Become a Microsoft 365 Defender Ninja

Published Oct 19 2020 08:53 AM 63.4K Views

Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. This Ninja blog covers the features and functions of Microsoft 365 Defender – everything that goes across the workloads, but not the individual workloads themselves. The content is structured into three different knowledge levels, with multiple modules: Fundamentals, Intermediate, and Expert.

In addition, after each level, we offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training: Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.

I want to give kudos to my colleagues: @Sarahzin for letting me copy from her MCAS Ninja training, @DanEdwards for helping me automate the certificate distribution and @Tali Ash for helping me pull the questions together! Thank you!

We will keep updating this training on a regular basis and highlight new resources.

If you already did the training, you can focus on the latest updates (August update)

Table of Contents

Security Operations Fundamentals

Module 1. Technical overview

Module 2. Getting started

Module 3. Investigation – Incident

Module 4. Threat analytics

Module 5. Advanced hunting

Module 6. Self-healing

Module 7. Community (blogs, webinars, GitHub)

Module 8. Partners

Security Operations Intermediate

Module 1. Architecture

Module 2. Investigation

Module 3. Advanced hunting

Module 4. Automated investigation and remediation

Module 6. Self-healing

Module 5. Build your own lab

Module 7. Reporting

Module 8. Microsoft Threat Experts

Security Operations Expert

Module 1. Incidents

Module 2. Advanced hunting

Module 3. APIs, custom reports, SIEM & other integrations

Legend:

Product videos	Webcast recordings	Tech Community
Docs on Microsoft	Blogs on Microsoft	GitHub
⤴ External	Interactive guides

Security Operations Fundamentals

Module 1. Technical overview

Module 2. Getting started

Module 3. Investigation – Incident

Work with incidents
Get email notifications on new incidents
Improved incident queue
Classification of incidents & alerts
See how consolidated incidents improve SOC efficiency
Protect your organization with Microsoft 365 Defender
Incidents trend graph view
Responding to my first incident, a tutorial and walkthrough for new-to-role analysts
Alert page for incident detections
Email Entity page

Module 4. Threat Analytics

Module 5. Advanced hunting

Module 6. Self-healing

Module 7. Community (blogs, webinars, GitHub)

Module 8. Partner

Professional security services catalog

> Ready for the Fundamentals Knowledge Check?

Security Operations Intermediate

Module 1. Architecture

Microsoft Threat Protection data security and privacy

Module 2. Investigation

Module 3. Advanced hunting

Module 4. Automated investigation and remediation

Module 6. Self-healing

Security Operations Expert

Module 1. Incidents

Prioritize incidents
Manage incidents
Report false positives/negatives
Deep-dive attack playbooks from the DART team for seasoned analysts
Incident response overview

Module 2. Advanced hunting

Webinar series, episode 2: Joins (MP4, YouTube)
Webinar series, episode 3: Summarizing, pivoting, and visualizing Data (MP4, YouTube)
Webinar series, episode 4: Let’s hunt! Applying KQL to incident tracking (MP4, YouTube)
⤴ Plural sight KQL training

Module 3. APIs, custom reports, SIEM & other integrations

> Ready for the Expert Knowledge Check?

Once you’ve finished the training and the knowledge checks, please click here to request your certificate (you'll see it in your inbox within 3-5 business days.

24 Comments

Thank you for sharing, for the top part when there are Modules, when click on the link it will open new tab. If possible please make it like navigate inside this page (instead of opening new tab), while for other links opening new tab is fine because it is new website.

@Reza_Ameri-Archived weird, it should open in the same page. Thanks for the info, I will check again

Thanks! And @Reza_Ameri-Archived it open in the same page for me.

@Kam & @Reza_Ameri-Archived I just fixed it quickly :) Thanks again!!

@Heike Ritter

Please consider add these contents in Microsoft Learn platform too.

Great work @Heike Ritter !

I cannot wait to go through the security modules. Awesome job!

Hi Heike,
great Learning Stuff for my customers and an excellent detailed overview!!
thanks

Awesome post. put it on my ToDo learn list.

Thans for this great post @Heike Ritter !

Great resource! Thanks for sharing.

Thanks @Heike Ritter for sharing your knowledge with us. Great stuff and well-detailed.

Great blog post, lots of useful information, bookmarking this page for future reference :)

Great resource! Thanks for sharing too.:clapping_hands:

awesome resources @Heike Ritter

I am a new starter and this is great!

Very interesting and useful.
Thank you @Heike Ritter.

Thanks for the training, I have successfully passed the evaluation, I share my certificate: D M365 Defender.PNG

Very good . Thank you

Completed, I'm a Ninja in Microsoft 365 Defender.

Hi,

Do we have an estimation of the time requested to complete this training ?

Thanks in advance

I found this wonderful learning content on MSLearn SC-200 Microsoft Defender for Endpoints. I understood the features of Microsoft Defender. I'll recommend this Ninja contents to my colleagues. Thanks,

Thanks for providing this great ninja training resource @Heike Ritter

The last section "Security Operations Expert" provides links to the same documentation for "Prioritze incidents", "Manage incidents" and "Report false positives/negatives" that is already coverd in the "Security Operations Intermediate" section (see screenshot below).

I am not sure if this was intentional but I guess it doesn't hurt to read about it twice :D

There are some overlapping materials along the learning journey.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

%3CLINGO-SUB%20id%3D%22lingo-sub-1796168%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796168%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20sharing%2C%20for%20the%20top%20part%20when%20there%20are%20Modules%2C%20when%20click%20on%20the%20link%20it%20will%20open%20new%20tab.%20If%20possible%20please%20make%20it%20like%20navigate%20inside%20this%20page%20(instead%20of%20opening%20new%20tab)%2C%20while%20for%20other%20links%20opening%20new%20tab%20is%20fine%20because%20it%20is%20new%20website.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796202%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796202%22%20slang%3D%22en-US%22%3E%3CP%3EThanks!%20And%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13441%22%20target%3D%22_blank%22%3E%40Reza%20Ameri%3C%2FA%3E%26nbsp%3Bit%20open%20in%20the%20same%20page%20for%20me.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796226%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796226%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F565232%22%20target%3D%22_blank%22%3E%40Kam%3C%2FA%3E%26nbsp%3B%26amp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13441%22%20target%3D%22_blank%22%3E%40Reza%20Ameri%3C%2FA%3E%26nbsp%3B%20I%20just%20fixed%20it%20quickly%20%3A)%3C%2Fimg%3E%20Thanks%20again!!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796270%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796270%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20consider%20add%20these%20contents%20in%20Microsoft%20Learn%20platform%20too.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796967%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796967%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20work%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1800097%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1800097%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Heike%2C%3CBR%20%2F%3Egreat%20Learning%20Stuff%20for%20my%20customers%20and%20an%20excellent%20detailed%20overview!!%20%3CBR%20%2F%3Ethanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1804692%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1804692%22%20slang%3D%22en-US%22%3E%3CP%3EAwesome%20post.%20put%20it%20on%20my%20ToDo%20learn%20list.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1811391%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1811391%22%20slang%3D%22en-US%22%3E%3CP%3EThans%20for%20this%20great%20post%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1847242%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1847242%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20resource!%26nbsp%3B%20Thanks%20for%20sharing.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1874895%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1874895%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3Bfor%20sharing%20your%20knowledge%20with%20us.%20Great%20stuff%20and%20well-detailed.%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1881123%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1881123%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20blog%20post%2C%20lots%20of%20useful%20information%2C%20bookmarking%20this%20page%20for%20future%20reference%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2113242%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2113242%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20a%20new%20starter%20and%20this%20is%20great!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2194070%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2194070%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EThanks%20for%20the%20training%2C%20I%20have%20successfully%20passed%20the%20evaluation%2C%20I%20share%20my%20certificate%3A%20D%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22M365%20Defender.PNG%22%20style%3D%22width%3A%20455px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F261752i471CFED925170575%2Fimage-dimensions%2F455x350%3Fv%3D1.0%22%20width%3D%22455%22%20height%3D%22350%22%20role%3D%22button%22%20title%3D%22M365%20Defender.PNG%22%20alt%3D%22M365%20Defender.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1797033%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1797033%22%20slang%3D%22en-US%22%3E%3CP%3EI%20cannot%20wait%20to%20go%20through%20the%20security%20modules.%20Awesome%20job!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2246744%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2246744%22%20slang%3D%22en-US%22%3E%3CP%3EVery%20good%20.%20Thank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2247622%22%20slang%3D%22es-ES%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2247622%22%20slang%3D%22es-ES%22%3E%3CP%3ECompleted%2C%20I'm%20a%20Ninja%20in%20Microsoft%20365%20Defender.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2109998%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2109998%22%20slang%3D%22en-US%22%3E%3CP%3Eawesome%20resources%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2290846%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2290846%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EDo%20we%20have%20an%20estimation%20of%20the%20time%20requested%20to%20complete%20this%20training%20%3F%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796194%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796194%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13441%22%20target%3D%22_blank%22%3E%40Reza_Ameri-Archived%3C%2FA%3E%26nbsp%3B%20weird%2C%20it%20should%20open%20in%20the%20same%20page.%20Thanks%20for%20the%20info%2C%20I%20will%20check%20again%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2369277%22%20slang%3D%22ja-JP%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2369277%22%20slang%3D%22ja-JP%22%3E%3CP%3EI%20found%20this%20wonderful%20learning%20content%20on%20MSLearn%20SC-200%20Microsoft%20Defender%20for%20Endpoints.%20I%20understood%20the%20features%20of%20Microsoft%20Defender.%20I'll%20recommend%20this%20Ninja%20contents%20to%20my%20colleagues.%20Thanks%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2109955%22%20slang%3D%22es-ES%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2109955%22%20slang%3D%22es-ES%22%3E%3CP%3E%3CSPAN%3EGreat%20resource!Thanks%20for%20sharing%20too.%3Am%C3%A3os_aplaudindo%3A%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2426760%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2426760%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20providing%20this%20great%20ninja%20training%20resource%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20last%20section%20%22%3CEM%3ESecurity%20Operations%20Expert%3C%2FEM%3E%22%20provides%20links%20to%20the%20same%20documentation%20for%20%22%3CEM%3EPrioritze%20incidents%3C%2FEM%3E%22%2C%20%22%3CEM%3EManage%20incidents%3C%2FEM%3E%22%20and%20%22%3CEM%3EReport%20false%20positives%2Fnegatives%3C%2FEM%3E%22%20that%20is%20already%20coverd%20in%20the%20%22%3CEM%3ESecurity%20Operations%20Intermediate%3C%2FEM%3E%22%20section%20(see%20screenshot%20below).%3C%2FP%3E%3CP%3EI%20am%20not%20sure%20if%20this%20was%20intentional%20but%20I%20guess%20it%20doesn't%20hurt%20to%20read%20about%20it%20twice%20%3AD%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ms-defender-ninja.jpg%22%20style%3D%22width%3A%20434px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F287153i2CCD0710E3385AF2%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22ms-defender-ninja.jpg%22%20alt%3D%22ms-defender-ninja.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2452057%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2452057%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20are%20some%20overlapping%20materials%20along%20the%20learning%20journey.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1789376%22%20slang%3D%22en-US%22%3EBecome%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1789376%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20365%20Defender%2C%20part%20of%20Microsoft%E2%80%99s%20XDR%20solution%2C%20leverages%20the%20Microsoft%20365%20security%20portfolio%20to%20automatically%20analyze%20threat%20data%20across%20domains%2C%20building%20a%20complete%20picture%20of%20each%20attack%20in%20a%20single%20dashboard.%20This%20Ninja%20blog%20covers%20the%20features%20and%20functions%20of%20Microsoft%20365%20Defender%20%E2%80%93%20everything%20that%20goes%20across%20the%20workloads%2C%20but%20not%20the%20individual%20workloads%20themselves.%20The%20content%20is%20structured%20into%20three%20different%20knowledge%20levels%2C%20with%20multiple%20modules%3A%20Fundamentals%2C%20Intermediate%2C%20and%20Expert.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20addition%2C%20after%20each%20level%2C%20we%20offer%20you%20a%26nbsp%3B%3CSTRONG%3Eknowledge%20check%26nbsp%3B%3C%2FSTRONG%3Ebased%20on%20the%20training%20material%20you%20have%20just%20finished!%20Since%20there%E2%80%99s%20a%20lot%20of%20content%2C%20the%20goal%20of%20the%20knowledge%20checks%20is%20to%20help%20ensure%20understanding%20of%20the%20key%20concepts%20that%20were%20covered.%20Lastly%2C%20there%E2%80%99ll%20be%20a%20fun%26nbsp%3B%3CSTRONG%3Ecertificate%3C%2FSTRONG%3E%26nbsp%3Bissued%20at%20the%20end%20of%20the%20training%3A%20Disclaimer%3A%26nbsp%3B%3CSTRONG%3EThis%20is%20not%20an%20official%20Microsoft%20certification%20and%20only%20acts%20as%20a%20way%20of%20recognizing%20your%20participation%20in%20this%20training%20content%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20want%20to%20give%20kudos%20to%20my%20colleagues%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F708110%22%20target%3D%22_blank%22%3E%40Sarahzin%3C%2FA%3E%26nbsp%3Bfor%20letting%20me%20copy%20from%20her%20MCAS%20Ninja%20training%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F809429%22%20target%3D%22_blank%22%3E%40DanEdwards%3C%2FA%3E%20for%20helping%20me%20automate%20the%20certificate%20distribution%20and%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F104809%22%20target%3D%22_blank%22%3E%40Tali%20Ash%3C%2FA%3E%26nbsp%3Bfor%20helping%20me%20pull%20the%20questions%20together!%20Thank%20you!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20will%20keep%20updating%20this%20training%20on%20a%20regular%20basis%20and%20highlight%20new%20resources.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3EIf%20you%20already%20did%20the%20training%2C%20you%20can%20focus%20on%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fmicrosoft-365-defender-ninja-training-august-2021-update%2Fba-p%2F2611831%22%20target%3D%22_blank%22%3Elatest%20updates%3C%2FA%3E%26nbsp%3B(August%20update)%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CU%3E%3CSTRONG%3ETable%20of%20Contents%3C%2FSTRONG%3E%3C%2FU%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749480%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSTRONG%3ESecurity%20Operations%20Fundamentals%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749481%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%201.%20Technical%20overview%20%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749482%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%202.%20Getting%20started%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749483%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%203.%20Investigation%20%E2%80%93%20Incident%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749484%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%204.%20Threat%20analytics%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_AH53749325%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%205.%20Advanced%20hunting%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749485%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%206.%20Self-healing%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749505%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%207.%20Community%20(blogs%2C%20webinars%2C%20GitHub)%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_PAR53749325%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%208.%20Partners%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749486%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSTRONG%3ESecurity%20Operations%20Intermediate%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749487%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%201.%20Architecture%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749488%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%202.%20Investigation%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749496%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%203.%20Advanced%20hunting%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749497%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%204.%20Automated%20investigation%20and%20remediation%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749498%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%206.%20Self-healing%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749499%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%205.%20Build%20your%20own%20lab%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749500%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%207.%20Reporting%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_MTE53749500%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%208.%20Microsoft%20Threat%20Experts%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749501%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSTRONG%3ESecurity%20Operations%20Expert%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749502%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%201.%20Incidents%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749503%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%202.%20Advanced%20hunting%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749504%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%203.%20APIs%2C%20custom%20reports%2C%20SIEM%20%26amp%3B%20other%20integrations%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELegend%3A%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%20Product%20videos%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%20Webcast%20recordings%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22TechCommunity.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205059iE2A42D8A7F13D7BC%2Fimage-dimensions%2F17x19%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22TechCommunity.png%22%20alt%3D%22TechCommunity.png%22%20%2F%3E%3C%2FSPAN%3E%20Tech%20Community%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%20Docs%20on%20Microsoft%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BBlogs%20on%20Microsoft%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22GitHub.png%22%20style%3D%22width%3A%2018px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205065i083675CF15D6F1EF%2Fimage-dimensions%2F18x18%3Fv%3Dv2%22%20width%3D%2218%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22GitHub.png%22%20alt%3D%22GitHub.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BGitHub%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%E2%A4%B4%20External%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22InteractiveGuides.png%22%20style%3D%22width%3A%2018px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205067iF93A500E533F67FB%2Fimage-dimensions%2F18x18%3Fv%3Dv2%22%20width%3D%2218%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22InteractiveGuides.png%22%20alt%3D%22InteractiveGuides.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BInteractive%20guides%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1236347083%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749321%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749480%22%3E%3C%2FA%3ESecurity%20Operations%20Fundamentals%3C%2FH2%3E%0A%3CH3%20id%3D%22toc-hId--545785609%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749322%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749481%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281201%22%3E%3C%2FA%3EModule%201.%20Technical%20overview%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4Bzww%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EShort%20overview%20%E2%80%9CWhat%20is%20Microsoft%20365%20Defender%22%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Funified-experiences-across-endpoint-and-email-are-now-generally%2Fba-p%2F2278132%22%20target%3D%22_blank%22%3EUnified%20experiences%20across%20endpoint%20and%20email%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4HcEU%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ENew%20value%20for%20Defender%20for%20Identity%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4HhT6%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ENew%20value%20for%20Defender%20for%20Office%20365%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F%3Fp%3D91813%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EXDR%20announcement%20blog%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-1941727224%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281202%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749323%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749482%22%3E%3C%2FA%3EModule%202.%20Getting%20started%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4BmvV%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EQuick%20tutorial%20to%20get%20you%20started%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-enable%3Fview%3Do365-worldwide%23starting-the-service%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EStarting%20the%20service%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fprepare-mtpeval%3Fview%3Do365-worldwide%23prepare-your-azure-active-directory%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPrepare%20your%20Azure%20Active%20Directory%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-permissions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EManage%20access%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4LWeP%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProvide%20your%20feedback%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-134272761%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281206%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749324%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749483%22%3E%3C%2FA%3EModule%203.