Microsoft Defender Course with hands on training and sims

Understand how simulations (assignments) fit into the Microsoft Defender course, why certificates rely on watched videos rather than assignments, and how to access and complete simulations when needed.

Set up your Microsoft 365 and Azure lab, obtain and activate a free Microsoft 365 E5 trial, and optionally enable a 30-day Teams trial to complete hands-on defender training.

Learn to create a free Microsoft 365 trial with a new email, verify by phone, assign licenses, and cancel after 30 days.

Activate your Azure free credit to power hands-on activities and simulations, with $200 credit for 30 days and free services for a year.

Explore the Microsoft 365 Defender suite, including Defender for Endpoint, Defender for Office 365, Defender for Identity, Defender for Cloud Apps, and vulnerability management, with threat intelligence and AI analytics.

Navigate the security and compliance admin centers for Microsoft 365 defender and purview, learn how defender and purview relate, and understand licensing activation delays and policy generation.

Microsoft Defender for Office 365 protects email, documents, and Teams with safe attachments and safe links, detonation chamber testing, and policies to prevent phishing and malware.

Explore threat policies in Microsoft Defender for Office 365, covering anti-phishing, anti-spam, anti-malware, safe attachments and safe links, with configuration options for SharePoint, OneDrive, and Teams.

Identify threats in Defender for Office 365 using Threat Explorer to review email malware, phishing, and content malware, examine sender info, URLs, and remediation options.

Explore how to use the attack simulator in Microsoft 365 Defender to run credential harvesting phishing campaigns, review simulations, training, and automation options for user security awareness.

Learn how to redo simulations after completing an assignment by navigating to summary, returning to the assignment, and opening the instructions to access the simulation link.

Explore how defender for cloud apps, a cloud access security broker, helps prevent shadow IT by discovering apps, monitoring on-premise and cloud activity, enforcing compliance, and triggering alerts for remediation.

Explore Microsoft Defender for cloud apps to identify apps, manage policies, and investigate incidents using policy templates, file policies, and risk categories to control cloud app usage.

Learn how data loss prevention (DLP) in Microsoft Defender identifies sensitive information using sensitivity labels and enforces policies across Exchange Online, SharePoint, and Teams to prevent data exfiltration and leakage.

Learn to configure data loss prevention policies in Microsoft Purview, using sensitive info types to protect emails, docs, and data across Exchange, SharePoint, OneDrive, and Teams.

Discover how data loss prevention policy alerts are triggered and investigated in Purview and Defender, including incident IDs, severity levels, investigation states, and how to access incident details.

Learn how Microsoft Defender for Endpoint turns devices into sensors, enabling threat and vulnerability management, attack surface reduction, next-generation protection, and endpoint detection and response with automated remediation.

Deploy a Windows 11 enterprise VM in azure, create a resource group, name NYC CL one, and set auto shutdown, then connect via rdp.

Explore attack surface reduction (ASR) policies managed through Intune, a Microsoft MDM, and manually enroll a virtual machine into Intune via the Company Portal, covering Azure AD enrollment and authentication.

Onboard a Windows device to Microsoft Defender for Endpoint, including Azure AD join and using local scripts or Intune. Learn how to verify enrollment in the Defender portal.

Explore defender for endpoint by running a detection test with a PowerShell script, and review alerts, incidents, and the vulnerability dashboard on plan two versus plan one.

Explore attack surface reduction (ASR) with Intune to harden endpoints, configure policies, and deploy blocking rules for executables, scripts, and apps across Windows 10/11 devices.

Create a NYC device group in Defender for Endpoint, set remediation levels to fully automate remediation across temp, windows, and non temp folders, and assign an admin group.

Learn to identify vulnerable devices using Microsoft Defender Vulnerability Management by creating a baseline assessment profile with CIS benchmarks and targeted settings, then scan all devices for missing security configurations.

Explore endpoint threat indicators in Defender vulnerability management baseline assessments, review security recommendations, and apply remediation steps via group policy or registry while inspecting software inventory and extensions.

Explore how Defender for Endpoint discovers unmanaged devices using basic and standard discovery, via onboarded devices, Intune, network discovery, and third-party integrations.

Mitigate risk in Entra ID by examining sign-in logs and audit logs in portal.azure.com. Filter by time, view event details, and assess authentication, conditional access, and MFA outcomes.

Explore how Microsoft Entra Identity Protection detects and remediates identity-based threats through risky users and risky sign-ins, with conditional access, MFA, auto remediation, and SIEM integrations.

Configure intra-identity protection with risk-based conditional access policies, focusing on user risk and sign-in risk, and enforce multi-factor authentication for medium or high risk.

Explore intra identity protection in Microsoft Defender, investigate risky users through identity protection, review incidents and alerts in Microsoft 365 Defender, and assess devices, locations, and lateral movement timelines.

Microsoft Defender for Identity, formerly Azure ATP, monitors on-premise and cloud activity. It uses heuristics to detect anomalies, map the kill chain, and monitor user activities.

