Master Class: Microsoft Defender for Endpoint (MDE)

 

Course Overview

Users must access and work with a lot of files and applications in their daily business. To do this, they use devices that are in turn attacked by attackers very often. To prevent the success of these attacks, administrators have to deploy many security settings and also have to monitor activities.

Microsoft Defender for Endpoint (MDE) offers comprehensive threat protection by detecting, investigating, and responding to threats in real-time, making it a crucial tool for any organization. Its seamless integration with the Microsoft ecosystem ensures a unified security experience. The platform’s robust Endpoint Detection and Response (EDR) capabilities provide detailed insights into sophisticated threats, while automated investigation and remediation reduce the workload on security teams.

Learn in this course how to activate MDE, onboard devices, reduce attack surface, enable next-generation protection, control automated investigation and monitor all security related aspects of devices.

Who should attend

SecOps team members, device administrators and all interested responsible.

Course Content

Microsoft Defender XDR
  • Overview of MS Defender XDR
  • MDE overview and licensing
  • MDE vs. Microsoft Intune
  • Zero Trust and MDE
Microsoft Defender for Endpoint
  • MDE architecture
  • MDE portal
  • MDE activation
  • MDE roles and permissions
Onboarding/Offboarding
  • Windows devices via local script, MS Intune and Group policies
  • MacOS devices via local script and MS Intune
  • Linux and Windows Server via Azure Arc
  • Troubleshoot onboarding issues
  • Offboard devices
Endpoint protection – Attack surface reduction
  • Service to Service connection to Microsoft Intune
  • Attack surface reduction rules
  • Controlled folder access
  • Device control
Endpoint protection – Next-generation protection
  • Cloud protection
  • Behavior monitoring
  • Real-time protection
  • EDR in block mode
Endpoint detection and response
  • Alerts and Incidents management
  • Automated investigation and response (AIR)
  • Remediation actions
  • Device investigation
  • Device response actions
Additional configurations
  • Advanced features
  • Indicators
  • Web content filtering
  • Vulnerability Management
Advanced Hunting
  • KQL primer
  • Important MDE queries
Endpoint DLP (if time permits)

Prices & Delivery methods

Online Training

Duration
4 days

Price
  • on request
Classroom Training

Duration
4 days

Price
  • on request

Schedule

English

Time zone: Eastern European Time (EET)

Online Training Time zone: Central European Summer Time (CEST)

1 hour difference

Online Training Time zone: Central European Summer Time (CEST)
Online Training Time zone: Central European Time (CET)
Instructor-led Online Training:   This computer icon in the schedule indicates that this date/time will be conducted as Instructor-Led Online Training.
This is a FLEX course, which is delivered both virtually and in the classroom. All FLEX courses are also Instructor-led Online Trainings (ILO).

Europe

Germany

Hamburg
Berlin
Munich
Frankfurt
Hamburg
This is a FLEX course, which is delivered both virtually and in the classroom. All FLEX courses are also Instructor-led Online Trainings (ILO).