SC-200 Microsoft Security Operations Analyst Course & SIMs

We really hope you'll agree, this training is way more then the average course on Udemy! Have access to the following: Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material Instructor led hands on and simulations to practice that can be followed even if you have little to no experience TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS: Introduction Welcome to the course Understanding the Microsoft Environment Foundations of Active Directory Domains Foundations of RAS, DMZ, and Virtualization Foundations of the Microsoft Cloud Services DONT SKIP: The first thing to know about Microsoft cloud services DONT SKIP: Azure AD is now renamed to Entra ID Questions for John Christopher Order of concepts covered in the course Performing hands on activities DONT SKIP: Using Assignments in the course Creating a free Microsoft 365 Account Activating licenses for Defender for Endpoint and Vulnerabilities Getting your free Azure credit How to setup an Azure virtual machine for practicing hands on Setting up Microsoft Entra for device management How to join our test virtual machine to Microsoft Entra Configure settings in Microsoft Defender XDR Introduction to Microsoft 365 Defender Concepts of the purpose of extended detection and response (XDR) Microsoft Defender and Microsoft Purview admin centers Concepts of management with Microsoft Defender for Endpoint Setting up a Microsoft Defender Admin role for permissions Onboarding to manage devices using Defender for Endpoint Bulk automatic onboarding with Microsoft Intune How to verify Windows devices have been onboarded A note about extra features in your Defender for Endpoint Incidents, alert notifications, and advanced feature for endpoints Review and respond to endpoint vulnerabilities Manage assets and environments Configure and manage device groups Identify devices at risk using the Microsoft Defender Vulnerability Management Overview of Microsoft Defender for Cloud Manage resources by using Azure Arc Connect environments to Microsoft Defender for Cloud (by using multi-cloud account management) Identify unmanaged devices by using device discovery Design and configure a Microsoft Sentinel workspace Concepts of Microsoft Sentinel Plan a Microsoft Sentinel workspace Configure Microsoft Sentinel roles and specify Azure RBAC roles Design and configure Microsoft Sentinel data storage,log types and log retention Ingest data sources in Microsoft Sentinel Identify data sources to be ingested for Microsoft Sentinel Implement and use Content hub solutions A note about Kusto Query Language (KQL) Configure & use MS connectors for Azure, including Azure Policy & diagnostics Plan and configure Azure Monitor Agent (AMA) and data collection rules Plan and configure Syslog and Common Event Format (CEF) event collections Collection of Windows Security events and Windows Event Forwarding (WEF) Create custom log tables in the workspace to store ingested data Configure Sentinel to ingest Azure and Entra ID data Monitor and optimize data ingestion Configure protections in Microsoft Defender security technologies Plan and configure Microsoft Defender for Cloud settings Configure Microsoft Defender for Cloud roles Configure security policies including attack surface reduction (ASR) rules Assess and recommend cloud workload protection and enable plans Configure automated onboarding of Azure resources Configure detection in Microsoft Defender XDR Run an attack simulation email campaign in Microsoft 365 Defender Identify threats by using Kusto Query Language (KQL) Identify and remediate security risks by using Microsoft Secure Score Analyze threat analytics in the Microsoft 365 Defender portal Configure and manage custom detections and alerts Configure detections in Microsoft Sentinel Classify and analyze data by using entities Concepts of Microsoft Sentinel analytics rules Configure and manage analytics rules Query Microsoft Sentinel data by using ASIM parsers Implement behavioral analytics Respond to alerts and incidents in Microsoft Defender XDR Using polices to remediate threats with Email ,Teams, SharePoint & OneDrive Investigate, respond, and remediate threats with Defender for Office 365 Understanding data loss prevention (DLP) in Microsoft 365 Defender Understanding Data loss prevention roles and permissions Implement data loss prevention policies (DLP) Adaptive Protection with data loss prevention Policy and rule precedence in Data Loss Prevention Understanding insider risk policies Implement Insider Risk Management connectors Generating an insider risk policy Discover and manage apps by using Microsoft Defender for Cloud Apps Identify, investigate, & remediate security risks by using Defender for Cloud Apps Manage actions and submissions in the Microsoft 365 Defender portal Respond to alerts and incidents identified by Microsoft Defender for Endpoint Configure anomaly detection analytics rules How to trigger some incidents using a client device for testing Investigate timeline of compromised devices Investigate Microsoft 365 activities Understanding unified audit log licensing and requirements Setting unified audit permissions and enabling support Perform threat hunting by using unified audit log Perform threat hunting by using Content Search Perform threat hunting by using Microsoft Graph activity logs Respond to incidents in Microsoft Sentinel Investigate and remediate incidents in Microsoft Sentinel Understanding automation rules and Microsoft Sentinel playbooks Create and configure automation rules Create and configure Microsoft Sentinel playbooks Run playbooks on on-premises resources Implement and use Microsoft Security Copilot What is Copilot for Security? Onboarding Copilot for Security Create and use promptbooks Manage sources for Copilot for Security, including plugins and files Manage permissions and roles in Copilot for Security Monitor Copilot for Security capacity and cost Identify threats and risks by using Copilot for Security Investigate incidents by using Copilot for Security Hunt for threats by using Microsoft Defender XDR Identify purposes of using Kusto Query Language (KQL) Practicing with KQL in Microsoft's Demo environment Searching for information using basic KQL syntax Summarizing KQL results and filtering based on time ranges Using KQL to display data based on columns, amounts and characters Implementing variables and combining output data with KQL Identify and interpret threats analytics by using KQL in Defender Customizing hunting queries using Microsoft's Sentinel and Defender repository Hunt for threats by using Microsoft Sentinel Analyze attack vector coverage by using the MITRE ATT&CK matrix Manage and use threat indicators Create and manage hunts Create and monitor hunting queries Use hunting bookmarks for data investigations Retrieve and manage archived log data Create and manage search jobs Create and configure Microsoft Sentinel workbooks Activate and customize workbook templates Create custom workbooks that include KQL Configure visualizations Conclusion Cleaning up your lab environment Getting a Udemy certificate BONUS Where do I go from here?