Microsoft Defender for Endpoint course with hands on sims

We really hope you'll agree, this training is way more than the average course on Udemy!

Have access to the following:

• Training from an instructor of over 25+ years who has trained thousands of people and also a Microsoft Certified Trainer

• Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material

• Instructor led hands on and simulations to practice that can be followed even if you have little to no experience

TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS:

Introduction

• Welcome to the course!

• Understanding the Microsoft 365 and Azure Environment

• A Solid Foundation of Active Directory Domains

• A Solid Foundation of RAS, DMZ, and Virtualization

• A Solid Foundation of the Microsoft Cloud Services

• IMPORTANT Using Assignments in the course

• Questions for John Christopher

• Certificate of Completion

Setting up for hands on

• DONT SKIP: Before beginning your account setup

• Creating a trial Microsoft 365/Azure Account

• Disable Security Defaults in Entra ID before proceeding

• Configuring Microsoft Entra for device management

• Using a Hyper-V virtual machine or an Azure virtual machine

• Setting up an Azure virtual machine for hands on

• HYPER-V: Getting Hyper-V Installed on Windows

• HYPER-V: Creating a Virtual Switch in Hyper-V

• HYPER-V: Downloading the Windows 11 ISO

• HYPER-V: Installing a Windows 11 virtual machine

Device management support with Microsoft Entra

• Overview of device management of Microsoft device managements concepts

• Registering devices vs joining devices with Microsoft Entra

• Joining our virtual machine to Microsoft Entra

Introduction to Endpoint Security & Microsoft Defender for Endpoint

• What is Endpoint Security?

• High level overview of Microsoft Defender for Endpoint

• Licensing and Plan Comparison (P1 vs P2)

• Microsoft 365 Defender Portal Tour

• How Defender for Endpoint relates to Microsoft Intune

• Introduction to Microsoft Intune for device management

Setting Up Defender for Endpoint

• Prerequisites and Supported Operating Systems

• Creating a Microsoft Defender Admin role for permissions

• Onboarding a Windows device to Defender for Endpoint

• Mass automatic onboarding with Microsoft Intune

• Verifying Windows devices have been onboarded

• Implementing device discovery

Defender for Endpoint Vulnerability Management

• What are Common Vulnerabilities and Exposures (CVEs)?

• Inspecting vulnerabilities on a specific device

• Using the vulnerability management dashboard for high level overview

• Improving security with the help of vulnerability recommendations

• Utilizing remediation within vulnerability management

• Creating and managing Device Groups for Defender for Endpoint

Configuration and Policy Management

• Hardening endpoint security by using Endpoint Security Policies

• Attack Surface Reduction (ASR) Rules

• What is Next-Gen Protection with Microsoft Defender for Endpoint?

• Understanding the local anti-virus settings on Windows 11

• Implementing Next-Gen Protection for devices

• Understanding the local Defender Firewall settings on Windows 11

• Implementing Firewall Rule Policies using Defender for Endpoint

• Using Security Baselines in securing our devices

Utilizing Microsoft Purview Endpoint DLP (Data Loss Prevention)

• Understanding the concepts of DLP (Data Loss Prevention)

• Considering device requirements before using Endpoint DLP

• Settings for configuring Endpoint DLP

• Configuring DLP policies with advanced rules

• Enabling just-in-time (JIT) protection

• How to monitor for endpoint activities

Incident Response and Investigation

• What is Automated Investigation and Remediation (AIR)?

• Implementing Automated Investigation and Remediation (AIR) within device groups

• Triggering incidents using a client device for testing

• Investigating incidents generated by Defender managed devices

• Viewing alerts generated by Defender managed devices

• Managing and classifying detected alerts

Kusto Query Language (KQL)

• What is Kusto Query Language (KQL)?

• Using the Microsoft KQL Demo environment, downloading resource materials and AI

• Basic KQL syntax for searching for information

• Summarizing KQL results and filtering based on time ranges

• Controlling KQL data displayed based on columns, amounts and characters

• Using KQL variables and combining output data

• Running Threat Hunting Queries with Advanced Hunting (KQL)

• Utilizing Microsoft's Sentinel and Defender repository of premade KQL Queries