As a candidate for this certification, you’re a Microsoft security operations analyst who reduces organizational risk by:
- Rapidly remediating active attacks in cloud and on-premises environments.
- Advising on improvements to threat protection practices.
- Identifying violations of organizational policies.
As a security operations analyst, you:
- Perform triage.
- Respond to incidents.
- Manage vulnerabilities.
- Hunt for threats.
- Evaluate logs.
- Analyze threat intelligence.
You also monitor, identify, investigate, and respond to threats in cloud and on-premises environments by using:
- Microsoft Sentinel
- Microsoft Defender for Cloud
- Microsoft Defender XDR
- Third-party security solutions
In this role, you use Kusto Query Language (KQL) for reporting, detections, and investigations. You collaborate with business stakeholders, architects, cloud administrators, endpoint administrators, identity administrators, compliance administrators, and security engineers to secure the digital enterprise.
As a candidate, you should be familiar with:
- Microsoft 365
- Azure cloud services
- Windows and Linux operating systems