This article is contributed. See the original author and article here.
Do you want to become a ninja for Microsoft Defender ATP? We can help you get there! We collected content for two roles: “Security Operations (SecOps)” and “Security Administrator (SecAdmin)”. The content is structured into three different knowledge levels, with multiple modules: Fundamentals, Intermediate, and Expert. Some topics can be relevant for SecOps as well as for SecAdmins and are listed for both roles. We will keep updating this training on a regular basis and highlight new resources.
Table of Contents
Security Operations Fundamentals
Module 3. Threat and vulnerability management
Module 4. Attack surface reduction
Module 5. Next generation protection
Module 6. Investigation – Incident
Module 8. Automated investigation and remediation
Module 9. Microsoft Threat Experts
Security Operations Intermediate
Module 2. Threat and vulnerability management
Module 3. Next generation protection.
Module 5. Automated investigation and remediation
Module 7. Unified indicators of compromise (IOCs)
Module 9. Community (blogs, webinars, GitHub)
Module 1. Responding to threats
Module 5. Unified indicators of compromise IOCs
Module 7. Community (blogs, webinars, GitHub)
Security Administrator Fundamentals
Module 3. Grant and control access
Module 4. Security configuration
Security Administrator Intermediate
Module 1. Threat and vulnerability management (TVM)
Module 2. Attack surface reduction
Module 3. Next generation protection
Module 6. Microsoft Cloud App Security (MCAS)
Module 7. Community (blogs, webinars, GitHub)
Module 1. Custom reporting (PowerBI)
Module 3. Custom Integrations, APIs
Learn about our partner integrations
Legend:
Product videos |
Webcast recordings |
Tech Community |
Docs on Microsoft |
Blogs on Microsoft |
GitHub |
⤴ External |
Interactive guides |
Security Operations Fundamentals
Module 1. Technical overview
Module 2. Getting started
Module 3. Threat and vulnerability management
- What is threat and vulnerability management
- “Bringing IT & security together: How Microsoft is reinventing threat and vulnerability management”
- Reduce organizational risk with threat and vulnerability management
Module 4. Attack surface reduction
- Learn about all the features to help you reduce the attack surface
- Understand attack surface reduction rules
Module 5. Next generation protection
Module 6. Investigation – Incident
- Learn about the rich investigation experience
- Work with incidents
-
Investigate and remediate threats with Microsoft Defender ATP
Module 7. Alert handling
- Get the most out of an alert page
- Working with alerts
- Alert categories aligned with MITRE ATT&CK
- How alerts are enhanced to include MITRE ATT&CK technique information
Module 8. Automated investigation and remediation
Module 9. Microsoft Threat Experts
Module 10. Reporting
Module 11. Evaluation Lab
Security Operations Intermediate
Module 1.Architecture
Module 2. Threat and vulnerability management
Module 3. Next generation protection
- Learn about our approach to fileless threats
- Stopping attacks in their tracks through behavioral blocking and containment
- Firmware level protection with a new Unified Extensible Firmware Interface (UEFI) scanner
Module 4. Advanced hunting
Module 5. Automated investigation and remediation
- Automate the boring for your SOC with automatic investigation and remediation!
- Configure automated investigation and remediation capabilities
- Manage automation file uploads
- Manage automation folder exclusions
Module 6. Threat analytics
Module 7. Unified indicators of compromise (IOCs)
Module 8. Evaluation lab
Module 9. Community (blogs, webinars, GitHub)
Security Operations Expert
Module 1. Responding to threats
Module 2. Alert handling
Module 3. Deep file analysis
Module 4. Advanced hunting
- Learn the query language
- Advanced hunting schema reference
- Hunting for reconnaissance activities using LDAP search filters
Module 5. Unified indicators of compromise IOCs
Module 6. Custom reporting
Module 7. Community (blogs, webinars, GitHub)
Security Administrator Fundamentals
Module 1. Architecture
Module 2. Onboarding
- Onboarding machines
- Deploy Microsoft Defender ATP for Mac in just a few clicks
- Onboarding and servicing non-persistent VDI machines
- Configuring Microsoft Defender Antivirus for non-persistent VDI machines
Module 3. Grant and control access
Module 4. Security configuration
- Use Microsoft Endpoint Manager to manage security configuration
- Manage Microsoft Defender Firewall with Microsoft Defender ATP and Microsoft Intune
- Turn on tamper protection
Module 5. Reporting
Module 6. SIEM Integration
Security Administrator Intermediate
Module 1. Threat and vulnerability management (TVM)
Module 2. Attack surface reduction
- Learn about all the features to help you reduce the attack surface
- Learn more about Application control
- Get a better understanding of Network protection
- Understand attack surface reduction rules
- How to configure attack surface reduction rules and how to use exclusions
- How to report and troubleshoot Microsoft Defender ATP ASR Rules
- Migrate from a 3rd party HIPS solution into ASR rules
- Reputation analysis – Microsoft Defender SmartScreen
Module 3. Next generation protection
- Configuring Microsoft Defender Antivirus for non-persistent VDI machines
- Learn about our approach to fileless threats
- Firmware level protection with a new Unified Extensible Firmware Interface (UEFI) scanner
Module 4. Advanced hunting
Module 5. Conditional access
Module 6. Microsoft Cloud App Security (MCAS)
- Learn about the integration with MCAS
- Block access to unsanctioned apps using Microsoft Defender ATP & Microsoft Cloud App Security
Module 7. Community (blogs, webinars, GitHub)
Security Administrator Expert
Module 1. Custom reporting (PowerBI)
- Create custom reports using APIs and Power BI
- Create custom reports using Power BI
- Connect the dots using a device network overview Power BI report
Module 2. Advanced hunting
Module 3. Custom Integrations, APIs
- Use Microsoft Defender ATP APIs
- Available APIs
- API Explorer and Connected applications
- Microsoft Defender ATP API Explorer
- Customized views with APIs
- Use the official Flow Connector
- Raw data export
- Streaming API
Learn about our partner integrations
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments