Security Operations Analyst (SC-200) Curriculum

Public curriculum preview for visitors and enrolled students. Use this page to evaluate module scope, outcomes, and learning path.

Download PDFBack to Course
Curriculum

Microsoft Security Operations Analyst (SC-200)

Structured, hands-on learning path for Microsoft Security Operations Analyst (SC-200) with detailed weekly outcomes and practical delivery.

Duration: 14 Weeks
Level: Intermediate
Study Time: 2 hours/week + labs
School: Hexadigitall Academy
14 WeeksIntermediateProject-Based

Welcome to Microsoft Security Operations Analyst (SC-200)! 🎓

This curriculum for Microsoft Security Operations Analyst (SC-200) follows a Bloom-aligned progression from practical foundations to measurable professional outcomes, with weekly evidence, labs, and portfolio outputs matched to intermediate expectations.

Each week advances from comprehension and application toward evaluation and creation, ensuring progressive learning and capstone readiness.

Your success is our priority. By the end, you will produce portfolio-ready artifacts and confidently explain your technical decisions. You will graduate with a professionally curated portfolio that demonstrates scope, depth, and delivery quality. You will graduate with a professionally curated portfolio that demonstrates scope, depth, and delivery quality. You will graduate with a professionally curated portfolio that demonstrates scope, depth, and delivery quality. You will graduate with a professionally curated portfolio that demonstrates scope, depth, and delivery quality.

Prerequisites

  • Hands-on experience with network protocols, operating system internals, and security control implementation
  • Practical knowledge of reading security logs, alert analysis, and threat detection workflows
  • Comfort with risk documentation, control decisions, and evidence-based compliance mapping
  • Familiarity with at least one SIEM platform, policy tool, or security scanner

Essential Resources

  • NIST Cybersecurity Framework, CIS Controls, and OWASP threat modeling guides
  • Incident simulation datasets, detection rule templates, and control efficacy checklists
  • Security architecture patterns repository and threat modeling workshop materials

Complementary Courses

Incident Response

Master triage, containment, and post-incident forensics workflows

Cloud Security

Extend identity, token, and workload protection into cloud environments

Governance & Compliance

Connect security controls to regulatory mappings and audit documentation

Learning Roadmap

  • Early Weeks: Core controls, identity hardening, and baseline security posture
  • Middle Weeks: Detection engineering, incident handling, and service resilience
  • Late Weeks: Compliance evidence, executive reporting, and capstone defense

Detailed Weekly Curriculum

Each week includes outcomes and practical lab work aligned to the curriculum structure.

Week 1

Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 1)

2 hours + labs
Learning Outcomes
  • Understand the principles of Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 1) and link them to course outcomes through progressive practical delivery milestones.
  • Apply Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 1) in a guided scenario using realistic tools, constraints, and quality gates.
  • Analyze trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 1), then record rationale for stakeholder review.
  • Document a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 1) with measurable success criteria and next actions.
Lab Exercise
  • Apply security controls for Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 1), including access boundaries and data protection baselines.
  • Run vulnerability or control validation for Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 1) and triage findings by severity.
  • Implement remediation steps for Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 1) and verify closure with re-test evidence.
Week 2

Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 1)

2 hours + labs
Learning Outcomes
  • Understand the principles of Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 1) and link them to course outcomes through progressive practical delivery milestones.
  • Apply Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 1) in a guided scenario using realistic tools, constraints, and quality gates.
  • Analyze trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 1), then record rationale for stakeholder review.
  • Document a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 1) with measurable success criteria and next actions.
Lab Exercise
  • Apply security controls for Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 1), including access boundaries and data protection baselines.
  • Run vulnerability or control validation for Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 1) and triage findings by severity.
  • Implement remediation steps for Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 1) and verify closure with re-test evidence.
Week 3

Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 1)

2 hours + labs
Learning Outcomes
  • Understand the principles of Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 1) and link them to course outcomes through progressive practical delivery milestones.
  • Apply Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 1) in a guided scenario using realistic tools, constraints, and quality gates.
  • Analyze trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 1), then record rationale for stakeholder review.
  • Document a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 1) with measurable success criteria and next actions.
Lab Exercise
  • Apply security controls for Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 1), including access boundaries and data protection baselines.
  • Run vulnerability or control validation for Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 1) and triage findings by severity.
  • Implement remediation steps for Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 1) and verify closure with re-test evidence.
Week 4

Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 1)

