Microsoft Identity and Access Administrator

The SC-200: Microsoft Security Operations Analyst course is designed to equip professionals with the skills needed to detect, investigate, and respond to cybersecurity threats using Microsoft security technologies. This course focuses on enabling learners to monitor and manage threats in hybrid and cloud environments, leveraging tools such as Microsoft Sentinel, Microsoft Defender, and Microsoft 365 Defender.

The SC-200 course provides hands-on experience in managing security operations, enhancing the ability to defend against cybersecurity threats, and ensuring a proactive approach to organizational security. After completing the course, students will be fully prepared to take the SC-200 certification exam, demonstrating their capabilities as skilled Security Operations Analysts within the Microsoft ecosystem.

• Understand how to mitigate cyber threats by using a wide range of security solutions in Microsoft environments.
• Learn to configure and utilize Microsoft Sentinel for security information and event management (SIEM).
• Investigate and analyze potential threats using Microsoft Defender for Cloud and Microsoft 365 Defender.
• Develop proficiency in incident response, detection of threats, and the creation of automated responses.
• Gain expertise in proactive threat hunting across various data sources to identify indicators of compromise (IOCs).
• Configuring Microsoft Sentinel to aggregate security data from across the organization.
• Detecting and responding to incidents using Microsoft Defender for Endpoint, Microsoft Defender for Identity, and Microsoft Defender for Office 365.
• Leveraging Microsoft 365 Defender to manage security alerts and automate responses.
• Implementing and managing SIEM and SOAR solutions to improve the organization’s security posture.
• Using threat intelligence to detect, analyze, and respond to vulnerabilities and attacks.
• Performing threat hunting and analyzing telemetry data to proactively mitigate security risks.
• Developing and implementing security incident response strategies.

• Security Operations Analysts
• IT Professionals
• Security Engineers
• Security Analysts
• Cloud Administrators
• System Administrators
• IT Security Consultants

To successfully complete the SC-300 course and certification exam, it is recommended that learners have the following prerequisites:

• Familiarity with Microsoft Azure services and Microsoft 365 workloads, especially in managing users and devices.
• Strong foundational knowledge of identity management and authentication concepts such as authentication protocols, multifactor authentication (MFA), conditional access, and role-based access control (RBAC).
• Hands-on experience managing Active Directory (AD) and Azure Active Directory (Azure AD), including implementing security policies, managing user identities, and configuring authentication and authorization services.
• Familiarity with hybrid identity environments, including how to synchronize on-premises identities with Azure Active Directory using tools such as Azure AD Connect.
• Experience with various authentication methods, such as passwordless authentication, multi-factor authentication (MFA), single sign-on (SSO), and federation using protocols like OAuth2 and SAML.
• Knowledge of security, compliance, and governance requirements in Microsoft environments, especially as they relate to identity and access management.
• Basic knowledge of identity protection, identity governance, and privileged access management concepts.
• Understanding of basic networking concepts, especially in relation to securing access to applications and managing network security policies.

Recommended Certifications:

• AZ-104: Microsoft Azure Administrator
• MS-500: Microsoft 365 Security Administration

Exam Code: SC-300

Duration: 120 minutes

Exam Domains: