Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Short & sweet educational videos on Microsoft Defender for Endpoint
Published Nov 20 2019 10:41 AM 58.4K Views
Microsoft

Delivering on our mission to help customers take full advantage of Microsoft Defender for Endpoint capabilities, we're continuously adding new features to the platform.

 

Check out these videos we've compiled to help customers easily discover and learn about Microsoft Defender for Endpoint and drill down into many of its capabilities. 

 

We'd also love to hear from you what other videos YOU would like to see (in case we missed them on this list. :smile:).

 

 

Overview

 Architecture

This video gives you an all-up overview of Microsoft Defender for Endpoint:

Get a high level understanding of the service architecture:


Onboarding

Role-based access control

Get a quick overview of how easy it is to onboard your endpoints:

 

 

See how simple it is to specify granular access control with role-based access control (RBAC):

 

 

Mobile Threat Defense Best Practices

Mobile Threat Defense Deployment

In this video, you learn about Mobile Threat Defense best practices that help you to secure the org from threats to mobile devices.

 

This video shows how to deploy Mobile Threat Defense by using Microsoft Endpoint Manager.

 

 

Threat & Vulnerability Management (TVM) - Overview

Threat & Vulnerability Management - Discovery & Remediation

Get continuous real-time visibility, context-aware prioritization, and a built-in end-to-end remediation process:

 

 

See how TVM discovers vulnerabilities and misconfigurations and how you can quickly take action to remediate them in your environment :

 

 

Discovering Unmanaged Devices

 

In this video, you'll see how to discover unmanaged devices 

 

 
Attack surface reduction:

Microsoft Defender for Endpoint gives you various tools to eliminate risks by reducing the surface area for attacks without blocking user productivity.

This video is an overview and further down we drill deeper into some of the features with separate videos:

 

Application control

Network protection

With application control you can control which applications are allowed to run and which are not:

 

 

 

Network protection defends against internet-based attacks by blocking connectivity to a internet destination that is malicious or has a low reputation:

 

 

Reputation analysis - Microsoft Defender SmartScreen

 EDR in block mode

Reputation analysis with Microsoft Defender for Endpoint protects users against accessing untrusted websites and running malicious code on their devices:

EDR in block mode provides an additional layer of post-breach blocking of malicious behavior, malware, and other artifacts that your primary antivirus (AV) solution might miss.

Endpoint detection and response (EDR)

We give you the tools needed to detect and investigate advanced persistent attacks on your network.
Investigation Advanced hunting

We give you a rich experience for triage and investigations, with all the details needed to easily narrate the end-to-end attack story:

 

 

Use advanced hunting to create your own powerful queries and turn them easily into custom detections:

 

 

Alert page

 

The new Microsoft Defender for Endpoint alert page  enables security researchers to more effectively triage, investigate, and take effective actions on alerts. 

 

Live response Deep file analysis

Get real-time live connection to a remote system:

 

Use the built-in sandbox to detonate suspicious files with a single click and get a detailed and readable report back:

Threat Analytics

Unified IOCs

Assess the impact of threats to your environment and identify actions that can contain them with Threat Analytics:

 

Upload your own indicators of compromise (IOCs) to also get alerted on your own detection logic:

 

Automated investigation and remediation

 Microsoft Threat Experts

Enhance your SOC by turning on automated investigation and remediation:

 

 

Get an additional layer of oversight and analysis to help ensure that threats don’t get missed:

 

 

APIs

Streaming API

Develop Microsoft Defender for Endpoint connected solutions and workflows with a rich set of APIs:

 

 

You can use our streaming API to stream event information directly to Azure storage or to Azure Event Hubs:

 

Conditional access

Security Configuration

Contain a threat by not letting risky devices access your corporate resources through Conditional Access:

 

 

See how you can use Microsoft Endpoint Manager to manage security configuration for Microsoft Defender for Endpoint:

 

 

Microsoft Cloud App Security (MCAS)

Evaluation Lab

Integrating Microsoft Defender for Endpoint and Microsoft Cloud App Security can help control shadow IT and assist with your security investigations:

The evaluation lab eliminates the complexities of machine & environment configuration - you can focus on evaluating the capabilities right away.

Delegated access for MSSPs

 

Learn how you as - a Managed Security Service Provider - can better manages access to multiple tenants:

 

 

 

clipboard_image_2.png

Heike Ritter

13 Comments
Microsoft

Awesome job team!! All the videos are great!! :stareyes:

Silver Contributor

Thanks @Heike Ritter, for these videos.  I also bookmarked the article to come back to them when need be.  We are just in the process of going from O365 E5 to M365 E5.

Microsoft

Love these videos. Thanks, Heike!

Brass Contributor
Hi, I think there is some good improvements that could be made to RBAC: 1. Limit what can be viewed, e.g. timeline is not suitable for GDPR in Europe or will not sit well with unions. 2. Tag's should be able to be applied in automated fashions like Machine groups. Sometimes you will want to link an action to a tag. Such as apply web filtering for different regions and groups of people. In some cases this would help whereby you base it on the tag rather than the machine group otherwise with only being a member of one machine group you can loose the functionality you would expect. Something else slightly related is that if you use SCEP with Win 7 it seems like ATP can read what happens on the OS but will not report a virus even if it is detected on the endpoint. It will however pick up powershell examples at least but won't pull any logs. Since Windows 7 is around for another 3 years is it not important to add some of the basic level features? i.e. Scan, collect logs, check definitions are in date, submit samples and isolation (could be done with some firewall rules). I
Brass Contributor
p.s. great videos in general though :)
Copper Contributor

Video is normally my least-favorite learning method - too time consuming. But these videos are great - short and to the point.

Microsoft

These are really great resources. Thanks @Heike Ritter and team! :smiling_face_with_smiling_eyes:

Iron Contributor

Great content, however, I prefer when it was hosted on Youtube. There is one massive benefit of youtube over this built-in player - that is speed control options on youtube. I prefer to skim videos on 1.5 or 2.0 speed. Can you please use other players with speed control? Some Microsoft areas (for example ignite and channel9) has non-Youtube player with speed control & download option.

Microsoft

Awesome videos as always!!! 

Copper Contributor

The twitter account, https://twitter.com/WindowsATP appears to have been suspended.  Should this be https://twitter.com/MSDefenderATP instead?

 

J3remy_0-1591740105453.png

 

Microsoft

Thanks @J3remy good catch! We changed that one a little ago, Just updated the post too :)

Copper Contributor

Awesome Cool Videos :) Great content.

Copper Contributor

Awesome job team!! All the videos are great!!

@Heike Ritter and team. Very useful.

 

Co-Authors
Version history
Last update:
‎Nov 22 2021 02:07 PM
Updated by: