SC-200

What is the SC-200

Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

My study plan

Study guide: Link to Microsoft FAQ

Instructor Led Courses: Link to learning content

Practice Test: Link to practice test

MS Press Resources: Link to MS Store

MS Exam Sandbox: Link to MS Exam Sandbox

MS Self-Directed Learning: Link to MS learning page

Main areas of focus

• Manage a security operations environment (25–30%)

• Configure protections and detections (15–20%)

• Manage incident response (35–40%)

• Perform threat hunting (15–20%)