We really hope you'll agree, this training is way more then the average course on Udemy!

Have access to the following:

• Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer

• Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material

• Instructor led hands on and simulations to practice that can be followed even if you have little to no experience

TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS:

Introduction

• Welcome to the course

• Understanding the Microsoft Environment

• Foundations of Active Directory Domains

• Foundations of RAS, DMZ, and Virtualization

• Foundations of the Microsoft Cloud Services

• DONT SKIP: The first thing to know about Microsoft cloud services

• DONT SKIP: Azure AD is now renamed to Entra ID

• Questions for John Christopher

• Order of concepts covered in the course

Performing hands on activities

• DONT SKIP: Using Assignments in the course

• Creating a free Microsoft 365 Account

• Activating licenses for Defender for Endpoint and Vulnerabilities

• Getting your free Azure credit

• Setting up Microsoft Entra for device management

• Disable Security Defaults in Entra ID before proceeding

• How to setup an Azure virtual machine for practicing hands on

• Setting up Microsoft Entra for device management

• How to join our test virtual machine to Microsoft Entra

Configure automation for Microsoft Defender XDR and Microsoft Sentinel

• Introduction to Microsoft 365 Defender

• Concepts of the purpose of extended detection and response (XDR)

• Microsoft Defender and Microsoft Purview admin centers

• Concepts of management with Microsoft Defender for Endpoint

• Vulnerability Management has been moved

• Setting up a Microsoft Defender Admin role for permissions

• Onboarding to manage devices using Defender for Endpoint

• Bulk automatic onboarding with Microsoft Intune

• How to verify Windows devices have been onboarded

• A note about extra features in your Defender for Endpoint

• Incidents, alert notifications, and advanced feature for endpoints

• Review and respond to endpoint vulnerabilities

• Configure and manage device groups

• Identify devices at risk using the Microsoft Defender Vulnerability Management

• Identify unmanaged devices by using device discovery

• Configure security policies including attack surface reduction (ASR) rules

• Concepts of Microsoft Sentinel

• Plan a Microsoft Sentinel workspace

Configure the Microsoft Sentinel SIEM and platform

• Configure Microsoft Sentinel roles and specify Azure RBAC roles

• Design and configure Microsoft Sentinel data storage,log types and log retention

• Activate and customize workbook templates

• Create custom workbooks that include KQL

• Configure visualizations

Ingest data into the Microsoft Sentinel SIEM and platform

• Identify data sources to be ingested for Microsoft Sentinel

• Implement and use Content hub solutions

• A note about Kusto Query Language (KQL)

• Configure & use MS connectors for Azure, including Azure Policy & diagnostics

• Plan and configure Azure Monitor Agent (AMA) and data collection rules

• Plan and configure Syslog and Common Event Format (CEF) event collections

• Collection of Windows Security events and Windows Event Forwarding (WEF)

• Create custom log tables in the workspace to store ingested data

• Configure Sentinel to ingest Azure and Entra ID data

• Monitor and optimize data ingestion

Configure detections

• Run an attack simulation email campaign in Microsoft 365 Defender

• Manage actions and submissions in the Microsoft 365 Defender portal

• Identify and remediate security risks by using Microsoft Secure Score

• Analyze threat analytics in the Microsoft 365 Defender portal

• Configure and manage custom detections and alerts

• Classify and analyze data by using entities

• Concepts of Microsoft Sentinel analytics rules

• Configure and manage analytics rules

• Query Microsoft Sentinel data by using ASIM parsers

• Implement behavioral analytics

Respond to alerts and incidents in Microsoft Defender XDR

• Using polices to remediate threats with Email, Teams, SharePoint & OneDrive

• Investigate, respond, and remediate threats with Defender for Office 365

• Understanding data loss prevention (DLP) in Microsoft 365 Defender

• Understanding Data loss prevention roles and permissions

• Implement data loss prevention policies (DLP)

• Adaptive Protection with data loss prevention

• Policy and rule precedence in Data Loss Prevention

• Understanding insider risk policies

• Implement Insider Risk Management connectors

• Generating an insider risk policy

• Overview of Microsoft Defender for Cloud

• Assess and recommend cloud workload protection and enable plans

• Investigate information identified by MS Defender for Cloud workload protection

• Discover and manage apps by using Microsoft Defender for Cloud Apps

• Identify, investigate, & remediate security risks by using Defender for Cloud Apps

• Investigate and remediate incidents in Microsoft Sentinel

• Understanding automation rules and Microsoft Sentinel playbooks

• Create and configure automation rules

• Create and configure Microsoft Sentinel playbooks

• Run playbooks on on-premises resources

• What Microsoft Security Copilot (MSC)?

• Security compute units (SCUs) in Security Copilot

• Warning before allocating SCUs for Security Copilot

• Allocating SCUs for Security Copilot

• Setting up sample alerts for querying with Security Copilot

• Investigating an incident involving a VM with Security Copilot

• IMPORTANT Delete your SCUs

Respond to alerts and incidents identified by Microsoft Defender for Endpoint

• Configure anomaly detection analytics rules

• How to trigger some incidents using a client device for testing

• Investigate timeline of compromised devices

Investigate Microsoft 365 activities to identify threats

• Understanding unified audit log licensing and requirements

• Setting unified audit permissions and enabling support

• Investigate threats by using Content Search

• Perform threat hunting by using Microsoft Graph activity logs

Detect threats by using Microsoft Defender XDR

• Identify purposes of using Kusto Query Language (KQL)

• Practicing with KQL in Microsoft's Demo environment

• Searching for information using basic KQL syntax

• Summarizing KQL results and filtering based on time ranges

• Using KQL to display data based on columns, amounts and characters

• Implementing variables and combining output data with KQL

• Identify and interpret threats analytics by using KQL in Defender

• Customizing hunting queries using Microsoft's Sentinel and Defender repository

Detect threats by using the Microsoft Sentinel platform

• Analyze attack vector coverage by using the MITRE ATT&CK matrix

• Manage and use threat indicators

• Create and manage hunts

• Create and monitor hunting queries

• Use hunting bookmarks for data investigations

• Retrieve and manage archived log data

• Create and manage search jobs

Conclusion

• Cleaning up your lab environment

• Getting a Udemy certificate

• BONUS Where do I go from here?