Become a Microsoft Defender for Office 365 Ninja!
Do you want to become a Microsoft Defender for Office 365 ninja? We can help you get there! We collected content for two roles: “Security Operations (SecOps)” and “Email Security" teams. The content is structured into three different knowledge levels, with multiple modules: Fundamentals, Intermediate, and Advanced. Some topics can be relevant for SecOps as well as for Email Security teams. This training will be updated on a regular basis to ensure you have access to the most current information available.
Please let us know what you think about this training here: https://aka.ms/MDONinjasurvey
P.S. I wanted to give my colleague, @Heike Ritter a big thank you for laying the groundwork for Ninja Training and for all of her help, along with @Giulian Garruba & @Bruno Nowak! Thank you!
_____________________________________________________________________________________
Table of Contents
Email Security - Fundamentals
(Deployment / Migration)
Module 1. Technical overview
Module 2. Getting started
(Prevention & Detection)
Module 3. Configuration (Part I)
(Awareness)
Module 4. General Awareness
Email Security - Intermediate
(Prevention & Detection)
Module 1. Configuration (Part II)
Module 2. Alert Management
Module 3. Mail flow
Module 4. Zero Hour Auto-Purge (ZAP)
(Investigation & Hunting)
Module 5. Investigating Alerts
Module 6. Advanced hunting (overview)
Module 7. Automated Investigation and Remediation (AIR)
Module 8. Threat Insights
(Response & Remediation)
Module 9. Alert Handling
Module 10. Manage Quarantined Messages
(Reporting)
Module 11. Reporting
Security Operations - Advanced
(SOC Flows)
Module 1. SIEM Integration & APIs
Module 2. False Positive/False Negative Management Flows
Module 3. Automation
(Investigation & Hunting)
Module 4. Advanced hunting (Kusto training)
(Training)
Module 5. Attack Simulation Training
Supplemental Content (Tech Community links)
Legend:
|
|
|
|
|
|
|
|
|
|
⤴ External |
|
Email Security - Fundamentals
(Deployment / Migration)
Module 1. Technical overview
Understanding where Microsoft Defender for Office 365 fits in the Microsoft 365 Security Center
What is Microsoft Defender for Office 365?
Introducing Microsoft Defender for Office 365
Microsoft Defender for Office 365 Protection Stack
Secure by default in Office 365
The unified Microsoft 365 security center overview
Interactive guide to Microsoft Defender for Office 365
Get the most out of Office 365 ATP (Microsoft Defender for Office 365) in the shift to remote work
Module 2. Getting started
Evaluate Microsoft Defender for Office 365
Evaluation Mode in Microsoft Defender for Office 365
Configuration analyzer for protection policies in EOP and Microsoft Defender for Office 365
ORCA (Office 365 Advanced Threat Protection Recommended Configuration Analyzer)
- ⤴ Reviewing your configuration with ORCA
Enhanced Filtering for Connectors: Supporting hybrid mail routing configurations in Office 365
(Prevention & Detection)
Module 3. Configuration (Part I)
Mastering Configuration in Microsoft Defender for Office 365
Report messages and files to Microsoft
User submissions policies (add-in for end users)
Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft
(Awareness)
Module 4. General Awareness
Protecting against coronavirus themed phishing attacks
New Threat analytics report shares the latest intelligence on recent nation-state cyber attacks
Safety tips in email messages
Email Security - Intermediate
(Prevention & Detection)
Module 1. Configuration (Part II)
Assess and Optimize Defender for Office 365 Configuration
Module 2. Alert Management
Managing Alerts: Alert policies in the Security & Compliance Center
Announcing Priority Account Protection in Defender for Office 365
Module 3. Mail flow
Outbound spam protection in Exchange Online Protection
Mail flow insights in the Security & Compliance Center
Mail flow rules (transport rules) in standalone Exchange Online Protection
Message trace in the Security & Compliance Center
Module 4. Zero-Hour Auto Purge
(Investigation & Hunting)
Module 5. Investigating Alerts
Get more out of Microsoft Defender for Office 365 with Microsoft 365 Defender
Investigating alerts
Microsoft Defender for Office 365 investigation improvements coming soon
Investigate malicious email that was delivered in Office 365
Module 6. Advanced Hunting (overview)
Microsoft Defender for Office 365 gets even better with Incidents and Advanced Hunting
Module 7. Automated Investigation and Remediation
AIR Overview: Automated investigation and response (AIR) in Microsoft Defender for Office 365
How automated investigation and response works in Microsoft Defender for Office 365
Details and results of an automated investigation in Microsoft 365
Self-healing in Microsoft 365 Defender
Module 8. Threat Insights
Walkthrough - Spoof intelligence insight in Microsoft Defender for Office 365
Business Email: Uncompromised – Part One
Business Email: Uncompromised – Part Two
Business Email: Uncompromised – Part Three
(Response & Remediation)
Module 9. Alert handling
Remediation actions in Microsoft Defender for Office 365
Review and manage remediation actions in Office 365
Announcing Campaign Views and Compromised User Detection and Response
Module 10. Manage quarantined messages
(Reporting)
Module 11. Reports / Custom Reporting
Smart reports and insights in the Security & Compliance Center
View Defender for Office 365 reports in the Reports dashboard in the Security & Compliance Center
Security Operations - Advanced
(SOC Flows)
Module 1. SIEM Integration & APIs
Say hello to the new Microsoft Threat Protection APIs!
Best practices for leveraging Microsoft 365 Defender API's - Episode One
Best practices for leveraging Microsoft 365 Defender API's - Episode Two
Improve the Effectiveness of your SOC with Office 365 ATP and the O365 Management API
Custom or third-party reporting solutions for Microsoft Defender for Office 365
Module 2. False Positive / False Negative Management Flows
Manually submit messages to Microsoft for analysis (FP/FN submission)
Handle FPs/FNs: How to report false positives/negatives in automated investigation and response capa...
Module 3. Automation
(Investigation & Hunting)
Module 4. Advanced Hunting (Kusto training)
KQL part 1 of 3: Learn the KQL you need (part of Azure Sentinel webinar series)
KQL part 2 of 3: KQL hands-on lab exercises (part of Azure Sentinel webinar series)
KQL part 3 of 3: Optimizing KQL queries (part of Azure Sentinel webinar series)
- ⤴ Pluralsight KQL training
(Training)
Module 5. Attack Simulation Training
Attack simulation training in Microsoft Defender for Office 365 now Generally Available
Get started using Attack Simulation Training in Microsoft Defender for Office 365
Attack Simulation Training is now available!
Supplemental Content
Microsoft Defender for Office 365 - Microsoft Tech Community
Microsoft Security and Compliance - Microsoft Tech Community
- Microsoft Defender for Office 365 - Homepage
Please let us know what you think about this training here: https://aka.ms/MDONinjasurvey
Interested in other ninja trainings? There are also ninja trainings for:
Microsoft Defender for Endpoint (MDE) - http://aka.ms/mdeninja
Microsoft Cloud App Security (MCAS) - http://aka.ms/mcasninja
Microsoft Defender for Identity (MDI) - http://aka.ms/mdininja
Follow us on LinkedIn as #DefenderForOffice365. Bookmark the Security blog to keep up with expert coverage on security matters. Also, follow @MSFTSecurity on Twitter and Microsoft Security on LinkedIn for the latest news and updates on cybersecurity.