Course Overview
Users must access and work with a lot of files and applications in their daily business. To do this, they use devices that are in turn attacked by attackers very often. To prevent the success of these attacks, administrators have to deploy many security settings and also have to monitor activities.
Microsoft Defender for Endpoint (MDE) offers comprehensive threat protection by detecting, investigating, and responding to threats in real-time, making it a crucial tool for any organization. Its seamless integration with the Microsoft ecosystem ensures a unified security experience. The platform’s robust Endpoint Detection and Response (EDR) capabilities provide detailed insights into sophisticated threats, while automated investigation and remediation reduce the workload on security teams.
Learn in this course how to activate MDE, onboard devices, reduce attack surface, enable next-generation protection, control automated investigation and monitor all security related aspects of devices.
Who should attend
SecOps team members, device administrators and all interested responsible.
Course Content
Microsoft Defender XDR
- Overview of MS Defender XDR
- MDE overview and licensing
- MDE vs. Microsoft Intune
- Zero Trust and MDE
Microsoft Defender for Endpoint
- MDE architecture
- MDE portal
- MDE activation
- MDE roles and permissions
Onboarding/Offboarding
- Windows devices via local script, MS Intune and Group policies
- MacOS devices via local script and MS Intune
- Linux and Windows Server via Azure Arc
- Troubleshoot onboarding issues
- Offboard devices
Endpoint protection – Attack surface reduction
- Service to Service connection to Microsoft Intune
- Attack surface reduction rules
- Controlled folder access
- Device control
Endpoint protection – Next-generation protection
- Cloud protection
- Behavior monitoring
- Real-time protection
- EDR in block mode
Endpoint detection and response
- Alerts and Incidents management
- Automated investigation and response (AIR)
- Remediation actions
- Device investigation
- Device response actions
Additional configurations
- Advanced features
- Indicators
- Web content filtering
- Vulnerability Management
Advanced Hunting
- KQL primer
- Important MDE queries
English
German
Germany