Course Overview

This Microsoft Security Operations Analyst certification training from CloudThat teaches candidates how to mitigate threats using Microsoft 365 Defender, Microsoft Defender for Cloud, and Microsoft Sentinel. Candidates taking up course SC-200 also learn to secure information technology systems, reduce organizational risk, advise best practices for threat protection, and refer violations of organizational policies to stakeholders. The responsibilities of Azure Security Operations Analyst include threat management, response, and monitoring, using a variety of security solutions. They also use Azure Defender, Microsoft Azure Sentinel, Microsoft 365 Defender, and third-party security products to investigate, respond, and identify threats.

After completing this course, students will be able to:

  • Mitigate threats using Microsoft 365 Defender
  • Mitigate threats using Azure Defender
  • Mitigate threats using Azure Sentinel

Upcoming Batches

India Online Enroll
Start Date End Date

To be Decided

Key Features

  • Our Azure SC-200 training modules have 50% -60% hands-on lab sessions to encourage Thinking-Based Learning (TBL).
  • Interactive-rich virtual and face-to-face classroom teaching to inculcate Problem-Based Learning (PBL).
  • Microsoft certified instructor-led training and mentoring sessions to develop Competency-Based Learning (CBL).
  • Well-structured use-cases to simulate challenges encountered in a Real-World environment.
  • Integrated teaching assistance and support through experts designed Learning Management System (LMS) and ExamReady platform.
  • Being a Microsoft Learning Partner provides us with the edge over competition.

Who Should Attend

  • The Microsoft Security Operations Analyst Associate collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. Since the security operations analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.


  • Basic understanding of Microsoft 365
  • Fundamental understanding of Microsoft security, compliance, and identity products
  • Intermediate understanding of Windows 10
  • Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
  • Familiarity with Azure virtual machines and virtual networking
  • Basic understanding of scripting concepts.

Course Outline Download Course Outline

Detect, investigate, respond, and remediate threats to the productivity environment by using Microsoft Defender for Office 365

  • detect, investigate, respond, remediate Microsoft Teams, SharePoint, and OneDrive for Business threats
  • detect, investigate, respond, remediate threats to email by using Defender for Office 365
  • manage data loss prevention policy alerts
  • assess and recommend sensitivity labels
  • assess and recommend insider risk policies

Detect, investigate, respond, and remediate endpoint threats by using Microsoft Defender for Endpoint

  • manage data retention, alert notification, and advanced features
  • configure device attack surface reduction rules
  • configure and manage custom detections and alerts
  • respond to incidents and alerts
  • manage automated investigations and remediations Assess and recommend endpoint configurations to reduce and remediate vulnerabilities by using Microsoft’s Threat and Vulnerability Management solution.
  • manage Microsoft Defender for Endpoint threat indicators
  • analyze Microsoft Defender for Endpoint threat analytics

Detect, investigate, respond, and remediate identity threats

  • identify and remediate security risks related to sign-in risk policies
  • identify and remediate security risks related to Conditional Access events
  • identify and remediate security risks related to Azure Active Directory
  • identify and remediate security risks using Secure Score
  • identify, investigate, and remediate security risks related to privileged identities
  • configure detection alerts in Azure AD Identity Protection
  • identify and remediate security risks related to Active Directory Domain Services using Microsoft Defender for Identity Detect, investigate, respond, and remediate application threats
  • identify, investigate, and remediate security risks by using Microsoft Cloud Application Security (MCAS)
  • configure MCAS to generate alerts and reports to detect threats

Manage cross-domain investigations in Microsoft 365 Defender portal

  • manage incidents across Microsoft 365 Defender products
  • manage actions pending approval across products
  • perform advanced threat hunting

Design and configure an Azure Defender implementation

  • plan and configure Azure Defender settings, including selecting target subscriptions and workspace
  • configure Azure Defender roles
  • configure data retention policies
  • assess and recommend cloud workload protection

Plan and implement the use of data connectors for ingestion of data sources in Azure Defender

  • identify data sources to be ingested for Azure Defender
  • configure Automated Onboarding for Azure resources
  • connect on-premises computers
  • connect AWS cloud resources
  • connect GCP cloud resources
  • configure data collection

Manage Azure Defender alert rules

  • validate alert configuration
  • setup email notifications
  • create and manage alert suppression rules

Configure automation and remediation

  • configure automated responses in Azure Security Center
  • design and configure playbook in Azure Defender
  • remediate incidents by using Azure Defender recommendations
  • create an automatic response using an Azure Resource Manager template Investigate Azure Defender alerts and incidents
  • describe alert types for Azure workloads
  • manage security alerts
  • manage security incidents
  • analyze Azure Defender threat intelligence
  • respond to Azure Defender for Key Vault alerts
  • manage user data discovered during an investigation

Design and configure an Azure Sentinel workspace

  • plan an Azure Sentinel workspace
  • configure Azure Sentinel roles
  • design Azure Sentinel data storage
  • configure Azure Sentinel service security

Plan and Implement the use of Data Connectors for Ingestion of Data Sources in Azure Sentinel

  • identify data sources to be ingested for Azure Sentinel
  • identify the prerequisites for a data connector
  • configure and use Azure Sentinel data connectors
  • configure data connectors by using Azure Policy
  • design and configure Syslog and CEF event collections
  • design and Configure Windows Events collections
  • configure custom threat intelligence connectors
  • create custom logs in Azure Log Analytics to store custom data

Manage Azure Sentinel analytics rules

  • design and configure analytics rules
  • create custom analytics rules to detect threats
  • activate Microsoft security analytical rules
  • configure connector provided scheduled queries
  • configure custom scheduled queries
  • define incident creation logic

Configure Security Orchestration Automation and Response (SOAR) in Azure Sentinel

  • create Azure Sentinel playbooks
  • configure rules and incidents to trigger playbooks
  • use playbooks to remediate threats
  • use playbooks to manage incidents
  • use playbooks across Microsoft Defender solutions

Manage Azure Sentinel Incidents

  • investigate incidents in Azure Sentinel
  • triage incidents in Azure Sentinel
  • respond to incidents in Azure Sentinel
  • investigate multi-workspace incidents
  • identify advanced threats with User and Entity Behavior Analytics (UEBA)

Use Azure Sentinel workbooks to analyze and interpret data

  • activate and customize Azure Sentinel workbook templates
  • create custom workbooks
  • configure advanced visualizations
  • view and analyze Azure Sentinel data using workbooks
  • track incident metrics using the security operations efficiency workbook

Hunt for threats using the Azure Sentinel portal

  • create custom hunting queries
  • run hunting queries manually
  • monitor hunting queries by using Livestream
  • perform advanced hunting with notebooks
  • track query results with bookmarks
  • use hunting bookmarks for data investigations
  • convert a hunting query to an analytical


    • By earning Microsoft SC-200 certification, you can be competent of threat management, monitoring, and response by using a variety of security solutions.
    • Demonstrate skills to use tools like Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender.
    • On successful completion of SC-200 training, aspirants receive a Course Completion Certificate from us.
    • By successfully clearing the SC-200 exam, aspirants earn Microsoft Certification.

Our Top Trainers

Course Fee

Select Course date

Add to Wishlist

Course ID: 13528

Course Price at

₹29900 + 18% GST

Enroll Now
Enquire Now