SC-200: Mitigate threats using Microsoft 365 Defender

Security Operations Analyst
Microsoft 365

Analyze threat data across domains and rapidly remediate threats with built-in orchestration and automation in Microsoft 365 Defender. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.


  • Fundamental understanding of Microsoft security, compliance, and identity products
  • Basic understanding of Microsoft 365

Modules in this learning path

In this module, you'll learn how to use the Microsoft 365 Defender integrated threat protection suite.

Learn how the Microsoft 365 Defender portal provides a unified view of incidents from the Microsoft 365 Defender family of products.

Use the advanced detection and remediation of identity-based threats to protect your Azure Active Directory identities and applications from compromise.

Learn about the Microsoft Defender for Office 365 component of Microsoft 365 Defender.

Learn about the Microsoft Defender for Identity component of Microsoft 365 Defender.

Microsoft Defender for Cloud Apps is a cloud access security broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services. Learn how to use Defender for Cloud Apps in your organization.

As a Security Operations Analyst, you need to understand compliance related terminology and alerts. Learn how the data loss prevention alerts will help in your investigation to find the full scope of the incident.

Microsoft Purview Insider Risk Management helps organizations address internal risks, such as IP theft, fraud, and sabotage. Learn about insider risk management and how Microsoft technologies can help you detect, investigate, and take action on risky activities in your organization.