Guide to Microsoft Security Certifications Part 2

Welcome to SecOps

Security Operations has become quite the growing field over the last few years, and the sense is this wave is only going to grow even larger as more companies begin their digital transformations. On the other end of the spectrum, Security Operations have needed to evolve with the increasing adoption of cloud technologies, and with the shift of focus to the cloud versus on premises. This redefined architecture has left many organizations in a quagmire as to what skills are needed for those front-line cybersecurity individuals.

If you find yourself into exactly what I am describing here and you also share a passion for Microsoft Technologies, then you certainly in the right place. Not many people think of Microsoft as a security company, but the reality is, they are, and they have been making waves in this space. With a suite of security technologies, you can really separate yourself from the field with validation of knowledge around the central Microsoft Security tools.?

1. Microsoft Sentinel
2. Microsoft 365 Defender (yes, the full Suite!)
3. Microsoft Defender for Cloud

Tiny Habits!

The Microsoft Security Operations Analyst certification breaks down into three objective domains centered around the three technologies I listed earlier and they certainly can feel overwhelming at first. However, I want to share with you my approach to this.

My favorite way to tackle certifications is to break them down into more focused areas of study, for me this is a huge benefit as I struggle with ADHD. Ensuring that I can hyper focus and not get sucked into different areas is important for my study habits. Will this work for you? I approach learning in this way as I want to ensure I am nurturing this and fitting it into my daily routine so that I don't feel like it's a chore or something I have to schedule or block time for.

"In order to design successful habits and change your behaviors, you should do three things. Stop judging yourself. Take your aspirations and break them down into tiny behaviors. Embrace mistakes as discoveries and use them to move forward."

Essential Tips, Tricks and Hints

Mitigate Threats with Microsoft 365 Defender

My focus first started on breaking down Microsoft 365 Defender, as mitigating threats within this suite of tools would be a bit more challenging because of the multi-product nature of M365 Defender. You’ll need to understand how to mitigate threats across all four products (Microsoft Defender for Office 365, Identity, Endpoints and Cloud apps), in addition to the Identity section has Azure AD Premium security concepts like Conditional Access, Identity Protection, Privileged Identity Management and Secure Score.?

You find that the learning path is a bit more weighted towards Microsoft Defender for Endpoint, and I would say my exam experience certainly featured more questions around this topic. That does not mean yours will. As a supplement, I strongly urge you to check out the Microsoft Security Community Ninja Trainings. Though the Ninja trainings DO NOT map to certification requirements, the learning guides provide you a deep understanding of the various security products and can help fill the gap on knowledge and experience with the product to ensure you are prepared.

With all this vast knowledge of both Learn and Ninja, you should feel confident with your skills in mitigating threats with Microsoft 365 Defender. This part makes up 25-30% of the exam. Expect a fair number of questions around all areas, with a slight focus on at least one of the products (again, mine was Endpoint, but yours may be something else).?

Mitigate Threats with Microsoft Defender for Cloud

Unlike is counterpart over in Microsoft 365, Defender for Cloud does not focus in on the different products; (Servers, Storage, Containers, SQL, etc.) but rather focuses more on the overall platform itself. Approaching this section, I focused on learning by doing, as I have my own Azure subscriptions that I could leverage and highly encourage you do.

Are you feeling confident that you know this objective domain? If yes, great continue on. If not, then I recommend checking out the Microsoft Defender for Cloud Ninja training to really dive deep into this platform, and ensure you are ready.

Mitigate threats with Microsoft Sentinel

The granddaddy of them all, the heart of the exam is Microsoft Sentinel and with the exam guide telling me its 40-45% of the questions I will see, the importance can not be simplified. I started my learning journey with Sentinel by deploying the Microsoft Sentinel Lab within one of my Azure subscriptions.

Now transparently, I needed to have a Microsoft Sentinel workspace already deployed, so ensure you setup Sentinel first, then deploy this lab so that you can get your hands on the platform. Additionally, the main 2 training methods are Microsoft Learn and the Sentinel Ninja training.

I love the Sentinel Ninja training most of all, as it was the 1st one!! So it has the most content and frankly maps pretty well with the certification objectives. Sentinel is what Microsoft views as the heart of any Modern Security Operations Center, and as someone who wants to be certified as an analyst, you need to ensure that your comfortable with all aspects of Sentinel.

Microsoft SC-200 Learn Path

All of the Microsoft Security Ninja Trainings (They'll come in handy!)

Time to Exam!

Now, there are certainly other training methods you can also leverage through providers like Opsgility, ISInc, and other Training partners that are on the Microsoft Training Partner list. Sadly, the list of online training is fairly scarce, A Cloud Guru, WhizLabs, LinkedIn Learning, and others do not have the SC-200 in their library for whatever reason, Pluralsight has 2 courses on 2 of the Objective Domains, but the full learning path is not complete.

Whizlabs does provide you a practice test options for $20 USD, and usually they are quite comprehensive when it comes to practices exams, so while I did not use them for this reason, certainly would recommend that option if practice exams are something you like to invest in.

After you sit for the exam, be sure to let me know how you did, whether it be pass or fail there is something to be learned, gained, improved by either situation. Remember to always have that growth mindset and even when things may seem bad, there is something good that can be had and it takes those TINY HABITS to make sure you keep going!

Wrap Up Time

I hope you enjoyed this guide into the Microsoft Security Operations Analyst exam, and that it has given you that extra edge you need. With Part 2 down and now you are really digging into the Microsoft Security arena, its time to focus on the Identity side. Security has become such a critical topic in cloud that I hope you continue your journey to become an expert. Looking forward to seeing you in Part 3, where we talk about the Microsoft Security Identity and Access Administrator Associate exam (SC-300).