%20Investigation%20%E2%80%93%20Incident%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4Bzwz%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EWork%20with%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fget-email-notifications-on-new-incidents-from-microsoft-365%2Fba-p%2F2012518%22%20target%3D%22_blank%22%3EGet%20email%20notifications%20on%20new%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fimproved-incident-queue-in-microsoft-365-defender%2Fba-p%2F1872084%22%20target%3D%22_blank%22%3EImproved%20incident%20queue%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4LHJq%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EClassification%20of%20incidents%20%26amp%3B%20alerts%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fsee-how-consolidated-incidents-improve-soc-efficiency-through%2Fba-p%2F1557341%22%20target%3D%22_blank%22%3ESee%20how%20consolidated%20incidents%20improve%20SOC%20efficiency%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fmslearn.cloudguides.com%2Fen-us%2Fguides%2FProtect%2520your%2520organization%2520with%2520Microsoft%2520Threat%2520Protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22InteractiveGuides.png%22%20style%3D%22width%3A%2018px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205067iF93A500E533F67FB%2Fimage-dimensions%2F18x18%3Fv%3Dv2%22%20width%3D%2218%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22InteractiveGuides.png%22%20alt%3D%22InteractiveGuides.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BProtect%20your%20organization%20with%20Microsoft%20365%20Defender%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CA%20style%3D%22font-family%3A%20inherit%3B%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Feasily-find-anomalies-in-incidents-and-alerts%2Fba-p%2F2339243%22%20target%3D%22_blank%22%3EIncidents%20trend%20graph%20view%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender%2Ffirst-incident-overview%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EResponding%20to%20my%20first%20incident%3C%2FA%3E%2C%20a%20tutorial%20and%20walkthrough%20for%20new-to-role%20analysts%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CP%3E%3CSPAN%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fnew-alert-page-for-microsoft-365-defender-incident-detections%2Fba-p%2F2350425%22%20target%3D%22_blank%22%3EAlert%20page%20for%20incident%20detections%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fmdo-email-entity-page%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEmail%20Entity%20page%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--1673181702%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749484%22%3E%3C%2FA%3EModule%204.%20Threat%20Analytics%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Flaunching-threat-analytics-for-microsoft-365-defender%2Fba-p%2F2232724%22%20target%3D%22_blank%22%3EThreat%20analytics%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRWwJfU%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOverview%20of%20Threat%20Analytics%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-814331131%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_AH53749325%22%3E%3C%2FA%3EModule%205.%20Advanced%20hunting%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4Bp7O%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EQuick%20overview%20%26amp%3B%20a%20short%20tutorial%20that%20will%20get%20you%20started%20fast%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fadvanced-hunting-query-language%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ELearn%20the%20query%20language%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fadvanced-hunting-schema-tables%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EUnderstand%20the%20schema%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--993123332%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749485%22%3E%3C%2FA%3EModule%206.%20Self-healing%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4BzwB%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EHow%20automation%20works%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ELearn%20about%20the%20various%20AIR%20capabilities%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fthe-action-center-in-microsoft-threat-protection-your-one-stop%2Fba-p%2F1550178%22%20target%3D%22_blank%22%3EThe%20action%20center%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-1494389501%22%20id%3D%22toc-hId-1494389476%22%20id%3D%22toc-hId-1494389476%22%20id%3D%22toc-hId-1494389476%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749505%22%3E%3C%2FA%3EModule%207.%20Community%20(blogs%2C%20webinars%2C%20GitHub)%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fbg-p%2FMicrosoftThreatProtectionBlog%22%20target%3D%22_blank%22%3EMicrosoft%20Threat%20Protection%20Blog%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22TechCommunity.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205059iE2A42D8A7F13D7BC%2Fimage-dimensions%2F17x19%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22TechCommunity.png%22%20alt%3D%22TechCommunity.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fmtptc%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ETech%20Community%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--313064962%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_PAR53749325%22%3E%3C%2FA%3EModule%208.