Course duration
- 4 days
Course Benefits
- Explain how Microsoft Defender for Endpoint can remediate risks in your environment
- Create a Microsoft Defender for Endpoint environment
- Configure Attack Surface Reduction rules on Windows 10 devices
- Perform actions on a device using Microsoft Defender for Endpoint
- Investigate domains and IP addresses in Microsoft Defender for Endpoint
- Investigate user accounts in Microsoft Defender for Endpoint
- Configure alert settings in Microsoft Defender for Endpoint
- Explain how the threat landscape is evolving
- Conduct advanced hunting in Microsoft 365 Defender
- Manage incidents in Microsoft 365 Defender
- Explain how Microsoft Defender for Identity can remediate risks in your environment
- Investigate DLP alerts in Microsoft Cloud App Security
- Explain the types of actions you can take on an insider risk management case
- Configure auto-provisioning in Azure Defender
- Remediate alerts in Azure Defender
- Construct KQL statements
- Filter searches based on event time, severity, domain, and other relevant data using KQL
- Extract data from unstructured string fields using KQL
- Manage an Azure Sentinel workspace
- Use KQL to access the watchlist in Azure Sentinel
- Manage threat indicators in Azure Sentinel
- Explain the Common Event Format and Syslog connector differences in Azure Sentinel
- Connect Azure Windows Virtual Machines to Azure Sentinel
- Configure Log Analytics agent to collect Sysmon events
- Create new analytics rules and queries using the analytics rule wizard
- Create a playbook to automate an incident response
- Use queries to hunt for threats
- Observe threats over time with livestream
Webucator is a Microsoft Certified Partner for Learning Solutions (CPLS). This class uses official Microsoft courseware and will be delivered by a Microsoft Certified Trainer (MCT).
Course Outline
- Mitigate threats using Microsoft Defender for Endpoint
- Protect against threats with Microsoft Defender for Endpoint
- Deploy the Microsoft Defender for Endpoint environment
- Implement Windows 10 security enhancements with Microsoft Defender for Endpoint
- Manage alerts and incidents in Microsoft Defender for Endpoint
- Perform device investigations in Microsoft Defender for Endpoint
- Perform actions on a device using Microsoft Defender for Endpoint
- Perform evidence and entities investigations using Microsoft Defender for Endpoint
- Configure and manage automation using Microsoft Defender for Endpoint
- Configure for alerts and detections in Microsoft Defender for Endpoint
- Utilize Threat and Vulnerability Management in Microsoft Defender for Endpoint
- Lab: Mitigate threats using Microsoft Defender for Endpoint
- Deploy Microsoft Defender for Endpoint
- Mitigate Attacks using Defender for Endpoint
- Mitigate threats using Microsoft 365 Defender
- Introduction to threat protection with Microsoft 365
- Mitigate incidents using Microsoft 365 Defender
- Protect your identities with Azure AD Identity Protection
- Remediate risks with Microsoft Defender for Office 365
- Safeguard your environment with Microsoft Defender for Identity
- Secure your cloud apps and services with Microsoft Cloud App Security
- Respond to data loss prevention alerts using Microsoft 365
- Manage insider risk in Microsoft 365
- Lab: Mitigate threats using Microsoft 365 Defender
- Explore Microsoft 365 Defender
- Mitigate threats using Azure Defender
- Plan for cloud workload protections using Azure Defender
- Explain cloud workload protections in Azure Defender
- Connect Azure assets to Azure Defender
- Connect non-Azure resources to Azure Defender
- Remediate security alerts using Azure Defender
- Lab: Mitigate threats using Azure Defender
- Deploy Azure Defender
- Mitigate Attacks with Azure Defender
- Create queries for Azure Sentinel using Kusto Query Language (KQL)
- Construct KQL statements for Azure Sentinel
- Analyze query results using KQL
- Build multi-table statements using KQL
- Work with data in Azure Sentinel using Kusto Query Language
- Lab: Create queries for Azure Sentinel using Kusto Query Language (KQL)
- Construct Basic KQL Statements
- Analyze query results using KQL
- Build multi-table statements in KQL
- Work with string data in KQL
- Configure your Azure Sentinel environment
- Introduction to Azure Sentinel
- Create and manage Azure Sentinel workspaces
- Query logs in Azure Sentinel
- Use watchlists in Azure Sentinel
- Utilize threat intelligence in Azure Sentinel
- Lab: Configure your Azure Sentinel environment
- Create an Azure Sentinel Workspace
- Create a Watchlist
- Create a Threat Indicator
- Connect logs to Azure Sentinel
- Connect data to Azure Sentinel using data connectors
- Connect Microsoft services to Azure Sentinel
- Connect Microsoft 365 Defender to Azure Sentinel
- Connect Windows hosts to Azure Sentinel
- Connect Common Event Format logs to Azure Sentinel
- Connect syslog data sources to Azure Sentinel
- Connect threat indicators to Azure Sentinel
- Lab: Connect logs to Azure Sentinel
- Connect data to Azure Sentinel using data connectors
- Connect Windows devices to Azure Sentinel using data connectors
- Connect Linux hosts to Azure Sentinel using data connectors
- Connect Threat intelligence to Azure Sentinel using data connectors
- Create detections and perform investigations using Azure Sentinel
- Threat detection with Azure Sentinel analytics
- Threat response with Azure Sentinel playbooks
- Security incident management in Azure Sentinel
- Use entity behavior analytics in Azure Sentinel
- Query, visualize, and monitor data in Azure Sentinel
- Lab: Create detections and perform investigations using Azure Sentinel
- Activate a Microsoft Security rule
- Create a Playbook
- Create a Scheduled Query
- Understand Detection Modeling
- Conduct attacks
- Create detections
- Investigate incidents
- Create workbooks
- Perform threat hunting in Azure Sentinel
- Threat hunting with Azure Sentinel
- Hunt for threats using notebooks in Azure Sentinel
- Lab: Threat hunting in Azure Sentinel
- Perform Threat Hunting in Azure Sentinel
- Threat Hunting using Notebooks with Azure Sentinel
Class Materials
Each student will receive a comprehensive set of materials, including course notes and all the class examples.
Experience in the following is required for this Microsoft Security class:
- Basic understanding of Microsoft 365.
- Fundamental understanding of Microsoft security, compliance, and identity products.
- Intermediate understanding of Windows 10.
- Familiarity with Azure services, specifically Azure SQL Database and Azure Storage.
- Familiarity with Azure virtual machines and virtual networking.
- Basic understanding of scripting concepts.
Instructor-led courses are offered via a live Web connection, at client sites throughout Europe, and at our Geneva Training Center.