What you'll learn

Deploy and configure Microsoft Defender for Endpoint across Windows, macOS, Linux, Android, and iOS devices
Detect, investigate, and respond to cyber threats using Microsoft Defender for Endpoint tools and dashboards
Perform endpoint threat hunting with Advanced Hunting queries and real-world attack scenarios
Integrate Microsoft Defender for Endpoint with Microsoft 365 Defender and Microsoft Sentinel for SOC operations

Course content

4 sections • 11 lectures • 2h 6m total length

Introduction11:50
In this lecture, you will get a comprehensive introduction to Microsoft Defender for Endpoint (MDE). We cover the product history and naming evolution, how to access the unified Microsoft Defender portal at security.microsoft.com, where MDE fits within the Microsoft 365 Defender suite, the three core components (Endpoint Sensor, Cloud Security Analytics, and Threat Intelligence), and the six key features including Threat and Vulnerability Management, Attack Surface Reduction, Next-Generation Protection, EDR, Automated Investigation and Remediation, and Microsoft Threat Experts.
Module 1 — Introduction Quiz
Prerequisites and Requirements for Microsoft Defender for Endpoint9:28
In this lecture, we cover all the prerequisites and requirements needed before deploying Microsoft Defender for Endpoint. Topics include portal access and navigation paths, data center location selection, data retention limits (180 days), enabling preview features, license requirements across Defender for Business, Plan 1, and Plan 2, supported platforms for Windows, macOS, Linux, iOS, and Android, network connectivity requirements, and the critical Microsoft Defender Antivirus dependency.
Module 2 — Requirements Quiz

Understanding RBAC and SOC Tiering in Microsoft Defender for Endpoint5:47
Learn how Role-Based Access Control works in MDE. Covers Entra ID built-in roles, custom RBAC roles, SOC tiering model, device groups, and how to scope device visibility for regional SOC teams.
Module 3 — RBAC Quiz
RBAC Configuration Walkthrough — End-to-End Portal Demo13:51
In this lecture, we walk through the complete end-to-end RBAC configuration in Microsoft Defender for Endpoint using the updated 2026 Unified RBAC model. We cover creating security groups in Entra ID, building custom roles in the new Unified RBAC portal location, configuring device groups for scoped access, and verifying the configuration by signing in with Tier 1 and Tier 2 analysts to show the difference in permissions live in the portal.
Module 4 — RBAC Configuration Quiz

Planning Your MDE Deployment — Strategy, Architecture, and Stakeholder Readiness9:08
Learn how to plan a Microsoft Defender for Endpoint deployment from scratch. Covers the 5-stage deployment process, three deployment types, architecture selection, onboarding methods, and what to do if you already have an existing endpoint protection solution in place.
Module 5 — Deployment Planning Quiz
Onboarding Windows Devices to MDE Using Local Script11:15
Learn how to onboard Windows devices to Microsoft Defender for Endpoint using the Local Script method. Covers downloading the onboarding package, running the script, verifying onboarding via the Sense service and registry, and enabling the MDE and Intune connection on both portals.
Module 6 — Local Script Onboarding Quiz
Onboarding Windows Devices to MDE Using Group Policy Object (GPO)18:57
Learn how to onboard Windows devices to Microsoft Defender for Endpoint using Group Policy Object. Covers creating a network share, configuring a scheduled task via GPO, linking the policy to the domain, verifying onboarding via the Sense service and registry, and confirming the device appears in the portal.
Module 7 — Group Policy Object Onboarding Quiz
Onboarding Windows Devices to MDE Using Microsoft Intune17:15
Learn how to onboard Windows devices to MDE using Microsoft Intune. Covers the MDE and Intune connector setup, creating an Endpoint Detection and Response policy, uploading the onboarding package, and verifying onboarding automatically without touching the device.
Module 8 — Intune Onboarding Quiz

What is Threat and Vulnerability Management in Microsoft Defender for Endpoint?6:36
Learn what Threat and Vulnerability Management is, how it uses the MDE sensor to continuously discover and prioritize vulnerabilities, and how it bridges the gap between security and IT teams through direct Microsoft Intune integration for remediation.
Module 8 — Threat and Vulnerability Management Introduction Quiz
Getting Started with TVM — Prerequisites, Permissions and Device Value9:53
Learn TVM prerequisites, permission levels for accessing vulnerability data, and how device value affects vulnerability prioritization across your endpoints.
Module 9 — Getting Started with TVM Quiz
TVM Dashboard — Understanding Your Organization's Security Posture12:24
Explore every section of the TVM dashboard including exposure score, top vulnerable software, vulnerabilities insights, device exposure distribution, top exposed devices, and remediation activities.
Module 10 — TVM Dashboard Quiz

Requirements

Basic knowledge of networking, Windows operating systems, and cybersecurity concepts is recommended. Learners should have access to a Microsoft 365 or Defender trial environment for hands-on practice.

Description

Mohammed Sharif Akhter is a Microsoft Certified Trainer and Senior IT Consultant with over 12 years of hands-on enterprise experience specializing in Microsoft endpoint management, cloud security, and identity solutions. He is the founder of ITP Training, where he has trained thousands of IT professionals across 30 countries, from career switchers to senior engineers at Fortune 500 companies and government agencies.

His enterprise background spans roles at Compugen, OMERS, Teleperformance Canada, and Wipro, where he deployed and managed large-scale Microsoft Intune, SCCM/MECM, and Microsoft 365 security environments supporting tens of thousands of devices.

He holds industry-recognized certifications including Microsoft Certified Trainer, MD-102 Endpoint Administrator, MS-102 Microsoft 365 Administrator, SC-200 Security Operations Analyst, SC-300 Identity and Access Administrator, and multiple Microsoft, IBM, and AWS certifications, over 20 in total.

Every course is built from real production experience, not textbook theory. Having deployed Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Sentinel, and the full Microsoft 365 Defender suite in enterprise environments, the training reflects what actually works in the field.

The teaching philosophy is simple: break down complex security and endpoint concepts into clear, practical lessons that IT professionals can apply immediately in their own environments.

Courses cover Microsoft Intune, SCCM/MECM, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps, Microsoft Sentinel, and the full XDR suite.

Whether preparing for a Microsoft certification, advancing a security career, or deploying these solutions in an organization, these courses provide the skills and confidence to succeed.

Who this course is for:

IT administrators, SOC analysts, cybersecurity professionals, Microsoft 365 administrators, and beginners interested in endpoint security and threat detection using Microsoft Defender for Endpoint.

What you'll learn

Explore related topics

Course content

Introduction2 lectures • 21min

Role-Based Access Control (RBAC)2 lectures • 20min

Device Onboarding4 lectures • 57min

Threat and Vulnerability Management3 lectures • 29min

Requirements

Description

Who this course is for: