This article is contributed. See the original author and article here.
COMING SOON: After each level, we will offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training! Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.
Note: Threat protection product names from Microsoft have recently changed. Read more about this and other updates here.
Microsoft 365 Defender (previously Microsoft Threat Protection)
Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
Microsoft Defender for Identity (previously Azure Advanced Threat Protection)
Please let us know what you think about this training here: https://aka.ms/MDONinjasurvey
P.S. I wanted to give my colleague, @Heike Ritter a big thank you for laying the groundwork for Ninja Training and for all of her help, along with @Giulian Garruba & @Bruno Nowak! Thank you!
__________________________________________________________________________________
Table of Contents
Email Security – Fundamentals
(Deployment / Migration)
Module 1. Technical overview
Module 2. Getting started
(Prevention & Detection)
Module 3. Configuration (Part I)
(Awareness)
Module 4. General Awareness
Email Security – Intermediate
(Prevention & Detection)
Module 1. Configuration (Part II)
Module 2. Alert Management
Module 3. Mail flow
Module 4. Zero Hour Auto-Purge (ZAP)
(Investigation & Hunting)
Module 5. Investigating Alerts
Module 6. Advanced hunting (overview)
Module 7. Automated Investigation and Remediation (AIR)
Module 8. Threat Insights
(Response & Remediation)
Module 9. Alert Handling
Module 10. Manage Quarantined Messages
(Reporting)
Module 11. Reporting
Security Operations – Advanced
(SOC Flows)
Module 1. SIEM Integration & APIs
Module 2. False Positive/False Negative Management Flows
Module 3. Automation
(Investigation & Hunting)
Module 4. Advanced hunting (Kusto training)
(Training)
Module 5. Attack Simulation Training
Supplemental Content (Tech Community links)
Legend:
Docs on Microsoft | Blogs on Microsoft |
Product videos |
Webcast recordings
|
Tech Community | Interactive guides |
⤴ External | GitHub |
Email Security – Fundamentals
(Deployment / Migration)
Module 1. Technical overview
- Understanding where Microsoft Defender for Office 365 fits in the Microsoft 365 Security Center
- What is Microsoft Defender for Office 365?
- Introducing Microsoft Defender for Office 365
- Microsoft Defender for Office 365 Protection Stack
- Secure by default in Office 365
- The unified Microsoft 365 security center overview
- Unified portal experience for Microsoft Defender for Office 365
- Interactive guide to Microsoft Defender for Office 365
- Get the most out of Office 365 ATP (Microsoft Defender for Office 365) in the shift to remote work
Module 2. Getting started
- Evaluate Microsoft Defender for Office 365
- Evaluation Mode in Microsoft Defender for Office 365
- Configuration analyzer for protection policies in EOP and Microsoft Defender for Office 365
- ORCA (Office 365 Advanced Threat Protection Recommended Configuration Analyzer)
- ⤴ Reviewing your configuration with ORCA
- Enhanced Filtering for Connectors: Supporting hybrid mail routing configurations in Office 365
- Threat Explorer and Real-time detections
(Prevention & Detection)
Module 3. Configuration (Part I)
- Mastering Configuration in Microsoft Defender for Office 365
- Preset security policies in Exchange Online Protection and Microsoft Defender for Office 365
- Recommended settings for Exchange Online Protection and Microsoft Defender for Office 365 security
- Protect against threats
- Report messages and files to Microsoft
- User submissions policies (add-in for end users)
- Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft
(Awareness)
Module 4. General Awareness
- Protecting against coronavirus themed phishing attacks
- New Threat analytics report shares the latest intelligence on recent nation-state cyber attacks
- Safety tips in email messages
Email Security – Intermediate
(Prevention & Detection)
Module 1. Configuration (Part II)
- Assess and Optimize Defender for Office 365 Configuration
- Email authentication (SPF, DMARC, DKIM)
- Configure outbound spam filtering
- Impersonation settings in anti-phishing policies in Microsoft Defender for Office 365
Module 2. Alert Management
- Managing Alerts: Alert policies in the Security & Compliance Center
- Announcing Priority Account Protection in Defender for Office 365
