Become a Microsoft Defender for Endpoint Ninja

Published Jul 13 2020 09:59 AM 257K Views
Microsoft

Do you want to become a ninja for Microsoft Defender for Endpoint? We can help you get there! We collected content for two roles: “Security Operations (SecOps)” and “Security Administrator (SecAdmin)”. The content is structured into three different knowledge levels, with multiple modules: Fundamentals, Intermediate, and Expert. Some topics can be relevant for SecOps as well as for SecAdmins and are listed for both roles. We will keep updating this training on a regular basis and highlight new resources. 

 

In addition, after each level, we offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training: Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.

 

I want to give kudos to my colleagues: @Sarahzin for letting me copy from her MCAS Ninja training, @DanEdwards for helping me automate the certificate distribution and Brian & my CxE colleagues for helping with the questions! Thank you!

 

If you already did the training, you can focus on the latest updates (August 2021 update)

 

Table of Contents

Security Operations Fundamentals

Module 1. Technical overview

Module 2. Getting started

Module 3. Threat and vulnerability management

Module 4. Attack surface reduction

Module 5. Next generation protection

Module 6. Investigation – Incident

Module 7. Alert handling

Module 8. Automated investigation and remediation

Module 9. Microsoft Threat Experts

Module 10. Reporting

Module 11. Evaluation Lab

 

Security Operations Intermediate

Module 1. Architecture

Module 2. Threat and vulnerability management

Module 3. Next generation protection.

Module 4. Advanced hunting

Module 5. Automated investigation and remediation

Module 6. Threat analytics

Module 7. Unified indicators of compromise (IOCs)

Module 8. Evaluation lab

Module 9. Community (blogs, webinars, GitHub)

 

Security Operations Expert

Module 1. Responding to threats

Module 2. Alert handling

Module 3. Deep file analysis

Module 4. Advanced hunting

Module 5. Unified indicators of compromise IOCs

Module 6. Custom reporting

Module 7. Community (blogs, webinars, GitHub)

 

Security Administrator Fundamentals

Module 1. Architecture

Module 2. Onboarding

Module 3. Grant and control access

Module 4. Security configuration

Module 5. Reporting

Module 6. SIEM Integration

 

Security Administrator Intermediate

Module 1. Threat and vulnerability management (TVM)

Module 2. Attack surface reduction

Module 3. Next generation protection

Module 4. Advanced hunting

Module 5. Conditional access

Module 6. Microsoft Cloud App Security (MCAS)

Module 7. Community (blogs, webinars, GitHub)

Module 8. Migration

 

Security Administrator Expert

Module 1. Custom reporting (PowerBI)

Module 2.  Advanced hunting

Module 3. Custom Integrations, APIs

 

Learn about our partner integrations

 

Legend:

vid.png Product videos

webcast.png Webcast recordings

TechCommunity.png Tech Community

docs.png Docs on Microsoft

blogs.png Blogs on Microsoft

GitHub.png GitHub

⤴ External

InteractiveGuides.png Interactive guides

 

Security Operations Fundamentals

Module 1. Technical overview

Module 2. Getting started

Module 3. Threat and vulnerability management

Module 4. Attack surface reduction

Module 5. Next generation protection

Module 6. Investigation – Incident

Module 7. Alert handling

Module 8. Automated investigation and remediation

Module 9. Microsoft Threat Experts

Module 10. Reporting

Module 11. Evaluation Lab

 

> Ready for the Fundamentals Knowledge Check

 

Security Operations Intermediate

Module 1.Architecture

Module 2. Threat and vulnerability management

Module 3. Next generation protection

Module 4. Advanced hunting

Module 5. Automated investigation and remediation

Module 6. Threat analytics

Module 7. Unified indicators of compromise (IOCs)

Module 8. Evaluation lab

Module 9. Community (blogs, webinars, GitHub)

 

> Ready for the Intermediate Knowledge Check?

 

Security Operations Expert

Module 1. Responding to threats

Module 2. Alert handling

Module 3. Deep file analysis

Module 4. Advanced hunting

Module 5. Unified indicators of compromise IOCs

Module 6. Custom reporting

Module 7. Community (blogs, webinars, GitHub)

 

> Ready for the Expert Knowledge Check? 

 

Security Administrator Fundamentals

Module 1. Architecture

Module 2. Onboarding

Module 3. Grant and control access

Module 4. Security configuration

Module 5. Reporting

Module 6. SIEM Integration

 

> Ready for the Fundamentals Knowledge Check

 

Security Administrator Intermediate

Module 1. Threat and vulnerability management (TVM)

Module 2. Attack surface reduction

Module 3. Next generation protection

Module 4. Advanced hunting

Module 5. Conditional access

Module 6. Microsoft Cloud App Security (MCAS)

Module 7. Community (blogs, webinars, GitHub)

Module 8. Migration

 

> Ready for the Intermediate Knowledge Check

 

Security Administrator Expert

Module 1. Custom reporting (PowerBI)

Module 2. Advanced hunting

Module 3. Custom Integrations, APIs

 

Learn about our partner integrations

 

> Ready for the Expert Knowledge Check? 

 

Once you’ve finished the training and the knowledge checks, please click here to request your certificate (you'll see it in your inbox within 3-5 business days.)

 
56 Comments
Co-Authors
Version history
Last update:
‎Oct 12 2021 11:42 AM
Updated by: