New Certifications in Microsoft
Information Technology has recently gained a lot of momentum, but it is not without its disadvantages. It is vulnerable and exposed to risks. Security is a vital feature in any domain, but it is often overlooked. We’re all aware that for successful digital environments and projects, security is at the top of the priority list. Microsoft has added a few additional security certifications to its portfolio. Regardless of where you are in your security learning, there is a shiny new credential you can take to develop your skillset, ranging from entry-level to advanced level. Although these certifications don’t have an AZ prefix, that doesn’t mean the information you’ll learn from them won’t be helpful in your Azure career. The following are the latest certifications:
SC-200: Microsoft Security Operations Analyst
Microsoft estimated that there is a shortage of about 3.5 million security professionals. It released four new security-focused certifications that allow IT professionals and security professionals to validate their skills or skill up in one of the most indispensable assets. One of these certifications is the new SC-200: Microsoft Security Operations Analyst.
This is an associate-level certification and specializes in the security domain of operations. The designation you receive after completing this certification is the Microsoft Certified Security Operations Analyst Associate. The Microsoft Security Operations Analysts work with corporate partners to protect the organization’s Information Technology infrastructure. They tend to reduce organizational risk by quickly resolving active attacks in the workplace, consulting on threat protection procedures, and reporting policy violations to relevant stakeholders.
They are mainly accountable for threat management, monitoring, and response using a range of security solutions throughout their environment. Using Azure Defender, Microsoft Azure Sentinel, Microsoft 365 Defender, and third-party security products, the job primarily investigates, responds to, and hunts for threats. The Security Operations Analyst is a key stakeholder in the configuration and deployment of these technologies because they absorb the operational performance of these tools. This certification can be used to show awareness of threat detection and proactive threat hunting using Microsoft SCI solutions.
Why SC-200 Certification?
A lot of candidates prefer Microsoft certifications over a range of possibilities for building their careers. The popularity of Microsoft certifications has been radically increasing lately because they carry a lot of benefits:
Who should do this Certification?
This certification is specially designed for:
It is recommended to have SC-900: Microsoft Security, Compliance and Identity Fundamentals certification, which explains the fundamentals of security, compliance, and identity. If you want to specialize in security, you can pursue the SC-200: Microsoft Security Operations Analyst certification. Along with this, you must also have:
The SC-200 exam is still in a Beta format so this information is subject to change. As per the current scenario:
|Exam Format||Multiple Choice Questions, Drag and Drop, Multiple Answers, Scenario-based, etc.|
|No. of Questions||50-60|
|Exam Duration||120 minutes|
|Registration fees||$165 USD|
Domains of SC-200
The Microsoft Security Operations Analyst Certification exam assesses your knowledge in the following domains:
Domain 1: Mitigate threats using Microsoft 365 Defender (25-30%)
This domain explains how you can use the Microsoft Defender to detect, investigate, respond, and remediate threats to productivity, endpoint threats, and identity threats. It also explains the ways in which you can manage the investigation of cross-domain.
Detect, respond, investigate, and remediate threats to the productivity environment by using Microsoft Defender for Office 365
You will learn to detect, investigate, respond, remediate Microsoft Teams, SharePoint, and OneDrive for Business threats and email by using Defender for Office 365. You will also learn ways to direct data loss prevention policy alerts, and recommend insider risk policies, and recommend sensitivity labels assess.
Detect, respond, investigate, and remediate endpoint threats by making use of Microsoft Defender for Endpoint
You will learn how to manage data retention, alert notification, and advanced features. This part of the domain will also include configuring device attack surface reduction rules and managing custom detections and alerts. You will also learn to manage automated investigations and remediations, respond to incidents and alerts, recommend and assess endpoint configurations to reduce and remediate vulnerabilities by making use of Microsoft’s Threat and Vulnerability Management solution, analyze Microsoft Defender for Endpoint threat analytics and manage Microsoft Defender for Endpoint threat indicators.
Detect, investigate, respond, and remediate identity threats
You will acquire knowledge of identifying and remediating security risks related to Sign-in Risk Policies, Conditional Access Events, Azure Active Directory, Active Directory Domain Services, Secure Score, and Privileged Identities. You will also learn to configure detection alerts in Azure AD Identity Protection and MCAS to generate alerts and reports in order to determine threats.
Manage cross-domain investigations in Microsoft 365 Defender Portal
You will learn how to manage incidents across Microsoft 365 Defender products, actions pending approval across products, and perform advanced threat hunting.
Domain 2: Mitigate threats using Azure Defender (25-30%)
This domain explains how to make use of Azure Defender to mitigate threats and risks. It includes the configuration, management, and investigation of an Azure Defender and configuration of automation and remediation.
Design and configure an Azure Defender implementation
You will gain an understanding of planning and configuring an Azure Defender workspace, Azure Defender roles, data retention policies, and assess and then recommend protection for cloud workloads.
Plan and incorporate the use of data connectors in Azure Defender for data ingestion
You’ll learn how to classify data sources for Azure Defender, how to configure Automated Onboarding for Azure resources, how to link non-Azure Machine Onboarding, how to connect AWS Cloud resources, how to connect GCP Cloud resources, and how to configure data collection.
Manage Azure Defender alert rules
You will learn how to validate the alert configuration, set up email notifications, and create and manage alert suppression rules.
Configure automation and remediation
You’ll learn how to set up automated responses in Azure Security Center, create a playbook in Azure Defender, use Azure Defender suggestions to remediate incidents, and use an Azure Resource Manager template to create an automatic response.
Investigate Azure Defender alerts and incidents
You will learn how to describe alert types for Azure workloads, ways to manage security alerts, and security incidents. You will also learn how to analyze Azure Defender threat intelligence, respond to Azure Defender for Key Vault alerts, and manage user data discovered during an investigation.
Domain 3: Mitigate threats using Azure Sentinel (40-45%)
This domain is a significantly dominant part of the exam. It explains how to make use of Azure Sentinel to mitigate threats and risks. It includes the designing, configuring, planning, implementing, and managing different aspects of Azure Sentinel.
Design and configure an Azure Sentinel workspace
You will learn how to plan an Azure Sentinel workspace, configure Azure Sentinel roles, configure Azure Sentinel service security, and design Azure Sentinel data storage.
Plan and introduce the use of Data Connectors for data ingestion in Azure Sentinel
You will learn how to identify data sources to be ingested for Azure Sentinel, and the prerequisites for a data connector. This part of the domain will also include learning how to configure and use Azure Sentinel data connectors and design Syslog and CEF collections and configure Windows Events collections. You will gain knowledge of how to configure custom threat intelligence connectors and create custom logs in Azure Log Analytics to store custom data.
Manage Azure Sentinel analytics rules
You’ll learn how to develop and configure analytics rules, create custom analytics rules to detect threats, allow Microsoft security analytical rules, configure connector-provided scheduled queries, identify incident development logic, and configure connector-provided questions planned.
Configure Azure Sentinel’s Security Orchestration Automation and Remediation (SOAR)
You will become proficient in creating Azure Sentinel playbooks, configure rules and incidents to trigger playbooks, use playbooks to remediate threats, and manage incidents across Microsoft Defender solutions.
Manage Azure Sentinel Incidents
You will learn how to investigate, triage, and respond to incidents in Azure Sentinel, investigate multi-workspace incidents and identify advanced threats with User and Entity Behavior Analytics (UEBA).
Use Azure Sentinel workbooks to analyze and interpret data
You will learn how to activate and customize Azure Sentinel workbook templates, create custom workbooks, configure advanced visualizations, view and analyze Azure Sentinel data using workbooks, and track incident metrics using the security operations efficiency workbook.
Hunt for threats using the Azure Sentinel portal
You will learn how to create custom hunting queries, run hunting queries manually, monitor hunting queries by using Livestream, perform advanced hunting with notebooks, track query results with bookmarks, use hunting bookmarks for data investigations, and convert a hunting query to an analytical rule.
To Summarize Up
This certification provides improvised learning on mitigating threats using different tools. Through this course, you will learn the configuration and management of various tools like Microsoft 365 Defender, Azure Defender, and Azure Sentinel. You’ll have an in-depth understanding of the security domain. If the security leadership excites you, then the SC-200 certification is the right choice for you.
NOTE: This exam is now in the testing process. Microsoft collects statistics on the content of the questions and the test, so beta exams are not scored immediately. As this program is in the beta phase so exact details about the exam will be updated accordingly. Right now, based on the experience with Microsoft we can suggest that the passing score is going to be around 700.