Establish a Microsoft cloud-based SOC environment aligned with the SC-200 exam.
- Identity setup (Microsoft Entra ID)
- Log ingestion
- SIEM enablement using Microsoft Sentinel
- Security monitoring infrastructure
A functional SOC Lab ready for:
- Threat detection
- Incident investigation
- Security monitoring
- Automation use cases
- Real-time security monitoring
- Attack simulation and detection testing
- Microsoft Entra ID (Identity)
- Azure Log Analytics Workspace
- Microsoft Sentinel (SIEM)
The Microsoft Entra ID tenant was used as the identity provider for the SOC lab environment.
Test users were created within the tenant to simulate identity activity inside the SOC environment.
A Log Analytics Workspace was created and Microsoft Sentinel was enabled to function as the SIEM platform for the SOC lab.
Completed — SOC environment successfully configured and operational.