- Module 1: Understand what Microsoft 365 Defender is and how it can help to improve your security posture by empowering your Security Operations Center (SOC) or security teams with the tools they need to identify, control, and remediate security threats.
By the end of this module, you'll be able to:
- Understand Microsoft 365 Defender
- Understand Microsoft 365 Defender integration with other Defender products
- Module 2: Understand the steps needed to enable Microsoft 365 Defender for your organization.
By the end of this module, you'll be able to:
- Prepare to roll out Microsoft 365 Defender.
- Enable Microsoft 365 Defender in your organization.
- Manage who has access to the functions and data in Microsoft 365 Defender.
- Module 3: Learn how to use Microsoft 365 Defender to manage and respond to incidents and alerts in your Microsoft 365 tenant. Cyber threats are an ever present and on-going concern for all organizations regardless of size. Learn how to minimize the time between an incident and its management for subsequent response and resolution.
By the end of this module, you'll be able to:
- Understand incident management and response in Microsoft 365 Defender
- Understand how to classify incidents and alerts
- Use email notifications to be informed of new or updated incident
- Module 4: Gain an understanding of the advanced hunting query language, Kusto, and how to create queries to find threats. You'll gain an awareness of the data schemas provided by Microsoft 365 and how they can enrich query results. Finally, you'll explore custom detections and how they can be used to automate detection and remediation of threats.
By the end of this module, you'll be able to:
- Use the advanced hunting query language, Kusto.
- Use the advanced hunting query schemas to enrich your queries.
- Create custom detection queries to facilitate automated threat identification and resolution.
- Module 5: Learn how Microsoft 365 Defender uses automated self-healing for incident investigation and response to automate threat detection and remediation.
By the end of this module, you'll be able to:
- Understand automated self-healing in your security environment
- Utilize automated investigation and response in addressing cyber-attacks
- Work with Action center