SC-200 Microsoft Security Operations Analyst Course & SIMs

We really hope you'll agree, this training is way more then the average course on Udemy! Have access to the following: - Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer - Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material - Instructor led hands on and simulations to practice that can be followed even if you have little to no experience TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS: Introduction - Welcome to the course - Understanding the Microsoft Environment - Foundations of Active Directory Domains - Foundations of RAS, DMZ, and Virtualization - Foundations of the Microsoft Cloud Service - DONT SKIP: The first thing to know about Microsoft cloud services - DONT SKIP: Azure AD is now renamed to Entra ID - Questions for John Christopher - Order of concepts covered in the course Performing hands on activities - DONT SKIP: Using Assignments in the course - Creating a free Microsoft 365 Account - Activating licenses for Defender for Endpoint and Vulnerabilities - Getting your free Azure credit - How to setup an Azure virtual machine for practicing hands on - Setting up Microsoft Entra for device management - How to join our test virtual machine to Microsoft Entra Configure settings in Microsoft Defender XDR - Introduction to Microsoft 365 Defender - Concepts of the purpose of extended detection and response (XDR) - Microsoft Defender and Microsoft Purview admin centers - Concepts of Microsoft Sentinel - Configure a connection from Defender XDR to a Sentinel workspace - Concepts of management with Microsoft Defender for Endpoint - Onboarding to manage devices using Defender for Endpoint - Bulk automatic onboarding with Microsoft Intune - How to verify Windows devices have been onboarded - A note about extra features in your Defender for Endpoint - Incidents, alert notifications, and advanced feature for endpoints - Review and respond to endpoint vulnerabilities Manage assets and environments - Configure and manage device groups - Identify devices at risk using the Microsoft Defender Vulnerability Management - Overview of Microsoft Defender for Cloud - Manage resources by using Azure Arc - Connect environments to Microsoft Defender for Cloud (by using multi-cloud account management) - Identify unmanaged devices by using device discovery Design and configure a Microsoft Sentinel workspace - Plan a Microsoft Sentinel workspace - Configure Microsoft Sentinel roles and specify Azure RBAC roles - Design and configure Microsoft Sentinel data storage,log types and log retention Ingest data sources in Microsoft Sentinel - Identify data sources to be ingested for Microsoft Sentinel - Configure and use MS Sentinel connectors, Azure Policy & diagnostic settings - Configure Microsoft Sentinel connectors for MS 365 Defender & Defender for Cloud - Design and configure Syslog and Common Event Format (CEF) event collections - Design and configure Windows security event collections - Configure threat intelligence connectors - Create custom log tables in the workspace to store ingested data Configure protections in Microsoft Defender security technologies - Plan and configure Microsoft Defender for Cloud settings - Configure Microsoft Defender for Cloud roles - Configure security policies including attack surface reduction (ASR) rules - Assess and recommend cloud workload protection and enable plans - Configure automated onboarding of Azure resources Configure detection in Microsoft Defender XDR - Run an attack simulation email campaign in Microsoft 365 Defender - Identify threats by using Kusto Query Language (KQL) - Identify and remediate security risks by using Microsoft Secure Score - Analyze threat analytics in the Microsoft 365 Defender portal - Configure and manage custom detections and alerts Configure detections in Microsoft Sentinel - Concepts of Microsoft Sentinel analytics rules - Configure the Fusion rule - Configure Microsoft security analytics rules - Configure built-in scheduled query rules - Configure custom scheduled query rules - Configure near-real-time (NRT) analytics rules - Manage analytics rules from Content hub - Manage and use watchlists - Manage and use threat indicators Respond to alerts and incidents in Microsoft Defender XDR - Using polices to remediate threats with Email ,Teams, SharePoint & OneDrive - Investigate, respond, and remediate threats with Defender for Office 365 - Understanding data loss prevention (DLP) in Microsoft 365 Defender - Implement data loss prevention policies (DLP) to respond and alert - Investigate & respond to alerts generated by data loss prevention (DLP) policies - Understanding insider risk policies - Generating an insider risk policy - Investigate and respond to alerts generated by insider risk policies - Discover and manage apps by using Microsoft Defender for Cloud Apps - Identify, investigate, & remediate security risks by using Defender for Cloud Apps - Manage actions and submissions in the Microsoft 365 Defender portal Respond to alerts and incidents identified by Microsoft Defender for Endpoint - Configure anomaly detection analytics rules - How to trigger some incidents using a client device for testing - Investigate timeline of compromised devices Investigate Microsoft 365 activities - Understanding unified audit log licensing and requirements - Setting unified audit permissions and enabling support - Perform threat hunting by using unified audit log - Perform threat hunting by using Content Search - Perform threat hunting by using Microsoft Graph activity logs - Respond to incidents in Microsoft Sentinel - Configure an incident generation - Triage incidents in Microsoft Sentinel - Investigate incidents in Microsoft Sentinel - Respond to incidents in Microsoft Sentinel - Investigate multi-workspace incidents Implement and use Copilot for Security - What is Copilot for Security? - Onboarding Copilot for Security - Create and use promptbooks - Manage sources for Copilot for Security, including plugins and files - Manage permissions and roles in Copilot for Security - Monitor Copilot for Security capacity and cost - Identify threats and risks by using Copilot for Security - Investigate incidents by using Copilot for Security Hunt for threats by using Microsoft Defender XDR - PART 1 - Identify threats by using Kusto Query Language (KQL) - PART 2 - Interpret threat analytics in the Microsoft Defender portal - PART 3 - Create custom hunting queries by using KQL Hunt for threats by using Microsoft Sentinel - Analyze attack vector coverage by using MITRE ATT&CK in Microsoft Sentinel - Customize content gallery hunting queries - Create custom hunting queries - Use hunting bookmarks for data investigations - Monitor hunting queries by using Livestream - Retrieve and manage archived log data - Create and manage search jobs Create and configure Microsoft Sentinel workbooks - Activate and customize Microsoft Sentinel workbook templates - Create custom workbooks - Configure advanced visualizations Conclusion - Cleaning up your lab environment - Getting a Udemy certificate - BONUS Where do I go from here?

What you'll learn:

• Learn the concepts and perform hands on activities needed to pass the SC-200 exam
• Gain a tremendous amount of knowledge involving securing Microsoft 365 and Azure Services
• Get loads of hands on experience with Security Operations for Microsoft 365
• Utilize hands on simulations that can be access anytime, anywhere!