%20Partner%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%3E%3CSPAN%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CA%20style%3D%22font-family%3A%20inherit%3B%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Ftake-your-security-to-the-next-level-with-professional-security%2Fba-p%2F2528757%22%20target%3D%22_blank%22%3EProfessional%20security%20services%20catalog%3C%2FA%3E%3CSPAN%20style%3D%22font-family%3A%20inherit%3B%20background-color%3A%20transparent%3B%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3E%26gt%3B%20Ready%20for%20the%20%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2Fr%2FFM3Phjteth%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EFundamentals%26nbsp%3BKnowledge%20Check%3C%2FA%3E%3F%26nbsp%3B%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--323568066%22%20id%3D%22toc-hId--323568091%22%20id%3D%22toc-hId--323568091%22%20id%3D%22toc-hId--323568091%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281212%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749327%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749486%22%3E%3C%2FA%3E%3CSPAN%3ESecurity%20Operations%20Intermediate%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CH3%20id%3D%22toc-hId--328170071%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%3EModule%201.%26nbsp%3B%26nbsp%3B%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281213%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749328%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749487%22%3E%3C%2FA%3EArchitecture%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fdata-privacy%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Threat%20Protection%20data%20security%20and%20privacy%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--2135624534%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281216%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749329%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749488%22%3E%3C%2FA%3EModule%202.%20Investigation%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F07%2F09%2Finside-microsoft-threat-protection-correlating-and-consolidating-attacks-into-incidents%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECorrelating%20and%20consolidating%20attacks%20into%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Finvestigate-incidents%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EInvestigate%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F06%2F18%2Finside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMapping%20attack%20chains%20from%20cloud%20to%20endpoint%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fincident-queue%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPrioritize%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmanage-incidents%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EManage%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fmicrosoft-defender-for-office-365-investigation-improvements%2Fba-p%2F1947236%22%20target%3D%22_blank%22%3EInvestigation%20improvements%20for%20Microsoft%20Defender%20for%20Office%20365%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-report-false-positives-negatives%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EReport%20false%20positives%2Fnegatives%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-351888299%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749337%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749496%22%3E%3C%2FA%3EModule%203.%20Advanced%20hunting%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fmicrosoft-threat-protection-advanced-hunting-cheat-sheet%2Fba-p%2F1505100%22%20target%3D%22_blank%22%3EAdvanced%20hunting%20cheat%20sheet%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20style%3D%22font-family%3A%20inherit%3B%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fmicrosoft-cloud-app-security-the-hunt-in-a-multi-stage-incident%2Fba-p%2F2193484%22%20target%3D%22_blank%22%3EMicrosoft%20Cloud%20App%20Security%3A%20The%20Hunt%20in%20a%20multi-stage%20incident%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20style%3D%22font-family%3A%20inherit%3B%22%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRWFISa%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EHunting%20with%20Microsoft%20Cloud%20App%20Security%20data%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20style%3D%22font-family%3A%20inherit%3B%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fmicrosoft-cloud-app-security-the-hunt-for-insider-risk%2Fba-p%2F2346242%22%20target%3D%22_blank%22%3EMicrosoft%20Cloud%20App%20Security%3A%20The%20Hunt%20for%20Insider%20Risk%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fblog-series-limitless-advanced-hunting-with-azure-data-explorer%2Fba-p%2F2328705%22%20target%3D%22_blank%22%3ELimitless%20Advanced%20Hunting%20with%20Azure%20Data%20Explorer%20(ADX)%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20style%3D%22font-family%3A%20inherit%3B%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender%2Fadvanced-hunting-take-action%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ETake%20action%20on%20advanced%20hunting%20query%20results%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender%2Fadvanced-hunting-schema-tables%3Fview%3Do365-worldwide%23get-schema-information-in-the-security-center%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAdvanced%20Hunting%20in%20portal%20Schema%20Reference%3C%2FA%3E%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender%2Fadvanced-hunting-devicefromip-function%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EDeviceFromIP()%20function%20in%20advanced%20hunting%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%20Webinar%20series%2C%20episode%201%3A%20KQL%20fundamentals%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMTP15JUL20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2F0D9TkGjeJwM%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EYouTube%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fadvanced-hunting-best-practices%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAdvanced%20hunting%20query%20best%20practices%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fhunt-across-cloud-app-activities-with-microsoft-365-defender%2Fba-p%2F1893857%22%20target%3D%22_blank%22%3EHunt%20across%20cloud%20app%20activities%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fadditional-email-data-in-advanced-hunting%2Fba-p%2F1985849%22%20target%3D%22_blank%22%3EUse%20additional%20email%20data%20in%20your%20hunting%20queries%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fazure-active-directory-audit-logs-now-available-in-advanced%2Fba-p%2F1999523%22%20target%3D%22_blank%22%3EUse%20Azure%20Active%20Directory%20audit%20log%20data%20in%20advanced%20hunting%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fhunt-for-azure-active-directory-sign-in-events%2Fba-p%2F2040278%22%20target%3D%22_blank%22%3EHunt%20for%20Azure%20Active%20Directory%20sign-in%20events%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmicrosoft%2FMicrosoft-365-Defender-Hunting-Queries%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22GitHub.png%22%20style%3D%22width%3A%2018px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205065i083675CF15D6F1EF%2Fimage-dimensions%2F18x18%3Fv%3Dv2%22%20width%3D%2218%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22GitHub.png%22%20alt%3D%22GitHub.