Become a Microsoft Defender for Office 365 Ninja!

COMING SOON: After each level, we will offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training! Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.

 

Note: Threat protection product names from Microsoft have recently changed. Read more about this and other updates here. 

• 
  

  Microsoft 365 Defender (previously Microsoft Threat Protection)

  
  


• 
  

  Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)

  
  


• 
  

  Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)

  
  


• 
  

  Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

  
  

 

Please let us know what you think about this training here: https://aka.ms/MDONinjasurvey

 

P.S. I wanted to give my colleague, @Heike Ritter a big thank you for laying the groundwork for Ninja Training and for all of her help, along with @Giulian Garruba & @Bruno Nowak! Thank you!

__________________________________________________________________________________

 

Table of Contents

Email Security – Fundamentals

(Deployment / Migration) 

Module 1. Technical overview 

Module 2. Getting started 

(Prevention & Detection) 

Module 3. Configuration (Part I) 

(Awareness) 

Module 4. General Awareness 

 

Email Security – Intermediate

(Prevention & Detection)

Module 1. Configuration (Part II) 

Module 2. Alert Management 

Module 3. Mail flow 

Module 4. Zero Hour Auto-Purge (ZAP) 

(Investigation & Hunting) 

Module 5. Investigating Alerts 

Module 6. Advanced hunting (overview)

Module 7. Automated Investigation and Remediation (AIR) 

Module 8. Threat Insights 

(Response & Remediation) 

Module 9. Alert Handling 

Module 10. Manage Quarantined Messages 

(Reporting) 

Module 11. Reporting 

 

Security Operations – Advanced

(SOC Flows) 

Module 1. SIEM Integration & APIs 

Module 2. False Positive/False Negative Management Flows 

Module 3. Automation 

(Investigation & Hunting)

Module 4. Advanced hunting (Kusto training) 

(Training) 

Module 5. Attack Simulation Training 

 

Supplemental Content (Tech Community links)

 

Legend:

Docs on Microsoft	Blogs on Microsoft
Product videos	Webcast recordings
Tech Community	Interactive guides
⤴ External	GitHub

 

Email Security – Fundamentals

(Deployment / Migration) 

Module 1. Technical overview 

•  Understanding where Microsoft Defender for Office 365 fits in the Microsoft 365 Security Center


•  What is Microsoft Defender for Office 365? 


•  Introducing Microsoft Defender for Office 365 


•  Microsoft Defender for Office 365 Protection Stack 


•  Secure by default in Office 365 


•  The unified Microsoft 365 security center overview 


•  Unified portal experience for Microsoft Defender for Office 365 


•  Interactive guide to Microsoft Defender for Office 365 


•  Get the most out of Office 365 ATP (Microsoft Defender for Office 365) in the shift to remote work 
  

Module 2. Getting started 

•  Evaluate Microsoft Defender for Office 365 


•  Evaluation Mode in Microsoft Defender for Office 365 


•  Configuration analyzer for protection policies in EOP and Microsoft Defender for Office 365 


•  ORCA (Office 365 Advanced Threat Protection Recommended Configuration Analyzer)


• ⤴ Reviewing your configuration with ORCA 


•  Enhanced Filtering for Connectors: Supporting hybrid mail routing configurations in Office 365 


•  Threat Explorer and Real-time detections 

(Prevention & Detection) 

Module 3. Configuration (Part I)

•  Mastering Configuration in Microsoft Defender for Office 365 


•  Preset security policies in Exchange Online Protection and Microsoft Defender for Office 365 


•  Recommended settings for Exchange Online Protection and Microsoft Defender for Office 365 security 


•  Protect against threats


•  Report messages and files to Microsoft 


•  User submissions policies (add-in for end users) 


•  Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft

(Awareness) 

Module 4. General Awareness

•  Protecting against coronavirus themed phishing attacks 


•  New Threat analytics report shares the latest intelligence on recent nation-state cyber attacks 


•  Safety tips in email messages

Email Security – Intermediate

(Prevention & Detection) 

Module 1. Configuration (Part II)

•  Assess and Optimize Defender for Office 365 Configuration 


•  Email authentication (SPF, DMARC, DKIM) 


•  Configure outbound spam filtering 


•  Impersonation settings in anti-phishing policies in Microsoft Defender for Office 365 

Module 2. Alert Management

•  Managing Alerts: Alert policies in the Security & Compliance Center 


•  Announcing Priority Account Protection in Defender for Office 365 


•  Differentiated protection for Priority accounts in Microsoft Defender for Office 365 

