Blog Post

Microsoft Defender for Office 365 Blog
8 MIN READ

Become a Microsoft Defender for Office 365 Ninja! | June 2022

ang31a's avatar
ang31a
Brass Contributor
Apr 05, 2021

Are you ready to become a Microsoft Defender for Office 365 ninja? We can help you get there!

If you've already completed the training, you can focus on the latest updates (June 2022 update).

 

Do you want to become a Microsoft Defender for Office 365 ninja? We can help you get there! We collected content for two roles: “Security Operations (SecOps)” and “Email Security" teams. The content is structured into three different knowledge levels (Fundamentals, Intermediate, and Advanced) with multiple modules per level. Some of the topics are relevant for SecOps as well as for Email Security teams. This training will be updated on a regular basis to ensure you have access to the most current information available.

 

Short Link:  http://aka.ms/mdoninja
 
NEW: After each level, we will offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training! Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.
 
Note: Threat protection product names from Microsoft have recently changed. Read more about this and other updates https://www.microsoft.com/security/blog/?p=91813. 
 

  • Microsoft 365 Defender (previously Microsoft Threat Protection)

  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)

  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)

  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

  • Microsoft Defender for Cloud Apps (previously Microsoft Cloud Apps Security)

Please let us know what you think about this training here: https://aka.ms/MDONinjasurvey

 

P.S. I wanted to give my colleague, HeikeRitter a big thank you for laying the groundwork for Ninja Training and for all of her help, along with Giulian GarrubaBruno Nowak! Thank you!

 

_____________________________________________________________________________________

 

Table of Contents

Email Security - Fundamentals

(Deployment / Migration) 

Module 1. Technical overview 

Module 2. Getting started 

(Prevention & Detection) 

Module 3. Configuration (Part I) 

Module 4. Protection Feature

(Awareness) 

Module5. General Awareness 

 

Email Security - Intermediate

(Prevention & Detection)

Module 1. Configuration (Part II) 

Module 2. Alert Management 

Module 3. Mail flow 

Module 4. Zero Hour Auto-Purge (ZAP) 

(Investigation & Hunting) 

Module 5. Investigating Alerts 

Module 6. Advanced hunting (overview)

Module 7. Automated Investigation and Remediation (AIR) 

Module 8. Threat Insights 

(Response & Remediation) 

Module 9. Alert Handling 

Module 10. Manage Quarantined Messages 

(Reporting) 

Module 11. Reporting 

 

Security Operations - Advanced

(SOC Flows) 

Module 1. SIEM Integration & APIs 

Module 2. False Positive/False Negative Management Flows 

Module 3. Automation 

Module 4. Migration 

(Investigation & Hunting)

Module 5. Advanced hunting (Kusto training) 

(Training) 

Module 6. Attack Simulation Training 

(Awareness) 

Module 7. Security Operations

Module 8. Other Advance Topics

(Supplemental)

Supplemental Content (Tech Community links)

 

Legend:

DOCS: Docs on Microsoft

BLOG: Blogs on Microsoft

VIDEO: Product videos

WEBC: Webcast recordings

MTC: Microsoft Tech Community

IG: Interactive guides

EXT: External

GIT: GitHub

Email Security - Fundamentals 

(Deployment / Migration) 

Module 1. Technical overview 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-365-security-center-mdo?view=o365wt.mc_id=SecNinja_mdoninja-worldwide?wt.mc_id=SecNinja_mdoninjawt.mc_id=SecNinja_md

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • BLOG Introducing Microsoft Defender for Office 365 

  • DOCShttps://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/secure-by-default?view=o365-worldwidehttps://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/secure-by-default?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/mtp/overview-security-center?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • IGhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2FSafeguardwithMSDO.InteractiveGuide&data=04%7C01%7CGiulian.Garruba%40microsoft.com%7C845401ac4c73420a158e08d8f3ba8586%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637527329725584716%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=kiPsB%2FiGhulmpb1vQjM0OiVGRWAKNYZNxjK6c%2BWhKKU%3D&reserved=0 ?wt.mc_id=SecNinja_mdoni 

  • BLOG Get the most out of Office 365 ATP (Microsoft Defender for Office 365) in the shift to remote work 

Module 2. Getting started 

  • DOCShttps://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-evaluation?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • GIT https://www.powershellgallery.com/packages/ORCAhttps://www.powershellgallery.com/packages/ORCA/

  • EXT https://www.linkedin.com/pulse/reviewing-your-office-atp-configuration-cam-murray/?trackingId=NS%2FVe18RUBaJ90zW3LdCvA%3D%3D 

  • BLOG Enhanced Filtering for Connectors: Supporting hybrid mail routing configurations in Office 365 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/threat-explorer?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • BLOG Evaluate Defender for Office 365 in your environment!  [New!] 