Explore how to deploy Defender for Identity with AD DS on an on-premises domain by adding a sensor, linking it with an access key, and configuring accounts to mitigate threats.

Explore Microsoft 365 Defender as an XDR that unifies endpoint, identity, cloud apps, and on-prem logs for holistic security, enabling detection, threat intelligence, and automated responses.

The Defender for Endpoint lab has been deprecated, so the evaluation lab cannot be set up anymore; watch these videos for updates and a replacement hands-on plan.

Set up a Microsoft 365 Defender lab in the defender portal, launch an evaluation lab, and run threat, safe-breach, and attack simulations on a Windows 11 test device.

Set up a Windows 11 attack lab and run a threat simulation in Microsoft Defender, using Safe Breach and other simulations via evaluation and tutorials.

Explore a simulated ransomware attack in Microsoft Defender, tracing incidents and alerts and demonstrating automated investigations and threat analytics in the Defender console.

Demonstrate using Microsoft 365 Defender's action and submissions area to submit emails, files, and user reports for analysis, then review the Action Center and perform automated or manual threat responses.

Master threat identification using Kusto Query Language (KQL) in Microsoft Defender's advanced hunting, combining Azure and Microsoft 365 Defender data with KQL queries and pipelines.

Assess and improve your security posture with Microsoft Defender's Secure Score, track actions, and implement recommendations like multi-factor authentication and mobile device management to strengthen your environment.

Explore Microsoft Defender threat analytics and threat intelligence to identify latest threats, including CVE references, aligned with MITRE, assess impacts, view analyst reports, and apply recommended actions.

Learn to create a custom alert policy in Microsoft Defender, set high-severity threat detections for inbound emails, and manage alert notifications in Microsoft 365 Defender.

Microsoft Defender for cloud is a cloud native protection platform that unifies devsecops, CSPM, and cloud workload protection across multi-cloud environments, with centralized policy management and secure score.

Strengthen your cloud security by evaluating regulatory compliance with the Microsoft Cloud security benchmark, identify gaps, and implement automated and manual controls across Azure, AWS, and Google Cloud environments.

Learn to view and improve the secure score in Microsoft Defender for Cloud by examining the security posture and enabling MFA via a conditional access policy.

Explore Defender for servers within Defender for Cloud, onboarding options, plan comparison, and cross-cloud support (Azure, AWS, Google), including endpoint integration, vulnerability management, and agentless monitoring.

Learn how Defender for cloud and Defender for DevOps unify DevOps security posture and triage vulnerabilities. Connect GitHub, authorize, and install Defender for DevOps to analyze code for vulnerabilities.

Explore Microsoft Defender External Attack Surface Management (ESM), continuously discovering external assets like domains, hosts, IP addresses, SSL certificates, and ASNs, to prioritize risk and reveal vulnerabilities.

Explore configuring Microsoft Defender for Cloud through portal settings, linking environments like AWS, Google Cloud, GitHub, and Azure DevOps, plus governance rules, data sensitivity labels, and cost-aware plan coverage.

Explore how roles govern Defender for Cloud in Azure and Microsoft Entry ID, including security reader and security admin permissions, and how to assign at resource, subscription, and global levels.

Understand microsoft defender for cloud as a cloud workload protection platform, covering servers, storage, containers, databases, and APIs, and learn to enable and manage protection plans in Azure portal.

Enable automated onboarding for Azure server resources by configuring Microsoft Defender for Endpoint and Defender for Cloud, turning on automated deployment in the Azure portal settings.

Azure Arc provides a single pane of glass to centrally manage Azure and non-Azure resources, bridging on-premises, AWS, and Google environments with the ARM.

Learn how to connect Microsoft Defender for Cloud to AWS and Google Cloud through environment settings, create a new environment, and configure accounts, regions, and subscriptions for multi-cloud protection.

Set up and manage email notifications for Microsoft Defender for Cloud by configuring recipients, severities, and delivery frequency in portal.azure.com, using either the UI or JSON.

Learn to create and manage alert suppression rules in Microsoft Defender for Cloud, including assigning security admin roles, defining suppression criteria and reasons, and validating outcomes via simulation.

Configure workflow automation in Defender for Cloud using an Azure logic app to act on alerts and recommendations, with Outlook.com connectors for automated emails.

Generate and explore sample alerts and incidents in Microsoft Defender for Cloud, using portal.azure.com to create alerts via the security alerts sample tab and experiment with them.

Remediate issues from Defender for Cloud by reviewing security alerts and recommendations in the Azure portal, then follow remediation steps to adjust MFA and guest access.

Manage security alerts and incidents in Microsoft Defender for Cloud from portal.azure.com, view full details, and take action to mitigate threats. Configure suppression rules and automated responses via Logic Apps.

Explore how Microsoft Defender for Cloud yields threat intelligence reports for security alerts, viewable as PDFs with summaries and links to analyze brute force threats and stay informed about attacks.