Course Description

Microsoft Security Operations Analysts are responsible for protecting an organization’s IT infrastructure against cyber security threats. They have the expertise to proactively identify and mitigate potential security risks, preventing costly and damaging breaches from occurring.

Learn practical knowledge and skills to secure information technology systems and reduce organizational risk. You will learn threat management, monitoring, and response by using a variety of security solutions.

Students will learn how to investigate, respond to, and hunts for threats using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security products.

This course covers the objectives for Microsoft Exam SC-200: Microsoft Security Operations Analyst.

The University of Calgary is Microsoft Education Global Training Partner.

Course Details

Learning Outcomes

By the completion of this course, successful students will be able to:

  • Configure Microsoft Defender for Endpoint and Microsoft Defender for Cloud to mitigate threats
  • Conduct advanced hunting and manage incidents in Microsoft 365 Defender
  • Construct KQL statements to filter searches based on event time, severity, domain, and other relevant data
  • Perform investigations using Microsoft Sentinel


  • Mitigate threats using Microsoft 365 Defender
  • Mitigate threats using Microsoft Defender for Endpoint
  • Mitigate threats using Microsoft Defender for Cloud
  • Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
  • Configure your Microsoft Sentinel environment
  • Connect logs to Microsoft Sentinel
  • Create detections and perform investigations using Microsoft Sentinel
  • Perform threat hunting in Microsoft Sentinel



This course includes hands-on activities to reinforce the concepts taught and provide a practical learning experience.

Lab access will be provided at no additional cost.


No mandatory prerequisite.  

Self-assessment for enrolment: 

A minimum of 6 months relevant working experience and knowledge in: 

  • Microsoft 365, Microsoft Windows 
  • Microsoft security, compliance, and identity products 
  • Azure services, specifically Azure SQL Database and Azure Storage 
  • Azure VMs and virtual networking 
  • Scripting language 

Recommended prerequisites: 

  • ICT 902 Microsoft Azure Fundamentals 
  • ICT 905 Microsoft Azure Data Fundamentals 
  • CSC 120 Linux Plus 
  • CSC 130 Security Plus or ICT 907 Security, Compliance, and Identity Fundamentals 

Applies Towards the Following Program(s)

Enrol Now - Select a section to enrol in
Online Synchronous
T, Th
6:00PM to 9:00PM
Apr 15, 2025 to May 15, 2025
Schedule and Location
Delivery Options
Course Fees
Flat Fee non-credit $979.00
Required Software
This course includes extensive hands-on activities designed to help you learn by working. To complete the labs in this course, you will need: A modern web browser - for example, Microsoft Edge A Microsoft Azure subscription (which will be provided)
Section Notes

Classes are held online in real time (Mountain Time) at the specified time and dates.

Students will require access to a computer with the required software, Internet connection, a headset with speakers and microphone, webcam, and a monitor large enough to display multiple applications (or the use of two monitors).

This course uses Desire2Learn (D2L), an online learning management system, and Microsoft Teams or Zoom web conferencing software. The instructor will post the course outline and other materials in D2L. For more information, please visit our Online Learning Resources.

Unless notified, all online courses are available at 9 am MT the day before the start date. Students registered on (or after) the start date will receive access within one day of registration.

Students unfamiliar with online learning are encouraged to take our free Digital Skills for Learning Online course.

Unless otherwise stated, notice of withdrawal or transfer from a course must be received at least seven calendar days prior to the start date of the course.

Required fields are indicated by .