What you'll learn

Pass the SC-200 Exam

Mitigate threats by using Defender for Cloud (15–20%)

Mitigate threats by using Microsoft Sentinel (50–55%)

Mitigate threats by using Defender XDR (25–30%)

Requirements

Basic IT Knowledge

No Azure or Cyber Security experience necessary

Willingness to learn cool stuff!

Description

In the role of a Microsoft Security Operations Analyst, you play a pivotal role in minimizing organizational risk through the following key responsibilities:Swiftly addressing active attacks within the environment.Providing recommendations for enhancing threat protection practices.Reporting violations of organizational policies to the relevant stakeholders.Your tasks encompass:TriageIncident responseVulnerability managementThreat huntingCyber threat intelligence analysisAs a Microsoft Security Operations Analyst, your focus is on monitoring, identifying, investigating, and responding to threats across multicloud environments. This involves utilizing tools such as Microsoft Sentinel, Microsoft Defender for Cloud, Defender XDR, and third-party security solutions.Collaboration is a crucial aspect of this role, as you work closely with business stakeholders, architects, identity administrators, Azure administrators, and endpoint administrators to fortify the security of IT systems within the organization.Candidates for this position should possess familiarity with:Microsoft 365Azure cloud servicesWindows and Linux operating systemsSkills Overview:Mitigate threats using Microsoft Defender XDR (25–30%)Mitigate threats using Defender for Cloud (15–20%)Mitigate threats using Microsoft Sentinel (50–55%)Mitigate threats within the Microsoft 365 environment by leveraging Microsoft Defender XDR (25–30%). This involves investigating, responding to, and remediating threats across Microsoft Teams, SharePoint Online, and OneDrive. Additionally, address email threats through the utilization of Microsoft Defender for Office 365, respond to alerts generated by data loss prevention (DLP) policies, and handle alerts related to insider risk policies.Manage and discover apps using Microsoft Defender for Cloud Apps, identifying, investigating, and remediating security risks in this area. Ensure endpoint security by utilizing Microsoft Defender for Endpoint, covering tasks such as managing data retention, alert notification, and advanced features, recommending attack surface reduction (ASR) for devices, responding to incidents and alerts, configuring and managing device groups, identifying devices at risk through Defender Vulnerability Management, and managing endpoint threat indicators.Mitigate identity threats by addressing security risks related to Microsoft Entra ID events, Microsoft Entra Identity Protection events, and Active Directory Domain Services (AD DS) using Microsoft Defender for Identity.Handle extended detection and response (XDR) in Microsoft Defender XDR, managing incidents and automated investigations in the portal, overseeing actions and submissions, identifying threats with Kusto Query Language (KQL), remediating security risks with Microsoft Secure Score, analyzing threat analytics, and configuring custom detections and alerts.Additionally, mitigate threats with Defender for Cloud (15–20%). This involves implementing and maintaining cloud security posture management, assigning and managing regulatory compliance policies, improving the Microsoft Defender for Cloud secure score, configuring plans and agents for Defender for Servers and DevOps, managing External Attack Surface Management (EASM), configuring environment settings, and responding to alerts and incidents.Lastly, address threats using Microsoft Sentinel (50–55%). Design and configure a Microsoft Sentinel workspace, plan roles, configure data storage, and implement data connectors for ingestion. Manage analytics rules, develop ASIM parsers, configure security orchestration automated response (SOAR), and manage incidents. Utilize workbooks to analyze and interpret data, hunt for threats with custom queries, and monitor using Livestream. Manage threats with User and Entity Behavior Analytics by configuring settings, investigating threats through entity pages, and setting up anomaly detection analytics rules.