- Differentiated protection for Priority accounts in Microsoft Defender for Office 365
Module 3. Mail flow
- Outbound spam protection in Exchange Online Protection
- Mail flow insights in the Security & Compliance Center
- Mail flow rules (transport rules) in standalone Exchange Online Protection
- Message trace in the Security & Compliance Center
Module 4. Zero-Hour Auto Purge
(Investigation & Hunting)
Module 5. Investigating Alerts
- Get more out of Microsoft Defender for Office 365 with Microsoft 365 Defender
- Investigating alerts
- Microsoft Defender for Office 365 investigation improvements coming soon
- Investigate malicious email that was delivered in Office 365
Module 6. Advanced Hunting (overview)
- Microsoft Defender for Office 365 gets even better with Incidents and Advanced Hunting
- Hunting in Microsoft Defender for Office 365
Module 7. Automated Investigation and Remediation
- AIR Overview: Automated investigation and response (AIR) in Microsoft Defender for Office 365
- How automated investigation and response works in Microsoft Defender for Office 365
- Ignite 2020: Automated Incident Correlation in Microsoft Defender for Office 365
- Details and results of an automated investigation in Microsoft 365
- Self-healing in Microsoft 365 Defender
Module 8. Threat Insights
- Walkthrough – Spoof intelligence insight in Microsoft Defender for Office 365
- Business Email: Uncompromised – Part One
- Business Email: Uncompromised – Part Two
- Business Email: Uncompromised – Part Three
- How to prevent business email compromise using Microsoft Defender for Office 365
(Response & Remediation)
Module 9. Alert handling
- Remediation actions in Microsoft Defender for Office 365
- Review and manage remediation actions in Office 365
- Ignite 2019: Quickly identify compromised users and sophisticated campaigns
- Ignite 2019: Introducing campaign views
- Announcing Campaign Views and Compromised User Detection and Response
- Detect and respond to compromise in Microsoft Defender for Office 365
Module 10. Manage quarantined messages
(Reporting)
Module 11. Reports / Custom Reporting
- Smart reports and insights in the Security & Compliance Center
- View Defender for Office 365 reports in the Reports dashboard in the Security & Compliance Center
Security Operations – Advanced
(SOC Flows)
Module 1. SIEM Integration & APIs
- Say hello to the new Microsoft Threat Protection APIs!
- Best practices for leveraging Microsoft 365 Defender API’s – Episode One
- Best practices for leveraging Microsoft 365 Defender API’s – Episode Two
- Improve the Effectiveness of your SOC with Office 365 ATP and the O365 Management API
- Custom or third-party reporting solutions for Microsoft Defender for Office 365
Module 2. False Positive / False Negative Management Flows
- Manually submit messages to Microsoft for analysis (FP/FN submission)
- Handle FPs/FNs: How to report false positives/negatives in automated investigation and response capabilities
Module 3. Automation
(Investigation & Hunting)
Module 4. Advanced Hunting (Kusto training)
- KQL part 1 of 3: Learn the KQL you need (part of Azure Sentinel webinar series)
- KQL part 2 of 3: KQL hands-on lab exercises (part of Azure Sentinel webinar series)
- KQL part 3 of 3: Optimizing KQL queries (part of Azure Sentinel webinar series)
- ⤴ Pluralsight KQL training
(Training)
Module 5. Attack Simulation Training
- Attack simulation training in Microsoft Defender for Office 365 now Generally Available
- Get started using Attack Simulation Training in Microsoft Defender for Office 365
- Attack Simulation Training is now available!
Supplemental Content
- Microsoft Defender for Office 365 – Microsoft Tech Community
- Microsoft Security and Compliance – Microsoft Tech Community
- Microsoft Defender for Office 365 – Homepage
Please let us know what you think about this training here: https://aka.ms/MDONinjasurvey
Interested in other ninja trainings? There are also ninja trainings for:
Microsoft Defender for Endpoint (MDE) – http://aka.ms/mdeninja
Microsoft Cloud App Security (MCAS) – http://aka.ms/mcasninja
Microsoft Defender for Identity (MDI) – http://aka.ms/mdininja
Follow us on LinkedIn as #DefenderForOffice365. Bookmark the Security blog to keep up with expert coverage on security matters. Also, follow @MSFTSecurity on Twitter and Microsoft Security on LinkedIn for the latest news and updates on cybersecurity.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments