• Corporate Courses
  • CompTIA
Cybersecurity

SC-200: Microsoft Security Operations Analyst

Investigate, respond to and hunt cyber-threats across Microsoft Sentinel, Defender XDR and Defender for Cloud in 4 instructor-led days – and earn the Microsoft Certified: Security Operations Analyst Associate (Exam SC-200) badge.

Enquire Now

Why choose this course?

  • End-to-end SOC tooling. You’ll build skills in every product the SC-200 exam covers – Sentinel SIEM /SOAR, Defender XDR (Identity, Endpoint, Office 365 & Cloud Apps) and Defender for Cloud.
  • KQL deep-dive. Write advanced queries to detect, hunt and report on threats in log and analytics workspaces.
  • Hands-on, scenario labs. Configure connectors, investigate incidents, automate playbooks and remediate real-world attacks.
  • Hybrid delivery – attend on-campus or virtually from anywhere in South Africa.
See Course Content

This course is ideal for:

  • SOC analysts, security engineers or IT pros who monitor and respond to security incidents.
  • Administrators migrating on-prem SIEM/SOAR workloads to Microsoft Sentinel.
  • Anyone preparing for Exam SC-200 on their Microsoft security-certification journey.

Prerequisites

A foundational grasp of Microsoft security, compliance & identity solutions (e.g. SC-900) plus familiarity with Azure services and Microsoft 365 workloads.

Course Content

  • Mitigate threats using Microsoft Defender XDR – unify incidents from Defender for Endpoint/Identity/Office 365/Cloud Apps, run advanced hunting and trigger automated response across domains.
  • Mitigate threats using Microsoft Security Copilot – craft effective prompts, use plugins & promptbooks, summarise attacks and generate guided remediation steps with generative AI.
  • Mitigate threats using Microsoft Purview – surface insider-risk and compliance alerts, classify & protect sensitive data, investigate data-loss incidents and audit regulatory posture.
  • Mitigate threats using Microsoft Defender for Endpoint – onboard devices, reduce attack surface, employ threat-&-vulnerability management, investigate alerts and run live response.
  • Mitigate threats using Microsoft Defender for Cloud – improve secure score, enable workload protections for VMs, containers & SQL, investigate CSPM alerts and harden hybrid resources.
  • Create queries for Microsoft Sentinel with Kusto Query Language (KQL) – write, optimise and visualise KQL statements for detections, hunting and reporting.
  • Configure your Microsoft Sentinel environment – design the workspace, connect data sources, set RBAC & log-retention, deploy basic workbooks and watchlists.
  • Create detections & perform investigations in Microsoft Sentinel – build analytics rules, manage incidents & evidence, automate response with playbooks and perform guided investigations.
  • Perform threat hunting in Microsoft Sentinel – craft hunting queries, use livestream, notebooks & MITRE mapping, bookmark findings and turn queries into custom detections.

Hardware Requirements

Interested?

Enquire today and one of our consultants will be in touch.