SC-200 Microsoft Security Operations Analyst Course & SIMs

Focused View

John Christopher

13:47:41

13 View

1. Introduction

1. Welcome to the course!.mp4

05:48

2. Understanding the Microsoft Environment.mp4

01:50

3. Foundations of Active Directory Domains.mp4

12:11

4. Foundations of RAS, DMZ, and Virtualization.mp4

13:09

5. Foundations of the Microsoft Cloud Services.mp4

17:14

6. DONT SKIP The first thing to know about Microsoft cloud services.mp4

02:10

7. DONT SKIP Azure AD is now renamed to Entra ID.mp4

03:28

8. Questions for John Christopher.mp4

05:42

9. Order of concepts covered in the course.mp4

01:28

2. Performing hands on activities

1. DONT SKIP Using Assignments in the course.mp4

03:43

2. Creating a free Microsoft 365 Account.mp4

05:38

3. Activating licenses for Defender for Endpoint and Vulnerabilities.mp4

03:44

4. Getting your free Azure credit.mp4

03:32

3. Mitigate threats to the Microsoft365 environment by using Microsoft 365 Defender

1. Microsoft Defender and Microsoft Purview admin centers.mp4

02:56

2.1 Microsoft 365 Defender.pdf

2. Introduction to Microsoft 365 Defender.mp4

17:28

3. Using polices to remediate threats with Email ,Teams, SharePoint & OneDrive.mp4

25:19

4. Investigate, respond, and remediate threats with Defender for Office 365.mp4

10:19

5.1 Understanding DLP.pdf

5. Understanding data loss prevention (DLP) in Microsoft 365 Defender.mp4

06:28

6. Implement data loss prevention policies (DLP) to respond and alert.mp4

17:39

7. Investigate & respond to alerts generated by data loss prevention (DLP) policies.mp4

04:38

8.1 Insider Risk Management.pdf

8. Understanding insider risk policies.mp4

12:38

9. Generating an insider risk policy.mp4

11:39

10. Investigate and respond to alerts generated by insider risk policies.mp4

05:27

11.1 Defender for Cloud Apps.pdf

11. Discover and manage apps by using Microsoft Defender for Cloud Apps.mp4

11:34

12. Identify,investigate, & remediate security risks by using Defender for Cloud App.mp4

10:46

13. SIMULATION Create a safe attachment policy for Sales with Dynamic Deliver.html

14. SIMULATION Create a custom DLP policy that uses Payroll Keyword sensitivity.html

4. Mitigate endpoint threats by using Microsoft Defender for Endpoint

1.1 Microsoft 365 Defender.pdf

1. Concepts of management with Microsoft Defender for Endpoint.mp4

10:04

2. Setup a Windows 11 virtual machine endpoint.mp4

07:15

3. Enrolling to Intune for attack surface reduction (ASR) support.mp4

03:08

4. Onboarding to manage devices using Defender for Endpoint.mp4

07:42

5. A note about extra features in your Defender for Endpoint.mp4

01:31

6. Incidents, alert notifications, and advanced feature for endpoints.mp4

07:29

7. Review and respond to endpoint vulnerabilities.mp4

04:34

8. Recommend attack surface reduction (ASR) for devices.mp4

10:08

9. Configure and manage device groups.mp4

04:33

10. Identify devices at risk using the Microsoft Defender Vulnerability Management.mp4

04:48

11. Manage endpoint threat indicators.mp4

03:42

12. Identify unmanaged devices by using device discovery.mp4

06:12

13. SIMULATION Create an endpoint device group in Microsoft 365 Defender.html

5. Mitigate identity threats

1. Mitigate security risks related to events for Microsoft Entra ID.mp4

05:28

2.1 Entra Identity Protection.pdf

2. Concepts of using Microsoft Entra Identity Protection.mp4

11:36

3. Mitigate security risks related to Microsoft Entra Identity Protection events.mp4

09:51

4. Mitigate risks related to MS Entra Identity Protection inside Microsoft Defender.mp4

02:59

5.1 Microsoft Defender for Identity.pdf

5. Understanding Microsoft Defender for Identity.mp4

10:21

6. Mitigate security risks related to Active Directory (AD DS) using Microsoft DFI.mp4

03:32

7. SIMULATION Use Entra ID protection to set User Risk to Medium & Above....html

6. Manage extended detection and response (XDR) in Microsoft 365 Defender

1.1 extended detection and response (xdr).zip

