Microsoft Defender course/training: Learn how to use Microsoft Defender
HTML-код
- Опубликовано: 28 ноя 2023
- Watch this video to learn information on how to use and manage Microsoft Defender
GET THE FULL COURSE HERE: bit.ly/4108pHM
CONCEPTS COVERERED IN THIS VIDEO:
Microsoft 365 Defender as an Extended Detection and Response (XDR)
*Visualizing the concepts of extended detection and responses (XDR)
*Configuring the Microsoft 365 Defender simulation lab
*Performing an attack using the simulation lab
*Microsoft 365 Defender incidents and automated investigations
*Microsoft 365 Defender action and submissions
*Using Kusto Query Language (KQL) for threat identification
*Microsoft Secure Score
*Microsoft 365 Defender threat analytics
*Custom detections and alerts
Getting started w/ Defender for Cloud,Defender for Servers & Defender for DevOps
*Introduction to Microsoft Defender for Cloud
*Regulatory compliance policies along with MCSB
*Remediations with secure score in Microsoft Defender for Cloud
*Microsoft Defender for Servers
*Microsoft Defender for DevOps
*Microsoft Defender External Attack Surface Management (EASM)
GET THE REST OF THE BELOW CONCEPTS IN THE FULL COURSE HERE: bit.ly/4108pHM
Basic concepts of the Microsoft Defender Suite and Services
*The Microsoft 365 Defender Suite
*Using the Defender and Purview admin centers
Microsoft Defender for Office 365
*What is Microsoft Defender for Office 365?
*Implementing policies for uses in Email, SharePoint, OneDrive, and Teams
*Dealing with threats using Defender for Office 365
*Performing a campaign email attack simulation in Microsoft Defender
Microsoft Defender for Cloud Apps and Data Loss Prevention (DLP)
*Understanding the concepts of Microsoft Defender for Cloud Apps
*Investigating security risks in Defender for Cloud Apps
*Concepts of data loss prevention in Microsoft Defender
*Alerts with data loss prevention policies (DLP)
*Data loss prevention (DLP) policy alert investigation
Microsoft Defender for Endpoint and Defender Vulnerability Management
*Understanding Microsoft Defender for Endpoint concepts
*Deploy a Windows 11 VM endpoint
*Attack surface reduction (ASR) support with Intune
*Working with device onboarding regarding Defender for Endpoint
*Something to be aware of about extra features
*Endpoint advanced features, alerts and incidents
*Endpoint vulnerabilities
*Device attack surface reduction (ASR)
*Device groups with Defender for Endpoint
*Microsoft Defender Vulnerability Management risk identification
*Endpoint threat indicators
*Device discovery of unmanaged devices
Microsoft Defender for Identity
*Microsoft Entra ID security risk mitigation
*Concepts of using Microsoft Entra Identity Protection
*Microsoft Entra Identity Protection security risk mitigation
*Microsoft Entra Identity Protection risks in regards to Microsoft Defender
*Microsoft Defender for Identity concepts
*Using Defender for Identity to mitigate threats with AD DS
Microsoft Defender for Cloud full management and configurations
*Settings config in Microsoft Defender for Cloud
*Roles in Microsoft Defender for Cloud
*Cloud workload protection
*Automation of onboarding Azure resource
*Azure Arc connections
*Multi-cloud connections
*Email notifications in Microsoft Defender for Cloud
*Using alert suppression rules
*Workflow automation configuration in Defender for Cloud
*Using sample alerts and incidents
*Using Microsoft Defender for Cloud recommendations
*Security alerts and incidents in Microsoft Defender for Cloud
*Using threat intelligence reports with Microsoft Defender for Cloud
Dealing with insider risks in Microsoft 365
*Concepts of insider risk policies
*Insider risk policy generation
*Insider risk policy alert investigation
Audit and search capabilities in Microsoft Defender and Microsoft Purview
*Licensing of unified audit logging
*Permissions for unified auditing
*Threat hunting with unified audit logging
*Threat hunting with Content Searches
Conclusion
*Cleaning up your lab environment
*Getting a Udemy certificate
*BONUS Where do I go from here?
![Sean Rii, Karyon, Sharzkii - Taungule [My Love] (Official Music Video)](http://i.ytimg.com/vi/eJoMuypbSzQ/mqdefault.jpg)
Get access to all my courses for a discount here:
examlabpractice.com/courses
an hour into this video and I can say your teaching style is very easy to grasp and helpful! thank you and keep doing what you're doing
Awesome training sessions. Thanks John.
God blessed you for this wonderful gift I had zaro knowledge but now I am so knowledgeable after this video am so happy thank you
This is a major help if you are taking the SC-300 exam but good to know if you do just about anything with in Entra ID! Awesome video will be watching this one a few times for sure.
Amazing content, thank you for everything.
J Christopher i dont hv words i wanted to appriciate you for such video. I am working as soc analyst still your video helped me to clear my basics ...
thank you for your video , very useful training video.
