Home > Store

Exam SC-200 Microsoft Security Operations Analyst (Video), 2nd Edition

Register your product to gain access to bonus material or receive a coupon.

Exam SC-200 Microsoft Security Operations Analyst (Video), 2nd Edition

Online Video

  • Your Price: $199.99
  • List Price: $249.99
  • Estimated Release: Jul 27, 2026
  • About this video
  • Video accessible from your Account page after purchase.

Description

  • Copyright 2027
  • Edition: 2nd
  • Online Video
  • ISBN-10: 0-13-592121-X
  • ISBN-13: 978-0-13-592121-0

Prepare for Microsoft Exam SC-200 and level up in your career as a Microsoft security operations analyst

This video course prepares Security Operations Analysts to effectively monitor, detect, investigate, and respond to threats across hybrid and multi-cloud environments. Learners will gain hands-on experience with the core Microsoft security technologies covered in the SC-200 exam, including Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft Defender XDR, and integrations with third-party security solutions. The course also includes practical demonstrations of Microsoft Security Copilot, showing how generative AI accelerates threat investigations, enriches alerts, automate response steps, and empowers analysts to work more efficiently and confidently.

Beyond the tools, this course emphasizes the real-world skills needed to reduce organizational risk: investigating attacks, correlating signals across products, strengthening threat protection posture, and providing actionable recommendations to security stakeholders. By the end of the course, learners will not only be fully prepared for the latest SC-200 exam objectives but also gain the practical, job-ready expertise required to operate effectively in a modern SOCleveraging the latest advancements in AI-driven security.

Skill Level:

  • Intermediate

Learn How To:

  • Pass the SC-200 exam with guidance from a Microsoft MVP & MCT
  • Follow a structured, exam-aligned path for certification success
  • Use Microsoft Defender, Sentinel, Defender for Cloud, and Security Copilot
  • Build in-demand SOC and cybersecurity skills for real-world scenarios

Course requirement:

Pre-requisites:

  • Basic understanding of Microsoft 365
  • Fundamental understanding of Microsoft security, compliance, and identity products

Who Should Take This Course:

Job titles:

  • Security Operations Analysts, Azure administrators, Windows and Linux operators
  • IT professionals looking to enhance their Microsoft Defender XDR, Microsoft Defender for Cloud, and Microsoft Sentinel knowledge

About Pearson Video Training:   

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more.  Learn more about Pearson Video training at  http://www.informit.com/video.

Video Lessons are available for download for offline viewing within the streaming format. Look for the green arrow in each lesson.

Sample Content

Table of Contents

Introduction

Lesson 1: Configure Automation for Microsoft Defender XDR and Microsoft Sentinel

Learning objectives

1.1 Configure email notifications in Microsoft Defender XDR, including incidents, actions, and threat analytics

1.2 Configure alert notifications in Microsoft Defender XDR, including tuning, suppression, and correlation

1.3 Configure Microsoft Defender for Endpoint advanced features

1.4 Configure rules settings in Microsoft Defender for Endpoint

1.5 Configure custom data collection in Microsoft Defender for Endpoint

1.6 Configure security policies for Microsoft Defender for Endpoint, including ASR rules

1.7 Manage automated investigation and response capabilities in Microsoft Defender XDR

1.8 Configure automatic attack disruption in Microsoft Defender XDR

1.9 Configure and manage device groups, permissions, and automation levels in Microsoft Defender for Endpoint

1.10 Create and configure automation rules in Microsoft Sentinel

1.11 Create and configure Microsoft Sentinel playbooks

Lesson 2: Configure the Microsoft Sentinel SIEM and Platform

Learning objectives

2.1 Specify Microsoft Sentinel roles

2.2 Manage data retention for XDR and Microsoft Sentinel tables, including analytics, data lake, and XDR tiers

2.3 Create and configure Microsoft Sentinel workbooks

2.4 Optimize the Microsoft Sentinel platform, including SOC optimization recommendations

Lesson 3: Ingest Data into the Microsoft Sentinel SIEM and Platform

Learning objectives

3.1 Select data connectors based on data source requirements, including Windows logs and security events

3.2 Configure collection of Windows Security events by using Windows Security Events via AMA, including data collection rules

3.3 Plan and configure collection of Windows Security events by using WEF

3.4 Plan and configure Syslog via AMA and CEF via AMA connectors

3.5 Configure collection of Azure activities by using Azure Policy and resource diagnostic settings

3.6 Ingest threat indicators into Microsoft Sentinel

3.7 Create custom log tables in the workspace to store ingested data

Lesson 4: Configure Detections in Defender XDR and Sentinel

Learning objectives

4.1 Create custom detection rules by using Advanced Hunting in Microsoft Defender XDR

4.2 Manage custom detection rules in Microsoft Defender XDR

4.3 Configure and manage analytics rules in Microsoft Sentinel SIEM, including scheduled, NRT, threat intelligence, and machine learning

4.4 Analyze attack vector coverage by using the MITRE ATT&CK matrix

4.5 Configure anomalies in Microsoft Sentinel

Lesson 5: Respond to Alerts and Incidents in Microsoft Defender XDR

Learning objectives

5.1 Investigate and remediate threats by using Microsoft Defender for Office 365, including automatic attack disruption

5.2 Investigate and remediate threats or compromised entities identified by Microsoft Purview

5.3 Investigate and remediate alerts and incidents identified by Microsoft Defender for Cloud workload protections

5.4 Investigate and remediate security risks identified by Microsoft Defender for Cloud Apps

5.5 Investigate and remediate compromised identities that are identified by Microsoft Entra ID

5.6 Investigate and remediate security alerts from Microsoft Defender for Identity

5.7 Investigate and remediate alerts and incidents identified by Microsoft Sentinel

5.8 Investigate incidents by using agentic AI, including embedded Security Copilot

5.9 Investigate complex attacks, such as multi-stage, multi-domain, and lateral movement

5.10 Manage security incidents by using case management

Lesson 6: Respond to Alerts and Incidents in Microsoft Defender for Endpoint

Learning objectives

6.1 Investigate device timelines

6.2 Perform actions on the device, including live response and collecting investigation packages

6.3 Perform evidence and entity investigation

6.4 Investigate and remediate incidents identified by automatic attack disruption

Lesson 7: Investigate Microsoft 365 Activities to Identify Threats

Learning objectives

7.1 Investigate threats by using Audit from Microsoft Purview

7.2 Investigate threats by using Content Search in Microsoft Purview

7.3 Investigate threats by using Microsoft Graph activity logs

Lesson 8: Detect Threats by Using Microsoft Defender XDR

Learning objectives

8.1 Identify the appropriate table to use in a KQL query

8.2 Identify threats by using KQL

8.3 Create Advanced Hunting queries

8.4 Interpret threat analytics in Microsoft Defender XDR

8.5 Create hunting graphs, including blast radius

8.6 Analyze relationships between entities by using Sentinel Graph

Lesson 9: Detect Threats by Using the Microsoft Sentinel Platform

Learning objectives

9.1 Create and monitor hunting queries

9.2 Create and manage KQL jobs in data lake

9.3 Create and manage Summary rule tables for querying

9.4 Hunt for threats by using Notebooks, including connection to the Sentinel MCP Server

Summary

Updates

Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.