This article is contributed. See the original author and article here.
COMING SOON: After each level, we will offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training! Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.
Note: Threat protection product names from Microsoft have recently changed. Read more about this and other updates here.
Microsoft 365 Defender (previously Microsoft Threat Protection)
Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
Microsoft Defender for Identity (previously Azure Advanced Threat Protection)
Please let us know what you think about this training here: https://aka.ms/MDONinjasurvey
P.S. I wanted to give my colleague, @Heike Ritter a big thank you for laying the groundwork for Ninja Training and for all of her help, along with @Giulian Garruba & @Bruno Nowak! Thank you!
__________________________________________________________________________________
Table of Contents
Email Security – Fundamentals
(Deployment / Migration)
Module 1. Technical overview
Module 2. Getting started
(Prevention & Detection)
Module 3. Configuration (Part I)
(Awareness)
Module 4. General Awareness
Email Security – Intermediate
(Prevention & Detection)
Module 1. Configuration (Part II)
Module 2. Alert Management
Module 3. Mail flow
Module 4. Zero Hour Auto-Purge (ZAP)
(Investigation & Hunting)
Module 5. Investigating Alerts
Module 6. Advanced hunting (overview)
Module 7. Automated Investigation and Remediation (AIR)
Module 8. Threat Insights
(Response & Remediation)
Module 9. Alert Handling
Module 10. Manage Quarantined Messages
(Reporting)
Module 11. Reporting
Security Operations – Advanced
(SOC Flows)
Module 1. SIEM Integration & APIs
Module 2. False Positive/False Negative Management Flows
Module 3. Automation
(Investigation & Hunting)
Module 4. Advanced hunting (Kusto training)
(Training)
Module 5. Attack Simulation Training
Supplemental Content (Tech Community links)
Legend:
|
|
|
|
|
|
⤴ External |
|
Email Security – Fundamentals
(Deployment / Migration)
Module 1. Technical overview
Understanding where Microsoft Defender for Office 365 fits in the Microsoft 365 Security Center
What is Microsoft Defender for Office 365?
Introducing Microsoft Defender for Office 365
Microsoft Defender for Office 365 Protection Stack
Secure by default in Office 365
The unified Microsoft 365 security center overview
Unified portal experience for Microsoft Defender for Office 365
Interactive guide to Microsoft Defender for Office 365
Get the most out of Office 365 ATP (Microsoft Defender for Office 365) in the shift to remote work
Module 2. Getting started
Evaluate Microsoft Defender for Office 365
Evaluation Mode in Microsoft Defender for Office 365
Configuration analyzer for protection policies in EOP and Microsoft Defender for Office 365
ORCA (Office 365 Advanced Threat Protection Recommended Configuration Analyzer)
- ⤴ Reviewing your configuration with ORCA
Enhanced Filtering for Connectors: Supporting hybrid mail routing configurations in Office 365
Threat Explorer and Real-time detections
(Prevention & Detection)
Module 3. Configuration (Part I)
Mastering Configuration in Microsoft Defender for Office 365
Preset security policies in Exchange Online Protection and Microsoft Defender for Office 365
Recommended settings for Exchange Online Protection and Microsoft Defender for Office 365 security
Protect against threats
Report messages and files to Microsoft
User submissions policies (add-in for end users)
Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft
(Awareness)
Module 4. General Awareness
Protecting against coronavirus themed phishing attacks
New Threat analytics report shares the latest intelligence on recent nation-state cyber attacks
Safety tips in email messages
Email Security – Intermediate
(Prevention & Detection)
Module 1. Configuration (Part II)
Assess and Optimize Defender for Office 365 Configuration
Email authentication (SPF, DMARC, DKIM)
Configure outbound spam filtering
Impersonation settings in anti-phishing policies in Microsoft Defender for Office 365
Module 2. Alert Management
Managing Alerts: Alert policies in the Security & Compliance Center
Announcing Priority Account Protection in Defender for Office 365
Differentiated protection for Priority accounts in Microsoft Defender for Office 365
