90% off

Weekly

$12.99/wk

Monthly

$19.99/mo

Save 80%

Yearly

$199.99/yr

Lifetime

$199.99

This course only · lifetime access

Buy lifetime access → Add to cart

Earn a Certificate of CompletionShareable on LinkedIn & resumes.

30-day money-back guarantee

For organizations

Upskill your entire team.

Get AI-certified with Mammoth Club. Volume pricing, SSO, and admin tools included.

For teams of 5 or more users
Access to all 3,000+ Mammoth Club courses
Learning engagement tools
Team progress tracking & analytics
SSO and LMS integration

Get started with Teams →

Talk to us about volume pricing

Catalog / All levels / Microsoft Certified: Security Operations Analyst Associate with 10 Practice Exams

Mammoth Club All levels 4 sections 55 lectures

Microsoft Certified: Security Operations Analyst Associate with 10 Practice Exams

In today’s threat landscape, it’s not enough to simply understand security concepts—you need the skills to respond decisively when attacks happen. This course immerses you in real-world scenarios that sharpen your ability to identify, investigate, and neutralize threats using Microsoft’s industry-leading security solutions.

Created by Team Mammoth

55 lectures

Skill level

All levels

Sections

Lectures

Instructor

Team Mammoth

What's inside

This course includes.

✓

Sections

✓

Certificate of completion

Included

✓

Mobile and desktop access

Included

✓

AI learning assistance

Included

Unlock all courses with our Subscription Bundle! Get unlimited access to entire course library, books and assets. Learn more and subscribe today!

Course content

Curriculum & lectures.

4 sections · 55 lectures

+ Section 1: Manage a Security Operations Environment (Domain 1) 21 lectures Preview

Lecture 1.00 Introduction Locked

Lecture 1.01: Configure Alert and Vulnerability Notification Rules Locked

Lecture 1.02: Configure Microsoft Defender for Endpoint Advanced Features Locked

Lecture 1.03: Configure Endpoint Rules Settings Locked

Lecture 1.04: Manage Automated Investigation and Response Capabilities in Microsoft Defender XDR Locked

Lecture 1.05: Configure Automatic Attack Disruption in Microsoft Defender XDR Locked

Lecture 1.06: Configure and Manage Device Groups, Permissions, and Automation Levels in Microsoft Defender for Endpoint Locked

Lecture 1.07: Identify Unmanaged Devices in Microsoft Defender for Endpoint Locked

Lecture 1.08: Discover Unprotected Resources by Using Microsoft Defender for Cloud Locked

Lecture 1.09: Identify and Remediate Devices at Risk by Using Microsoft Defender Vulnerability Management Locked

Lecture 1.10: Mitigate Risk by Using Exposure Management in Microsoft Defender XDR Locked

Lecture 1.11: Plan a Microsoft Sentinel Workspace Locked

Lecture 1.12: Configure Microsoft Sentinel Roles and Azure RBAC Roles for Sentinel Locked

Lecture 1.13: Design and Configure Microsoft Sentinel Data Storage (Log Types and Retention) Locked

Lecture 1.14: Identify Data Sources to Be Ingested for Microsoft Sentinel Locked

Lecture 1.15: Implement and Use Content Hub Solutions Locked

Lecture 1.16: Configure and Use Microsoft Connectors for Azure Resources (Azure Policy and Diagnostic Settings) Locked

Lecture 1.17: Plan and Configure Syslog and CEF Event Collection Locked

Lecture 1.18: Plan and Configure Collection of Windows Security Events (DCR and WEF) Locked

Lecture 1.19: Create Custom Log Tables in the Workspace to Store Ingested Data Locked

Lecture 1.20: Monitor and Optimize Data Ingestion Locked

+ Section 2: Configure Protections and Detections (Domain 2) 11 lectures

Lecture 2.01: Configure Policies for Microsoft Defender for Cloud Apps Locked

Lecture 2.02: Configure Policies for Microsoft Defender for Office 365 Locked

Lecture 2.03: Configure Security Policies for Microsoft Defender for Endpoint (Including Attack Surface Reduction Rules) Locked

Lecture 2.04: Configure Cloud Workload Protections in Microsoft Defender for Cloud Locked

