SC200: Microsoft Security Operations Analyst

Course description

This course teaches you how to configure and manage security solutions with Microsoft Sentinel and Microsoft Defender to detect, analyze, and respond to security threats while ensuring the protection of data and infrastructure on Microsoft Azure.

Course objectives

By the end of this course, participants will be able to:

• Manage information security and incidents in a Microsoft environment.
• Monitor infrastructure with Microsoft Sentinel and Defender to handle security alerts and incidents.
• Analyze threats and vulnerabilities in cloud and hybrid environments.
• Implement network and application security in Azure.
• Respond to security incidents: develop response strategies based on detected alerts and threats.

Who is this course for?

This course is intended for a broad audience, including:

• IT security professionals: Those managing information, application, and infrastructure security.
• Azure administrators: Cloud system administrators wishing to strengthen their Azure security skills.
• Security analysts: Cybersecurity and incident response experts specializing in Microsoft Azure threat detection tools.
• Cybersecurity consultants: Those assisting companies in deploying Azure security solutions.
• Risk and compliance managers: Those looking to secure cloud environments to meet compliance and data protection requirements.

Prerequisites

No specific prerequisites are required. This course is accessible to anyone wishing to explore Azure security, though basic knowledge of IT or information systems can be an asset.

Course curriculum

Introduction to Security and Microsoft Sentinel

• Introduction to security in Microsoft Azure.
• Overview of Microsoft Sentinel and its threat management capabilities.
• Configuring Microsoft Sentinel for log aggregation and analysis.
• Analyzing alerts and incidents in Sentinel.

Infrastructure and Application Protection

• Securing networks in Azure (NSG, firewalls, Azure Firewall).
• Deploying Microsoft Defender for servers and databases.
• Monitoring applications with Azure Security Center.
• Detecting threats and attacks in hybrid environments.

Incident Response and Risk Management

• Configuring alerts and automated actions in Microsoft Sentinel.
• Implementing security incident management strategies.
• Setting security policies and controls in Azure.
• Responding to threats: identification, investigation, and remediation.
• Review of best practices for security management.

Course benefits

• Pedagogical approach: Alternating theory and practice for better concept retention.
• Qualified instructors: Specialists with hands-on experience in security operations analysis.
• Tools and learning resources: Access to online resources, live demos, and real case studies.
• Accessibility: Training open to all, with no advanced technical prerequisites.

Teaching methods and tools used

• Live demonstrations with Azure cloud security services.
• Hands-on labs and real case studies across various sectors (industry, retail, healthcare).
• Experience sharing: Best practices and common pitfalls in organizations.
• Simulations and tools: Use of simulators and cloud platforms for interactive workshops.

Assessment

• End-of-course multiple-choice quiz.
• Practical case studies.
• Continuous assessment with personalized feedback.

Standards and references

• Azure Well-Architected Framework
• ISO/IEC 19086
• GDPR (General Data Protection Regulation)
• NIST Cloud Computing Standards (SP 500-292)
• ISO 27001 Information Security