SC-200 Microsoft Security Operations Analyst Course & SIMs

We really hope you'll agree, this training is way more then the average course on Udemy! Have access to the following: Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material Instructor led hands on and simulations to practice that can be followed even if you have little to no experience TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS: Introduction Welcome to the course Understanding the Microsoft Environment Foundations of Active Directory Domains Foundations of RAS, DMZ, and Virtualization Foundations of the Microsoft Cloud Services DONT SKIP: The first thing to know about Microsoft cloud services DONT SKIP: Azure AD is now renamed to Entra ID Questions for John Christopher Order of concepts covered in the course Performing hands on activities DONT SKIP: Using Assignments in the course Creating a free Microsoft 365 Account Activating licenses for Defender for Endpoint and Vulnerabilities Getting your free Azure credit Setting up Microsoft Entra for device management Disable Security Defaults in Entra ID before proceeding How to setup an Azure virtual machine for practicing hands on Setting up Microsoft Entra for device management How to join our test virtual machine to Microsoft Entra Configure automation for Microsoft Defender XDR and Microsoft Sentinel Introduction to Microsoft 365 Defender Concepts of the purpose of extended detection and response (XDR) Microsoft Defender and Microsoft Purview admin centers Concepts of management with Microsoft Defender for Endpoint Vulnerability Management has been moved Setting up a Microsoft Defender Admin role for permissions Onboarding to manage devices using Defender for Endpoint Bulk automatic onboarding with Microsoft Intune How to verify Windows devices have been onboarded A note about extra features in your Defender for Endpoint Incidents, alert notifications, and advanced feature for endpoints Review and respond to endpoint vulnerabilities Configure and manage device groups Identify devices at risk using the Microsoft Defender Vulnerability Management Identify unmanaged devices by using device discovery Configure security policies including attack surface reduction (ASR) rules Concepts of Microsoft Sentinel Plan a Microsoft Sentinel workspace Configure the Microsoft Sentinel SIEM and platform Configure Microsoft Sentinel roles and specify Azure RBAC roles Design and configure Microsoft Sentinel data storage,log types and log retention Activate and customize workbook templates Create custom workbooks that include KQL Configure visualizations Ingest data into the Microsoft Sentinel SIEM and platform Identify data sources to be ingested for Microsoft Sentinel Implement and use Content hub solutions A note about Kusto Query Language (KQL) Configure & use MS connectors for Azure, including Azure Policy & diagnostics Plan and configure Azure Monitor Agent (AMA) and data collection rules Plan and configure Syslog and Common Event Format (CEF) event collections Collection of Windows Security events and Windows Event Forwarding (WEF) Create custom log tables in the workspace to store ingested data Configure Sentinel to ingest Azure and Entra ID data Monitor and optimize data ingestion Configure detections Run an attack simulation email campaign in Microsoft 365 Defender Manage actions and submissions in the Microsoft 365 Defender portal Identify and remediate security risks by using Microsoft Secure Score Analyze threat analytics in the Microsoft 365 Defender portal Configure and manage custom detections and alerts Classify and analyze data by using entities Concepts of Microsoft Sentinel analytics rules Configure and manage analytics rules Query Microsoft Sentinel data by using ASIM parsers Implement behavioral analytics Respond to alerts and incidents in Microsoft Defender XDR Using polices to remediate threats with Email, Teams, SharePoint & OneDrive Investigate, respond, and remediate threats with Defender for Office 365 Understanding data loss prevention (DLP) in Microsoft 365 Defender Understanding Data loss prevention roles and permissions Implement data loss prevention policies (DLP) Adaptive Protection with data loss prevention Policy and rule precedence in Data Loss Prevention Understanding insider risk policies Implement Insider Risk Management connectors Generating an insider risk policy Overview of Microsoft Defender for Cloud Assess and recommend cloud workload protection and enable plans Investigate information identified by MS Defender for Cloud workload protection Discover and manage apps by using Microsoft Defender for Cloud Apps Identify, investigate, & remediate security risks by using Defender for Cloud Apps Investigate and remediate incidents in Microsoft Sentinel Understanding automation rules and Microsoft Sentinel playbooks Create and configure automation rules Create and configure Microsoft Sentinel playbooks Run playbooks on on-premises resources What Microsoft Security Copilot (MSC)? Security compute units (SCUs) in Security Copilot Warning before allocating SCUs for Security Copilot Allocating SCUs for Security Copilot Setting up sample alerts for querying with Security Copilot Investigating an incident involving a VM with Security Copilot IMPORTANT Delete your SCUs Respond to alerts and incidents identified by Microsoft Defender for Endpoint Configure anomaly detection analytics rules How to trigger some incidents using a client device for testing Investigate timeline of compromised devices Investigate Microsoft 365 activities to identify threats Understanding unified audit log licensing and requirements Setting unified audit permissions and enabling support Investigate threats by using Content Search Perform threat hunting by using Microsoft Graph activity logs Detect threats by using Microsoft Defender XDR Identify purposes of using Kusto Query Language (KQL) Practicing with KQL in Microsoft's Demo environment Searching for information using basic KQL syntax Summarizing KQL results and filtering based on time ranges Using KQL to display data based on columns, amounts and characters Implementing variables and combining output data with KQL Identify and interpret threats analytics by using KQL in Defender Customizing hunting queries using Microsoft's Sentinel and Defender repository Detect threats by using the Microsoft Sentinel platform Analyze attack vector coverage by using the MITRE ATT&CK matrix Manage and use threat indicators Create and manage hunts Create and monitor hunting queries Use hunting bookmarks for data investigations Retrieve and manage archived log data Create and manage search jobs Conclusion Cleaning up your lab environment Getting a Udemy certificate BONUS Where do I go from here?