1. Concepts of the purpose of extended detection and response (XRD).mp4

09:57

2. Setup a simulation lab using Microsoft 365 Defender.mp4

04:49

3. Run an attack against a device in the simulation lab.mp4

02:25

4. Manage incidents & automated investigations in the Microsoft 365 Defender portal.mp4

04:46

5. Run an attack simulation email campaign in Microsoft 365 Defender.mp4

12:17

6. Manage actions and submissions in the Microsoft 365 Defender portal.mp4

08:08

7. Identify threats by using Kusto Query Language (KQL).mp4

15:42

8. Identify and remediate security risks by using Microsoft Secure Score.mp4

05:34

9. Analyze threat analytics in the Microsoft 365 Defender portal.mp4

04:05

10. Configure and manage custom detections and alerts.mp4

03:33

11. SIMULATION Create an alert policy, high severity, information governance....html

7. Investigate threats by using audit features in MS 365 Defender and MS Purview

1. Understanding unified audit log licensing and requirements.mp4

05:09

2. Setting unified audit permissions and enabling support.mp4

03:34

3. Perform threat hunting by using unified audit log.mp4

06:03

4. Perform threat hunting by using Content Search.mp4

07:50

5. SIMULATION Perform an audit search in Purview for the first 5 listed Exchange...html

8. Implement and maintain cloud security posture management

1. Overview of Microsoft Defender for Cloud.mp4

06:21

2. Assign and manage regulatory compliance policies, including MCSB.mp4

05:20

3. Improve the Microsoft Defender for Cloud secure score by applying remediation's.mp4

06:49

4. Configure plans and agents for Microsoft Defender for Servers.mp4

06:25

5. Configure and manage Microsoft Defender for DevOps.mp4

06:30

6. Configure & manage Microsoft Defender External Attack Surface Management (EASM).mp4

08:11

7. SIMULATION Turn on server support and API support for Microsoft Defender....html

9. Configure environment settings in Microsoft Defender for Cloud

1. Plan and configure Microsoft Defender for Cloud settings.mp4

03:54

2. Configure Microsoft Defender for Cloud roles.mp4

06:06

3.1 assess and recommend cloud workload protection.zip

3. Assess and recommend cloud workload protection and enable plans.mp4

03:53

4. Configure automated onboarding of Azure resources.mp4

01:28

5. Connect compute resources by using Azure Arc.mp4

07:36

6. Connect multi-cloud resources by using Environment settings.mp4

01:59

7. SIMULATION Turn on automatic onboarding of servers for Defender for Endpoint.html

10. Respond to alerts and incidents in Microsoft Defender for Cloud

1. Set up email notifications.mp4

02:29

2. Create and manage alert suppression rules.mp4

05:08

3. Design and configure workflow automation in Microsoft Defender for Cloud.mp4

10:37

4. Generate sample alerts and incidents in Microsoft Defender for Cloud.mp4

01:03

5. Remediate alerts and incidents by using MS Defender for Cloud recommendations.mp4

02:44

6. Manage security alerts and incidents.mp4

04:04

7. Analyze Microsoft Defender for Cloud threat intelligence reports.mp4

01:40

8. SIMULATION Set alert notifications to low & above....html

11. Design and configure a Microsoft Sentinel workspace

1.1 Microsoft Sentinel.pdf

1. Concepts of Microsoft Sentinel.mp4

08:44

2. Plan a Microsoft Sentinel workspace.mp4

04:36

3. Configure Microsoft Sentinel roles.mp4

05:29

4. Design and configure Microsoft Sentinel data storage,log types and log retention.mp4

03:53

5. SIMULATION Assign JC to the Microsoft Sentinel Contributor role.html

12. Plan and implement the use of data connectors for ingestion of data sources

1.1 identify data sources to be ingested for microsoft sentinel.zip

1. Identify data sources to be ingested for Microsoft Sentinel.mp4

04:59

2. Configure and use MS Sentinel connectors, Azure Policy & diagnostic settings.mp4

09:08

3. Configure Microsoft Sentinel connectors for MS 365 Defender & Defender for Cloud.mp4

02:50

4. Design and configure Syslog and Common Event Format (CEF) event collections.mp4

