What you'll learn:
- Learn the concepts and perform hands on activities needed to pass the SC-200 exam
- Gain a tremendous amount of knowledge involving securing Microsoft 365 and Azure Services
- Get loads of hands on experience with Security Operations for Microsoft 365
- Utilize hands on simulations that can be access anytime, anywhere!
We really hope you'll agree, this training is way more then the average course on Udemy!
Have access to the following:
Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer
Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material
Instructor led hands on and simulations to practice that can be followed even if you have little to no experience
TOPICS COVEREDINCLUDINGHANDSONLECTUREANDPRACTICETUTORIALS:
Introduction
Welcome to the course
Understanding the Microsoft Environment
Foundations of Active Directory Domains
Foundations of RAS, DMZ, and Virtualization
Foundations of the Microsoft Cloud Services
DONT SKIP: The first thing to know about Microsoft cloud services
DONT SKIP: Azure AD is now renamed to Entra ID
Questions for John Christopher
Order of concepts covered in the course
Performing hands on activities
DONT SKIP: Using Assignments in the course
Creating a free Microsoft 365 Account
Activating licenses for Defender for Endpoint and Vulnerabilities
Getting your free Azure credit
Configure settings in Microsoft Defender XDR
Introduction to Microsoft 365 Defender
Concepts of the purpose of extended detection and response (XDR)
Microsoft Defender and Microsoft Purview admin centers
Concepts of Microsoft Sentinel
Concepts of management with Microsoft Defender for Endpoint
Manage assets and environments
Setup a Windows 11 virtual machine endpoint
Enrolling to Intune for attack surface reduction (ASR) support
Onboarding to manage devices using Defender for Endpoint
A note about extra features in your Defender for Endpoint
Incidents, alert notifications, and advanced feature for endpoints
Review and respond to endpoint vulnerabilities
Recommend attack surface reduction (ASR) for devices
Configure and manage device groups
Overview of Microsoft Defender for Cloud
Identify devices at risk using the Microsoft Defender Vulnerability Management
Manage endpoint threat indicators
Identify unmanaged devices by using device discovery
Design and configure a Microsoft Sentinel workspace
Plan a Microsoft Sentinel workspace
Configure Microsoft Sentinel roles
Design and configure Microsoft Sentinel data storage, log types and log retention
Ingest data sources in Microsoft Sentinel
Identify data sources to be ingested for Microsoft Sentinel
Configure and use MS Sentinel connectors, Azure Policy & diagnostic settings
Configure Microsoft Sentinel connectors for MS 365 Defender & Defender for Cloud
Design and configure Syslog and Common Event Format (CEF) event collections
Design and configure Windows security event collections
Configure threat intelligence connectors
Create custom log tables in the workspace to store ingested data
Configure protections in Microsoft Defender security technologies
Plan and configure Microsoft Defender for Cloud settings
Configure Microsoft Defender for Cloud roles
Assess and recommend cloud workload protection and enable plans
Configure automated onboarding of Azure resources
Connect multi-cloud resources by using Environment settings
Configure detection in Microsoft Defender XDR
Setup a simulation lab using Microsoft 365 Defender
Run an attack against a device in the simulation lab
Manage incidents & automated investigations in the Microsoft 365 Defender portal
Run an attack simulation email campaign in Microsoft 365 Defender
Manage actions and submissions in the Microsoft 365 Defender portal
Identify threats by using Kusto Query Language (KQL)
Identify and remediate security risks by using Microsoft Secure Score
Analyze threat analytics in the Microsoft 365 Defender portal
Configure and manage custom detections and alerts
Configure detections in Microsoft Sentinel
Concepts of Microsoft Sentinel analytics rules
Configure the Fusion rule
Configure Microsoft security analytics rules
Configure built-in scheduled query rules
Configure custom scheduled query rules
Configure near-real-time (NRT) analytics rules
Manage analytics rules from Content hub
Manage and use watchlists
Manage and use threat indicators
Respond to alerts and incidents in the Microsoft Defender portal
Using polices to remediate threats with Email, Teams, SharePoint & OneDrive
Investigate, respond, and remediate threats with Defender for Office 365
Understanding data loss prevention (DLP) in Microsoft 365 Defender
Implement data loss prevention policies (DLP) to respond and alert
Investigate & respond to alerts generated by data loss prevention (DLP) policies
Understanding insider risk policies
Generating an insider risk policy
Investigate and respond to alerts generated by insider risk policies
Discover and manage apps by using Microsoft Defender for Cloud Apps
Identify, investigate, & remediate security risks by using Defender for Cloud Apps
Respond to alerts and incidents identified by Microsoft Defender for Endpoint
Configure User and Entity Behavior Analytics settings
Investigate threats by using entity pages
Configure anomaly detection analytics rules
Investigate Microsoft 365 activities
Understanding unified audit log licensing and requirements
Setting unified audit permissions and enabling support
Investigate threats by using unified audit Log
Investigate threats by using Content Search
Perform threat hunting by using Microsoft Graph activity logs
Respond to incidents in Microsoft Sentinel
Configure an incident generation
Triage incidents in Microsoft Sentinel
Investigate incidents in Microsoft Sentinel
Respond to incidents in Microsoft Sentinel
Investigate multi-workspace incidents
Implement and use Copilot for Security
What is Copilot for Security?
Onboarding Copilot for Security
Create and use promptbooks
Manage sources for Copilot for Security, including plugins and files
Manage permissions and roles in Copilot for Security
Monitor Copilot for Security capacity and cost
Identify threats and risks by using Copilot for Security
Investigate incidents by using Copilot for Security
Configure security orchestration, automation, and response (SOAR) in Microsoft Sentinel
Create and configure automation rules
Create and configure Microsoft Sentinel playbooks
Configure analytic rules to trigger automation rules
Trigger playbooks from alerts and incidents
Hunt for threats by using Microsoft Defender XDR
Identify threats by using Kusto Query Language (KQL)
Interpret threat analytics in the Microsoft Defender portal
Create custom hunting queries by using KQL
Hunt for threats by using Microsoft Sentinel
Analyze attack vector coverage by using MITRE ATT&CK in Microsoft Sentinel
Customize content gallery hunting queries
Create custom hunting queries
Use hunting bookmarks for data investigations
Monitor hunting queries by using Livestream
Retrieve and manage archived log data
Create and manage search jobs
Respond to alerts and incidents in Microsoft Defender for Cloud
Set up email notifications
Create and manage alert suppression rules
Design and configure workflow automation in Microsoft Defender for Cloud
Generate sample alerts and incidents in Microsoft Defender for Cloud
Remediate alerts and incidents by using MS Defender for Cloud recommendations
Manage security alerts and incidents
Analyze Microsoft Defender for Cloud threat intelligence reports
Create and configure Microsoft Sentinel workbooks
Activate and customize Microsoft Sentinel workbook templates
Create custom workbooks
Configure advanced visualizations
Conclusion
Cleaning up your lab environment
Getting a Udemy certificate
BONUS Where do I go from here?
