats with Microsoft Defender for Endpoint
  • Protect against threats with Microsoft Defender for Endpoint
  • Deploying the Microsoft Defender for Endpoint environment
  • Implement Windows security enhancements
  • Perform device scans
  • Perform actions on a device
  • Perform evidence and entity investigations
  • Configure and manage automation
  • Configure alerts and detections
  • Leveraging threat and security risk management
Defend against threats using Microsoft Defender for Cloud
  • Plan workload protection in the cloud with Microsoft Defender for Cloud
  • Protecting workloads with Microsoft Defender for Cloud
  • Connecting Azure resources with Microsoft Defender for Cloud
  • Connecting non-Azure resources with Microsoft Defender for Cloud
  • Resolving security alerts with Microsoft Defender for Cloud
Creating queries for Microsoft Sentinel using Kusto Query Language (KQL)
  • Create KQL statements for Microsoft Sentinel
  • Analyse query results using KQL
  • Create multi-table statements using KQL
  • Working with string data using KQL statements
Configuring your Microsoft Sentinel environment
  • Introduction to Microsoft Sentinel
  • Creating and managing Microsoft Sentinel workspaces
  • Querying logs in Microsoft Sentinel
  • Using Watchlists in Microsoft Sentinel
  • Using Threat Intelligence in Microsoft Sentinel
Connecting logs to Microsoft Sentinel
  • Connecting data to Microsoft Sentinel using data connectors
  • Connecting Microsoft services to Microsoft Sentinel
  • Connecting Microsoft 365 Defender to Microsoft Sentinel
  • Connecting Windows hosts to Microsoft Sentinel
  • Connecting Common Event Format logs to Microsoft Sentinel
  • Connecting syslog data sources to Microsoft Sentinel
  • Connecting threat indicators to Microsoft Sentinel
Creating detections and performing investigations using Microsoft Sentinel
  • Detecting threats with Microsoft Sentinel analytics
  • Managing security incidents in Microsoft Sentinel
  • Responding to threats with Microsoft Sentinel playbooks
  • User and Entity Behavior Analytics in Microsoft Sentinel
  • Query, visualise and monitor data in Microsoft Sentinel
Performing threat scanning in Microsoft Sentinel
  • Concepts of threat scanning in Microsoft Sentinel
  • Threat scanning with Microsoft Sentinel
  • Searching for threats using notebooks in Microsoft Sentinel
The Microsoft Security Operations Analyst works with project stakeholders in the enterprise to protect enterprise IT systems. Their goal is to reduce risk to the business by quickly stopping active attacks in the environment, making recommendations to improve threat protection methods, and escalating violations of company policy to the appropriate parties. Responsibilities include managing, monitoring and responding to threats through the use of a variety of security solutions in their environment. The primary responsibilities of this role include investigating, responding to, and searching for threats using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security products. As the Security Operations Analyst uses the operational output of these tools, they are also a key stakeholder in configuring and deploying these technologies.
  • Basic knowledge of Microsoft 365
  • Basic understanding of Microsoft security, compliance and identity products
  • Advanced knowledge of Windows 10
  • Familiarity with Azure services, especially Azure SQL Database and Azure Storage
  • Working knowledge of Azure virtual computers and virtual networks
  • Basic understanding of scripting concepts.
This course prepares you for the SC-200: Microsoft Security Operations Analyst exam.
The course price includes:
- The original Microsoft training materials in English and digital form.
- Break catering for face-to-face training: drinks, biscuits, and lunch

We are also happy to conduct this training as an in-house seminar. Please request your individual offer.

The course is offered in German and English.

Please click here to go to our English course: SC-200T00_e - Microsoft Security Operations Analyst (English)

Contact us

SoftwareONE

IT CAMPUS
Customer Training Solutions

Blochstraße 1
D-04329 Leipzig
*The services of SoftwareONE Deutschland GmbH directly serving school and educational purposes are predominantly VAT-exempt according to § 4 No. 21 a) bb) UStG. Contact us - we are happy to help!