Become a Microsoft 365 Defender Ninja

%3CLINGO-SUB%20id%3D%22lingo-sub-1796168%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796168%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20sharing%2C%20for%20the%20top%20part%20when%20there%20are%20Modules%2C%20when%20click%20on%20the%20link%20it%20will%20open%20new%20tab.%20If%20possible%20please%20make%20it%20like%20navigate%20inside%20this%20page%20(instead%20of%20opening%20new%20tab)%2C%20while%20for%20other%20links%20opening%20new%20tab%20is%20fine%20because%20it%20is%20new%20website.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796194%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796194%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13441%22%20target%3D%22_blank%22%3E%40Reza%20Ameri%3C%2FA%3E%26nbsp%3B%20weird%2C%20it%20should%20open%20in%20the%20same%20page.%20Thanks%20for%20the%20info%2C%20I%20will%20check%20again%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796202%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796202%22%20slang%3D%22en-US%22%3E%3CP%3EThanks!%20And%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13441%22%20target%3D%22_blank%22%3E%40Reza%20Ameri%3C%2FA%3E%26nbsp%3Bit%20open%20in%20the%20same%20page%20for%20me.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796226%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796226%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F565232%22%20target%3D%22_blank%22%3E%40Kam%3C%2FA%3E%26nbsp%3B%26amp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13441%22%20target%3D%22_blank%22%3E%40Reza%20Ameri%3C%2FA%3E%26nbsp%3B%20I%20just%20fixed%20it%20quickly%20%3A)%3C%2Fimg%3E%20Thanks%20again!!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796270%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796270%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20consider%20add%20these%20contents%20in%20Microsoft%20Learn%20platform%20too.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796967%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796967%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20work%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1797033%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1797033%22%20slang%3D%22en-US%22%3E%3CP%3EI%20cannot%20wait%20to%20go%20through%20the%20security%20modules.%20Awesome%20job!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1789376%22%20slang%3D%22en-US%22%3EBecome%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1789376%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20365%20Defender%2C%20part%20of%20Microsoft%E2%80%99s%20XDR%20solution%2C%20leverages%20the%20Microsoft%20365%20security%20portfolio%20to%20automatically%20analyze%20threat%20data%20across%20domains%2C%20building%20a%20complete%20picture%20of%20each%20attack%20in%20a%20single%20dashboard.%20This%20Ninja%20blog%20covers%20the%20features%20and%20functions%20of%20Microsoft%20365%20Defender%20%E2%80%93%20everything%20that%20goes%20across%20the%20workloads%2C%20but%20not%20the%20individual%20workloads%20themselves.%20The%20content%20is%20structured%20into%20three%20different%20knowledge%20levels%2C%20with%20multiple%20modules%3A%20Fundamentals%2C%20Intermediate%2C%20and%20Expert.%3C%2FP%3E%0A%3CP%3EWe%20will%20keep%20updating%20this%20training%20on%20a%20regular%20basis%20and%20highlight%20new%20resources.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CU%3E%3CSTRONG%3ETable%20of%20Contents%3C%2FSTRONG%3E%3C%2FU%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749480%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSTRONG%3ESecurity%20Operations%20Fundamentals%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749481%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%201.%20Technical%20overview%20%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749482%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%202.%20Getting%20started%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749483%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%203.%20Investigation%20%E2%80%93%20Incident%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749484%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%204.%20Advanced%20hunting%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749485%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%205.%20Self-healing%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749505%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%206.%20Community%20(blogs%2C%20webinars%2C%20GitHub)%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749486%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSTRONG%3ESecurity%20Operations%20Intermediate%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749487%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%201.%20Architecture%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749488%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%202.%20Investigation%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749496%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%203.%20Advanced%20hunting%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749497%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%204.%20Automated%20investigation%20and%20remediation%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749498%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%206.%20Self-healing%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749499%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%205.%20Build%20your%20own%20lab%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749500%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%207.%20Reporting%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749501%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSTRONG%3ESecurity%20Operations%20Expert%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749502%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%201.%20Incidents%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749503%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%202.%20Advanced%20hunting%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749504%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EModule%203.%20APIs%2C%20custom%20reports%2C%20SIEM%20%26amp%3B%20other%20integrations%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELegend%3A%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%20Product%20videos%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%20Webcast%20recordings%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22TechCommunity.