The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

Course Prerequisites

There are no prerequisites to this course however having knowledge in the following domains is an added advantage:

• General knowledge of cloud computing and networking concepts

• Familiarity with the services of Microsoft 365 and Azure

• Familiarity with the cyber threats, attack vectors and incident management

Upon successful completion of this course, students will be able to:

• Identify the basic network theory concepts.

• Identify the major network communications methods.

• Describe network media and hardware components.

• Identify the major types of network implementations.

• Identify the components of a TCP/IP network implementation.

• Identify TCP/IP addressing and data delivery methods.

• Identify the major services deployed on TCP/IP networks.

• Identify the components of a LAN implementation.

• Identify the infrastructure of a WAN implementation.

• Identify the components of a remote network implementation.

• Identify the major issues and methods to secure systems on a network.

• Identify the major issues and technologies in network security.

• Identify network security threats and attacks.

• Identify the tools, methods, and techniques used in managing a network.

• Describe troubleshooting of issues on a network.

Suggested Prerequisites

• CompTIA A+ Certification (Exams 220-1001 and 220-1002)

Next Steps and Related Courses

• Cisco® Implementing and Administering Cisco® Solutions v1.0 (CCNA

Mitigate threats using Microsoft Defender XDR

• Introduction to Microsoft Defender XDR threat protection

• Mitigate incidents using Microsoft Defender

• Manage Microsoft Entra Identity Protection

• Safeguard your environment with Microsoft Defender for Identity

• Remediate risks with Microsoft Defender for Office 365

• Secure your cloud apps and services with Microsoft Defender for Cloud Apps

Mitigate threats using Microsoft Copilot for Security

• Fundamentals of Generative AI

• Describe Microsoft Copilot for Security

• Describe the core features of Microsoft Copilot for Security

• Describe the embedded experiences of Microsoft Copilot for Security

• Explore use cases of Microsoft Copilot for Security

Mitigate threats using Microsoft Purview

• Respond to data loss prevention alerts using Microsoft 365

• Manage insider risk in Microsoft Purview

• Search and investigate with Microsoft Purview Audit

• Investigate threats with Content search in Microsoft Purview

Mitigate threats using Microsoft Defender for Endpoint

• Protect against threats with Microsoft Defender for Endpoint

• Deploy the Microsoft Defender for Endpoint environment

• Implement Windows security enhancements with Microsoft Defender for Endpoint

• Perform device investigations in Microsoft Defender for Endpoint

• Perform actions on a device using Microsoft Defender for Endpoint

• Perform evidence and entities investigations using Microsoft Defender for Endpoint

• Configure and manage automation using Microsoft Defender for Endpoint

• Configure for alerts and detections in Microsoft Defender for Endpoint

Mitigate threats using Microsoft Defender for Cloud

• Plan for cloud workload protections using Microsoft Defender for Cloud

• Connect Azure assets to Microsoft Defender for Cloud

• Connect non-Azure resources to Microsoft Defender for Cloud

• Manage your cloud security posture management

• Explain cloud workload protections in Microsoft Defender for Cloud

• Remediate security alerts using Microsoft Defender for Cloud

Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

• Construct KQL statements for Microsoft Sentinel

• Analyze query results using KQL

• Build multi-table statements using KQL

• Work with data in Microsoft Sentinel using Kusto Query Language

Configure your Microsoft Sentinel environment

• Introduction to Microsoft Sentinel

• Create and manage Microsoft Sentinel workspaces

• Query logs in Microsoft Sentinel

• Use watchlists in Microsoft Sentinel

• Utilize threat intelligence in Microsoft Sentinel

Connect logs to Microsoft Sentinel

• Connect data to Microsoft Sentinel using data connectors

• Connect Microsoft services to Microsoft Sentinel

• Connect Microsoft Defender XDR to Microsoft Sentinel

• Connect Windows hosts to Microsoft Sentinel

• Connect Common Event Format logs to Microsoft Sentinel

• Connect syslog data sources to Microsoft Sentinel

• Connect threat indicators to Microsoft Sentinel

Create detections and perform investigations using Microsoft Sentinel

• Threat detection with Microsoft Sentinel analytics

• Automation in Microsoft Sentinel

• Threat response with Microsoft Sentinel playbooks

• Security incident management in Microsoft Sentinel

• Identify threats with Behavioral Analytics

• Data normalization in Microsoft Sentinel

• Query, visualize, and monitor data in Microsoft Sentinel

• Manage content in Microsoft Sentinel

Perform threat hunting in Microsoft Sentinel

• Explain threat hunting concepts in Microsoft Sentinel

• Threat hunting with Microsoft Sentinel

• Use Search jobs in Microsoft Sentinel

• Hunt for threats using notebooks in Microsoft Sentinel