  • EXT https://go.microsoft.com/fwlink/?linkid=2189652 (licensed partners access only) [New]

(Prevention & Detection) 

Module 3. Configuration (Part I)

  • VIDEO https://youtu.be/vivvTmWJ_3c 

  • BLOG Mastering Configuration Blog Series 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/protect-against-threats?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft?view=o365-worldwide ?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/user-submission?view=o365-worldwide ?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/admin-submission?view=o365-worldwide ?wt.mc_id=SecNinja_mdoninja

  • BLOG Configurable impersonation protection and scope for Preset Security policies [New!]

Module 4. Protection Feature

(Awareness) 

Module 5. General Awareness

>Ready for the https://forms.office.com/r/bF7TRGNYHw

 ____________________________________________________________________________________________

 

Email Security - Intermediate

(Prevention & Detection) 

Module 1. Configuration (Part II)

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/email-validation-and-authentication?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-the-outbound-spam-policy?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365?wt.mc_id=SecNinja_mdoninja 

  • BLOG Improving “Defense in Depth” with Trusted ARC Sealers for Microsoft Defender for Office 365 [New!]

Module 2. Alert Management

 Module 3. Mail flow

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/outbound-spam-controls?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mail-flow-insights-v2?view=o365-worldwide ?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/mail-flow-rules-transport-rules-0?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/message-trace-scc?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja

Module 4. Zero-Hour Auto Purge

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide#how-zap-works 

  • VIDEO https://youtu.be/kOefhx5vB1s

(Investigation & Hunting) 

Module 5. Investigating Alerts

Module 6. Advanced Hunting (overview) 

  • VIDEOhttps://youtu.be/UoVzN0lYbfY 

Module 7. Automated Investigation and Remediation

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-air?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/automated-investigation-response-office?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/air-view-investigation-results?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

  • BLOG Self-healing in Microsoft 365 Defender 

Module 8. Threat Insights

(Response & Remediation) 

Module 9. Alert handling

Module 10. Manage quarantined messages

  (Reporting) 

Module 11. Reports / Custom Reporting

  • DOCShttps://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/reports-and-insights-in-security-and-compliance?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja

  • DOCS  https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/view-reports-for-atp?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja

  • BLOG  Reporting an email in Microsoft Defender for Office 365 [New!]

>Ready for the https://forms.office.com/r/4niXNvujJB

 ____________________________________________________________________________________________

Security Operations - Advanced

(SOC Flows) 

Module 1. SIEM Integration & APIs

Module 2. False Positive / False Negative Management Flows

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft?view=o365-worldwide&viewFallbackFrom=o365-worldwide%3Fwt.mc_id%3DSecNinja_mdoninja

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/air-report-false-positives-negatives?view=o365-worldwide?wt.mc_id=SecNinja_mdoninja 

Module 3. Automation

  • VIDEO https://medius.studios.ms/video/asset/HIGHMP4/IG19-BRK3153

Module 4. Migration 

  • BLOG Introducing the Microsoft Defender for Office 365 Migration Guide 

  • VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWRwfH?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365?view=o365-worldwide&viewFallbackFrom=o365-worldwide%3Fwt.mc_id%3DSecNinja_mdoninja

(Investigation & Hunting) 

Module 5. Advanced Hunting (Kusto training)

  • VIDEO https://youtu.be/EDCBLULjtCM?t=360

  • VIDEO https://youtu.be/YKD_OFLMpf8?t=334

  • VIDEOhttps://youtu.be/jN1Cz0JcLYU?t=472       

  •  EXT https://www.pluralsight.com/courses/kusto-query-language-kql-from-scratch 

(Training) 

Module 6. Attack Simulation Training

 (Awareness)

Module 7. Security Operations 

  • VIDEO https://www.youtube.com/watch?v=LQwsn1AcDPY&list=PL3ZTgFEc7LystRja2GnDeUFqk44k7-KXf&index=18https://www.youtube.com/watch?v=LQwsn1AcDPY&list=PL3ZTgFEc7LystRja2GnDeUFqk44k7-KXf&index=18

  • VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWRwfx?wt.mc_id=SecNinja_mdoninja 

  • DOCS https://docs.microsoft.com/en-gb/microsoft-365/security/office-365-security/mdo-sec-ops-guide?view=o365-worldwide 

  • DOCS https://docs.microsoft.com/en-gb/microsoft-365/security/office-365-security/mdo-sec-ops-manage-incidents-and-alerts?view=o365-worldwide

  • BLOG Introducing the UrlClickEvents table in advanced hunting with Microsoft Defender for Office 365[New!]

