Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide
  • Toc
  • feedback
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

By : Trevor Stuart, Joe Anich
4.3 (8)
close
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

4.3 (8)
By: Trevor Stuart, Joe Anich

Overview of this book

Security in information technology has always been a topic of discussion, one that comes with various backgrounds, tools, responsibilities, education, and change! The SC-200 exam comprises a wide range of topics that introduce Microsoft technologies and general operations for security analysts in enterprises. This book is a comprehensive guide that covers the usefulness and applicability of Microsoft Security Stack in the daily activities of an enterprise security operations analyst. Starting with a quick overview of what it takes to prepare for the exam, you'll understand how to implement the learning in real-world scenarios. You'll learn to use Microsoft's security stack, including Microsoft 365 Defender, and Microsoft Sentinel, to detect, protect, and respond to adversary threats in your enterprise. This book will take you from legacy on-premises SOC and DFIR tools to leveraging all aspects of the M365 Defender suite as a modern replacement in a more effective and efficient way. By the end of this book, you'll have learned how to plan, deploy, and operationalize Microsoft's security stack in your enterprise and gained the confidence to pass the SC-200 exam.
Table of Contents (19 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Share Your Thoughts
1
Section 1 – Exam Overview and Evolution of Security Operations
Section 1 – Exam Overview and Evolution of Security Operations
Free Chapter
2
Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives
chevron up
Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives
Technical requirements
Preparing for a Microsoft exam
Creating a Microsoft demo tenant
Summary
3
Chapter 2: The Evolution of Security and Security Operations
Chapter 2: The Evolution of Security and Security Operations
A quick introduction to the terminology
Understanding the traditional approach to security
Introducing the modern approach to security
Getting to know traditional SOC issues
Exploring modern ways to resolve traditional SOC issues
Summary
4
Section 2 – Implementing Microsoft 365 Defender Solutions
Section 2 – Implementing Microsoft 365 Defender Solutions
5
Chapter 3: Implementing Microsoft Defender for Endpoint
Chapter 3: Implementing Microsoft Defender for Endpoint
Technical requirements
Understanding the prerequisites
Deployment options – onboarding
Troubleshooting
Sensor status and verification
Summary
6
Chapter 4: Implementing Microsoft Defender for Identity
Chapter 4: Implementing Microsoft Defender for Identity
Technical requirements
Understanding the prerequisites
Deployment options
A troubleshooting guide
Service status and verification
Summary
7
Chapter 5: Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier)
Chapter 5: Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier)
Technical requirements
Introduction to Microsoft Defender for Cloud and ASC
Implementing ASC
Implementing Microsoft Defender for Cloud
How do ASC and Microsoft Defender for Cloud fit into the security of an enterprise?
Summary
8
Section 3 – Familiarizing Yourself with Alerts, Incidents, Evidence, and Dashboards
Section 3 – Familiarizing Yourself with Alerts, Incidents, Evidence, and Dashboards
9
Chapter 6: An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and Dashboards
Chapter 6: An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and Dashboards
Before we get started – acronyms and creating your lab!
General portal navigation
Alerts and incidents
How to suppress an alert and create a new suppression rule
Summary
10
Chapter 7: Microsoft Defender for Identity, What Happened, Alerts, and Incidents
Chapter 7: Microsoft Defender for Identity, What Happened, Alerts, and Incidents
Technical requirements
MDI concepts
Understanding and investigating alerts
Triaging and responding to alerts
Summary
11
Chapter 8: Microsoft Defender for Office – Threats to Productivity
Chapter 8: Microsoft Defender for Office – Threats to Productivity
Technical requirements
Threat protection policies
Threat investigation and response capabilities
Automated investigation and response capabilities
Data loss prevention and insider risk
Summary
12
Chapter 9: Microsoft Defender for Cloud Apps and Protecting Your Cloud Apps
Chapter 9: Microsoft Defender for Cloud Apps and Protecting Your Cloud Apps
Technical requirements
The MDCA framework
Cloud Discovery
Conditional Access App Control
Classifying and protecting sensitive information
Detecting, investigating, and responding to application threats
Summary
13
Section 4 – Setting Up and Connecting Data Sources to Microsoft Sentinel
Section 4 – Setting Up and Connecting Data Sources to Microsoft Sentinel
14
Chapter 10: Setting Up and Configuring Microsoft Sentinel
Chapter 10: Setting Up and Configuring Microsoft Sentinel
Pre-deployment activities
Azure tenant-level prerequisites
Enabling and onboarding Microsoft Sentinel
Global requirements and prerequisites for Microsoft Sentinel
Data residency
Enabling Microsoft Sentinel for your organization
Connecting data sources to Microsoft Sentinel
Summary
15
Section 5 – Hunting Threats within Microsoft 365 Defender and Microsoft Sentinel
Section 5 – Hunting Threats within Microsoft 365 Defender and Microsoft Sentinel
16
Chapter 11: Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel
Chapter 11: Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel
Technical requirements
Kusto query overview
Advanced threat hunting and the M365 Defender portal
Hunting for threats in Microsoft Sentinel
Summary
17
Chapter 12: Knowledge Check
Chapter 12: Knowledge Check
Example exam questions
Answer key
Why subscribe?
18
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives

Welcome to Microsoft SC-200 Exam Prep and Beyond and Chapter 1, Preparing for Your Microsoft Exam and SC-200 Objectives. This chapter is dedicated to ensuring that you are ready for the Microsoft SC-200 exam and that you fully understand the objectives, along with how they apply in the real world. It's one thing to pass an exam but a whole other thing to apply exam topics to your day-to-day job. Let's get into it!

In both traditional and modern enterprises, the Microsoft security operations analyst is the key pivot point and collaborator with both individual contributors and enterprise stakeholders. This role in most organizations has one goal in mind – to protect against, secure against, detect, and respond to threats present in an enterprise as expeditiously as possible. They are responsible for reducing organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate teams and stakeholders. Historically, this level of responsibility came with a lot of tooling, alert fatigue, manual or human interaction in investigations, and so on.

What we hope to make clear is that there has been a massive evolution of security operations for most enterprises. Tooling has changed, and the power of the cloud has added great value to tools that Security Operations Team (SOC) analysts are required to use day to day to successfully deliver in the Microsoft security operations analyst position for enterprises today.

This chapter will cover the following topics to get us started:

  • Preparing for a Microsoft exam
  • Introducing the resources available and accessing Microsoft Learn
  • Creating a Microsoft demo tenant

It is important to note that in November 21 some Microsoft Security Services have been renamed. These are renamed as follows:

  • Microsoft Cloud App Security (MCAS) is now called Microsoft Defender for Cloud Apps
  • System Center Configuration Manager (SCCM) is now called Microsoft Endpoint Configuration Manager (MECM)
  • Azure Sentinel is now called Microsoft Sentinel
  • Azure defender is now Microsoft Defender for Cloud
  • Azure Security Center is now called Microsoft Defender for Cloud
  • Playbook is now called Workflow automation
End of Section 1
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete