SC-200: Configure your Microsoft Sentinel environment

By the end of this module, you will be able to:

• Identify the various components and functionality of Microsoft Sentinel.
• Identify use cases where Microsoft Sentinel would be a good solution.

Upon completion of this module, the learner will be able to:

• Describe Microsoft Sentinel workspace architecture
• Install Microsoft Sentinel workspace
• Manage an Microsoft Sentinel workspace

Upon completion of this module, the learner will be able to:

• Use the Logs page to view data tables in Microsoft Sentinel
• Query the most used tables using Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Create a watchlist in Microsoft Sentinel
• Use KQL to access the watchlist in Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Manage threat indicators in Microsoft Sentinel
• Use KQL to access threat indicators in Microsoft Sentinel

• Introduction
• What is Microsoft Sentinel?
• How Microsoft Sentinel works
• When to use Microsoft Sentinel
• Knowledge check
• Summary

• Introduction
• Plan for the Azure Sentinel workspace
• Create an Azure Sentinel workspace
• Manage workspaces across tenants using Azure Lighthouse
• Understand Azure Sentinel permissions and roles
• Manage Azure Sentinel settings
• Knowledge check
• Summary and resources

• Introduction
• Query logs in the logs page
• Understand Azure Sentinel tables
• Understand common tables
• Understand Microsoft 365 Defender tables
• Knowledge check
• Summary and resources

• Introduction
• Plan for watchlists
• Create a watchlist
• Knowledge check
• Summary and resources

• Introduction
• Define threat intelligence
• Manage your threat indicators
• View your threat indicators with KQL
• Knowledge check
• Summary and resources