Module 3. Mail flow
Outbound spam protection in Exchange Online Protection
Mail flow insights in the Security & Compliance Center
Mail flow rules (transport rules) in standalone Exchange Online Protection
Message trace in the Security & Compliance Center
Module 4. Zero-Hour Auto Purge
(Investigation & Hunting)
Module 5. Investigating Alerts
Get more out of Microsoft Defender for Office 365 with Microsoft 365 Defender
Investigating alerts
Microsoft Defender for Office 365 investigation improvements coming soon
Investigate malicious email that was delivered in Office 365
Module 6. Advanced Hunting (overview)
Microsoft Defender for Office 365 gets even better with Incidents and Advanced Hunting
Hunting in Microsoft Defender for Office 365
Module 7. Automated Investigation and Remediation
AIR Overview: Automated investigation and response (AIR) in Microsoft Defender for Office 365
How automated investigation and response works in Microsoft Defender for Office 365
Ignite 2020: Automated Incident Correlation in Microsoft Defender for Office 365
Details and results of an automated investigation in Microsoft 365
Self-healing in Microsoft 365 Defender
Module 8. Threat Insights
Walkthrough – Spoof intelligence insight in Microsoft Defender for Office 365
Business Email: Uncompromised – Part One
Business Email: Uncompromised – Part Two
Business Email: Uncompromised – Part Three
How to prevent business email compromise using Microsoft Defender for Office 365
(Response & Remediation)
Module 9. Alert handling
Remediation actions in Microsoft Defender for Office 365
Review and manage remediation actions in Office 365
Ignite 2019: Quickly identify compromised users and sophisticated campaigns
Ignite 2019: Introducing campaign views
Announcing Campaign Views and Compromised User Detection and Response
Detect and respond to compromise in Microsoft Defender for Office 365
Module 10. Manage quarantined messages
(Reporting)
Module 11. Reports / Custom Reporting
Smart reports and insights in the Security & Compliance Center
View Defender for Office 365 reports in the Reports dashboard in the Security & Compliance Center
Security Operations – Advanced
(SOC Flows)
Module 1. SIEM Integration & APIs
Say hello to the new Microsoft Threat Protection APIs!
Best practices for leveraging Microsoft 365 Defender API’s – Episode One
Best practices for leveraging Microsoft 365 Defender API’s – Episode Two
Improve the Effectiveness of your SOC with Office 365 ATP and the O365 Management API
Custom or third-party reporting solutions for Microsoft Defender for Office 365
Module 2. False Positive / False Negative Management Flows
Manually submit messages to Microsoft for analysis (FP/FN submission)
Handle FPs/FNs: How to report false positives/negatives in automated investigation and response capabilities
Module 3. Automation
(Investigation & Hunting)
Module 4. Advanced Hunting (Kusto training)
KQL part 1 of 3: Learn the KQL you need (part of Azure Sentinel webinar series)
KQL part 2 of 3: KQL hands-on lab exercises (part of Azure Sentinel webinar series)
KQL part 3 of 3: Optimizing KQL queries (part of Azure Sentinel webinar series)
- ⤴ Pluralsight KQL training
(Training)
Module 5. Attack Simulation Training
Attack simulation training in Microsoft Defender for Office 365 now Generally Available
Get started using Attack Simulation Training in Microsoft Defender for Office 365
Attack Simulation Training is now available!
Supplemental Content
Microsoft Defender for Office 365 – Microsoft Tech Community
Microsoft Security and Compliance – Microsoft Tech Community
- Microsoft Defender for Office 365 – Homepage
Please let us know what you think about this training here: https://aka.ms/MDONinjasurvey
Interested in other ninja trainings? There are also ninja trainings for:
Microsoft Defender for Endpoint (MDE) – http://aka.ms/mdeninja
Microsoft Cloud App Security (MCAS) – http://aka.ms/mcasninja
Microsoft Defender for Identity (MDI) – http://aka.ms/mdininja
Follow us on LinkedIn as #DefenderForOffice365. Bookmark the Security blog to keep up with expert coverage on security matters. Also, follow @MSFTSecurity on Twitter and Microsoft Security on LinkedIn for the latest news and updates on cybersecurity.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments