SC-200: Mitigate threats using Microsoft Defender XDR
Offered By: Microsoft via Microsoft Learn
Course Description
Overview
- Module 1: Learn about cybersecurity threats and how the new threat protection tools from Microsoft protect your organization’s users, devices, and data.
- Define security threats.
- Understand common threats.
- Explain how the threat landscape is evolving.
- Module 2: Mitigate incidents using Microsoft 365 Defender
- Manage incidents in Microsoft 365 Defender
- Investigate incidents in Microsoft 365 Defender
- Conduct advanced hunting in Microsoft 365 Defender
- Module 3: Use the advanced detection and remediation of identity-based threats to protect your Azure Active Directory identities and applications from compromise.
- Describe the features of Azure Active Directory Identity Protection.
- Describe the investigation and remediation features of Azure Active Directory Identity Protection.
- Module 4: Learn about the Microsoft Defender for Office 365 component of Microsoft 365 Defender.
- Define the capabilities of Microsoft Defender for Office 365.
- Understand how to simulate attacks within your network.
- Explain how Microsoft Defender for Office 365 can remediate risks in your environment.
- Module 5: Learn about the Microsoft Defender for Identity component of Microsoft 365 Defender.
- Define the capabilities of Microsoft Defender for Identity.
- Understand how to configure Microsoft Defender for Identity sensors.
- Explain how Microsoft Defender for Identity can remediate risks in your environment.
- Module 6: Microsoft Defender for Cloud Apps is a cloud access security broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services. Learn how to use Defender for Cloud Apps in your organization.
- Define the Defender for Cloud Apps framework
- Explain how Cloud Discovery helps you see what's going on in your organization
- Understand how to use Conditional Access App Control policies to control access to the apps in your organization
- Module 7: Respond to data loss prevention alerts using Microsoft 365
- Describe data loss prevention (DLP) components in Microsoft 365
- Investigate DLP alerts in the Microsoft 365 compliance center
- Investigate DLP alerts in Microsoft Defender for Cloud Apps
- Module 8: Insider risk management in Microsoft 365 helps organizations address internal risks, such as IP theft, fraud, and sabotage. Learn about insider risk management and how Microsoft technologies can help you detect, investigate, and take action on risky activities in your organization.
- Explain how insider risk management in Microsoft 365 can help prevent, detect, and contain internal risks in an organization.
- Describe the types of built-in, pre-defined policy templates.
- List the prerequisites that need to be met before creating insider risk policies.
- Explain the types of actions you can take on an insider risk management case.
In this module, you will learn how to:
Upon completion of this module, the learner will be able to:
In this module, you will:
In this module, you will learn how to:
Upon completion of this module, you should be able to:
At the end of this module, you should be able to:
Upon completion of this module, the learner will be able to:
Upon completion of this module, you should be able to:
Syllabus
- Module 1: Introduction to threat protection with Microsoft 365
- Introduction to threat protection
- Learn about common threats
- Understand the evolving threat landscape
- Summary and knowledge check
- Module 2: Mitigate incidents using Microsoft 365 Defender
- Introduction
- Use the Microsoft 365 Defender portal
- Manage incidents
- Investigate incidents
- Use the action center
- Conduct advanced hunting
- Knowledge check
- Summary and resources
- Module 3: Protect your identities with Azure AD Identity Protection
- Introduction
- Azure AD Identity Protection overview
- Detect risks with Azure AD Identity Protection policies
- Investigate and remediate risks detected by Azure AD Identity Protection
- Summary
- Module 4: Remediate risks with Microsoft Defender for Office 365
- Introduction to Microsoft Defender for Office 365
- Automate, investigate, and remediate
- Configure, protect, and detect
- Simulate attacks
- Summary and knowledge check
- Module 5: Safeguard your environment with Microsoft Defender for Identity
- Introduction to Microsoft Defender for Identity
- Configure Microsoft Defender for Identity sensors
- Review compromised accounts or data
- Integrate with other Microsoft tools
- Summary and knowledge check
- Module 6: Secure your cloud apps and services with Microsoft Defender for Cloud Apps
- Introduction
- Understand the Defender for Cloud Apps Framework
- Explore your cloud apps with Cloud Discovery
- Protect your data and apps with Conditional Access App Control
- Walk through discovery and access control with Microsoft Defender for Cloud Apps
- Classify and protect sensitive information
- Detect Threats
- Knowledge check
- Summary
- Module 7: Respond to data loss prevention alerts using Microsoft 365
- Introduction
- Describe data loss prevention alerts
- Investigate data loss prevention alerts in Microsoft 365 compliance
- Investigate data loss prevention alerts in Microsoft Defender for Cloud Apps
- Knowledge check
- Summary and resources
- Module 8: Manage insider risk in Microsoft 365
- Insider risk management overview
- Introduction to managing insider risk policies
- Create and manage insider risk policies
- Knowledge check
- Investigate insider risk alerts
- Take action on insider risk alerts through cases
- Summary and knowledge check
Tags
Related Courses
SC-200: Configure your Microsoft Sentinel environmentMicrosoft via Microsoft Learn SC-200: Connect logs to Microsoft Sentinel
Microsoft via Microsoft Learn SC-200: Create detections and perform investigations using Microsoft Sentinel
Microsoft via Microsoft Learn SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Microsoft via Microsoft Learn SC-200: Mitigate threats using Microsoft Defender for Cloud
Microsoft via Microsoft Learn