MS-500 part 2 - Implement and manage threat protection

By the end of this module, you will be able to:

• Describe how Microsoft Defender for Identity monitors users, entity behavior, and activities with learning-based analytics
• Describe how Defender for Identity protects user identities and credentials stored in Active Directory
• Describe how Defender for Identity identifies and investigates suspicious user activities and advanced attacks throughout the kill chain
• Create your Microsoft Defender for Identity instance in the Defender for Identity portal
• Use the built-in portal to monitor and respond to suspicious activity detected by Defender for Identity

In this module, you will learn how to:

• Define the capabilities of Microsoft Defender for Endpoint.
• Understand how to hunt threats within your network.
• Explain how Microsoft Defender for Endpoint can remediate risks in your environment.

By the end of this module, you'll be able to:

• Understand the incident queue
• Understand the alerts queue
• Understand response actions

Upon completion of this module, the learner will be able to:

• Create a Microsoft Defender for Endpoint environment
• Onboard devices to be monitored by Microsoft Defender for Endpoint
• Configure Microsoft Defender for Endpoint environment settings

At the end of this module, you will be able to:

• Describe how Microsoft Edge is built for secure browsing
• Use Microsoft Defender SmartScreen and Application Guard to protect against malicious attacks and unauthorized access.
• Manage Microsoft Edge security options through policies and controls in Microsoft Endpoint Manager

By the end of this module, you'll be able to:

• Understand attack surface reduction in Microsoft Defender for Endpoint.
• Understand the different kinds of surface attack reduction protection in Microsoft Defender for Endpoint.
• Understand attack surface reduction rules.

Upon completion of this module, you should be able to:

• Explain how encryption mitigates the risk of unauthorized data disclosure.
• Describe Microsoft data-at-rest and data-in-transit encryption solutions.
• Explain how Microsoft 365 implements service encryption to protect customer data at the application layer.
• Understand the differences between Microsoft managed keys and customer managed keys for use with service encryption.

In this module, you will:

• Understand how your organization's apps can be configured and protected.
• Understand the app management lifecycle.
• Learn about the data protection framework using app protection policies.

By the end of this module, you will be able to:

• Plan for device compliance by defining the rules and settings that must be configured on a device for it to be considered compliant
• Configure conditional users and groups for deploying profiles, policies, and apps
• Create Conditional Access policies to implement automated access control decisions for accessing your cloud apps
• Monitor enrolled devices to control their Intune activities and compliance status

In this module, you will learn how to:

• Define the capabilities of Microsoft Defender for Office 365.
• Understand how to simulate attacks within your network.
• Explain how Microsoft Defender for Office 365 can remediate risks in your environment.

In this module you will:

• Visualize security data using Microsoft Sentinel Workbooks.
• Understand how queries work.
• Explore workbook capabilities.
• Create a Microsoft Sentinel Workbook.

By the end of this module, you will be able to:

• Describe how Cloud App Security provides improved visibility into network cloud activity and increases the protection of critical data across cloud applications
• Explain how to deploy Cloud App Security
• Control your cloud apps with policies
• Troubleshoot Cloud App Security