TI246
Information technology

Microsoft : Security Operations Analysis (SC-200)

Managing incidents, hunting threats, and automating response in a Microsoft SecOps environment

This training course is intended for analysts operating in hybrid or multi-cloud security environments who wish to consolidate their expertise in detection, investigation, and incident response. You will learn how to leverage the various tools in the Microsoft ecosystem based on the situations encountered, use the KQL language to query large volumes of security data, recognize abnormal behavior through behavioral analysis, and implement automation mechanisms adapted to your context. Participants will also work with AI agents and Copilot features from a direct operational application perspective. The training also prepares you for the SC-200 certification exam.

Is it for you ?

This training is intended for professionals in the field of security operations, specifically Microsoft Security Operations Analysts. The analyst reduces organizational risk by performing triage, responding to incidents, conducting threat hunting, and designing detections. They collaborate with stakeholders to secure the organization's information systems and evolve security standards.

Prerequisites

• Basic understanding of Microsoft 365
• Fundamental understanding of Microsoft security, compliance, and identity products
• Knowledge of Azure services (workloads, storage, virtual machines, virtual networks)
• Intermediate understanding of Windows, Linux, and mobile systems
• Familiarity with AI agents and Copilots
• Basic scripting knowledge

What You'll Walk Away With

  • You manage security incidents from detection to closure in hybrid and multi-cloud environments.
  • You query security data using KQL to detect and analyze threats.
  • You assess your organization's security posture and prioritize remediations.
  • You integrate AI agents and Copilot into your SecOps operations.
  • You consolidate your preparation for the SC-200 certification exam.

Training content

1 Microsoft Defender XDR and Threat Protection

  • Introduction to threat protection with Microsoft Defender XDR
  • Mitigating incidents with Microsoft Defender
  • Protecting identities with Microsoft Entra ID Protection
  • Securing Microsoft 365 with Microsoft Defender for Office 365
  • Protecting environments with Microsoft Defender for Identity
  • Securing cloud applications with Microsoft Defender for Cloud Apps
  • Responding to DLP alerts with Microsoft Purview
  • Insider Risk Management

2 Microsoft Defender for Endpoint and Defender for Cloud

  • Deployment and configuration of the Microsoft Defender for Endpoint environment
  • Investigation of devices, entities, and evidence
  • Alert management, detections, and automation
  • Vulnerability Management
  • Cloud workload protection plan with Microsoft Defender for Cloud
  • Connecting Azure, multi-cloud, and on-premises resources
  • Cloud Security Posture Management (CSPM)
  • Remediating security alerts

3 KQL and Microsoft Sentinel (Configuration and Data)

  • Building and analyzing Kusto queries (KQL)
  • Multi-table queries and data normalization
  • Introduction to Microsoft Sentinel and workspace management
  • Data connectors: Windows, Linux, syslog, CEF, threat intelligence
  • Watchlists, threat indicators, and observation lists
  • Sentinel Graph for exploring entity relationships

4 Detection, Response, and Threat Hunting

  • Analytics and detection rules in Microsoft Sentinel
  • Automation, playbooks, and SOAR
  • Security incident management
  • Behavioral Analytics and UEBA
  • Data visualization and monitoring
  • Threat hunting with Microsoft Sentinel and notebooks
  • Searching historical data (Search jobs)
  • Using Microsoft Security Copilot to assist SecOps operations
See more

📌 Practical information

Our training sessions are offered in Montreal or Quebec City, in person or in a virtual classroom. Dates and locations are specified when you select your session below. If you have any questions, check out our FAQ.

Trainers

Upcoming information
Duration
4 days
Schedule
See training dates for details
Regular fee
$2,500
Preferential fee A preferential rate is offered to public institutions, to members of certain professional organizations as well as to companies that do a certain amount of business with Technologia. To know more, please read the "Registration and rates" section on our FAQ page. Please note that preferential rates are not available for online training courses. Discounts cannot be combined with other offers.
$2,250
Private or personalized training

Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

Request a quote

Request in-company training

Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

Tell us more
Added to cart View my cart