07:14

5. Design and configure Windows security event collections.mp4

08:04

6. Configure threat intelligence connectors.mp4

06:36

7.1 sample.zip

7. Create custom log tables in the workspace to store ingested data.mp4

07:25

8. SIMULATION Configure the Microsoft Entra ID data connector with Sign-In Log....html

13. Manage Microsoft Sentinel analytics rules

1.1 Sentinel Analytics Rules.pdf

1. Concepts of Microsoft Sentinel analytics rules.mp4

05:30

2. Configure the Fusion rule.mp4

03:29

3. Configure Microsoft security analytics rules.mp4

04:58

4. Configure built-in scheduled query rules.mp4

03:25

5.1 KQL custom scheduled query.txt

5. Configure custom scheduled query rules.mp4

06:24

6.1 KQL NRT rule.txt

6. Configure near-real-time (NRT) analytics rules.mp4

03:52

7. Manage analytics rules from Content hub.mp4

03:21

8.1 watchlist-sample.csv

8. Manage and use watchlists.mp4

04:57

9. Manage and use threat indicators.mp4

02:30

10. SIMULATION Create an incident creation rule for Defender for Identity....html

14. Perform data classification and normalization

1. Classify and analyze data by using entities.mp4

11:28

2.1 Advanced Security Information Model (ASIM).pdf

2. Query Microsoft Sentinel data by using Advanced Security Information Model(ASIM).mp4

13:06

3.1 ASIM example.txt

3. Develop and manage ASIM parsers.mp4

11:03

15. Configure security orchestration automated response (SOAR) in Microsoft Sentinel

1. Create and configure automation rules.mp4

12:10

2. Create and configure Microsoft Sentinel playbooks.mp4

18:19

3. Configure analytic rules to trigger automation rules.mp4

04:07

4. Trigger playbooks from alerts and incidents.mp4

01:06

5. SIMULATION Create an automation incident rule that assigns JC as owner....html

16. Manage Microsoft Sentinel incidents

1. Configure an incident generation.mp4

08:11

2. Triage incidents in Microsoft Sentinel.mp4

06:09

3. Investigate incidents in Microsoft Sentinel.mp4

09:39

4. Respond to incidents in Microsoft Sentinel.mp4

05:50

5. Investigate multi-workspace incidents.mp4

02:13

6. SIMULATION Configure the Medium Malicious Inbox incident....html

17. Use Microsoft Sentinel workbooks to analyze and interpret data

1. Activate and customize Microsoft Sentinel workbook templates.mp4

07:30

2. Create custom workbooks.mp4

01:56

3. Configure advanced visualizations.mp4

07:14

18. Hunt for threats by using Microsoft Sentinel

1. Analyze attack vector coverage by using MITRE ATT&CK in Microsoft Sentinel.mp4

12:58

2. Customize content gallery hunting queries.mp4

07:57

3. Create custom hunting queries.mp4

09:25

4. Use hunting bookmarks for data investigations.mp4

06:53

5. Monitor hunting queries by using Livestream.mp4

03:40

6. Retrieve and manage archived log data.mp4

03:50

7. Create and manage search jobs.mp4

04:44

8. SIMULATION Select the Malicious Keyword Query in Hunting....html

19. Manage threats by using User and Entity Behavior Analytics

1. Configure User and Entity Behavior Analytics settings.mp4

11:26

2. Investigate threats by using entity pages.mp4

04:49

3.1 KQL Anomaly Rule.txt

3. Configure anomaly detection analytics rules.mp4

09:27

20. Conclusion

1. Cleaning up your lab environment.mp4

02:04

2. Getting a Udemy certificate.mp4

01:31

3. BONUS - Where do I go from here.mp4

04:02

Description

Get prepared for the SC-200 exam with instructor led labs and hands on simulations available 24/7

What You'll Learn?

Learn the concepts and perform hands on activities needed to pass the SC-200 exam
Gain a tremendous amount of knowledge involving securing Microsoft 365 and Azure Services
Get loads of hands on experience with Security Operations for Microsoft 365
Utilize hands on simulations that can be access anytime, anywhere!

Who is this for?

IT people interested in learning and passing the Microsoft SC-200 Exam

People interested in learning a tremendous amount about Security Operations for Microsoft 365

What You Need to Know?

