The SC-200 in-company training teaches your security analysts how to investigate, respond to and hunt for cyberthreats using Microsoft Sentinel, Microsoft Defender XDR and Microsoft Defender for Cloud. The training teaches you Kusto Query Language (KQL) for detection, analysis and reporting. The official Microsoft course lasts 4 days and prepares for the Microsoft Certified: Security Operations Analyst Associate certification.
Suitable for security analysts, SOC analysts and IT professionals who perform threat management, monitoring and response in a Microsoft security environment. Basic knowledge of Microsoft 365, Microsoft Entra ID and Azure services is required. Minimum 4 and maximum 12 participants per group.
Day 1: Microsoft Defender XDR
Understanding Microsoft Defender XDR as a centralised incident management platform. Configuring Microsoft Defender for Endpoint: onboarding, policies and EDR features. Investigating and remediating endpoint incidents. Implementing Microsoft Defender for Identity for Active Directory threat detection. Configuring Microsoft Defender for Office 365 for email security.
Day 2: Microsoft Defender for Cloud Apps and Defender for Cloud
Implementing Microsoft Defender for Cloud Apps for shadow IT detection and app governance. Configuring Microsoft Defender for Cloud for multi-cloud security posture. Analysing security alerts and following up recommendations. Monitoring regulatory compliance in Defender for Cloud.
Day 3: Implementing Microsoft Sentinel
Creating a Microsoft Sentinel workspace and configuring data connectors for Microsoft 365, Azure and third-party sources. Creating analytics rules for threat detection. Configuring workbooks for security dashboards. Implementing automation rules and playbooks with Logic Apps for automated response.
Day 4: KQL, Threat Hunting and Incident Response
Writing KQL queries for log analysis, threat hunting and detection. Using advanced hunting in Microsoft Defender XDR. Conducting incident investigation with entity behaviour analytics (UEBA). Integrating threat intelligence via TAXII and STIX. Preparation for the SC-200 certification exam.
Course materials, labs and exam vouchers are available as an additional option.
As a Dutch SME, you may be eligible for the SLIM subsidy for ICT training. The Dutch government reimburses 60% of your training costs, up to a maximum of €24,999. Period 2 opens 10 August 2026.
Request a quote via our quote form or contact us via our contact page. Or ask Sanne, our AI assistant - available 24/7 via the blue icon at the bottom right of the page.