Microsoft Security Operations Analyst

Audience Profile

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

SC-200: Mitigate threats using Microsoft Defender XDR

SC-200: Mitigate threats using Microsoft Copilot for Security

SC-200: Mitigate threats using Microsoft Purview

SC-200: Mitigate threats using Microsoft Defender for Endpoint

SC-200: Mitigate threats using Microsoft Defender for Cloud

SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

SC-200: Configure your Microsoft Sentinel environment

SC-200: Connect logs to Microsoft Sentinel

SC-200: Create detections and perform investigations using Microsoft Sentinel

SC-200: Perform threat hunting in Microsoft Sentinel