SC-200: Microsoft Security Operations Analyst-Course Overview

This Microsoft Security Operations Analyst certification training from CloudThat teaches candidates how to mitigate threats using Microsoft 365 Defender, Microsoft Defender for Cloud, and Microsoft Sentinel. Candidates taking up course SC-200 also learn to secure information technology systems, reduce organizational risk, advise best practices for threat protection, and refer violations of organizational policies to stakeholders.

The responsibilities of Azure Security Operations Analyst include threat management, response, and monitoring, using a variety of security solutions. They also use Azure Defender, Microsoft Azure Sentinel, Microsoft 365 Defender, and third-party security products to investigate, respond, and identify threats.

After completing SC-200: Microsoft Security Operations Analyst Course, students will be able to:

  • Mitigate threats using Microsoft 365 Defender
  • Mitigate threats using Azure Defender
  • Mitigate threats using Azure Sentinel

Upcoming Batches

Enroll Online
Start Date End Date

















Key Features of SC-200: Microsoft Security Operations Analyst

  • Our Azure SC-200 training modules have 50% -60% hands-on lab sessions to encourage Thinking-Based Learning (TBL).
  • Interactive-rich virtual and face-to-face classroom teaching to inculcate Problem-Based Learning (PBL).
  • Microsoft certified instructor-led training and mentoring sessions to develop Competency-Based Learning (CBL).
  • Well-structured use-cases to simulate challenges encountered in a Real-World environment.
  • Integrated teaching assistance and support through experts designed Learning Management System (LMS) and ExamReady platform.
  • Being a Microsoft Learning Partner provides us with the edge over competition.

Who can participate in the SC-200: Microsoft Security Operations Analyst Certification Training?

  • The SC-200: Microsoft Security Operations Analyst Course is ideal for professionals who play a key role in securing information technology systems within an organization. This course is suitable for individuals responsible for reducing organizational risk by swiftly addressing active attacks, providing guidance on enhancing threat protection practices, and escalating policy violations. Attendees of this course typically handle threat management, monitoring, and response using a variety of security solutions, including Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security products. As such, individuals who consume operational output from these tools and contribute to their configuration and deployment will greatly benefit from attending the SC-200 course.


  • Basic understanding of Microsoft 365
  • Fundamental understanding of Microsoft security, compliance, and identity products
  • Intermediate understanding of Windows 10
  • Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
  • Familiarity with Azure virtual machines and virtual networking
  • Basic understanding of scripting concepts.

Advantages of SC-200

  • Attending this course is beneficial for the individuals who are working primarily as SOC analysts and responsible for actively detecting and remediating threats in SOC environment.
  • It will give visibility of risks available in your environment and also provide recommendations to remediate the risks.
  • This will help you in achieving concepts of SIEM and SOAR capabilities.
  • Learn how to monitor, detect, investigate, automate risks associated with not only Azure resources but also the resources hosted on on-premises/other cloud providers (AWS, GCP)
  • Security analysts will be utilizing the insights received from Microsoft Sentinel and provide suggestions to developers, architects, IAM admin and management people to secure the environment.

Learning Objectives of SC-200

  • Identify various types of threats like phishing, malware, spam, with the capabilities present in Microsoft 365 Defender.
  • Protect your hardware assets from malicious threat vectors by deploying Microsoft Defender for Endpoint.
  • Be compliant with latest industry regulated standards and secure your azure resources with minimum baseline security standards with the capability of Cloud Security Posture Management(CSPM) and identify vulnerabilities, threats of your Azure Workloads with the capability of Cloud Workload Protection Platform(CWPP) available in Microsoft Defender for Cloud.
  • Detect and remediate real time cyber attacks with security alerts feature present in Microsoft Defender for Cloud
  • Configure the environment for Microsoft Sentinel solution.
  • Identify and remediate the threats associated with other third party solutions like Juniper, Palo Alto,etc
  • Visualizing the data ingested in Microsoft Sentinel with Workbooks
  • Supporting developers working on Azure DevOps and integrating DevOps repository to Microsoft Sentinel
  • Detect cyber threats with analytic rules features present in Microsoft Sentinel and automate the remediation of threats with Playbook feature.
  • Perform Behavior Analytics to discover misconfigurations.
  • Investigate and detect threats.
  • Perform threat hunting with Hunting feature and utilize Notebook for Azure Machine Learning Workspace

Course Outline Download Course Outline

  • Introduction to threat protection with Microsoft 365
  • Mitigate incidents using Microsoft 365 Defender
  • Remediate risks with Microsoft Defender for Office 365
  • Microsoft Defender for Identity
  • Protect your identities with Azure AD Identity Protection
  • Microsoft Defender for Cloud Apps
  • Respond to data loss prevention alerts
  • Manage insider risk in Microsoft 365

  • Protect against threats with Microsoft Defender for Endpoint
  • Deploy the Microsoft Defender for Endpoint environment
  • Implement Windows security enhancements
  • Perform device investigations
  • Perform actions on a device
  • Perform evidence and entities investigations
  • Configure and manage automation
  • Configure for alerts and detections
  • Utilize Threat and Vulnerability Management

  • Plan for cloud workload protections using Microsoft Defender for Cloud
  • Explain cloud workload protections in Microsoft Defender for Cloud
  • Connect Azure assets to Microsoft Defender for Cloud
  • Connect non-Azure resources to Microsoft Defender for Cloud
  • Remediate security alerts using Microsoft Defender for Cloud

  • Construct KQL statements for Microsoft Sentinel
  • Analyze query results using KQL
  • Build multi-table statements using KQL
  • Work with string data using KQL statements

  • Introduction to Microsoft Sentinel
  • Create and manage Microsoft Sentinel workspaces
  • Query logs in Microsoft Sentinel
  • Use watchlists in Microsoft Sentinel
  • Utilize threat intelligence in Microsoft Sentinel

  • Connect data to Microsoft Sentinel using data connectors
  • Connect Microsoft services to Microsoft Sentinel
  • Connect Microsoft 365 Defender to Microsoft Sentinel
  • Connect Windows hosts to Microsoft Sentinel
  • Connect Common Event Format logs to Microsoft Sentinel
  • Connect syslog data sources to Microsoft Sentinel
  • Connect threat indicators to Microsoft Sentinel

  • Threat detection with Microsoft Sentinel analytics
  • Security incident management in Microsoft Sentinel
  • Threat response with Microsoft Sentinel playbooks
  • Use entity behavior analytics in Microsoft Sentinel
  • Query, visualize, and monitor data in Microsoft Sentinel

  • Threat hunting concepts in Microsoft Sentinel
  • Threat hunting with Microsoft Sentinel
  • Hunt for threats using notebooks in Microsoft Sentinel


    • By earning Microsoft SC-200 certification, you can be competent of threat management, monitoring, and response by using a variety of security solutions.
    • Demonstrate skills to use tools like Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender.
    • On successful completion of SC-200 training, aspirants receive a Course Completion Certificate from us.
    • By successfully clearing the SC-200 exam, aspirants earn Microsoft Certification.

Course Fee

Select Course date

Add to Wishlist

Course ID: 13528

Course Price at

$1599 + 0% TAX
Enroll Now

Frequently Asked Questions

The total duration of training will be 32 hours (4 Full days) and it can also be customized as per the requirement.

Training will be delivered by trainers officially certified with Microsoft Certified Trainer(MCT).

We have batches for both offline and online

The trainer will be explaining theory along with demonstration as well as hands on lab environment will also be provided to the individuals for practice.

Being an associate level certification, SC-200 is valid for 1 year and thereafter free renewal is available by passing the exam at no extra cost.

Kindly reach out to us at

Enquire Now