top of page
Blurred soft of people meeting at table.jpg

Microsoft Certified: Security Operations Analyst Associate (SC-200)

Microsoft Certified Expert_edited_edited_edited.png

Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.

4 Days

Live on Teams

£1,250.00

Exam voucher Included

Training Overview

As a candidate for this certification, you’re a Microsoft security operations analyst who reduces organisational risk by:

  • Rapidly remediating active attacks in cloud and on-premises environments.

  • Advising on improvements to threat protection practices.

  • Identifying violations of organisational policies.


As a security operations analyst, you:

  • Perform triage.

  • Respond to incidents.

  • Mitigate risk by using exposure management.

  • Hunt for threats by using threat intelligence.

  • Use KQL for reporting, detections, and investigations


You also monitor, identify, investigate, and respond to threats in cloud and on-premises environments by using:

  • Microsoft Defender XDR

Course Agenda

Configure automation for Microsoft Defender XDR and Microsoft Sentinel

  • Configure email notifications in Microsoft Defender XDR, including incidents, actions, and threat analytics

  • Configure alert notifications in Microsoft Defender XDR, including tuning, suppression, and correlation

  • Configure Microsoft Defender for Endpoint advanced features

  • Configure rules settings in Microsoft Defender for Endpoint

  • Configure custom data collection in Microsoft Defender for Endpoint

  • Configure security policies for Microsoft Defender for Endpoint, including attack surface reduction (ASR) rules

  • Manage automated investigation and response capabilities in Microsoft Defender XDR

  • Configure automatic attack disruption in Microsoft Defender XDR

  • Configure and manage device groups, permissions, and automation levels in Microsoft Defender for Endpoint

  • Create and configure automation rules in Microsoft Sentinel

  • Create and configure Microsoft Sentinel playbooks


Configure the Microsoft Sentinel SIEM and platform

  • Specify Microsoft Sentinel roles

  • Manage data retention for XDR and Microsoft Sentinel tables, including Analytics, Data Lake, and XDR tiers

  • Create and configure Microsoft Sentinel workbooks

  • Optimise the Microsoft Sentinel platform, including SOC optimisation recommendations


Ingest data into the Microsoft Sentinel SIEM and platform

  • Select data connectors based on data source requirements, including Windows logs and security events

  • Configure the collection of Windows Security events by using Windows Security Events via AMA, including data collection rules

Viscontis Limited

Canada Street

SE16 6BH, London, UK

Company Registered in England and Wales 

© 2026 by Viscontis Limited. All rights Reserved

Terms of Service

Privacy Policy

  • LinkedIn
microsoft-cloud-t.png

Legal Notice: D365 Training is a Trademark of Viscontis Limited, a Microsoft Training Services Partner; all rights reserved.

This website is neither owned nor sponsored by Microsoft©. Any reference to Microsoft, Dynamics365, Microsoft Teams, Microsoft Business Central, Azure or any other Microsoft software is purely for illustration, training and demo purposes.

 

You must perform due diligence before purchasing, implementing and setting up any technology mentioned on this website. By navigating this website, you acknowledge that we owe no responsibility if your business experiences losses, disruption or loss of data following the implementation of suggestions, guides or training material accessed from or mentioned on this website.

bottom of page