2 hours + labs
Learning Outcomes
  • Understand the principles of Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 1) and link them to course outcomes through progressive practical delivery milestones.
  • Apply Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 1) in a guided scenario using realistic tools, constraints, and quality gates.
  • Analyze trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 1), then record rationale for stakeholder review.
  • Document a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 1) with measurable success criteria and next actions.
Lab Exercise
  • Apply security controls for Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 1), including access boundaries and data protection baselines.
  • Run vulnerability or control validation for Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 1) and triage findings by severity.
  • Implement remediation steps for Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 1) and verify closure with re-test evidence.
Week 5

Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 1)

2 hours + labs
Learning Outcomes
  • Understand the principles of Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 1) and link them to course outcomes through progressive practical delivery milestones.
  • Apply Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 1) in a guided scenario using realistic tools, constraints, and quality gates.
  • Analyze trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 1), then record rationale for stakeholder review.
  • Document a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 1) with measurable success criteria and next actions.
Lab Exercise
  • Instrument Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 1) with metrics, logs, and tracing hooks aligned to service objectives.
  • Create actionable alerts for Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 1) and test escalation paths using simulated incidents.
  • Perform root-cause analysis for a Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 1) failure scenario and document corrective actions.
Week 6

Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 1)

2 hours + labs
Learning Outcomes
  • Apply the principles of Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 1) and link them to course outcomes through progressive practical delivery milestones.
  • Analyze Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 1) in a guided scenario using realistic tools, constraints, and quality gates.
  • Evaluate trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 1), then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 1) with measurable success criteria and next actions.
Lab Exercise
  • Instrument Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 1) with metrics, logs, and tracing hooks aligned to service objectives.
  • Create actionable alerts for Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 1) and test escalation paths using simulated incidents.
  • Perform root-cause analysis for a Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 1) failure scenario and document corrective actions.
Week 7

Microsoft Security Operations Analyst (SC-200): Compliance and Audit Readiness (Sprint 1)

2 hours + labs
Learning Outcomes
  • Apply the principles of Microsoft Security Operations Analyst (SC-200): Compliance and Audit Readiness (Sprint 1) and link them to course outcomes through progressive practical delivery milestones.
  • Analyze Microsoft Security Operations Analyst (SC-200): Compliance and Audit Readiness (Sprint 1) in a guided scenario using realistic tools, constraints, and quality gates.
  • Evaluate trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Compliance and Audit Readiness (Sprint 1), then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Compliance and Audit Readiness (Sprint 1) with measurable success criteria and next actions.
Lab Exercise
  • Apply security controls for Microsoft Security Operations Analyst (SC-200): Compliance and Audit Readiness (Sprint 1), including access boundaries and data protection baselines.
  • Run vulnerability or control validation for Microsoft Security Operations Analyst (SC-200): Compliance and Audit Readiness (Sprint 1) and triage findings by severity.
  • Implement remediation steps for Microsoft Security Operations Analyst (SC-200): Compliance and Audit Readiness (Sprint 1) and verify closure with re-test evidence.
Week 8

Microsoft Security Operations Analyst (SC-200): Security Program Optimization (Sprint 1)

2 hours + labs
Learning Outcomes
  • Apply the principles of Microsoft Security Operations Analyst (SC-200): Security Program Optimization (Sprint 1) and link them to course outcomes through progressive practical delivery milestones.
  • Analyze Microsoft Security Operations Analyst (SC-200): Security Program Optimization (Sprint 1) in a guided scenario using realistic tools, constraints, and quality gates.
  • Evaluate trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Security Program Optimization (Sprint 1), then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Security Program Optimization (Sprint 1) with measurable success criteria and next actions.
Lab Exercise
  • Apply security controls for Microsoft Security Operations Analyst (SC-200): Security Program Optimization (Sprint 1), including access boundaries and data protection baselines.
  • Run vulnerability or control validation for Microsoft Security Operations Analyst (SC-200): Security Program Optimization (Sprint 1) and triage findings by severity.
  • Implement remediation steps for Microsoft Security Operations Analyst (SC-200): Security Program Optimization (Sprint 1) and verify closure with re-test evidence.
Week 9

Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 2)

2 hours + labs
Learning Outcomes
  • Apply the principles of Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 2) and link them to course outcomes through progressive practical delivery milestones.
  • Analyze Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 2) in a guided scenario using realistic tools, constraints, and quality gates.
  • Evaluate trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 2), then record rationale for stakeholder review.
  • Justify a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 2) with measurable success criteria and next actions.
Lab Exercise
  • Apply security controls for Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 2), including access boundaries and data protection baselines.
  • Run vulnerability or control validation for Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 2) and triage findings by severity.
  • Implement remediation steps for Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 2) and verify closure with re-test evidence.
Week 10

Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 2)

