1 - Module 1: Mitigate threats using Microsoft 365 Defender
Introduction to Microsoft 365 threat protectionMitigate incidents using Microsoft 365 DefenderProtect your identities with Azure AD Identity ProtectionRemediate risks with Microsoft Defender for Office 365Safeguard your environment with Microsoft Defender for IdentitySecure your cloud apps and services with Microsoft Defender for Cloud AppsRespond to data loss prevention alerts using Microsoft 365Manage insider risk in Microsoft 365
2 - Module 2: Mitigate threats using Microsoft Defender for Endpoint
Protect against threats with Microsoft Defender for EndpointDeploy the Microsoft Defender for Endpoint environmentImplement Windows security enhancements with Microsoft Defender for EndpointPerform device investigations in Microsoft Defender for EndpointPerform actions on a device using Microsoft Defender for EndpointPerform evidence and entities investigations using Microsoft Defender for EndpointConfigure and manage automation using Microsoft Defender for EndpointConfigure for alerts and detections in Microsoft Defender for EndpointUtilize Vulnerability Management in Microsoft Defender for Endpoint
3 - Module 3: Mitigate threats using Microsoft Defender for Cloud
Plan for cloud workload protections using Microsoft Defender for CloudConnect Azure assets to Microsoft Defender for CloudConnect non-Azure resources to Microsoft Defender for CloudManage your cloud security posture managementExplain cloud workload protections in Microsoft Defender for CloudRemediate security alerts using Microsoft Defender for Cloud
4 - Module 4: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Construct KQL statements for Microsoft SentinelAnalyze query results using KQLBuild multi-table statements using KQLWork with data in Microsoft Sentinel using Kusto Query Language
5 - Module 5: Configure your Microsoft Sentinel environment
Introduction to Microsoft SentinelCreate and manage Microsoft Sentinel workspacesQuery logs in Microsoft SentinelUse watchlists in Microsoft SentinelUtilize threat intelligence in Microsoft Sentinel
6 - Module 6: Connect logs to Microsoft Sentinel
Connect data to Microsoft Sentinel using data connectorsConnect Microsoft services to Microsoft SentinelConnect Microsoft 365 Defender to Microsoft SentinelConnect Windows hosts to Microsoft SentinelConnect Common Event Format logs to Microsoft SentinelConnect syslog data sources to Microsoft SentinelConnect threat indicators to Microsoft Sentinel
7 - Module 7: Create detections and perform investigations using Microsoft Sentinel
Threat detection with Microsoft Sentinel analyticsAutomation in Microsoft SentinelThreat response with Microsoft Sentinel playbooksSecurity incident management in Microsoft SentinelIdentify threats with Entity behavior analytics in Microsoft SentinelData normalization in Microsoft SentinelQuery, visualize, and monitor data in Microsoft SentinelManage content in Microsoft Sentinel
8 - Module 8: Perform threat hunting in Microsoft Sentinel
Explain threat hunting concepts in Microsoft SentinelThreat hunting with Microsoft SentinelUse Search jobs in Microsoft SentinelHunt for threats using notebooks in Microsoft Sentinel
Actual course outline may vary depending on offering center. Contact your sales representative for more information.
Who is it For?
The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.
Basic understanding of Microsoft 365
Fundamental understanding of Microsoft security, compliance, and identity products
Intermediate understanding of Windows 10
Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
Familiarity with Azure virtual machines and virtual networking
Basic understanding of scripting concepts.