Mitigate threats using Microsoft Defender for Endpoint

Microsoft via Microsoft Learn

Go to class Write review

Learn how Microsoft Defender for Endpoint can help your organization stay secure.
In this module, you learn how to:
- Define the capabilities of Microsoft Defender for Endpoint.
- Understand how to hunt threats within your network.
- Explain how Microsoft Defender for Endpoint can remediate risks in your environment.
Deploy the Microsoft Defender for Endpoint environment
Upon completion of this module, the learner will be able to:
- Create a Microsoft Defender for Endpoint environment
- Onboard devices to be monitored by Microsoft Defender for Endpoint
- Configure Microsoft Defender for Endpoint environment settings
Implement Windows security enhancements with Microsoft Defender for Endpoint
Upon completion of this module, the learner will be able to:
- Explain Attack Surface Reduction in Windows
- Enable Attack Surface Reduction rules on Windows 10 devices
- Configure Attack Surface Reduction rules on Windows 10 devices
Perform device investigations in Microsoft Defender for Endpoint
Upon completion of this module, the learner is able to:
- Use the device page in Microsoft Defender for Endpoint
- Describe device forensics information collected by Microsoft Defender for Endpoint
- Describe behavioral blocking by Microsoft Defender for Endpoint
Perform actions on a device using Microsoft Defender for Endpoint
Upon completion of this module, the learner is able to:
- Perform actions on a device using Microsoft Defender for Endpoint
- Conduct forensics data collection using Microsoft Defender for Endpoint
- Access devices remotely using Microsoft Defender for Endpoint
Perform evidence and entities investigations using Microsoft Defender for Endpoint
Upon completion of this module, the learner is able to:
- Investigate files in Microsoft Defender for Endpoint
- Investigate domains and IP addresses in Microsoft Defender for Endpoint
- Investigate user accounts in Microsoft Defender for Endpoint
Configure and manage automation using Microsoft Defender for Endpoint
Upon completion of this module, the learner will be able to:
- Configure advanced features of Microsoft Defender for Endpoint
- Manage automation settings in Microsoft Defender for Endpoint
Configure for alerts and detections in Microsoft Defender for Endpoint
After completion of this module, you'll be able to:
- Configure alert settings in Microsoft Defender for Endpoint
- Manage indicators in Microsoft Defender for Endpoint
Utilize Vulnerability Management in Microsoft Defender for Endpoint
Upon completion of this module, the learner will be able to:
- Describe Vulnerability Management in Microsoft Defender for Endpoint
- Identify vulnerabilities on your devices with Microsoft Defender for Endpoint
- Track emerging threats in Microsoft Defender for Endpoint

Syllabus

Protect against threats with Microsoft Defender for Endpoint
- Introduction to Microsoft Defender for Endpoint
- Practice security administration
- Hunt threats within your network
- Summary and knowledge check
Deploy the Microsoft Defender for Endpoint environment
- Introduction
- Create your environment
- Understand operating systems compatibility and features
- Onboard devices
- Manage access
- Create and manage roles for role-based access control
- Configure device groups
- Configure environment advanced features
- Module assessment
- Summary and resources
Implement Windows security enhancements with Microsoft Defender for Endpoint
- Introduction
- Understand attack surface reduction
- Enable attack surface reduction rules
- Module assessment
- Summary and resources
Perform device investigations in Microsoft Defender for Endpoint
- Introduction
- Use the device inventory list
- Investigate the device
- Use behavioral blocking
- Detect devices with device discovery
- Module assessment
- Summary and resources
Perform actions on a device using Microsoft Defender for Endpoint
- Introduction
- Explain device actions
- Run Microsoft Defender antivirus scan on devices
- Collect investigation package from devices
- Initiate live response session
- Module assessment
- Summary and resources
Perform evidence and entities investigations using Microsoft Defender for Endpoint
- Introduction
- Investigate a file
- Investigate a user account
- Investigate an IP address
- Investigate a domain
- Module assessment
- Summary and resources
Configure and manage automation using Microsoft Defender for Endpoint
- Introduction
- Configure advanced features
- Manage automation upload and folder settings
- Configure automated investigation and remediation capabilities
- Block at risk devices
- Module assessment
- Summary and resources
Configure for alerts and detections in Microsoft Defender for Endpoint
- Introduction
- Configure advanced features
- Configure alert notifications
- Manage alert suppression
- Manage indicators
- Module assessment
- Summary and resources
Utilize Vulnerability Management in Microsoft Defender for Endpoint
- Introduction
- Understand vulnerability management
- Explore vulnerabilities on your devices
- Manage remediation
- Module assessment
- Summary and resources