Willingness to put in the time and practice the steps shown in the course

More details

Description
We really hope you'll agree, this training is way more then the average course on Udemy!
Have access to the following:
Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer
Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material
Instructor led hands on and simulations to practice that can be followed even if you have little to no experience
TOPICS COVEREDÂ INCLUDINGÂ HANDSÂ ONÂ LECTUREÂ ANDÂ PRACTICEÂ TUTORIALS:
Introduction
Welcome to the course
Understanding the Microsoft Environment
Foundations of Active Directory Domains
Foundations of RAS, DMZ, and Virtualization
Foundations of the Microsoft Cloud Services
DONT SKIP: The first thing to know about Microsoft cloud services
DONT SKIP: Azure AD is now renamed to Entra ID
Questions for John Christopher
Order of concepts covered in the course
Performing hands on activities
DONT SKIP: Using Assignments in the course
Creating a free Microsoft 365 Account
Activating licenses for Defender for Endpoint and Vulnerabilities
Getting your free Azure credit
Mitigate threats to the Microsoft 365 environment by using Microsoft 365 Defender
Microsoft Defender and Microsoft Purview admin centers
Introduction to Microsoft 365 Defender
Using polices to remediate threats with Email ,Teams, SharePoint & OneDrive
Investigate, respond, and remediate threats with Defender for Office 365
Understanding data loss prevention (DLP) in Microsoft 365 Defender
Implement data loss prevention policies (DLP) to respond and alert
Investigate & respond to alerts generated by data loss prevention (DLP) policies
Understanding insider risk policies
Generating an insider risk policy
Investigate and respond to alerts generated by insider risk policies
Discover and manage apps by using Microsoft Defender for Cloud Apps
Identify, investigate, & remediate security risks by using Defender for Cloud Apps
Mitigate endpoint threats by using Microsoft Defender for Endpoint
Concepts of management with Microsoft Defender for Endpoint
Setup a Windows 11 virtual machine endpoint
Enrolling to Intune for attack surface reduction (ASR) support
Onboarding to manage devices using Defender for Endpoint
A note about extra features in your Defender for Endpoint
Incidents, alert notifications, and advanced feature for endpoints
Review and respond to endpoint vulnerabilities
Recommend attack surface reduction (ASR) for devices
Configure and manage device groups
Identify devices at risk using the Microsoft Defender Vulnerability Management
Manage endpoint threat indicators
Identify unmanaged devices by using device discovery
Mitigate identity threats
Mitigate security risks related to events for Microsoft Entra ID
Concepts of using Microsoft Entra Identity Protection
Mitigate security risks related to Microsoft Entra Identity Protection events
Mitigate risks related to Microsoft Entra Identity Protection inside Microsoft Defender
Understanding Microsoft Defender for Identity
Mitigate security risks related to Active Directory Domain Services (AD DS) using Microsoft Defender for Identity
Manage extended detection and response (XDR) in Microsoft 365 Defender
Concepts of the purpose of extended detection and response (XDR)
Setup a simulation lab using Microsoft 365 Defender
Run an attack against a device in the simulation lab
Manage incidents & automated investigations in the Microsoft 365 Defender portal
Run an attack simulation email campaign in Microsoft 365 Defender
Manage actions and submissions in the Microsoft 365 Defender portal
Identify threats by using Kusto Query Language (KQL)
Identify and remediate security risks by using Microsoft Secure Score
Analyze threat analytics in the Microsoft 365 Defender portal
Configure and manage custom detections and alerts
Investigate threats by using audit features in Microsoft 365 Defender and Microsoft Purview
Understanding unified audit log licensing and requirements
Setting unified audit permissions and enabling support
Perform threat hunting by using unified audit log
Perform threat hunting by using Content Search
Implement and maintain cloud security posture management
Overview of Microsoft Defender for Cloud
Assign and manage regulatory compliance policies, including MCSB
Improve the Microsoft Defender for Cloud secure score by applying remediation's
Configure plans and agents for Microsoft Defender for Servers
Configure and manage Microsoft Defender for DevOps
Configure & manage Microsoft Defender External Attack Surface Management (EASM)
Configure environment settings in Microsoft Defender for Cloud
Plan and configure Microsoft Defender for Cloud settings
Configure Microsoft Defender for Cloud roles
Assess and recommend cloud workload protection and enable plans
Configure automated onboarding of Azure resources
Connect compute resources by using Azure Arc
Connect multi-cloud resources by using Environment settings
Respond to alerts and incidents in Microsoft Defender for Cloud
Set up email notifications
Create and manage alert suppression rules
Design and configure workflow automation in Microsoft Defender for Cloud
Generate sample alerts and incidents in Microsoft Defender for Cloud
Remediate alerts and incidents by using MS Defender for Cloud recommendations
Manage security alerts and incidents
Analyze Microsoft Defender for Cloud threat intelligence reports
Design and configure a Microsoft Sentinel workspace
Concepts of Microsoft Sentinel
Plan a Microsoft Sentinel workspace
Configure Microsoft Sentinel roles
Design and configure Microsoft Sentinel data storage, log types and log retention
Plan and implement the use of data connectors for ingestion of data sources in Microsoft Sentinel
Identify data sources to be ingested for Microsoft Sentinel
Configure and use MS Sentinel connectors, Azure Policy & diagnostic settings
Configure Microsoft Sentinel connectors for MS 365 Defender & Defender for Cloud
Design and configure Syslog and Common Event Format (CEF) event collections
Design and configure Windows security event collections
Configure threat intelligence connectors
Create custom log tables in the workspace to store ingested data
Manage Microsoft Sentinel analytics rules
Concepts of Microsoft Sentinel analytics rules
Configure the Fusion rule
Configure Microsoft security analytics rules
Configure built-in scheduled query rules
Configure custom scheduled query rules
Configure near-real-time (NRT) analytics rules
Manage analytics rules from Content hub
Manage and use watchlists
Manage and use threat indicators
Perform data classification and normalization
Classify and analyze data by using entities
Query Microsoft Sentinel data by using Advanced Security Information Model(ASIM)
Develop and manage ASIM parsers
Configure security orchestration automated response (SOAR) in Microsoft Sentinel
Create and configure automation rules
Create and configure Microsoft Sentinel playbooks
Configure analytic rules to trigger automation rules
Trigger playbooks from alerts and incidents
Manage Microsoft Sentinel incidents
Configure an incident generation
Triage incidents in Microsoft Sentinel
Investigate incidents in Microsoft Sentinel
Respond to incidents in Microsoft Sentinel
Investigate multi-workspace incidents
Use Microsoft Sentinel workbooks to analyze and interpret data
Activate and customize Microsoft Sentinel workbook templates
Create custom workbooks
Configure advanced visualizations
Hunt for threats by using Microsoft Sentinel
Analyze attack vector coverage by using MITRE ATT&CK in Microsoft Sentinel
Customize content gallery hunting queries
Create custom hunting queries
Use hunting bookmarks for data investigations
Monitor hunting queries by using Livestream
Retrieve and manage archived log data
Create and manage search jobs
Manage threats by using User and Entity Behavior Analytics
Configure User and Entity Behavior Analytics settings
Investigate threats by using entity pages
Configure anomaly detection analytics rules
Conclusion
Cleaning up your lab environment
Getting a Udemy certificate
BONUS Where do I go from here?
Who this course is for:
IT people interested in learning and passing the Microsoft SC-200 Exam
People interested in learning a tremendous amount about Security Operations for Microsoft 365