Module 8. Other Advance Topics 

  • DOCS https://review.docs.microsoft.com/en-us/microsoft-365/security/office-365-security/step-by-step-guides/connect-microsoft-defender-for-office-365-to-microsoft-sentinel?view=o365-21vianet&branch=tracy_tempGuides[New!]

>Ready for the https://forms.office.com/r/LaMNhvYrCs

 ____________________________________________________________________________________________

Supplemental Content

Once you’ve finished the training and the knowledge checks, please https://forms.office.com/r/9vy4TnNAMh to request your certificate. You'll see it in your inbox within 3-5 business days.

 

Please let us know what you think about this training here: https://aka.ms/MDONinjasurvey

 

Interested in other ninja trainings? There are also ninja trainings for: 

Microsoft Defender for Endpoint (MDE) - http://aka.ms/mdeninja 

Microsoft Defender for Cloud Apps (MDCA) - http://aka.ms/MCASNinja 

Microsoft Defender for Identity (MDI) - https://aka.ms/MDINinja

 

Follow us on LinkedIn as #DefenderForOffice365. Bookmark the https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F&data=04%7C01%7CSarahzin.Chowdhury%40microsoft.com%7Cd32eea560a154850520a08d8dcde1fc0%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637502193856227782%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=QyGbxqgVmMLXQw4zofCAywOBg8oJdXoTGLoPew0N6b8%3D&reserved=0 to keep up with expert coverage on security matters. Also, follow https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2F%40MSFTSecurity&data=04%7C01%7CSarahzin.Chowdhury%40microsoft.com%7Cd32eea560a154850520a08d8dcde1fc0%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637502193856227782%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bZz38HU0P7z4qbSrL3dA1L8pHyhxVUJvr4cg8hQq7RQ%3D&reserved=0 on Twitter and https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fmicrosoft-security%2F&data=04%7C01%7CSarahzin.Chowdhury%40microsoft.com%7Cd32eea560a154850520a08d8dcde1fc0%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637502193856237739%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=UdzMs5GkMJtPUG5E6MnftcrjbDHP0mmKtTxNwvQbCds%3D&reserved=0 on LinkedIn for the latest news and updates on cybersecurity. 

Updated Dec 20, 2024
Version 32.0
ninja training

20 Comments

  • Neeran_niroula's avatar
    Neeran_niroula
    Copper Contributor
    Feb 19, 2024

    Hi,

    Planning to Start this learning path.
    Any idea how much time will take to complete.?(Average)

  • alessandro_cossu_1978's avatar
    alessandro_cossu_1978
    Copper Contributor
    Jul 04, 2022

    https://forms.office.com/r/bF7TRGNYHw

    So Sorry, could not open this link 😞 Please, help

    Thanks in advance

  • Iheanyi's avatar
    Iheanyi
    Copper Contributor
    Mar 07, 2022

    Broken link:

    https://mediusprodstatic.studios.ms/asset-9c1cca82-9be0-478d-afe4-984358d76eca/ArchiveAllBitrates_video_1676213.mp4?sv=2017-04-17&sr=c&si=4a1090eb-a209-435d-b9c4-57ba15bb71c7&sig=CQw%2BmUV2kEDdJrp2VZ6XZ1i0YqXcnTVBXQg7rhAZDk0%3D&se=2024-11-07T01%3A23%3A28Z

  • gblackburn's avatar
    gblackburn
    Copper Contributor
    Oct 15, 2021

    What's the estimated time to complete this course. Subjective I know - but be useful for many of us that have to book our hours for training with the powers that be ?

  • Jamiebarnett's avatar
    Jamiebarnett
    Copper Contributor
    Jul 19, 2021

    Can't seem to access the sharepoint link for the Webcast recordings? Am I missing something?

  • karanshah's avatar
    karanshah
    Icon for Microsoft rankMicrosoft
    Apr 27, 2021

    Hey Dean_Gross 

    Yes, ORCA still performs a few more checks than the Config Analyzer within MDO. As we move ahead, the overall goal is to bridge that gap and add these checks to Config Analyzer within MDO. That being said, we will continue to support as well as add newer checks to ORCA.