Thank for video. Currently i work as soc analyst and my daily task is analyze with microsoft defender
please provide your instagram id bro.. I also working as an soc analyst
Amazing video explaining the basics in #IT is very important so new students can join and understand in a better way. Your method of teaching is wonderful kudos for your help 🙏☺️🖥️🥇🚀
Great explanation.
Great Content!!
Thank you!
Nice Sharing..!!
But had an question regarding "Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)" - lets say suppose for this azure recommendation i want to turn off scanning of old images images and only with the latest tag should be scanned and rest all should be ignored - How can i do it soo ?? Need to Improve my Azure secure score
To focus vulnerability scanning on only the latest images or specific tags within your Azure Container Registry and improve your Azure secure score, you'll need to customize the scanning policies. Microsoft Defender for Cloud, formerly known as Azure Security Center, provides a way to manage and enforce security policies across your Azure resources, including the Container Registry. Here's how you might approach this:
Access Microsoft Defender for Cloud:
Go to the Azure portal.
Open Microsoft Defender for Cloud.
Navigate to the 'Environment settings' under the 'Management' section.
Select the Subscription and Container Registry:
Choose the subscription where your container registry is located.
Select the specific container registry you want to configure.
Configure the Security Policy:
Find the policy related to container image scanning (like "Vulnerabilities in Azure Container Registry images should be remediated").
Modify the policy to specify that only images with the 'latest' tag or images newer than a certain age should be scanned. This might involve setting custom parameters or exclusions.
Implement Tagging Strategies:
Ensure your image deployment process is tagging images correctly. Consistently use the 'latest' tag for the most recent and relevant images you want to be scanned.
Older or less critical images should have different tags that don't get picked up by the policy.
Automation and Scripting:
Consider using Azure CLI or PowerShell scripts to automate the process of tagging and untagging images. You can write scripts to retag older images and ensure only the latest images retain the 'latest' tag.
Monitor and Review:
Regularly monitor the results of the scans and the security recommendations in Microsoft Defender for Cloud.
Review and adjust your policies and tagging strategies as needed to ensure that only the desired images are being scanned.
Consult Documentation and Support:
Azure's documentation and support channels can provide specific guidance and best practices for setting up and customizing your vulnerability scanning policies.
By effectively managing your scanning policies and image tags, you can focus security resources on the most relevant container images and improve your Azure secure score. Keep in mind that while focusing on the latest images can reduce noise and overhead, it's also crucial to ensure that all deployed images, not just the latest, are secure and compliant. Regularly review and update your policies and practices to balance security with efficiency.
Does your udemy course linked in the description depend on using the deprecated evaluation lab feature?
It is 3 small videos in the course. Everything else is fine. I have left them in the course to show the demonstrations. As soon as Microsoft releases an updated lab, I will update the content with something better.
Do you need an E5 license to perform the lab? I have an E3 and do not see it.
E5 to do everything. I would recommend you get a free Microsoft E5 developer account. Do a google search and you can learn how to open one
What else can we use as evaluations and tutorials have been deprecated as of 18/01/2023
Microsoft has not released anything new. Please understand that the deprecated section is a VERY small section. Everything else is still very much up to date
Anyone know how I can generate alerts in the new defender (XDR), not sure how to complete this training without looking at incidents
Unfortunately it’s hard now that they took the lab away. But I plan to update with a solution when I can. Once solution is to setup a virtual machine and join it, then inject it with malware. By the way, this is just a sample of my full course. The full course goes deeper into defender. See description for details
@@examlabpractice I’ve got the full training on udemy
Great, well I am hoping A) Microsoft will provide a solution soon. B) I can find my own solution. For now, I would recommend you move on. This is really just a small part of the course anyway. It only involves 3 videos in the whole course. Also, you can also message me on udemy as opposed to here. I respond just as quick there as I do here ;)
The evaluation lab is deprecated, any idea of a workaround?
At the moment, no. I'm VERY frustrated about it. Microsoft gave the training industry almost no warning about this. Hopefully they'll come out with something to replace it soon because there isn't really any way for someone to test anything out on your own without trial by fire
@@examlabpractice Thanks for your response, I'm trying to learn, almost losing my mind searching everywhere for a workaround 😀
i am unable to install defender agent getting error on all windows 2012R2 servers 2012 R2 - MpAsDesc.dll 310
My understanding of defender agent is that it does not natively support 2012 R2. It natively supports 2016 and higher
l we have more than 500 servers and customers don't want to upgrade. Do you have any troubleshooting steps which I can follow?
Thanks for this training however, it seems like intro sound is way too loud - had a jump scare haha.
lol sorry for the jump scare
pls help onthis You have a Microsoft 365 subscription that has Microsoft 365 Defender enabled.
You need to identify all the changes made to sensitivity labels during the past seven days.
What should you use?
A. the Incidents blade of the Microsoft 365 Defender portal
B. the Alerts settings on the Data Loss Prevention blade of the Microsoft 365 compliance center
C. Activity explorer in the Microsoft 365 compliance center
D. the Explorer settings on the Email & collaboration blade of the Microsoft 365 Defender portal @@examlabpractice