Skip to content
CBT Nuggets

Microsoft Certified: Security Operations Analyst Associate (SC-200)

This SC-200 Microsoft Security Operations Analyst certification training covers how to contribute to an enterprise network’s overall network safety by mastering Microsoft-specific tools. This Microsoft Security Operations Analyst training prepares you for the SC-200 certifying exam by diving deep into Microsoft’s three enterprise security programs: Defender, Defender for Cloud, and Sentinel.

Updated April 2026

17Skills
92Videos
14h 46mTotal
92 videos14h 46m

Who This Course Is For

This Security Operations Analyst training is considered professional-level Microsoft training, which means it was designed for security operations analysts. This security skills course is designed for security operations analysts with three to five years of experience with configuration and dMicrosoft security products.

Course Curriculum

  • Intro To Microsoft Defender XDRFree46m
  • Premium skill.Getting Started With Microsoft Defender XDR47m
  • Premium skill.Device Groups and Email Notifications49m
  • Premium skill.Configure Endpoint Settings & Alert Tuning44m
  • Premium skill.Defender Automated Investigation & Response45m
  • Premium skill.Managing Assets and Environments59m
  • Premium skill.Design and configure a MS Sentinel Workspace54m
  • Premium skill.Ingest data sources in MS Sentinel52m
  • Premium skill.Configure Protections & Detections in Defender XDR52m
  • Premium skill.KQL & Custom detections in Defender XDR54m
  • Premium skill.Configure Detections in Sentinel1h
  • Premium skill.Responding To Alerts In Defender Products55m
  • Premium skill.Investigating Defender Alerts & Incidents57m
  • Premium skill.Investigating MS 365 Activities and Sentinel Tools55m
  • Premium skill.Implement and Use Microsoft Security Copilot56m
  • Premium skill.Hunt for threats by using Microsoft Sentinel54m
  • Premium skill.Sentinel workbooks & Hunting Threats in Defender46m

Certification

Microsoft Certified: Security Operations Analyst Associate (SC-200)

The Microsoft Certified: Security Operations Analyst Associate certification validates the skills and knowledge of security operations analysts to detect and respond to threats, and to configure and use threat detection tools, and who should pursue t...

Exam SC-200Level AssociateDifficulty IntermediateCost $165 USD
Threat managementIncident responseSecurity operationsMicrosoft 365 securityAzure security
Official certification page

For IT leaders

What IT leaders need to know before assigning this course

Security teams often inherit Microsoft Defender XDR and Microsoft Sentinel without consistent runbooks for alert tuning, investigation, response, and threat hunting. This SC-200 course gives IT Directors a structured way to align SOC analysts, security engineers, and Microsoft 365 security practitioners around the same Microsoft security operations workflow.

The course is intermediate and works best for teams already supporting Microsoft 365, endpoint security, or SIEM operations. Plan for about 14 hours, 45 minutes per learner across 17 course sections, making it practical for phased enablement rather than a one-time training event. Training Managers can sequence topics from Defender XDR foundations into Sentinel workspace design, data ingestion, KQL, detections, investigations, Security Copilot, and threat hunting.

For change management, Team Leads can assign this course before standardizing detection rules, alert response processes, or Sentinel adoption. CBT Nuggets capabilities such as Playlists and Team Reporting help leaders guide completion and track progress; Practice Exams can support SC-200 certification readiness where exam preparation is part of the team goal.

Team Impact

How this training helps your team succeed

IT teams complete this training to make Microsoft security operations more consistent across Defender XDR and Microsoft Sentinel. The course maps to scenarios SOC teams face when configuring tools, reducing alert noise, investigating incidents, and improving response quality.

  • Standardize Defender XDR operations: Teams learn how device groups, email notifications, endpoint settings, alert tuning, and automated investigation and response fit into day-to-day security operations.
  • Improve Sentinel readiness: Security teams learn how to design a Sentinel workspace, ingest data sources, configure detections, and use workbooks for visibility.
  • Strengthen investigation workflows: Analysts practice the concepts behind responding to alerts, investigating Defender alerts and incidents, and reviewing Microsoft 365 activities with Sentinel tools.
  • Build proactive threat-hunting capability: Teams learn to use KQL, custom detections, Sentinel hunting, Defender hunting, and Microsoft Security Copilot as part of a more mature SOC workflow.

After completion

Knowledge & ability your team will gain

Knowledge

  • How Microsoft Defender XDR supports security operations across alerts, incidents, assets, endpoint settings, and automated investigation and response.
  • How device groups, email notifications, alert tuning, protections, and detections affect operational consistency.
  • How Microsoft Sentinel workspaces are designed and connected to ingested data sources.
  • How KQL, custom detections, Sentinel detections, workbooks, and hunting tools support investigation and threat discovery.
  • Where Microsoft Security Copilot fits into Microsoft security operations workflows.

Ability

  • Configure core Defender XDR settings that support endpoint security, alert handling, and automated response.
  • Manage security assets and environments in a way that supports SOC visibility.
  • Design and configure a Microsoft Sentinel workspace and connect data sources for analysis.
  • Create and tune detections in Defender XDR and Sentinel using KQL-driven workflows.
  • Respond to and investigate alerts, incidents, Microsoft 365 activities, and threat-hunting findings across Defender and Sentinel.

This course is included with every subscription

Get your team access to all 559 courses, virtual labs, and practice exams.

Most Popular

Team

$749per seat / year

5+ learner seats

Get Started

Enterprise

Customannual contracts

Any size

Contact Enterprise Sales
Calculate the ROI of training your team

Trusted by 23,000+ organizations

Frequently Asked Questions

Ready to upskill your team?

Talk to our sales team to find the right plan for your organization.