Module 3. Mail flow

•  Outbound spam protection in Exchange Online Protection 


•  Mail flow insights in the Security & Compliance Center 


•  Mail flow rules (transport rules) in standalone Exchange Online Protection 


•  Message trace in the Security & Compliance Center 

Module 4. Zero-Hour Auto Purge

•  Zero-Hour Auto Purge (ZAP) in Exchange Online 

(Investigation & Hunting) 

Module 5. Investigating Alerts

•  Get more out of Microsoft Defender for Office 365 with Microsoft 365 Defender 


•  Investigating alerts 


•  Microsoft Defender for Office 365 investigation improvements coming soon


•  Investigate malicious email that was delivered in Office 365 

Module 6. Advanced Hunting (overview)

•  Microsoft Defender for Office 365 gets even better with Incidents and Advanced Hunting 


•  Hunting in Microsoft Defender for Office 365 

Module 7. Automated Investigation and Remediation

•  AIR Overview: Automated investigation and response (AIR) in Microsoft Defender for Office 365


•  How automated investigation and response works in Microsoft Defender for Office 365 


•  Ignite 2020: Automated Incident Correlation in Microsoft Defender for Office 365 


•  Details and results of an automated investigation in Microsoft 365 


•  Self-healing in Microsoft 365 Defender 

Module 8. Threat Insights

•  Walkthrough – Spoof intelligence insight in Microsoft Defender for Office 365 


•  Business Email: Uncompromised – Part One 


•  Business Email: Uncompromised – Part Two 


•  Business Email: Uncompromised – Part Three 


•  How to prevent business email compromise using Microsoft Defender for Office 365 

(Response & Remediation) 

Module 9. Alert handling

•  Remediation actions in Microsoft Defender for Office 365 


•  Review and manage remediation actions in Office 365


•  Ignite 2019: Quickly identify compromised users and sophisticated campaigns


•  Ignite 2019: Introducing campaign views 


•  Announcing Campaign Views and Compromised User Detection and Response


•  Detect and respond to compromise in Microsoft Defender for Office 365 

Module 10. Manage quarantined messages

•  Manage quarantined messages and files as an administrator 

(Reporting) 

Module 11. Reports / Custom Reporting

•  Smart reports and insights in the Security & Compliance Center


•  View Defender for Office 365 reports in the Reports dashboard in the Security & Compliance Center

Security Operations – Advanced

(SOC Flows) 

Module 1. SIEM Integration & APIs

•  Say hello to the new Microsoft Threat Protection APIs!


•  Best practices for leveraging Microsoft 365 Defender API’s – Episode One


•  Best practices for leveraging Microsoft 365 Defender API’s – Episode Two


•  Improve the Effectiveness of your SOC with Office 365 ATP and the O365 Management API


•  Custom or third-party reporting solutions for Microsoft Defender for Office 365

Module 2. False Positive / False Negative Management Flows

•  Manually submit messages to Microsoft for analysis (FP/FN submission)


•  Handle FPs/FNs: How to report false positives/negatives in automated investigation and response capabilities 

Module 3. Automation

•  Ignite 2019: Use Office Advanced Threat Protection automation for efficient IR 

(Investigation & Hunting) 

Module 4. Advanced Hunting (Kusto training)

•  KQL part 1 of 3: Learn the KQL you need (part of Azure Sentinel webinar series)


•  KQL part 2 of 3: KQL hands-on lab exercises (part of Azure Sentinel webinar series)


•  KQL part 3 of 3: Optimizing KQL queries (part of Azure Sentinel webinar series)


• ⤴ Pluralsight KQL training 

(Training) 

Module 5. Attack Simulation Training

•  Attack simulation training in Microsoft Defender for Office 365 now Generally Available


•  Get started using Attack Simulation Training in Microsoft Defender for Office 365


•  Attack Simulation Training is now available!

Supplemental Content

•  Microsoft Defender for Office 365 – Microsoft Tech Community


•  Microsoft Security and Compliance – Microsoft Tech Community


• Microsoft Defender for Office 365 – Homepage

 

Please let us know what you think about this training here: https://aka.ms/MDONinjasurvey

 

Interested in other ninja trainings? There are also ninja trainings for: 

Microsoft Defender for Endpoint (MDE) – http://aka.ms/mdeninja 

Microsoft Cloud App Security (MCAS) – http://aka.ms/mcasninja 

Microsoft Defender for Identity (MDI) – http://aka.ms/mdininja

 

 

Follow us on LinkedIn as #DefenderForOffice365. Bookmark the Security blog to keep up with expert coverage on security matters. Also, follow @MSFTSecurity on Twitter and Microsoft Security on LinkedIn for the latest news and updates on cybersecurity.