Welcome to the Microsoft Defender for Identity Ninja Training!
Microsoft Defender for Identity (renamed from Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. This Ninja blog covers the features, detentions, and functions of Microsoft Defender for Identity.
In addition, after each level, we offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training: Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.
In terms of overall structuring, the training sessions are split into three different knowledge levels:
Level 1: Beginner (Fundamentals)
Introduction to Microsoft Defender for Identity, and planning your Deployment.
Level 2: Intermediate (Associate)
Identity Security Posture Assessments, Investigate Lateral Movement Paths, Indicators of compromise
Level 3: Advanced (Expert)
Advanced Hunting with Microsoft 365 Defender
Microsoft Cloud App Security
Role-based access control
Microsoft Defender for Identity
Azure Advanced Threat Protection
Advanced Threat Protection
Azure Information Protection
Azure Security Center
Azure Active Directory
Cloud Access Security Broker
Microsoft Threat Protection
Government Community Cloud
Government Community Cloud High
Note: Threat protection product names from Microsoft are changing. Read more about this and other updates here. We'll be updating names in products and in the docs soon.
Microsoft 365 Defender (previously Microsoft Threat Protection)
Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
Microsoft Defender for Identity (previously Azure Advanced Threat Protection)
In this module you will familiarize yourself with Microsoft Defender for Identity and its detection capabilities. You will also learn about Microsoft Defender for Identity architecture, deployment options, licensing and the Microsoft Defender for Identity community.
In this module you will familiarize yourself with Microsoft Defender for Identity Security Posture Assessments, identifying indicators of compromise, suspicious activities and attacks, and lateral movement paths.
In this module we will investigate users, computers, and entities. This module includes gathering information around users, computers, and entities. Investigating activities and resources that may have been accessed.
In this interactive guide, you'll learn how to detect suspicious activities and potential attacks on your network with Microsoft Defender for Identity. You'll see how Defender for Identity can help you identify reconnaissance attacks, investigate attacker behavior inside your network, and provide recommendations on reducing domain vulnerabilities.
In this interactive guide, you’ll learn how to investigate and respond to attacks with Microsoft Defender for Identity. You’ll see how Microsoft Defender for Identity can help you examine suspicious activities, trace lateral movement, and prevent future breaches.
In this module you will familiarize yourself with Microsoft Defender for Identity Advanced Hunting within the Microsoft 365 Defender portal.
Advanced Hunting with Microsoft 365 Defender In this module you will create advanced KQL threat-hunting queries. This module includes Microsoft Defender for Identity advanced KQL threat-hunting queries, and the creation of custom detection rules.