Cart 0

Defend Against Cyberthreats with Microsoft’s Security Operations Platform (SC-200)
Course 8591
4 DAY COURSE

Course Outline

This course teaches security professionals how to investigate, respond to, and proactively hunt for cyberthreats using Microsoft’s security operations platform. Participants gain hands-on experience with Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, and Microsoft Security Copilot, while learning how to analyze threats, mitigate incidents, and reduce organizational risk. The course also prepares learners for the SC-200 certification exam.

Defend Against Cyberthreats with Microsoft’s Security Operations Platform (SC-200) Benefits

  • By the end of this course, participants will be able to:

    • Investigate and respond to security incidents
    • Perform proactive threat hunting
    • Configure and manage Microsoft Sentinel
    • Write and use KQL queries for detection and analysis
    • Leverage Microsoft Security Copilot for security operations
    • Reduce organizational risk through effective threat mitigation

  • Target Audience

    • Security Operations Analysts
    • Security Engineers
    • Professionals responsible for threat detection, response, and remediation

  • Technologies Covered

    • Microsoft Defender XDR
    • Microsoft Defender for Endpoint
    • Microsoft Defender for Cloud
    • Microsoft Sentinel
    • Microsoft Security Copilot
    • Kusto Query Language (KQL)
  • Skills Gained
    • Investigate and respond to security incidents
    • Perform proactive threat hunting
    • Configure and manage Microsoft Sentinel
    • Write and use KQL queries for detection and analysis
    • Leverage Microsoft Security Copilot for security operations
    • Reduce organizational risk through effective threat mitigation

Defend Against Cyberthreats with Microsoft’s Security Operations Platform (SC-200) Training Outline

Learning Objectives

1. Mitigate Threats Using Microsoft Defender XDR

  • Incident detection and investigation
  • Threat mitigation across Defender tools

2. Mitigate Threats Using Microsoft Security Copilot

  • Using Copilot to support investigations
  • Enhancing analyst productivity with AI

3. Mitigate Threats Using Microsoft Purview

  • Managing and investigating data-related threats
  • Supporting compliance and risk reduction

4. Mitigate Threats Using Microsoft Defender for Endpoint

  • Endpoint threat detection and response
  • Managing incidents across devices

5. Mitigate Threats Using Microsoft Defender for Cloud

  • Protecting cloud workloads
  • Identifying and responding to cloud-based threats

6. Create Queries Using Kusto Query Language (KQL)

  • Writing KQL queries
  • Performing threat analysis and reporting

7. Configure Microsoft Sentinel

  • Setting up and managing Sentinel environments
  • Working with Log Analytics

8. Connect Logs to Microsoft Sentinel

  • Connecting data sources
  • Managing log ingestion and visibility

9. Create Detections and Perform Investigations

  • Building analytics rules
  • Investigating and remediating threats

10. Perform Threat Hunting in Microsoft Sentinel

  • Proactive threat hunting techniques
  • Identifying hidden or advanced threats
Course Dates
Attendance Method
Note about the Certification Exam

When you register for the course, you will be prompted to choose Y/N to take the exam. Please select yes, as all HHS CISO employees are required to attempt the exam if one is offered for the course. Please be advised, if your course if funded by DIR, the Certification Organization has agreed to provide DIR the pass/fail status of your exam. DIR will only share this information in an aggregated report to state leadership that reflects total exam pass or fails. No individual names of any students will be included in any reports.

DIR requires that you submit the request for your exam voucher within one month of the last day of your course. DIR requires that you take your exam within six months of the last day of your course.

Additional comments or questions (optional)