Microsoft Defender for Endpoint course with hands on sims

Learn how to expertly administer Microsoft Defender for Endpoint with hands on experience!

We really hope you'll agree, this training is way more than the average course on Udemy!

Have access to the following:

• Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer

• Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material

• Instructor led hands on and simulations to practice that can be followed even if you have little to no experience

TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS:

Introduction

• Welcome to the course!

• Understanding the Microsoft 365 and Azure Environment

• A Solid Foundation of Active Directory Domains

• A Solid Foundation of RAS, DMZ, and Virtualization

• A Solid Foundation of the Microsoft Cloud Services

• IMPORTANT Using Assignments in the course

• Questions for John Christopher

• Certificate of Completion

Setting up for hands on

• DONT SKIP: Before beginning your account setup

• Creating a trial Microsoft 365/Azure Account

• Disable Security Defaults in Entra ID before proceeding

• Configuring Microsoft Entra for device management

• Using a Hyper-V virtual machine or an Azure virtual machine

• Setting up an Azure virtual machine for hands on

• HYPER-V: Getting Hyper-V Installed on Windows

• HYPER-V: Creating a Virtual Switch in Hyper-V

• HYPER-V: Downloading the Windows 11 ISO

• HYPER-V: Installing a Windows 11 virtual machine

Device management support with Microsoft Entra

• Overview of device management of Microsoft device managements concepts

• Registering devices vs joining devices with Microsoft Entra

• Joining our virtual machine to Microsoft Entra

Introduction to Endpoint Security & Microsoft Defender for Endpoint

• What is Endpoint Security?

• High level overview of Microsoft Defender for Endpoint

• Licensing and Plan Comparison (P1 vs P2)

• Microsoft 365 Defender Portal Tour

• How Defender for Endpoint relates to Microsoft Intune

• Introduction to Microsoft Intune for device management

Setting Up Defender for Endpoint

• Prerequisites and Supported Operating Systems

• Creating a Microsoft Defender Admin role for permissions

• Onboarding a Windows device to Defender for Endpoint

• Mass automatic onboarding with Microsoft Intune

• Verifying Windows devices have been onboarded

• Implementing device discovery

Defender for Endpoint Vulnerability Management

• What are Common Vulnerabilities and Exposures (CVEs)?

• Inspecting vulnerabilities on a specific device

• Using the vulnerability management dashboard for high level overview

• Improving security with the help of vulnerability recommendations

• Utilizing remediation within vulnerability management

• Creating and managing Device Groups for Defender for Endpoint

Configuration and Policy Management

• Hardening endpoint security by using Endpoint Security Policies

• Attack Surface Reduction (ASR) Rules

• What is Next-Gen Protection with Microsoft Defender for Endpoint?

• Understanding the local anti-virus settings on Windows 11

• Implementing Next-Gen Protection for devices

• Understanding the local Defender Firewall settings on Windows 11

• Implementing Firewall Rule Policies using Defender for Endpoint

• Using Security Baselines in securing our devices

Utilizing Microsoft Purview Endpoint DLP (Data Loss Prevention)

• Understanding the concepts of DLP (Data Loss Prevention)

• Considering device requirements before using Endpoint DLP

• Settings for configuring Endpoint DLP

• Configuring DLP policies with advanced rules

• Enabling just-in-time (JIT) protection

• How to monitor for endpoint activities

Incident Response and Investigation

• What is Automated Investigation and Remediation (AIR)?

• Implementing Automated Investigation and Remediation (AIR) within device groups

• Triggering incidents using a client device for testing

• Investigating incidents generated by Defender managed devices

• Viewing alerts generated by Defender managed devices

• Managing and classifying detected alerts

Kusto Query Language (KQL)

• What is Kusto Query Language (KQL)?

• Using the Microsoft KQL Demo environment, downloading resource materials and AI

• Basic KQL syntax for searching for information

• Summarizing KQL results and filtering based on time ranges

• Controlling KQL data displayed based on columns, amounts and characters

• Using KQL variables and combining output data

• Running Threat Hunting Queries with Advanced Hunting (KQL)

• Utilizing Microsoft's Sentinel and Defender repository of premade KQL Queries