Overview

Prepare for Microsoft Exam SC-200 and help demonstrate your real-world mastery of skills and knowledge required to work with stakeholders to secure IT systems, and to rapidly remediate active attacks. Designed for Microsoft security operations analysts, this Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified Associate level. Focus on the expertise on monitoring, identifying, investigating, and responding to threats in cloud and on-premises environments by using: Microsoft Defender XDR Security Copilot Microsoft Sentinel Microsoft Defender for Cloud workload protections This Microsoft Exam Ref: Organizes its coverage by exam objectives Features strategic, what-if scenarios to challenge you Assumes you have experience with threat management, monitoring, and/or response in Microsoft 365 environments Exam SC-200 focuses on knowledge needed to detect, investigate, and remediate security threats across cloud and on-premises environments by equipping security operations analysts with the skills to manage and operate a modern SOC using Microsoft Defender XDR, Microsoft Sentinel, Microsoft Defender for Cloud, and Security Copilot; configure and manage a security operations environment by designing Sentinel workspaces, optimizing data sources, managing assets through Defender Vulnerability Management and Exposure Management, and configuring automation and attack disruption; configure protections and detections across Defender solutions; assess incident response capabilities, including investigating and remediating threats such as ransomware, email compromise, compromised identities, insider risks, and cloud workload attacks using investigation tools, device timelines, live response, playbooks, and automation, as well as leveraging Security Copilot for guided investigations and analysis; employ KQL for proactive threat hunting, interpreting threat analytics and MITRE ATT&CK coverage, managing threat indicators, and visualizing security data to continuously reduce organizational risk. About Microsoft Certification Passing this exam fulfills your requirements for the Microsoft Certified: Security Operations Analyst Associate certification credential, demonstrating your ability to collaborate with organizational stakeholders to reduce organizational risk, advise on threat protection improvements, and address violations of organizational policies. See full details at: microsoft.com/learn

Full Product Details

Author:   Yuri Diogenes ,  Sarah Young
Publisher:   Pearson Education (US)
Imprint:   Addison Wesley
Edition:   2nd edition
Dimensions:   Width: 19.00cm , Height: 2.50cm , Length: 23.50cm
Weight:   0.567kg
ISBN:  

9780135590782

ISBN 10:   0135590787
Pages:   320
Publication Date:   16 June 2026
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Paperback
Publisher's Status:   Forthcoming
Availability:   Available To Order  
Limited stock is available. It will be ordered for you and shipped pending supplier's limited stock.