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BAdvanced%20hunting%20queries%20on%20GitHub%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--1455566164%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281217%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749338%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749497%22%3E%3C%2FA%3EModule%204.%20Automated%20investigation%20and%20remediation%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-remediation-actions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%20Remediation%20actions%20following%20automated%20investigations%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-actions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%20Approve%20or%20reject%20pending%20actions%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-1031946669%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749339%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749498%22%3E%3C%2FA%3EModule%206.%20Self-healing%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender%2Fm365d-autoir%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ELearn%20about%20the%20various%20AIR%20capabilities%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fself-healing-in-microsoft-365-defender%2Fba-p%2F1729527%22%20target%3D%22_blank%22%3ESelf-healing%20explained%20based%20on%20an%20example%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-configure-auto-investigation-response%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EConfigure%20automated%20investigation%20and%20response%20capabilities%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-actions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EApprove%20or%20reject%20pending%20actions%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-actions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EReport%20a%20false%20positive%2Fnegative%20to%20Microsoft%20for%20analysis%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fthe-action-center-in-microsoft-threat-protection-your-one-stop%2Fba-p%2F1550178%22%20target%3D%22_blank%22%3EThe%20action%20center%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--775507794%22%20id%3D%22toc-hId--775507819%22%20id%3D%22toc-hId--775507819%22%20id%3D%22toc-hId--775507819%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749340%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749499%22%3E%3C%2FA%3EModule%205.%20Build%20your%20own%20lab%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-evaluation%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%20Create%20a%20lab%20environment%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-1712005039%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749341%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749500%22%3E%3C%2FA%3EModule%207.%20Reporting%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Foverview-security-center%3Fview%3Do365-worldwide%23integrated-reports%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOut%20of%20the%20box%20reports%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--95449424%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749341%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_MTE53749500%22%3E%3C%2FA%3EModule%208.%20Microsoft%20Threat%20Experts%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender-endpoint%2Fmicrosoft-threat-experts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Threat%20Experts%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3E%26gt%3B%20Ready%20for%20the%20%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2Fr%2FejLnxQYVyz%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EIntermediate%20Knowledge%20Check%3C%2FA%3E%3F%26nbsp%3B%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--2031986606%22%20id%3D%22toc-hId--2031986631%22%20id%3D%22toc-hId--2031986631%22%20id%3D%22toc-hId--2031986631%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281222%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749342%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749501%22%3E%3C%2FA%3ESecurity%20Operations%20Expert%3C%2FH2%3E%0A%3CH3%20id%3D%22toc-hId-584608946%22%20id%3D%22toc-hId-584608921%22%20id%3D%22toc-hId-584608921%22%20id%3D%22toc-hId-584608921%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749343%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749502%22%3E%3C%2FA%3EModule%201.%20Incidents%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fincident-queue%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPrioritize%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmanage-incidents%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EManage%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-report-false-positives-negatives%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EReport%20false%20positives%2Fnegatives%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsecurity%2Fcompass%2Fincident-response-playbooks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EDeep-dive%20attack%20playbooks%3C%2FA%3E%20from%20the%20DART%20team%20for%20seasoned%20analysts%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BIncident%20response%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsecurity%2Fcompass%2Fincident-response-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eoverview%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--524683576%22%20id%3D%22toc-hId--524683601%22%20id%3D%22toc-hId--524683601%22%20id%3D%22toc-hId--524683601%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281226%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749344%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749503%22%3E%3C%2FA%3EModule%202.