Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the color images
• Conventions used
• Get in touch
• Reviews
• Share Your Thoughts

1. Section 1 – Exam Overview and Evolution of Security Operations

2. Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives FREE CHAPTER

• Technical requirements
• Preparing for a Microsoft exam
• Creating a Microsoft demo tenant
• Summary

3. Chapter 2: The Evolution of Security and Security Operations

• A quick introduction to the terminology
• Understanding the traditional approach to security
• Introducing the modern approach to security
• Getting to know traditional SOC issues
• Exploring modern ways to resolve traditional SOC issues
• Summary

4. Section 2 – Implementing Microsoft 365 Defender Solutions

5. Chapter 3: Implementing Microsoft Defender for Endpoint

• Technical requirements
• Understanding the prerequisites
• Deployment options – onboarding
• Troubleshooting
• Sensor status and verification
• Summary

6. Chapter 4: Implementing Microsoft Defender for Identity

• Technical requirements
• Understanding the prerequisites
• Deployment options
• A troubleshooting guide
• Service status and verification
• Summary

7. Chapter 5: Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier)

• Technical requirements
• Introduction to Microsoft Defender for Cloud and ASC
• Implementing ASC
• Implementing Microsoft Defender for Cloud
• How do ASC and Microsoft Defender for Cloud fit into the security of an enterprise?
• Summary

8. Section 3 – Familiarizing Yourself with Alerts, Incidents, Evidence, and Dashboards

9. Chapter 6: An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and Dashboards

• Before we get started – acronyms and creating your lab!
• General portal navigation
• Alerts and incidents
• How to suppress an alert and create a new suppression rule
• Summary

10. Chapter 7: Microsoft Defender for Identity, What Happened, Alerts, and Incidents

• Technical requirements
• MDI concepts
• Understanding and investigating alerts
• Triaging and responding to alerts
• Summary

11. Chapter 8: Microsoft Defender for Office – Threats to Productivity

• Technical requirements
• Threat protection policies
• Threat investigation and response capabilities
• Automated investigation and response capabilities
• Data loss prevention and insider risk
• Summary

12. Chapter 9: Microsoft Defender for Cloud Apps and Protecting Your Cloud Apps

• Technical requirements
• The MDCA framework
• Cloud Discovery
• Conditional Access App Control
• Classifying and protecting sensitive information
• Detecting, investigating, and responding to application threats
• Summary

13. Section 4 – Setting Up and Connecting Data Sources to Microsoft Sentinel

14. Chapter 10: Setting Up and Configuring Microsoft Sentinel

• Pre-deployment activities
• Azure tenant-level prerequisites
• Enabling and onboarding Microsoft Sentinel
• Global requirements and prerequisites for Microsoft Sentinel
• Data residency
• Enabling Microsoft Sentinel for your organization
• Connecting data sources to Microsoft Sentinel
• Summary

15. Section 5 – Hunting Threats within Microsoft 365 Defender and Microsoft Sentinel

16. Chapter 11: Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel

• Technical requirements
• Kusto query overview
• Advanced threat hunting and the M365 Defender portal
• Hunting for threats in Microsoft Sentinel
• Summary

17. Chapter 12: Knowledge Check

• Example exam questions
• Answer key
• Why subscribe?

18. Other Books You May Enjoy

• Packt is searching for authors like you
• Share Your Thoughts