Lecture 2.05: Configure and Manage Custom Detection Rules (Microsoft Defender XDR) Locked

Lecture 2.06: Manage Alerts (Tuning, Suppression, and Correlation) Locked

Lecture 2.07: Configure Deception Rules in Microsoft Defender XDR Locked

Lecture 2.08: Classify and Analyze Data by Using Entities (Microsoft Sentinel) Locked

Lecture 2.09: Configure and Manage Analytics Rules (Microsoft Sentinel) Locked

Lecture 2.10: Query Microsoft Sentinel Data by Using ASIM Parsers Locked

Lecture 2.11: Implement Behavioral Analytics (Microsoft Sentinel) Locked

+ Section 3: Manage Incident Response (Domain 3) 15 lectures

Lecture 3.01: Investigate and Remediate Threats by Using Microsoft Defender for Office 365 Locked

Lecture 3.02: Investigate and Remediate Ransomware and BEC Incidents (Automatic Attack Disruption) Locked

Lecture 3.03: Investigate and Remediate Data Loss and Insider Risk Alerts (Purview DLP & Insider Risk) Locked

Lecture 3.04: Investigate and Remediate Alerts from Microsoft Defender for Cloud (Workload Protections) Locked

Lecture 3.05: Investigate and Remediate Security Risks Identified by Microsoft Defender for Cloud Apps Locked

Lecture 3.06: Investigate and Remediate Identity-Related Alerts (Microsoft Entra ID & Defender for Identity) Locked

Lecture 3.07: Investigate and Respond to Endpoint Incidents with Microsoft Defender for Endpoint Locked

Lecture 3.08: Investigating Microsoft 365 User Activities (Unified Audit Log, Content Search, Graph API) Locked

Lecture 3.09: Investigate and Remediate Incidents in Microsoft Sentinel Locked

Lecture 3.10: Create and Use Automation Rules in Microsoft Sentinel Locked

Lecture 3.11: Create and Use Microsoft Sentinel Playbooks (Including On-Premises Execution) Locked

Lecture 3.12: Create and Use Promptbooks in Microsoft Security Copilot Locked

Lecture 3.13: Integrate Data Sources and Connectors in Microsoft Security Copilot Locked

Lecture 3.14: Manage Permissions, Roles, and Usage for Microsoft Security Copilot Locked

Lecture 3.15: Identify Threats and Investigate Incidents Using Microsoft Security Copilot Locked

+ Section 4: Manage Security Threats (Domain 4) 8 lectures

Lecture 4.01: Threat Hunting with KQL in Microsoft Defender XDR Locked

Lecture 4.02: Interpret Threat Analytics in the Microsoft Defender Portal Locked

Lecture 4.03: Analyze Attack Vector Coverage Using the MITRE ATT&CK Matrix (Microsoft Sentinel) Locked

Lecture 4.04: Manage and Use Threat Indicators in Microsoft Sentinel Locked

Lecture 4.05: Conduct Threat Hunts in Microsoft Sentinel (Hunts, Queries, Bookmarks) Locked

Lecture 4.06: Retrieve and Analyze Archived Logs in Microsoft Sentinel (Archived Data & Search Jobs) Locked

Lecture 4.07: Create and Customize Microsoft Sentinel Workbooks Locked

Lecture 4.08: Conclusion Locked

Description

About this course.

Through guided labs and practical exercises, you’ll learn to think like a security analyst—tracking down malicious activity, containing breaches, and strengthening enterprise defenses against evolving risks.

✅ Master threat detection and response using Microsoft Sentinel and Microsoft Defender

✅ Analyze attack patterns and malicious activity with data-driven investigation techniques

✅ Harden cloud and hybrid environments through proactive security monitoring and remediation

✅ Refine incident handling and escalation procedures in live, time-sensitive simulations

Whether you’re aiming to earn the Microsoft Security Operations Analyst Associate certification (SC-200) or elevate your effectiveness in a SOC role, this course provides the hands-on experience you need to excel in real-world environments.

🎁 Includes 10 full-length practice exams. Build confidence through hands-on labs and scenario-driven exercises.

Step beyond theory and develop the practical expertise required to defend enterprise networks against today’s most pressing cyber threats.