Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide

You're reading from   Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide Manage, monitor, and respond to threats using Microsoft Security Stack for securing IT systems

Arrow left icon
Product type Paperback
Published in Mar 2022
Publisher Packt
ISBN-13 9781803231891
Length 288 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Trevor Stuart Trevor Stuart
Author Profile Icon Trevor Stuart
Trevor Stuart
Joe Anich Joe Anich
Author Profile Icon Joe Anich
Joe Anich
Arrow right icon
View More author details
Toc

Table of Contents (19) Chapters Close

Preface 1. Section 1 – Exam Overview and Evolution of Security Operations
2. Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives FREE CHAPTER 3. Chapter 2: The Evolution of Security and Security Operations 4. Section 2 – Implementing Microsoft 365 Defender Solutions
5. Chapter 3: Implementing Microsoft Defender for Endpoint 6. Chapter 4: Implementing Microsoft Defender for Identity 7. Chapter 5: Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier) 8. Section 3 – Familiarizing Yourself with Alerts, Incidents, Evidence, and Dashboards
9. Chapter 6: An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and Dashboards 10. Chapter 7: Microsoft Defender for Identity, What Happened, Alerts, and Incidents 11. Chapter 8: Microsoft Defender for Office – Threats to Productivity 12. Chapter 9: Microsoft Defender for Cloud Apps and Protecting Your Cloud Apps 13. Section 4 – Setting Up and Connecting Data Sources to Microsoft Sentinel
14. Chapter 10: Setting Up and Configuring Microsoft Sentinel 15. Section 5 – Hunting Threats within Microsoft 365 Defender and Microsoft Sentinel
16. Chapter 11: Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel 17. Chapter 12: Knowledge Check 18. Other Books You May Enjoy

Creating a Microsoft demo tenant

The following are two URLs that are mentioned a few times in the section. These will be handy to keep bookmarked so that you can quickly get back to them:

One of the absolute best things you can do to get hands-on experience is to build a lab! Many will do this first, and that's totally fine – everyone has their own style of learning. My hesitation for doing that first is that I end up bouncing around all over the place because I don't have any context for what to do or where to start. There are many shiny things to distract me.

Having gone through the learning paths, with various knowledge checks and additional documentation articles, I'm ready to tackle the real thing! I have a sense of structure, where to start, where to end, and what is in between.

To get started with setting up your lab, you'll need to satisfy one of the following licensing requirements. The reason for E5 and A5 is because those contain everything you'll be learning about in the learning paths in one easy package:

  • Windows 10 Enterprise E5
  • Windows 10 Education A5
  • Microsoft 365 E5 (M365 E5), which includes Windows 10 Enterprise E5
  • Microsoft 365 A5 (M365 A5)
  • Microsoft 365 E5 Security
  • Microsoft 365 A5 Security
  • MDE

With these subscriptions, you can more freely test with onboarding your own lab devices too, as well as configuring the other components of the license, such as Microsoft Endpoint Manager, formerly Intune. With that, you can learn to configure a host of security features that are otherwise already enabled in the pre-provisioned devices in the evaluation lab aspect of the license.

Some things to note about the evaluation lab aspect of the trial are as follows:

  • Enough device allotment for a month of testing.
  • Renewing resources allowed once a month.
  • Pre-provisioned machines for testing.
  • Full access to the capabilities of MDE.
  • Threat simulators.
  • To get a wonderful overarching picture of the lab itself and what you can get from it, please watch the video at the following link: aka.ms/MDEEvaluation.

The following screenshot shows what the lab section of the portal will look like before you configure it:

Figure 1.2 – The Evaluation Lab setup

Figure 1.2 – The Evaluation Lab setup

Note that when you get to the provisioning screen, you'll select the number of devices you want as well as the duration of each. Now, remember, whatever you select, that's all you get for 30 days, so carefully plan out how you want to test these machines. If you're after more specific tests, perhaps to see how MDE handles various attacks, then the shorter durations may be better suited, but for the use case of studying for an exam, the longer-duration machines may be best.

You have been reading a chapter from
Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide
Published in: Mar 2022
Publisher: Packt
ISBN-13: 9781803231891
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image