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205059iE2A42D8A7F13D7BC%2Fimage-dimensions%2F17x19%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22TechCommunity.png%22%20alt%3D%22TechCommunity.png%22%20%2F%3E%3C%2FSPAN%3E%20Tech%20Community%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%20Docs%20on%20Microsoft%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BBlogs%20on%20Microsoft%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22GitHub.png%22%20style%3D%22width%3A%2018px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205065i083675CF15D6F1EF%2Fimage-dimensions%2F18x18%3Fv%3D1.0%22%20width%3D%2218%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22GitHub.png%22%20alt%3D%22GitHub.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BGitHub%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%E2%A4%B4%20External%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22InteractiveGuides.png%22%20style%3D%22width%3A%2018px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205067iF93A500E533F67FB%2Fimage-dimensions%2F18x18%3Fv%3D1.0%22%20width%3D%2218%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22InteractiveGuides.png%22%20alt%3D%22InteractiveGuides.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BInteractive%20guides%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347083%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749321%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749480%22%3E%3C%2FA%3ESecurity%20Operations%20Fundamentals%3C%2FH2%3E%0A%3CH3%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785609%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749322%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749481%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281201%22%3E%3C%2FA%3EModule%201.%20Technical%20overview%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4Bzww%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EShort%20overview%20%E2%80%9CWhat%20is%20Microsoft%20365%20Defender%22%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F%3Fp%3D91813%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EXDR%20announcement%20blog%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727224%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281202%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749323%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749482%22%3E%3C%2FA%3EModule%202.%20Getting%20started%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4BmvV%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EQuick%20tutorial%20to%20get%20you%20started%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-enable%3Fview%3Do365-worldwide%23starting-the-service%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EStarting%20the%20service%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fprepare-mtpeval%3Fview%3Do365-worldwide%23prepare-your-azure-active-directory%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPrepare%20your%20Azure%20Active%20Directory%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-permissions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EManage%20access%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272761%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281206%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749324%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749483%22%3E%3C%2FA%3EModule%203.%20Investigation%20%E2%80%93%20Incident%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4Bzwz%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EWork%20with%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fsee-how-consolidated-incidents-improve-soc-efficiency-through%2Fba-p%2F1557341%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3ESee%20how%20consolidated%20incidents%20improve%20SOC%20efficiency%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fmslearn.cloudguides.com%2Fen-us%2Fguides%2FProtect%2520your%2520organization%2520with%2520Microsoft%2520Threat%2520Protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22InteractiveGuides.png%22%20style%3D%22width%3A%2018px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205067iF93A500E533F67FB%2Fimage-dimensions%2F18x18%3Fv%3D1.0%22%20width%3D%2218%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22InteractiveGuides.png%22%20alt%3D%22InteractiveGuides.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BProtect%20your%20organization%20with%20Microsoft%20365%20Defender%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181702%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749325%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749484%22%3E%3C%2FA%3EModule%204.%20Advanced%20hunting%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4Bp7O%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EQuick%20overview%20%26amp%3B%20a%20short%20tutorial%20that%20will%20get%20you%20started%20fast%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fadvanced-hunting-query-language%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ELearn%20the%20query%20language%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fadvanced-hunting-schema-tables%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EUnderstand%20the%20schema%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331131%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749326%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749485%22%3E%3C%2FA%3EModule%205.%20Self-healing%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4BzwB%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EHow%20automation%20works%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ELearn%20about%20the%20various%20AIR%20capabilities%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fthe-action-center-in-microsoft-threat-protection-your-one-stop%2Fba-p%2F1550178%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EThe%20action%20center%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123332%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281229%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749346%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749505%22%3E%3C%2FA%3EModule%206.%20Community%20(blogs%2C%20webinars%2C%20GitHub)%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fbg-p%2FMicrosoftThreatProtectionBlog%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EMicrosoft%20Threat%20Protection%20Blog%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22TechCommunity.