Microsoft Defender for Identity Ninja Training

Welcome to the Microsoft Defender for Identity Ninja Training!

Microsoft Defender for Identity (renamed from Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.  This Ninja blog covers the features, detentions, and functions of Microsoft Defender for Identity.

Short Link:  aka.ms/MDINinja

In addition, after each level, we offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training: Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.

In terms of overall structuring, the training sessions are split into three different knowledge levels:

Note: Threat protection product names from Microsoft are changing. Read more about this and other updates here. We'll be updating names in products and in the docs soon.

• Microsoft 365 Defender (previously Microsoft Threat Protection)
• Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
• Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
• Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

Fundamentals:

In this module you will familiarize yourself with Microsoft Defender for Identity and its detection capabilities. You will also learn about Microsoft Defender for Identity architecture, deployment options, licensing and the Microsoft Defender for Identity community.

• What is Microsoft Defender for Identity? (V)
• Understanding Microsoft Defender for Identity Licensing and Privacy (D)
• Microsoft 365 Defender enriches the Microsoft Defender for Identity experience (B)
• Defender for Identity Community (D)
  • This is a Microsoft Defender for Identity Tech Community space that provides an opportunity to connect and discuss the latest news, updates, and best practices with Microsoft professionals and peers.

Planning your Microsoft Defender for Identity Deployment

• Microsoft Defender for Identity Architecture (D)
• Microsoft Defender for Identity Prerequisites (D)
• Microsoft Defender for identity FAQs (D)

Deploying Microsoft Defender for Identity Deployment

• Microsoft Defender for Identity Installation Overview (V)
• Create your Azure ATP instance (D)
• Connect to Active Directory (D)
• Configuring the Microsoft Defender for Identity Sensor (D)
• Excluding entities from detection's (D)
• Working with sensitive accounts (D)

Ready for the Fundamentals Knowledge Check?

Intermediate:

In this module you will familiarize yourself with Microsoft Defender for Identity Security Posture Assessments, identifying indicators of compromise, suspicious activities and attacks, and lateral movement paths. 

Identity Security Posture Assessments

• Identity Security Posture Assessments Overview (V)
• Bolster your security posture with Identity Security Posture Assessments (V)
• Identity Security Posture Assessments Documentation (D)

Identify Suspicious Activities and Advanced Attacks

• Microsoft Defender for Identity Detection's – Part 1 (V)
• Microsoft Defender for Identity Detection's – Part 2 (V)
• Reconnaissance Alerts (D)
• Compromised Credential Alerts (D)
• Lateral Movement Alerts (D)
• Domain Dominance Alerts (D)
• Exfiltration Alerts (D)

Investigate Lateral Movement Paths
In this module we will learn what Lateral Movement Paths are, and how to investigate.

• What is a Lateral Movement Path? (D)
• Tutorial: Use Lateral Movement Paths (LMPs) (D)

Indicators of Compromise

In this module we will investigate users, computers, and entities.  This module includes gathering information around users, computers, and entities.  Investigating activities and resources that may have been accessed.  

• Incident investigation with Microsoft Defender for identity (V)
• Tutorial: Investigate a user (D)
• Tutorial: Investigate a computer (D)
• Tutorial: Investigate an entity (D)

Interactive Guides

• Detect suspicious activity w/Defender for Identity (G)
  
  • In this interactive guide, you'll learn how to detect suspicious activities and potential attacks on your network with Microsoft Defender for Identity. You'll see how Defender for Identity can help you identify reconnaissance attacks, investigate attacker behavior inside your network, and provide recommendations on reducing domain vulnerabilities.
• Attack Response: Microsoft Defender for Identity (G)
  
  • In this interactive guide, you’ll learn how to investigate and respond to attacks with Microsoft Defender for Identity. You’ll see how Microsoft Defender for Identity can help you examine suspicious activities, trace lateral movement, and prevent future breaches.

Ready for the Intermediate Knowledge Check?

Advanced:

In this module you will familiarize yourself with Microsoft Defender for Identity Advanced Hunting within the Microsoft 365 Defender portal.

Advanced Hunting with Microsoft 365 Defender
In this module you will create advanced KQL threat-hunting queries.  This module includes Microsoft Defender for Identity advanced KQL threat-hunting queries, and the creation of custom detection rules.

• Microsoft Defender for Identity advanced KQL threat-hunting queries
• Enhancing Microsoft Defender for Identity Data Using Microsoft 365 Defender

Ready for the Experts Knowledge Check?

Once you’ve finished the training and the knowledge checks, please click here to request your certificate (you'll see it in your inbox within 3-5 business days.“