Microsoft Certified: Security Operations Analyst Associate

Training provider:
NILC

Duration:
4 days

Awarding body:
Microsoft

Delivery:
Tutor-led online

Click here to apply for Tata Steel funding

Overview

The Microsoft Certified: Security Operations Analyst Associate certification is designed for professionals who investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, and Microsoft 365 Defender. This course equips learners with the skills to reduce organizational risk by rapidly remediating active attacks, advising on threat protection improvements, and identifying policy violations. Participants will learn to perform triage, manage incident response, and use threat intelligence to hunt for threats across cloud and on-premises environments. The course also covers the use of Kusto Query Language (KQL) for reporting, detections, and investigations.

What will I learn?

After completing this course, learners will be able to manage threat mitigation using Microsoft Defender XDR, Microsoft Purview, and Microsoft Defender for Endpoint and Cloud. They will learn to create and manage KQL queries in Microsoft Sentinel, configure and manage log connections, detect and remediate threats, and conduct threat hunting activities. The course also includes practical labs and exercises to build hands-on experience with Microsoft’s security tools and services.

Key information

Funding eligibility criteria

Aged 19+
Living in Wales

Plus, one of the following:

Employed (inc. agency & zero hour contracts)
Self-employed
Full-time carer
Prisoner on day release

Entry requirements

While there are no formal prerequisites, learners should have a basic understanding of Microsoft 365, Windows 10, and Azure services such as Azure SQL Database and Azure Storage. Familiarity with scripting concepts and Microsoft security, compliance, and identity products is recommended. This course is intended for individuals working in security operations roles or those preparing to enter the field.

Assessment

The SC-200 exam is a proctored certification assessment that lasts approximately 100 minutes. It includes interactive components and requires a minimum score of 700 out of 1000 to pass. The exam evaluates skills in managing a security operations environment, configuring protections and detections, managing incident response, and handling security threats.

Career progression

Course dates will be discussed directly with the training provider upon successful completion of funding application. Any course dates arranged with the training provider prior to funding being secured may not be honoured – Course dates will only be confirmed once funding has been approved.