User Reviews

Rating

average 0

Total votes0

Focused display

Network Security

John Christopher

Instructor's Courses

John Christopher is a Technical Instructor that has been in the business for over 20 years. His first experience with information technology occurred in the early 90s when he ran an MS-DOS based BBS(Bulletin Board System) as a System Operator. In the late 90s, after working with Windows NT 3.50 performing backups for Regal Group, he decided to get Windows NT Microsoft Certified.In 1998 he got his first Microsoft Certified Systems Engineer and Microsoft Certified Trainer certification. Shortly after getting certified, he began working as a Junior Administrator and Instructor for Knowledge Alliance in Atlanta GA. From there John was able to become one of the first people in the world to gain an MCSE for the Windows 2000 operating system and he began teaching full time for a company called Productivity Point International. At Productivity Point, John got Citrix Metaframe certified and began teaching Citrix along with Microsoft classes. Productivity Point began experiencing financial troubles and John moved on to work with another training company, located in Atlanta GA. in 2001.For many years at the training company in Atlanta John was the network administrator and held the title of Senior Technical Instructor for the company. John designed and administered their network from the ground up, going from a single floor in a single building, to multiple floors in multiple buildings and locations. He furthered his certifications, gaining the MCSE for 2003, 2008(MCITP), 2012, A+, Network+, Security+, Exchange, and CCNA. Along with his Network admin duties, John taught hundreds of students during his 11 years for the company. During all his years of training, John has had the honor of doing lots of classes with the military, along with quite a few classes within on-site military bases. In 2012, he decided to break away from company he had been working for and do consulting and contract teaching. Currently, John gets hired by many different training companies to teach technical training classes all over the United States. He is also hired as a consultant to go into companies and work on their networks and implement, along with troubleshoot real world scenarios.

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.