2 hours + labs
Learning Outcomes
  • Analyze the principles of Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 2) and link them to course outcomes through progressive practical delivery milestones.
  • Evaluate Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 2) in a guided scenario using realistic tools, constraints, and quality gates.
  • Create trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 2), then record rationale for stakeholder review.
  • Defend a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 2) with measurable success criteria and next actions.
Lab Exercise
  • Apply security controls for Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 2), including access boundaries and data protection baselines.
  • Run vulnerability or control validation for Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 2) and triage findings by severity.
  • Implement remediation steps for Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 2) and verify closure with re-test evidence.
Week 11

Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 2)

2 hours + labs
Learning Outcomes
  • Analyze the principles of Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 2) and link them to course outcomes through progressive practical delivery milestones.
  • Evaluate Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 2) in a guided scenario using realistic tools, constraints, and quality gates.
  • Create trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 2), then record rationale for stakeholder review.
  • Defend a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 2) with measurable success criteria and next actions.
Lab Exercise
  • Apply security controls for Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 2), including access boundaries and data protection baselines.
  • Run vulnerability or control validation for Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 2) and triage findings by severity.
  • Implement remediation steps for Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 2) and verify closure with re-test evidence.
Week 12

Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 2)

2 hours + labs
Learning Outcomes
  • Analyze the principles of Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 2) and link them to course outcomes through progressive practical delivery milestones.
  • Evaluate Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 2) in a guided scenario using realistic tools, constraints, and quality gates.
  • Create trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 2), then record rationale for stakeholder review.
  • Defend a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 2) with measurable success criteria and next actions.
Lab Exercise
  • Apply security controls for Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 2), including access boundaries and data protection baselines.
  • Run vulnerability or control validation for Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 2) and triage findings by severity.
  • Implement remediation steps for Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 2) and verify closure with re-test evidence.
Week 13

Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 2)

2 hours + labs
Learning Outcomes
  • Analyze the principles of Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 2) and link them to course outcomes through progressive practical delivery milestones.
  • Evaluate Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 2) in a guided scenario using realistic tools, constraints, and quality gates.
  • Create trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 2), then record rationale for stakeholder review.
  • Defend a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 2) with measurable success criteria and next actions.
Lab Exercise
  • Instrument Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 2) with metrics, logs, and tracing hooks aligned to service objectives.
  • Create actionable alerts for Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 2) and test escalation paths using simulated incidents.
  • Perform root-cause analysis for a Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 2) failure scenario and document corrective actions.
Week 14

Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 2)

2 hours + labs
Learning Outcomes
  • Analyze the principles of Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 2) and link them to course outcomes through progressive practical delivery milestones.
  • Evaluate Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 2) in a guided scenario using realistic tools, constraints, and quality gates.
  • Create trade-offs, risks, and decision points for Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 2), then record rationale for stakeholder review.
  • Defend a portfolio-ready control validation dossier for Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 2) with measurable success criteria and next actions.
Lab Exercise
  • Instrument Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 2) with metrics, logs, and tracing hooks aligned to service objectives.
  • Create actionable alerts for Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 2) and test escalation paths using simulated incidents.
  • Perform root-cause analysis for a Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 2) failure scenario and document corrective actions.

Capstone Projects

Project 1: Microsoft Security Operations Analyst (SC-200) Foundation Build

Deliver a concrete foundation implementation covering the first phase of the curriculum.

  • Implement and validate Microsoft Security Operations Analyst (SC-200): Security Architecture Fundamentals (Sprint 1).
  • Integrate Microsoft Security Operations Analyst (SC-200): Identity and Access Governance (Sprint 1) with reusable workflow standards.
  • Publish evidence for Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 1) with test and quality artifacts.

Project 2: Microsoft Security Operations Analyst (SC-200) Integrated Systems Build

Combine mid-program competencies into a production-style integrated workflow.

  • Build an end-to-end flow around Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 1) and Microsoft Security Operations Analyst (SC-200): Incident Response and Recovery (Sprint 1).
  • Add controls, observability, and rollback paths for reliability.
  • Document architecture decisions and trade-offs tied to Microsoft Security Operations Analyst (SC-200): Compliance and Audit Readiness (Sprint 1).

Project 3: Microsoft Security Operations Analyst (SC-200) Capstone Delivery

Ship a portfolio-ready capstone with measurable outcomes and stakeholder-ready presentation.

  • Deliver a complete implementation centered on Microsoft Security Operations Analyst (SC-200): Network and Endpoint Protection (Sprint 2).
  • Validate readiness for Microsoft Security Operations Analyst (SC-200): Application and Data Security (Sprint 2) using objective acceptance checks.
  • Present final defense and roadmap based on Microsoft Security Operations Analyst (SC-200): Threat Detection and Monitoring (Sprint 2) outcomes.