What you'll learn:
- Learn the concepts and perform hands on activities needed to master Microsoft Defender for Endpoint
- Gain a tremendous amount of knowledge involving Microsoft Defender for Endpoint
- Learn using hands on simulations on how Microsoft Defender for Endpoint is administered!
- Learn how to set up your own test lab for practicing the concepts!
We really hope you'll agree, this training is way more than the average course on Udemy!
Have access to the following:
Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer
Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material
Instructor led hands on and simulations to practice that can be followed even if you have little to no experience
TOPICS COVEREDINCLUDINGHANDSONLECTUREANDPRACTICETUTORIALS:
Introduction
Welcome to the course!
Understanding the Microsoft 365 and Azure Environment
A Solid Foundation of Active Directory Domains
A Solid Foundation of RAS, DMZ, and Virtualization
A Solid Foundation of the Microsoft Cloud Services
IMPORTANT Using Assignments in the course
Questions for John Christopher
Certificate of Completion
Setting up for hands on
DONT SKIP: Before beginning your account setup
Creating a trial Microsoft 365/Azure Account
Disable Security Defaults in Entra ID before proceeding
Configuring Microsoft Entra for device management
Using a Hyper-V virtual machine or an Azure virtual machine
Setting up an Azure virtual machine for hands on
HYPER-V: Getting Hyper-V Installed on Windows
HYPER-V: Creating a Virtual Switch in Hyper-V
HYPER-V: Downloading the Windows 11 ISO
HYPER-V: Installing a Windows 11 virtual machine
Device management support with Microsoft Entra
Overview of device management of Microsoft device managements concepts
Registering devices vs joining devices with Microsoft Entra
Joining our virtual machine to Microsoft Entra
Introduction to Endpoint Security & Microsoft Defender for Endpoint
What is Endpoint Security?
High level overview of Microsoft Defender for Endpoint
Licensing and Plan Comparison (P1 vs P2)
Microsoft 365 Defender Portal Tour
How Defender for Endpoint relates to Microsoft Intune
Introduction to Microsoft Intune for device management
Setting Up Defender for Endpoint
Prerequisites and Supported Operating Systems
Creating a Microsoft Defender Admin role for permissions
Onboarding a Windows device to Defender for Endpoint
Mass automatic onboarding with Microsoft Intune
Verifying Windows devices have been onboarded
Implementing device discovery
Defender for Endpoint Vulnerability Management
What are Common Vulnerabilities and Exposures (CVEs)?
Inspecting vulnerabilities on a specific device
Using the vulnerability management dashboard for high level overview
Improving security with the help of vulnerability recommendations
Utilizing remediation within vulnerability management
Creating and managing Device Groups for Defender for Endpoint
Configuration and Policy Management
Hardening endpoint security by using Endpoint Security Policies
Attack Surface Reduction (ASR) Rules
What is Next-Gen Protection with Microsoft Defender for Endpoint?
Understanding the local anti-virus settings on Windows 11
Implementing Next-Gen Protection for devices
Understanding the local Defender Firewall settings on Windows 11
Implementing Firewall Rule Policies using Defender for Endpoint
Using Security Baselines in securing our devices
Utilizing Microsoft Purview Endpoint DLP (Data Loss Prevention)
Understanding the concepts of DLP (Data Loss Prevention)
Considering device requirements before using Endpoint DLP
Settings for configuring Endpoint DLP
Configuring DLP policies with advanced rules
Enabling just-in-time (JIT) protection
How to monitor for endpoint activities
Incident Response and Investigation
What is Automated Investigation and Remediation (AIR)?
Implementing Automated Investigation and Remediation (AIR) within device groups
Triggering incidents using a client device for testing
Investigating incidents generated by Defender managed devices
Viewing alerts generated by Defender managed devices
Managing and classifying detected alerts
Kusto Query Language (KQL)
What is Kusto Query Language (KQL)?
Using the Microsoft KQL Demo environment, downloading resource materials and AI
Basic KQL syntax for searching for information
Summarizing KQL results and filtering based on time ranges
Controlling KQL data displayed based on columns, amounts and characters
Using KQL variables and combining output data
Running Threat Hunting Queries with Advanced Hunting (KQL)
Utilizing Microsoft's Sentinel and Defender repository of premade KQL Queries