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205059iE2A42D8A7F13D7BC%2Fimage-dimensions%2F17x19%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22TechCommunity.png%22%20alt%3D%22TechCommunity.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fmtptc%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ETech%20Community%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH2%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%20id%3D%22toc-hId--1003626436%22%3E%26nbsp%3B%3C%2FH2%3E%0A%3CH2%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%20id%3D%22toc-hId-1483886397%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281212%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749327%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749486%22%3E%3C%2FA%3E%3CSPAN%3ESecurity%20Operations%20Intermediate%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CH3%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%20id%3D%22toc-hId--2120519425%22%3EModule%201.%26nbsp%3B%26nbsp%3B%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281213%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749328%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749487%22%3E%3C%2FA%3EArchitecture%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fdata-privacy%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20Threat%20Protection%20data%20security%20and%20privacy%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170071%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281216%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749329%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749488%22%3E%3C%2FA%3EModule%202.%20Investigation%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F07%2F09%2Finside-microsoft-threat-protection-correlating-and-consolidating-attacks-into-incidents%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ECorrelating%20and%20consolidating%20attacks%20into%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Finvestigate-incidents%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInvestigate%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F06%2F18%2Finside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMapping%20attack%20chains%20from%20cloud%20to%20endpoint%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fincident-queue%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPrioritize%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmanage-incidents%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EManage%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-report-false-positives-negatives%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EReport%20false%20positives%2Fnegatives%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624534%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749337%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749496%22%3E%3C%2FA%3EModule%203.%20Advanced%20hunting%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fmicrosoft-threat-protection-advanced-hunting-cheat-sheet%2Fba-p%2F1505100%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EAdvanced%20hunting%20cheat%20sheet%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%20Webinar%20series%2C%20episode%201%3A%20KQL%20fundamentals%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMTP15JUL20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2F0D9TkGjeJwM%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fadvanced-hunting-best-practices%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAdvanced%20hunting%20query%20best%20practices%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmicrosoft%2FMicrosoft-365-Defender-Hunting-Queries%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22GitHub.png%22%20style%3D%22width%3A%2018px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205065i083675CF15D6F1EF%2Fimage-dimensions%2F18x18%3Fv%3D1.0%22%20width%3D%2218%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22GitHub.png%22%20alt%3D%22GitHub.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BAdvanced%20hunting%20queries%20on%20GitHub%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888299%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281217%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749338%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749497%22%3E%3C%2FA%3EModule%204.%20Automated%20investigation%20and%20remediation%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-remediation-actions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%20Remediation%20actions%20following%20automated%20investigations%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-actions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%20Approve%20or%20reject%20pending%20actions%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566164%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749339%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749498%22%3E%3C%2FA%3EModule%206.%20Self-healing%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ELearn%20about%20the%20various%20AIR%20capabilities%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fself-healing-in-microsoft-365-defender%2Fba-p%2F1729527%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3ESelf-healing%20explained%20based%20on%20an%20example%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-configure-auto-investigation-response%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EConfigure%20automated%20investigation%20and%20response%20capabilities%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-actions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EApprove%20or%20reject%20pending%20actions%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-actions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EReport%20a%20false%20positive%2Fnegative%20to%20Microsoft%20for%20analysis%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fthe-action-center-in-microsoft-threat-protection-your-one-stop%2Fba-p%2F1550178%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EThe%20action%20center%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946669%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749340%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749499%22%3E%3C%2FA%3EModule%205.%20Build%20your%20own%20lab%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-evaluation%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%20Create%20a%20lab%20environment%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507794%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749341%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749500%22%3E%3C%2FA%3EModule%207.