%20Advanced%20hunting%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BWebinar%20series%2C%20episode%202%3A%20Joins%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMTP22JUL20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FLMrO6K5TWOU%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EYouTube%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BWebinar%20series%2C%20episode%203%3A%20Summarizing%2C%20pivoting%2C%20and%20visualizing%20Data%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMTP29JUL20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FUKnk9U1NH6Y%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EYouTube%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BWebinar%20series%2C%20episode%204%3A%20Let%E2%80%99s%20hunt!%26nbsp%3BApplying%20KQL%20to%20incident%20tracking%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMTP5AUG20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2F2EUxOc_LNd8%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EYouTube%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3E%E2%A4%B4%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fkusto-query-language-kql-from-scratch%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EPlural%20sight%20KQL%20training%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-1962829257%22%20id%3D%22toc-hId-1962829232%22%20id%3D%22toc-hId-1962829232%22%20id%3D%22toc-hId-1962829232%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749345%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749504%22%3E%3C%2FA%3EModule%203.%20APIs%2C%20custom%20reports%2C%20SIEM%20%26amp%3B%20other%20integrations%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fsay-hello-to-the-new-microsoft-threat-protection-apis%2Fba-p%2F1669234%22%20target%3D%22_blank%22%3EMicrosoft%20365%20Defender%20APIs%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20style%3D%22font-family%3A%20inherit%3B%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fbest-practices-for-leveraging-microsoft-365-defender-api-s%2Fba-p%2F2198820%22%20target%3D%22_blank%22%3EBest%20practices%20for%20leveraging%20API's%20-%20Episode%20Two%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20style%3D%22font-family%3A%20inherit%3B%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fannouncing-microsoft-365-defender-streaming-api-public-preview%2Fba-p%2F2410767%22%20target%3D%22_blank%22%3EStreaming%20API%20Announcement%20blog%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20style%3D%22font-family%3A%20inherit%3B%22%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4r4ga%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOverview%20of%20the%20Streaming%20API%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20style%3D%22font-family%3A%20inherit%3B%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender%2Fstreaming-api%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EStream%20Microsoft%20365%20Defender%20events%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3Dv2%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20style%3D%22font-family%3A%20inherit%3B%22%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fazure-sentinel-and-microsoft-365-defender-incident-integration%2Fba-p%2F2201959%22%20target%3D%22_blank%22%3EAzure%20Sentinel%20and%20Microsoft%20365%20Defender%20incident%20integration%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRWFIRo%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOverview%20Azure%20Sentinel%20integration%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3Dv2%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender%2Fmicrosoft-365-defender-integration-with-azure-sentinel%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Sentinel%20integration%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3E%26gt%3B%20Ready%20for%20the%20%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2Fr%2FXF1qvD3xaV%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EExpert%20Knowledge%20Check%3C%2FA%3E%3F%26nbsp%3B%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3EOnce%20you%E2%80%99ve%20finished%20the%20training%20and%20the%20knowledge%20checks%2C%20please%3CSTRONG%3E%20%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2Fr%2FKRaK8W349n%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eclick%20here%3C%2FA%3E%20to%20request%20your%20certificate%3C%2FSTRONG%3E%20(you'll%20see%20it%20in%20your%20inbox%20within%203-5%20business%20days.%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1789376%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22m365dNinja.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F227310iB8B3483D4979F5FF%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22m365dNinja.PNG%22%20alt%3D%22m365dNinja.PNG%22%20%2F%3E%3C%2FSPAN%3EDo%20you%20want%20to%20become%20a%20ninja%20for%20Microsoft%20365%20Defender%3F%20We%20can%20help%20you%20get%20there!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1789376%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EM365D%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%20Defender%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENinja%20blog%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENinja%20Training%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EXDR%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2193984%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2193984%22%20slang%3D%22en-US%22%3E%3CP%3EVery%20interesting%20and%20useful.%3CBR%20%2F%3EThank%20you%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E

Labels

Products (76)

Special Topics (42)

Video Hub (748)

Most Active Hubs

Most Active Hubs

Video Hub

Become a Microsoft 365 Defender Ninja

Become a Microsoft 365 Defender Ninja

Security Operations Fundamentals

Module 1. Technical overview

Module 2. Getting started

Module 3. Investigation – Incident

Module 4. Threat Analytics

Module 5. Advanced hunting

Module 6. Self-healing

Module 7. Community (blogs, webinars, GitHub)

Module 8. Partner

Security Operations Intermediate

Module 1. Architecture

Module 2. Investigation

Module 3. Advanced hunting

Module 4. Automated investigation and remediation

Module 6. Self-healing

Module 5. Build your own lab

Module 7. Reporting

Module 8. Microsoft Threat Experts

Security Operations Expert

Module 1. Incidents

Module 2. Advanced hunting

Module 3. APIs, custom reports, SIEM & other integrations