Video accessible from your Account page after purchase.
Prepare for Microsoft Exam SC-200 and level up in your career as a Microsoft security operations analyst
This video course prepares Security Operations Analysts to effectively monitor, detect, investigate, and respond to threats across hybrid and multi-cloud environments. Learners will gain hands-on experience with the core Microsoft security technologies covered in the SC-200 exam, including Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft Defender XDR, and integrations with third-party security solutions. The course also includes practical demonstrations of Microsoft Security Copilot, showing how generative AI accelerates threat investigations, enriches alerts, automate response steps, and empowers analysts to work more efficiently and confidently.
Beyond the tools, this course emphasizes the real-world skills needed to reduce organizational risk: investigating attacks, correlating signals across products, strengthening threat protection posture, and providing actionable recommendations to security stakeholders. By the end of the course, learners will not only be fully prepared for the latest SC-200 exam objectives but also gain the practical, job-ready expertise required to operate effectively in a modern SOCleveraging the latest advancements in AI-driven security.
Skill Level:
Learn How To:
Course requirement:
Pre-requisites:
Who Should Take This Course:
Job titles:
About Pearson Video Training:
Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.
Video Lessons are available for download for offline viewing within the streaming format. Look for the green arrow in each lesson.
Introduction
Lesson 1: Configure Automation for Microsoft Defender XDR and Microsoft Sentinel
Learning objectives
1.1 Configure email notifications in Microsoft Defender XDR, including incidents, actions, and threat analytics
1.2 Configure alert notifications in Microsoft Defender XDR, including tuning, suppression, and correlation
1.3 Configure Microsoft Defender for Endpoint advanced features
1.4 Configure rules settings in Microsoft Defender for Endpoint
1.5 Configure custom data collection in Microsoft Defender for Endpoint
1.6 Configure security policies for Microsoft Defender for Endpoint, including ASR rules
1.7 Manage automated investigation and response capabilities in Microsoft Defender XDR
1.8 Configure automatic attack disruption in Microsoft Defender XDR
1.9 Configure and manage device groups, permissions, and automation levels in Microsoft Defender for Endpoint
1.10 Create and configure automation rules in Microsoft Sentinel
1.11 Create and configure Microsoft Sentinel playbooks
Lesson 2: Configure the Microsoft Sentinel SIEM and Platform
Learning objectives
2.1 Specify Microsoft Sentinel roles
2.2 Manage data retention for XDR and Microsoft Sentinel tables, including analytics, data lake, and XDR tiers
2.3 Create and configure Microsoft Sentinel workbooks
2.4 Optimize the Microsoft Sentinel platform, including SOC optimization recommendations
Lesson 3: Ingest Data into the Microsoft Sentinel SIEM and Platform
Learning objectives
3.1 Select data connectors based on data source requirements, including Windows logs and security events
3.2 Configure collection of Windows Security events by using Windows Security Events via AMA, including data collection rules
3.3 Plan and configure collection of Windows Security events by using WEF
3.4 Plan and configure Syslog via AMA and CEF via AMA connectors
3.5 Configure collection of Azure activities by using Azure Policy and resource diagnostic settings
3.6 Ingest threat indicators into Microsoft Sentinel
3.7 Create custom log tables in the workspace to store ingested data
Lesson 4: Configure Detections in Defender XDR and Sentinel
Learning objectives
4.1 Create custom detection rules by using Advanced Hunting in Microsoft Defender XDR
4.2 Manage custom detection rules in Microsoft Defender XDR
4.3 Configure and manage analytics rules in Microsoft Sentinel SIEM, including scheduled, NRT, threat intelligence, and machine learning
4.4 Analyze attack vector coverage by using the MITRE ATT&CK matrix
4.5 Configure anomalies in Microsoft Sentinel
Lesson 5: Respond to Alerts and Incidents in Microsoft Defender XDR
Learning objectives
5.1 Investigate and remediate threats by using Microsoft Defender for Office 365, including automatic attack disruption
5.2 Investigate and remediate threats or compromised entities identified by Microsoft Purview
5.3 Investigate and remediate alerts and incidents identified by Microsoft Defender for Cloud workload protections
5.4 Investigate and remediate security risks identified by Microsoft Defender for Cloud Apps
5.5 Investigate and remediate compromised identities that are identified by Microsoft Entra ID
5.6 Investigate and remediate security alerts from Microsoft Defender for Identity
5.7 Investigate and remediate alerts and incidents identified by Microsoft Sentinel
5.8 Investigate incidents by using agentic AI, including embedded Security Copilot
5.9 Investigate complex attacks, such as multi-stage, multi-domain, and lateral movement
5.10 Manage security incidents by using case management
Lesson 6: Respond to Alerts and Incidents in Microsoft Defender for Endpoint
Learning objectives
6.1 Investigate device timelines
6.2 Perform actions on the device, including live response and collecting investigation packages
6.3 Perform evidence and entity investigation
6.4 Investigate and remediate incidents identified by automatic attack disruption
Lesson 7: Investigate Microsoft 365 Activities to Identify Threats
Learning objectives
7.1 Investigate threats by using Audit from Microsoft Purview
7.2 Investigate threats by using Content Search in Microsoft Purview
7.3 Investigate threats by using Microsoft Graph activity logs
Lesson 8: Detect Threats by Using Microsoft Defender XDR
Learning objectives
8.1 Identify the appropriate table to use in a KQL query
8.2 Identify threats by using KQL
8.3 Create Advanced Hunting queries
8.4 Interpret threat analytics in Microsoft Defender XDR
8.5 Create hunting graphs, including blast radius
8.6 Analyze relationships between entities by using Sentinel Graph
Lesson 9: Detect Threats by Using the Microsoft Sentinel Platform
Learning objectives
9.1 Create and monitor hunting queries
9.2 Create and manage KQL jobs in data lake
9.3 Create and manage Summary rule tables for querying
9.4 Hunt for threats by using Notebooks, including connection to the Sentinel MCP Server
Summary
