Become a Microsoft Defender for Office 365 Ninja!

Published 04-05-2021 03:00 PM 10.8K Views
Microsoft

 

 

Do you want to become a Microsoft Defender for Office 365 ninja? We can help you get there! We collected content for two roles: “Security Operations (SecOps)” and “Email Security" teams. The content is structured into three different knowledge levels, with multiple modules: Fundamentals, Intermediate, and Advanced. Some topics can be relevant for SecOps as well as for Email Security teams. This training will be updated on a regular basis to ensure you have access to the most current information available.

 

Short Link:  aka.ms/MDONinja
 
COMING SOON: After each level, we will offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training! Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.
 
Note: Threat protection product names from Microsoft have recently changed. Read more about this and other updates here
 
  • Microsoft 365 Defender (previously Microsoft Threat Protection)

  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)

  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)

  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

Please let us know what you think about this training here: https://aka.ms/MDONinjasurvey

 

P.S. I wanted to give my colleague, @Heike Ritter a big thank you for laying the groundwork for Ninja Training and for all of her help, along with @Giulian Garruba@Bruno Nowak! Thank you!

 

_____________________________________________________________________________________

 

Table of Contents

Email Security - Fundamentals

(Deployment / Migration) 

Module 1. Technical overview 

Module 2. Getting started 

(Prevention & Detection) 

Module 3. Configuration (Part I) 

(Awareness) 

Module 4. General Awareness 

 

Email Security - Intermediate

(Prevention & Detection)

Module 1. Configuration (Part II) 

Module 2. Alert Management 

Module 3. Mail flow 

Module 4. Zero Hour Auto-Purge (ZAP) 

(Investigation & Hunting) 

Module 5. Investigating Alerts 

Module 6. Advanced hunting (overview)

Module 7. Automated Investigation and Remediation (AIR) 

Module 8. Threat Insights 

(Response & Remediation) 

Module 9. Alert Handling 

Module 10. Manage Quarantined Messages 

(Reporting) 

Module 11. Reporting 

 

Security Operations - Advanced

(SOC Flows) 

Module 1. SIEM Integration & APIs 

Module 2. False Positive/False Negative Management Flows 

Module 3. Automation 

(Investigation & Hunting)

Module 4. Advanced hunting (Kusto training) 

(Training) 

Module 5. Attack Simulation Training 

 

Supplemental Content (Tech Community links)

 

Legend:

ang31a_3-1617347525464.png Docs on Microsoft

ang31a_4-1617347525465.png Blogs on Microsoft

ang31a_1-1617658296243.png Product videos

 

ang31a_1-1617347525462.png Webcast recordings

 

ang31a_7-1617347713732.png Tech Community

ang31a_6-1617347525467.png Interactive guides

⤴ External

ang31a_8-1617347728864.png GitHub

 

Email Security - Fundamentals

(Deployment / Migration) 

Module 1. Technical overview 

Module 2. Getting started 

(Prevention & Detection) 

Module 3. Configuration (Part I)

(Awareness) 

Module 4. General Awareness

Email Security - Intermediate

(Prevention & Detection) 

Module 1. Configuration (Part II)

Module 2. Alert Management

Module 3. Mail flow

Module 4. Zero-Hour Auto Purge

(Investigation & Hunting) 

Module 5. Investigating Alerts

Module 6. Advanced Hunting (overview)

Module 7. Automated Investigation and Remediation

Module 8. Threat Insights

(Response & Remediation) 

Module 9. Alert handling

Module 10. Manage quarantined messages

(Reporting) 

Module 11. Reports / Custom Reporting

Security Operations - Advanced

(SOC Flows) 

Module 1. SIEM Integration & APIs

Module 2. False Positive / False Negative Management Flows

Module 3. Automation

(Investigation & Hunting) 

Module 4. Advanced Hunting (Kusto training)

(Training) 

Module 5. Attack Simulation Training

Supplemental Content

 

Please let us know what you think about this training here: https://aka.ms/MDONinjasurvey

 

Interested in other ninja trainings? There are also ninja trainings for: 

Microsoft Defender for Endpoint (MDE) - http://aka.ms/mdeninja 

Microsoft Cloud App Security (MCAS) - http://aka.ms/mcasninja 

Microsoft Defender for Identity (MDI) - http://aka.ms/mdininja

 

 

Follow us on LinkedIn as #DefenderForOffice365. Bookmark the Security blog to keep up with expert coverage on security matters. Also, follow @MSFTSecurity on Twitter and Microsoft Security on LinkedIn for the latest news and updates on cybersecurity. 

10 Comments
New Contributor

Hello @ang31a 

Thank you for your share. It's very helpful and wonderful also.

Microsoft

This is great. Thanks Angela and team for putting it together. This even helps new Microsoft employees get ramped up! 

Occasional Visitor

Thanks for assembling everything in one place. That's very convenient! :smile:

Senior Member

It's amazing.

Microsoft
Microsoft

Working on it, thanks Frank!
UPDATE: Broken links have been updated. 

Respected Contributor

In Module 2- The Evaluation Mode with MdO recording should be redone, It contains a lot of issues with the recording and demo environment which are not consistent with the typical very high quality videos that we usually see. 

Respected Contributor

Now that we have the Configuration Analyzer built into O365, does ORCA still provide any benefits?

Respected Contributor

It would be nice if completion of the ninja training materials could be added to the Achievements shown in our Profile in this community.

Microsoft

Hi @Dean Gross - The Eval Mode video you refer to above (along with a few others) are simply place holders while we get new content recorded and produced. We will be continuously updating this training with new material, but wanted to use what content we could to create a comprehensive ninja training for Microsoft Defender for Office 365. Stay tuned!

Co-Authors
Version history
Last update:
‎Apr 07 2021 01:49 PM
Updated by: