TI246
Information technology

Microsoft : Security Operations Analysis (SC-200)

Detect, investigate, and respond to threats using Defender, Azure Sentinel, and KQL
Print


This course equips security operations professionals with the knowledge to detect, investigate, and respond to cyberthreats using Microsoft's security stack, including Microsoft Defender for Endpoint, Microsoft 365 Defender, Azure Defender, and Azure Sentinel.
Participants will learn how to deploy and manage security environments, investigate alerts and entities, manage vulnerabilities, and automate incident response with playbooks. The course also covers Kusto Query Language (KQL) for advanced data analysis and threat hunting, as well as techniques for log integration and behavioral analytics with Azure Sentinel.
Practical labs and real-world scenarios help reinforce threat detection, mitigation strategies, and incident management using Microsoft's cloud-native security tools.

Objectives

This training equips participants with the necessary skills and knowledge to mitigate cyber threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender.

Is it for you ?

This course is aimed at people working in security operations, and in particular Microsoft Security Operations Analysts. The Microsoft Security Operations Analyst works with organizational stakeholders to secure the organization's IT systems. Their goal is to reduce organizational risk by quickly correcting active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to the appropriate stakeholders. Responsibilities include managing, monitoring and responding to threats using a variety of security solutions in their environment.

Prerequisite

To attend this training, it is recommended that candidates have:
• A basic understanding of Microsoft 365
• A fundamental understanding of Microsoft security, compliance, and identity products
• An intermediate understanding of Windows 10
• Knowledge of Azure services, particularly Azure SQL Database and Azure Storage
• Knowledge of Azure virtual machines and virtual networks
• A basic understanding of scripting concepts

Your benefits

  • Detect and respond to threats using Microsoft Defender (Endpoint, 365, Identity, Cloud)
  • Configure and use Azure Sentinel for log collection, correlation, and monitoring
  • Build KQL queries to analyze security data and identify incidents
  • Automate incident response with playbooks and manage alerts efficiently
  • Perform advanced investigations and threat hunting in hybrid environments

    • Content

    Mitigating Threats Using Microsoft Defender for Endpoint

    • Protect against threats with Microsoft Defender for Endpoint
    • Deploy the Microsoft Defender for Endpoint environment
    • Implement Windows 10 security improvements
    • Manage alerts and incidents
    • Conduct device investigations
    • Perform actions on a device
    • Investigate evidence and entities
    • Configure and manage automation
    • Configure alerts and detections
    • Use threat and vulnerability management
    See more + / -

    Mitigating Threats Using Microsoft 365 Defender

    • Introduction to threat protection with Microsoft 365
    • Mitigate incidents using Microsoft 365 Defender
    • Protect identities with Azure AD Identity Protection
    • Remediate risks with Microsoft Defender for Office 365
    • Secure your environment with Microsoft Defender for Identity
    • Protect cloud apps and services with Microsoft Cloud App Security
    • Respond to data loss prevention alerts using Microsoft 365
    • Manage insider risks in Microsoft 365

    Mitigating Threats Using Azure Defender

    • Plan cloud workload protections
    • Explain cloud workload protections
    • Connect Azure assets
    • Connect non-Azure resources
    • Remediate security alerts

    Creating Queries for Azure Sentinel Using Kusto Query Language (KQL)

    • Build KQL statements for Azure Sentinel
    • Analyze query results using KQL
    • Create multi-table statements using KQL
    • Work with data in Azure Sentinel using Kusto Query Language

    Configuring Your Azure Sentinel Environment

    • Introduction to Azure Sentinel
    • Create and manage Azure Sentinel workspaces
    • Query logs in Azure Sentinel
    • Use watchlists in Azure Sentinel
    • Use threat intelligence in Azure Sentinel

    Connecting Logs to Azure Sentinel

    • Connect data to Azure Sentinel using data connectors
    • Connect Microsoft services to Azure Sentinel
    • Connect Microsoft 365 Defender to Azure Sentinel
    • Connect Windows hosts to Azure Sentinel
    • Connect Common Event Format logs to Azure Sentinel
    • Connect Syslog data sources to Azure Sentinel
    • Connect threat indicators to Azure Sentinel

    Creating Detections and Performing Investigations Using Azure Sentinel

    • Detect threats with Azure Sentinel analytics
    • Respond to threats with Azure Sentinel playbooks
    • Manage security incidents in Azure Sentinel
    • Use entity behavior analytics in Azure Sentinel
    • Query, visualize, and monitor data in Azure Sentinel

    Performing Threat Hunting in Azure Sentinel

    • Hunt for threats with Azure Sentinel
    • Track threats using notebooks in Azure Sentinel.

    💡 Useful information

    Our training sessions are offered in Montreal or Quebec City, in person or in virtual format. Dates and locations are provided when you select your session below. If you have any questions regarding registration, schedules, the language of instruction, or cancellation policies, please consult our FAQ .

    Trainers

    Upcoming information
    Duration
    4 days
    Schedule
    See training dates for details
    Regular fee
    $2,500
    Preferential fee A preferential rate is offered to public institutions, to members of certain professional organizations as well as to companies that do a certain amount of business with Technologia. To know more, please read the "Registration and rates" section on our FAQ page. Please note that preferential rates are not available for online training courses. Discounts cannot be combined with other offers.
    $2,250
    Private or personalized training

    Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

    Request a quote

    Request in-company training

    Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

    Tell us more

    Similar trainings

    See all Analysis, design and implementation of information systems trainings
    Added to cart View my cart