Learning objectives

Contents

• Introduction Introduction

  • Exam SC-200 Microsoft Security Operations Analyst: Introduction

    9m 22s
• 1. Configure Settings in Microsoft Defender XDR 1. Configure Settings in Microsoft Defender XDR

  • (Locked)
    Learning objectives

    1m 2s
  • (Locked)
    Configure a connection from Defender XDR to a Sentinel workspace

    5m 11s
  • (Locked)
    Configure alert and vulnerability notification rules

    4m 32s
  • (Locked)
    Configure Microsoft Defender for Endpoint advanced features

    7m 14s
  • (Locked)
    Configure endpoint rules settings, including indicators and web content filtering

    8m 55s
  • (Locked)
    Manage automated investigation and response capabilities in Microsoft Defender XDR

    6m 5s
  • (Locked)
    Configure automatic attack disruption in Microsoft Defender XDR

    6m 25s
• 2. Manage Assets and Environments 2. Manage Assets and Environments

  • (Locked)
    Learning objectives

    1m 1s
  • (Locked)
    Configure and manage device groups, permissions, and automation levels in Microsoft Defender for Endpoint

    7m 7s
  • (Locked)
    Identify and remediate unmanaged devices in Microsoft Defender for Endpoint

    4m 22s
  • (Locked)
    Manage resources using Azure Arc

    7m 16s
  • (Locked)
    Connect environments to Microsoft Defender for Cloud using multi-cloud account management

    6m 53s
  • (Locked)
    Discover and remediate unprotected resources using Defender for Cloud

    6m 16s
  • (Locked)
    Identify and remediate devices at risk using Microsoft Defender Vulnerability Management

    7m
• 3. Design and Configure a Microsoft Sentinel Workspace 3. Design and Configure a Microsoft Sentinel Workspace

  • (Locked)
    Learning objectives

    53s
  • (Locked)
    Plan a Microsoft Sentinel workspace

    3m 55s
  • (Locked)
    Configure Microsoft Sentinel roles

    3m 9s
  • (Locked)
    Specify Azure RBAC roles for Microsoft Sentinel configuration

    3m 39s
  • (Locked)
    Design and configure Microsoft Sentinel data storage, including log types and log retention

    7m 49s
  • (Locked)
    Manage multiple workspaces using Workspace Manager and Azure Lighthouse

    4m 17s
• 4. Ingest Data Sources in Microsoft Sentinel 4. Ingest Data Sources in Microsoft Sentinel

  • (Locked)
    Learning objectives

    1m 30s
  • (Locked)
    Identify data sources to be ingested for Microsoft Sentinel and implement content hub solutions

    5m 16s
  • (Locked)
    Configure and use Microsoft connectors for Azure resources, including Azure Policy and diagnostic settings

    3m 34s
  • (Locked)
    Configure bidirectional synchronization between Microsoft Sentinel and Microsoft Defender XDR

    4m 51s
  • (Locked)
    Configure bidirectional synchronization between Microsoft Sentinel and Microsoft Defender for Cloud

    2m 54s
  • (Locked)
    Plan and configure Syslog and Common Event Format (CEF) event collections

    6m 29s
  • (Locked)
    Plan and configure collection of Windows Security events using data collection rules, including Windows Event Forwarding (WEF)

    4m 33s
  • (Locked)
    Configure threat intelligence connectors, including platform, TAXII, upload indicators API, and MISP

    6m 45s
  • (Locked)
    Create custom log tables in the workspace to store ingested data

    5m 52s
• 5. Configure Protections in Microsoft Defender Security Technologies 5. Configure Protections in Microsoft Defender Security Technologies

  • (Locked)
    Learning objectives

    47s
  • Configure policies for Microsoft Defender for Cloud apps

    8m 30s
  • (Locked)
    Configure policies for Microsoft Defender for Office

    6m 30s
  • (Locked)
    Configure security policies for Microsoft Defender for Endpoints, including attack surface reduction (ASR) rules

    6m 40s
  • (Locked)
    Configure cloud workload protections in Microsoft Defender for Cloud

    8m 25s
• 6. Configure Detection in Microsoft Defender XDR 6. Configure Detection in Microsoft Defender XDR

  • (Locked)
    Learning objectives

    34s
  • Configure and manage custom detections

    8m 52s
  • (Locked)
    Configure alert tuning

    6m 14s
  • (Locked)
    Configure deception rules in Microsoft Defender XDR

    10m 4s
• 7. Configure Detections in Microsoft Sentinel 7. Configure Detections in Microsoft Sentinel

  • (Locked)
    Learning objectives

    1m
  • (Locked)
    Classify and analyze data using entities

    8m 30s
  • Configure scheduled query rules, including KQL

    14m 43s
  • (Locked)
    Configure near-real-time (NRT) query rules, including KQL

