Configuring and Managing Microsoft Defender for Endpoint [WDE]

OVERVIEW

This practical workshop was designed with security professionals in mind, who want to deepen their knowledge and skills in usage of Microsoft monitoring tools and framework. This class was designed by real-life cybersecurity practitioners and thus it is filled with practical exercises, realistic case studies and knowledge that can be put to use right after the class concludes. All exercises are based on O365 and Azure Cloud and performed in a realistic environment prepared by CQURE Experts.

During the first day the group will cover key Microsoft 365 Defender for Endpoint concepts, including overview of the EDR and its best deployment strategies, as well as automation with ServiceNow and 3rd parties.

The next day covers everything you need to know on the Microsoft 365 Defender Stack, including practical features of Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, Microsoft Defender for Cloud, Microsoft Defender for Server.

The final day of the training is a deep dive into advanced threat hunting. We will also cover the hacker’s perspective and how adversaries may try to hide malware and avoid detection by the EDR. We will run numerous attack scenarios and explore the ways on how they can be detected and remediated for the security of our systems.

AUDIENCE

SOC analysts, Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

To attend this training, you should have a good hands-on experience in administering Windows infrastructure and basic around public cloud concept (Office 365, Azure).

CERTIFICATION

Certification:

What is wonderful about our certification is that it is lifetime valid with no renewal fees – the technology changes, but fundamentals and attitude remain mostly the same. Our Virtual Certificates, which entitle you to collect CPE Points, are issued via Accredible.

CONTENT

MODULE 1: Microsoft 365 Defender for Endpoint - EDR

1. Intro 101 to Microsoft Defender ecosystem
2. EDR deployment strategies
3. EDR installation and configuration
4. Fine tuning and hardening of EDR configuration
5. Managing and Maintaining Security Posture
6. Troubleshooting Common Issues
7. Automation with ServiceNow and 3rd party

MODULE 2: Integration with Defender Family

1. Microsoft 365 Defender Stack Overview
2. Microsoft Defender for Identity
3. Microsoft Defender for Cloud Apps
4. Microsoft Defender for Cloud
5. Microsoft Defender for Server
6. EDR integration with Microsoft Azure Sentinel

MODULE 3: Security Operations with Microsoft EDR (Defender for Endpoints) Advanced Threat Hunting with Defender

1. EDR integration with Microsoft Azure Sentinel
2. Security Operations best practices with Microsoft EDR and Sentinel
3. How to manage Incidents inside EDR and Sentinel
4. Kusto language 101 - basic and advanced queries
5. Advanced Hunting
6. Hacker ways to hide malware and bypass EDR
7. External Attack Surface Management and integration with Sentinel