Microsoft Defender for Endpoint course with hands on sims

Learn how to expertly administer Microsoft Defender for Endpoint with hands on experience!

What you'll learn
- Learn the concepts and perform hands on activities needed to master Microsoft Defender for Endpoint
- Gain a tremendous amount of knowledge involving Microsoft Defender for Endpoint
- Learn using hands on simulations on how Microsoft Defender for Endpoint is administered!
- Learn how to set up your own test lab for practicing the concepts!

Requirements
- Willingness to put in the time and practice the steps shown in the course

Description
We really hope you'll agree, this training is way more than the average course on Udemy!

Have access to the following:

Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer

Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material

Instructor led hands on and simulations to practice that can be followed even if you have little to no experience

TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS:

Introduction

Welcome to the course!

Understanding the Microsoft 365 and Azure Environment

A Solid Foundation of Active Directory Domains

A Solid Foundation of RAS, DMZ, and Virtualization

A Solid Foundation of the Microsoft Cloud Services

IMPORTANT Using Assignments in the course

Questions for John Christopher

Certificate of Completion

Setting up for hands on

DONT SKIP: Before beginning your account setup

Creating a trial Microsoft 365/Azure Account

Using a Hyper-V virtual machine or an Azure virtual machine

Setting up an Azure virtual machine for hands on

HYPER-V: Getting Hyper-V Installed on Windows

HYPER-V: Creating a Virtual Switch in Hyper-V

HYPER-V: Downloading the Windows 11 ISO

HYPER-V: Installing a Windows 11 virtual machine

Device management support with Microsoft Entra

Overview of device management of Microsoft device managements concepts

Registering devices vs joining devices with Microsoft Entra

Configuring Microsoft Entra for device management

Joining our virtual machine to Microsoft Entra

Introduction to Endpoint Security & Microsoft Defender for Endpoint

What is Endpoint Security?

High level overview of Microsoft Defender for Endpoint

Licensing and Plan Comparison (P1 vs P2)

Microsoft 365 Defender Portal Tour

How Defender for Endpoint relates to Microsoft Intune

Introduction to Microsoft Intune for device management

Setting Up Defender for Endpoint

Prerequisites and Supported Operating Systems

Creating a Microsoft Defender Admin role for permissions

Onboarding a Windows device to Defender for Endpoint

Mass automatic onboarding with Microsoft Intune

Verifying Windows devices have been onboarded

Implementing device discovery

Defender for Endpoint Vulnerability Management

What are Common Vulnerabilities and Exposures (CVEs)?

Inspecting vulnerabilities on a specific device

Using the vulnerability management dashboard for high level overview

Improving security with the help of vulnerability recommendations

Utilizing remediation within vulnerability management

Creating and managing Device Groups for Defender for Endpoint

Configuration and Policy Management

Hardening endpoint security by using Endpoint Security Policies

Attack Surface Reduction (ASR) Rules

What is Next-Gen Protection with Microsoft Defender for Endpoint?

Understanding the local anti-virus settings on Windows 11

Implementing Next-Gen Protection for devices

Understanding the local Defender Firewall settings on Windows 11

Implementing Firewall Rule Policies using Defender for Endpoint

Using Security Baselines in securing our devices

Utilizing Microsoft Purview Endpoint DLP (Data Loss Prevention)

Understanding the concepts of DLP (Data Loss Prevention)

Considering device requirements before using Endpoint DLP

Settings for configuring Endpoint DLP

Configuring DLP policies with advanced rules

Enabling just-in-time (JIT) protection

How to monitor for endpoint activities

Incident Response and Investigation

What is Automated Investigation and Remediation (AIR)?

Implementing Automated Investigation and Remediation (AIR) within device groups

Triggering incidents using a client device for testing

Investigating incidents generated by Defender managed devices

Viewing alerts generated by Defender managed devices

Managing and classifying detected alerts

Kusto Query Language (KQL)

What is Kusto Query Language (KQL)?

Using the Microsoft KQL Demo environment, downloading resource materials and AI

Basic KQL syntax for searching for information

Summarizing KQL results and filtering based on time ranges

Controlling KQL data displayed based on columns, amounts and characters

Using KQL variables and combining output data

Running Threat Hunting Queries with Advanced Hunting (KQL)

Utilizing Microsoft's Sentinel and Defender repository of premade KQL Queries

Who this course is for:
- IT people interested in learning a tremendous amount about Microsoft Defender for Endpoint
More Info