    3m 59s
  • (Locked)
    Manage analytics rules from content hub

    4m 5s
  • (Locked)
    Configure anomaly detection analytics rules

    7m 11s
  • (Locked)
    Configure the fusion rule

    6m 48s
  • (Locked)
    Query Microsoft Sentinel data using ASIM parsers

    8m 47s
  • (Locked)
    Manage and use threat indicators

    8m 2s
• 8. Respond to Alerts and Incidents in Microsoft Defender XDR 8. Respond to Alerts and Incidents in Microsoft Defender XDR

  • (Locked)
    Learning objectives

    1m 46s
  • (Locked)
    Investigate and remediate threats to Microsoft Teams, SharePoint Online, and OneDrive

    5m 34s
  • (Locked)
    Investigate and remediate threats in email using Microsoft Defender for Office

    6m 8s
  • (Locked)
    Investigate and remediate ransomware and business email compromise incidents identified by automatic attack disruption

    4m 39s
  • (Locked)
    Investigate and remediate compromised entities identified by Microsoft Purview data loss prevention (DLP) policies

    5m 1s
  • (Locked)
    Investigate and remediate threats identified by Microsoft Purview insider risk policies

    10m 1s
  • (Locked)
    Investigate and remediate alerts and incidents identified by Microsoft Defender for Cloud

    7m 59s
  • (Locked)
    Investigate and remediate security risks identified by Microsoft Defender for Cloud apps

    5m 3s
  • (Locked)
    Investigate and remediate compromised identities in Microsoft Entra ID

    3m 48s
  • (Locked)
    Investigate and remediate security alerts from Microsoft Defender for Identity

    5m 4s
  • (Locked)
    Manage actions and submissions in the Microsoft Defender portal

    8m 34s
• 9. Respond to Alerts and Incidents Identified by Microsoft Defender for Endpoint 9. Respond to Alerts and Incidents Identified by Microsoft Defender for Endpoint

  • (Locked)
    Learning objectives

    45s
  • (Locked)
    Investigate timeline of compromised devices

    6m 43s
  • (Locked)
    Perform actions on the device, including live response and collecting investigation packages

    10m 33s
  • (Locked)
    Perform evidence and entity investigation

    7m 41s
• 10. Enrich Investigations Using Other Microsoft Tools 10. Enrich Investigations Using Other Microsoft Tools

  • (Locked)
    Learning objectives

    37s
  • (Locked)
    Investigate threats using a unified audit log

    11m 42s
  • (Locked)
    Investigate threats using content search

    11m 49s
  • (Locked)
    Perform threat hunting using Microsoft Graph activity logs

    8m
• 11. Manage Incidents in Microsoft Sentinel 11. Manage Incidents in Microsoft Sentinel

  • (Locked)
    Learning objectives

    35s
  • (Locked)
    Triage incidents in Microsoft Sentinel

    8m 17s
  • (Locked)
    Investigate incidents in Microsoft Sentinel

    11m 50s
  • (Locked)
    Respond to incidents in Microsoft Sentinel

    7m 52s
• 12. Configure Security Orchestration, Automation, and Response (SOAR) in Microsoft Sentinel 12. Configure Security Orchestration, Automation, and Response (SOAR) in Microsoft Sentinel

  • (Locked)
    Learning objectives

    55s
  • (Locked)
    Create and configure automation rules

    12m 16s
  • (Locked)
    Create and configure Microsoft Sentinel playbooks

    12m 24s
  • (Locked)
    Configure analytic rules to trigger automation

    3m 22s
  • (Locked)
    Trigger playbooks manually from alerts and incidents

    1m 28s
  • (Locked)
    Run playbooks on on-premises resources

    7m 57s
• 13. Hunt for Threats Using KQL 13. Hunt for Threats Using KQL

  • (Locked)
    Learning objectives

    36s
  • (Locked)
    Identify threats using Kusto Query Language (KQL)

    6m 31s
  • (Locked)
    Interpret threat analytics in the Microsoft Defender portal

    7m 59s
  • (Locked)
    Create custom hunting queries using KQL

    6m 32s
• 14. Hunt for Threats Using Microsoft Sentinel 14. Hunt for Threats Using Microsoft Sentinel

  • (Locked)
    Learning objectives

    53s
  • (Locked)
    Analyze attack vector coverage using the MITRE ATT&CK in Microsoft Sentinel

    8m 46s
  • (Locked)
    Customize content gallery hunting queries

    8m 35s
  • (Locked)
    Use hunting bookmarks for data investigations

    4m 5s
  • (Locked)
    Monitor hunting queries using Livestream

    3m 32s
  • (Locked)
    Retrieve and manage archived log data

    4m 19s
  • (Locked)
    Create and manage search jobs

    7m 54s
• 15. Analyze and Interpret Data Using Workbooks 15. Analyze and Interpret Data Using Workbooks

  • (Locked)
    Learning objectives

    34s
  • (Locked)
    Activate and customize Microsoft Sentinel workbook templates

    7m 4s
  • (Locked)
    Create custom workbooks that include KQL

    8m 7s
  • (Locked)
    Configure visualizations

    3m 11s
• Conclusion Conclusion

  • (Locked)
    Exam SC-200 Microsoft Security Operations Analyst: Summary

    3m 58s