SC-200 is a four-day course for security professionals responsible for threat detection, investigation, and response. It focuses on using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft Defender for Endpoint, and Microsoft 365 Defender. Participants learn how to investigate incidents, perform threat hunting with Kusto Query Language, configure data connectors, create detections, and automate responses. The course aligns with the Microsoft Certified: Security Operations Analyst Associate certification.
Upcoming dates you can join soon.
This course runs multiple times per year, onsite and online.
Investigate and respond to security incidents
Use Microsoft Sentinel for SIEM and SOAR
Perform threat hunting with KQL
Mitigate threats across cloud and endpoints
“Henri perfectly filled in the gaps in our knowledge and tailored the course contents to our difficult schedules, many thanks !”
Simon Baynes
BCMS manager
MSC MEDITERRANEAN SHIPPING COMPANY SA
“Henri and Alexis conducted a focused, intensive four-day ISO/IEC 27001 Lead Implementer Course of immediate relevance to The Global Fund. Participants representing both IT and Risk are now better prepared to design and operationise a corporate ISMS.”
Andreas Tamberg
Senior advisors enterprise risk management
The Global Fund
“Overall enjoyable training. To the point end trainer kept clear focused.”
Stephane Di Bari
Service operations manager
UNICC
Get instant answers to common questions about this course from our expert trainers.
SC-200 focuses on investigating, responding to, and hunting cyber threats using Microsoft Sentinel and Microsoft Defender technologies.
“Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel.”
Expert Trainer
SC-200 is designed for Security Operations Analysts responsible for monitoring, investigating, and responding to threats.
“The course was designed for people who work in a Security Operations job role.”
Expert Trainer
SC-200 uses Microsoft Sentinel as the central SIEM and SOAR platform for detection, investigation, and response.
“Configure and use Microsoft Sentinel.”
Expert Trainer
SC-200 uses KQL to query logs, analyze threats, build detections, and perform threat hunting.
“Utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting.”
Expert Trainer
SC-200 covers proactive threat hunting using Microsoft Sentinel queries, bookmarks, livestream, and notebooks.
“Perform threat hunting in Microsoft Sentinel.”
Expert Trainer
Browse every upcoming session for this course.
Quick navigation to course sections
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.