Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Microsoft

Detect and respond to cyber attacks with Microsoft 365 Defender

Microsoft via Microsoft Learn

Overview

    • Module 1: Understand what Microsoft 365 Defender is and how it can help to improve your security posture by empowering your Security Operations Center (SOC) or security teams with the tools they need to identify, control, and remediate security threats.

By the end of this module, you'll be able to:

      • Understand Microsoft 365 Defender
      • Understand Microsoft 365 Defender integration with other Defender products
    • Module 2: Understand the steps needed to enable Microsoft 365 Defender for your organization.

By the end of this module, you'll be able to:

      • Prepare to roll out Microsoft 365 Defender.
      • Enable Microsoft 365 Defender in your organization.
      • Manage who has access to the functions and data in Microsoft 365 Defender.
    • Module 3: Learn how to use Microsoft 365 Defender to manage and respond to incidents and alerts in your Microsoft 365 tenant. Cyber threats are an ever present and on-going concern for all organizations regardless of size. Learn how to minimize the time between an incident and its management for subsequent response and resolution.

By the end of this module, you'll be able to:

      • Understand incident management and response in Microsoft 365 Defender
      • Understand how to classify incidents and alerts
      • Use email notifications to be informed of new or updated incident
    • Module 4: Gain an understanding of the advanced hunting query language, Kusto, and how to create queries to find threats. You'll gain an awareness of the data schemas provided by Microsoft 365 and how they can enrich query results. Finally, you'll explore custom detections and how they can be used to automate detection and remediation of threats.

By the end of this module, you'll be able to:

      • Use the advanced hunting query language, Kusto.
      • Use the advanced hunting query schemas to enrich your queries.
      • Create custom detection queries to facilitate automated threat identification and resolution.
    • Module 5: Learn how Microsoft 365 Defender uses automated self-healing for incident investigation and response to automate threat detection and remediation.

By the end of this module, you'll be able to:

    • Understand automated self-healing in your security environment
    • Utilize automated investigation and response in addressing cyber-attacks
    • Work with Action center

Syllabus

  • Module 1: Introduction to Microsoft 365 Defender
    • Introduction
    • What is Microsoft 365 Defender?
    • Threat information sources for Microsoft 365 Defender
    • Knowledge check
    • Summary
  • Module 2: Enable Microsoft 365 Defender in your organization
    • Introduction
    • Roll out Microsoft 365 Defender for your organization
    • Manage access to Microsoft 365 Defender
    • Knowledge check
    • Summary
  • Module 3: Investigate incidents with Microsoft 365 Defender
    • Introduction
    • Working with incidents
    • Classification of incidents and alerts
    • Use email notifications in Microsoft 365 Defender
    • Knowledge check
    • Summary
  • Module 4: Locate threats using advanced hunting with Microsoft 365 Defender
    • Introduction
    • Introduction to Kusto Query Language
    • Understand the hunting data schema
    • Using custom detections
    • Knowledge check
    • Summary
  • Module 5: Automate self-healing with Microsoft 365 Defender
    • Introduction
    • What is automated self-healing?
    • Understand automated investigation and response
    • Knowledge check
    • Summary

Reviews

Start your review of Detect and respond to cyber attacks with Microsoft 365 Defender

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.