Microsoft SC-200 Security Operations Analyst Home Lab

This comprehensive home lab project covered various aspects of Microsoft security operations, aligning with the SC-200 certification learning path.

Environment Setup:

• On-premises: Kali Linux, Windows Server Active Directory (AD), VMWare Windows 11 VM
• Cloud: Azure Linux VM, AWS Windows VM

Project Activities:

• Identity & Access Management (IAM):
  • Set up a Windows Server Domain Controller and implemented basic Group Policy Object (GPO) security policies.
  • Configured a hybrid identity setup, joining test VMs to both on-premises AD and Entra ID.
  • Tested device compliance policies through Intune integration.
  • Monitored identity-based threats using Microsoft Defender for Identity.
• Endpoint Security:
  • Implemented Microsoft Defender for Endpoint across Azure and on-premises VMs for advanced threat detection.
  • Integrated Defender for Endpoint with Entra ID for unified security management.
  • Utilized Defender Vulnerability Management to assess and remediate vulnerabilities in VMs.
• Security Compliance & Email Protection:
  • Assessed the Microsoft 365 environment using the CIS Microsoft 365 Foundations Benchmark v4.0 Level 1 to identify and remediate insecure configurations.
  • Implemented Microsoft Defender for Office 365 to protect against email-based threats.
• SIEM Integration (Microsoft Sentinel):
  • Connected the on-premises Windows Server to Azure Arc-enabled server and ingested logs into Microsoft Sentinel.
  • Integrated AWS CloudTrail logs with Microsoft Sentinel for cross-cloud visibility.

Key Skills Practiced:

• Endpoint Detection and Response (EDR) using the Microsoft Defender XDR suite (Endpoint, Identity, Entra ID protection, Office 365, Purview)
• Authentication and Identity Management (IAM), Active Directory, Entra ID, Intune configuration and management.