%20Reporting%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmonitoring-and-reporting%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EOut%20of%20the%20box%20reports%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%20id%3D%22toc-hId-1582922320%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281222%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749342%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749501%22%3E%3C%2FA%3ESecurity%20Operations%20Expert%3C%2FH2%3E%0A%3CH3%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449424%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749343%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749502%22%3E%3C%2FA%3EModule%201.%20Incidents%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fincident-queue%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPrioritize%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmanage-incidents%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EManage%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-report-false-positives-negatives%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EReport%20false%20positives%2Fnegatives%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%20id%3D%22toc-hId--1902903887%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281226%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749344%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749503%22%3E%3C%2FA%3EModule%202.%20Advanced%20hunting%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BWebinar%20series%2C%20episode%202%3A%20Joins%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMTP22JUL20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FLMrO6K5TWOU%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BWebinar%20series%2C%20episode%203%3A%20Summarizing%2C%20pivoting%2C%20and%20visualizing%20Data%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMTP29JUL20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FUKnk9U1NH6Y%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BWebinar%20series%2C%20episode%204%3A%20Let%E2%80%99s%20hunt!%26nbsp%3BApplying%20KQL%20to%20incident%20tracking%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMTP5AUG20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2F2EUxOc_LNd8%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EYouTube%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3E%E2%A4%B4%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fkusto-query-language-kql-from-scratch%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EPlural%20sight%20KQL%20training%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608946%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749345%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749504%22%3E%3C%2FA%3EModule%203.%20APIs%2C%20custom%20reports%2C%20SIEM%20%26amp%3B%20other%20integrations%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fsay-hello-to-the-new-microsoft-threat-protection-apis%2Fba-p%2F1669234%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EMicrosoft%20365%20Defender%20APIs%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Ftickets%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EIntegrate%20ServiceNow%20tickets%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1789376%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22m365dNinja.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F227310iB8B3483D4979F5FF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22m365dNinja.PNG%22%20alt%3D%22m365dNinja.PNG%22%20%2F%3E%3C%2FSPAN%3EDo%20you%20want%20to%20become%20a%20ninja%20for%20Microsoft%20365%20Defender%3F%20We%20can%20help%20you%20get%20there!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1800097%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1800097%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Heike%2C%3CBR%20%2F%3Egreat%20Learning%20Stuff%20for%20my%20customers%20and%20an%20excellent%20detailed%20overview!!%20%3CBR%20%2F%3Ethanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1804692%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1804692%22%20slang%3D%22en-US%22%3E%3CP%3EAwesome%20post.%20put%20it%20on%20my%20ToDo%20learn%20list.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1811391%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1811391%22%20slang%3D%22en-US%22%3E%3CP%3EThans%20for%20this%20great%20post%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1847242%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1847242%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20resource!%26nbsp%3B%20Thanks%20for%20sharing.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1874895%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1874895%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3Bfor%20sharing%20your%20knowledge%20with%20us.%20Great%20stuff%20and%20well-detailed.%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1881123%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1881123%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20blog%20post%2C%20lots%20of%20useful%20information%2C%20bookmarking%20this%20page%20for%20future%20reference%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E

Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. This Ninja blog covers the features and functions of Microsoft 365 Defender – everything that goes across the workloads, but not the individual workloads themselves. The content is structured into three different knowledge levels, with multiple modules: Fundamentals, Intermediate, and Expert.

We will keep updating this training on a regular basis and highlight new resources.

Table of Contents

Security Operations Fundamentals

Module 1. Technical overview

Module 2. Getting started

Module 3. Investigation – Incident

Module 4. Advanced hunting

Module 5. Self-healing

Module 6. Community (blogs, webinars, GitHub)

Security Operations Intermediate

Module 1. Architecture

Module 2. Investigation

Module 3. Advanced hunting

Module 4. Automated investigation and remediation

Module 6. Self-healing

Module 5. Build your own lab

Module 7. Reporting

Security Operations Expert

Module 1. Incidents

Module 2. Advanced hunting

Module 3. APIs, custom reports, SIEM & other integrations

Legend:

Product videos	Webcast recordings	Tech Community
Docs on Microsoft	Blogs on Microsoft	GitHub
⤴ External	Interactive guides

Security Operations Fundamentals