Table of Contents

Introduction Module 1: Implement Information Protection Lesson 1: Implement and Manage Data Classification 1.1 Identify sensitive information requirements for an organization’s data 1.2 Translate requirements into built-in or custom sensitive info types 1.3 Create and manage custom sensitive info types 1.4 Implement document fingerprinting 1.5 Create and manage exact data match (EDM) classifiers 1.6 Create and manage trainable classifiers 1.7 Monitor classification with data explorer and content explorer 1.8 Configure optical character recognition (OCR) support for sensitive info types Lesson 2: Implement and Manage Sensitivity Labels in Microsoft Purview 2.1 Implement roles and permissions for sensitivity labels 2.2 Define and create sensitivity labels for items and containers 2.3 Configure protection settings and content marking for sensitivity labels 2.4 Configure and manage publishing policies for sensitivity labels 2.5 Configure and manage auto-labeling policies for sensitivity labels 2.6 Apply sensitivity labels to containers, such as Microsoft Teams, Microsoft 365 Groups, Microsoft Power BI, and Microsoft SharePoint 2.7 Apply sensitivity labels by using Defender for Cloud Apps Lesson 3: Implement Information Protection for Windows, File Shares, and Exchange 3.1 Implement protection for Windows, file shares, and Exchange 3.2 Plan and implement the Purview Information Protection client 3.3 Manage files using the Purview client 3.4 Apply bulk classification to on-premises data by using the Microsoft Purview Information Protection scanner 3.5 Design and implement Microsoft Purview Message Encryption 3.6 Design and implement Microsoft Purview Advanced Message Encryption Module 2: Implement Data Loss Prevention and Retention Lesson 4: Create and Configure Data Loss Prevention (DLP) Policies 4.1 Design DLP policies based on an organization’s requirements 4.2 Implement roles and permissions for DLP 4.3 Create and manage DLP policies 4.4 Configure DLP policies for Adaptive Protection 4.5 Interpret policy and rule precedence in DLP 4.6 Create file policies in Microsoft Defender for Cloud Apps by using a DLP policy Lesson 5: Implement and Monitor Microsoft Purview Endpoint DLP 5.1 Specify device requirements for Endpoint DLP, including extensions 5.2 Configure advanced DLP rules for devices in DLP policies 5.3 Configure Endpoint DLP settings 5.4 Configure just-in-time protection 5.5 Monitor endpoint activities Lesson 6: Implement and Manage Retention 6.1 Plan for information retention and disposition by using retention labels 6.2 Create, configure, and manage adaptive scopes 6.3 Create retention labels for data lifecycle management 6.4 Configure retention label policies (publish/auto-apply) 6.5 Interpret the results of policy precedence, including using Policy lookup 6.6 Create and configure retention policies 6.7 Recover retained content in Microsoft 365 Module 3: Manage Risks, Alerts, and Activities Lesson 7: Implement and Manage Microsoft Purview Insider Risk Management 7.1 Implement roles and permissions for Insider Risk Management 7.2 Plan and implement Insider Risk Management connectors 7.3 Plan and implement integration with Microsoft Defender for Endpoint 7.4 Configure and manage Insider Risk Management settings 7.5 Configure policy indicators 7.6 Select an appropriate policy template 7.7 Create and manage Insider Risk Management policies 7.8 Manage forensic evidence settings 7.9 Enable and configure insider risk levels for Adaptive Protection 7.10 Manage insider risk alerts and cases 7.11 Manage Insider Risk Management workflow, including notice templates Lesson 8: Manage Information Security Alerts and Activities 8.1 Assign Microsoft Purview Audit (Premium) user licenses 8.2 Investigate activities by using Microsoft Purview Audit 8.3 Configure audit retention policies 8.4 Analyze Purview activities by using activity explorer 8.5 Respond to data loss prevention alerts in the Microsoft Purview portal 8.6 Investigate insider risk activities by using the Microsoft Purview portal 8.7 Respond to Purview alerts in Microsoft Defender XDR 8.8 Respond to Defender for Cloud Apps file policy alerts 8.9 Perform searches by using Content search Lesson 9: Protect Data Used by AI Services 9.1 Implement controls in Microsoft Purview to protect content in an environment that uses AI services 9.2 Implement controls in Microsoft 365 workloads to protect content in an environment that uses AI services 9.3 Implement prerequisites for Data Security Posture Management (DSPM) for AI 9.4 Manage roles and permissions for DSPM for AI 9.5 Configure DSPM for AI policies 9.6 Monitor activities in DSPM for AI

Reviews

Author Information

Yuri Diogenes has a PhD in cybersecurity leadership and a Master of Science in cybersecurity intelligence and forensics investigation. Yuri has been working at Microsoft since 2006, and currently he is a Principal PM Manager at Microsoft CxE, where he manages the Defender for Cloud and Azure Network Security Teams. Yuri is also a Professor at the University of Texas at Dallas, Trine University, and EC-Council University. Yuri has published more than 30 books, mostly around information security and Microsoft technologies. Yuri also holds an MBA and many IT/Security industry certifications, such as CISSP, E|CND, E|CEH, E|CSA, E|CHFI, E|CTI, CompTIA Security+, CySA+, CASP, and MITRE ATT&CK Cyber Threat Intelligence. You can follow Yuri on X at @yuridiogenes and watch his Defender for Cloud in the Field show at aka.ms/MDCInTheField. Sarah Young is the Director of Security for the Microsoft Innovation Hub. Having worked with Microsoft Security products for a good portion of her security career, Sarah has extensive knowledge of the platform and has helped it develop and grow in various roles at Microsoft over the years. Sarah is an experienced public speaker and has presented on a range of IT security and technology topics at global industry events and holds numerous IT security qualifications (some expired, some still going!). She is an active supporter of security and cloud native communities around the world and is a co-host of the Microsoft Azure Security Podcast. You can follow Sarah on the socials @_sarahyo and listen to her podcast at aka.ms/azsecpod.

Tab Content 6

Author Website:  

Countries Available

All regions