Master Class: Microsoft Defender for Endpoint (MDE)

 

Course Overview

Users must access and work with a lot of files and applications in their daily business. To do this, they use devices that are in turn attacked by attackers very often. To prevent the success of these attacks, administrators have to deploy many security settings and also have to monitor activities.

Microsoft Defender for Endpoint (MDE) offers comprehensive threat protection by detecting, investigating, and responding to threats in real-time, making it a crucial tool for any organization. Its seamless integration with the Microsoft ecosystem ensures a unified security experience. The platform’s robust Endpoint Detection and Response (EDR) capabilities provide detailed insights into sophisticated threats, while automated investigation and remediation reduce the workload on security teams.

Learn in this course how to activate MDE, onboard devices, reduce attack surface, enable next-generation protection, control automated investigation and monitor all security related aspects of devices.

Who should attend

SecOps team members, device administrators and all interested responsible.

Course Content

Microsoft Defender XDR
  • Overview of MS Defender XDR
  • MDE overview and licensing
  • MDE vs. Microsoft Intune
  • Zero Trust and MDE
Microsoft Defender for Endpoint
  • MDE architecture
  • MDE portal
  • MDE activation
  • MDE roles and permissions
Onboarding/Offboarding
  • Windows devices via local script, MS Intune and Group policies
  • MacOS devices via local script and MS Intune
  • Linux and Windows Server via Azure Arc
  • Troubleshoot onboarding issues
  • Offboard devices
Endpoint protection – Attack surface reduction
  • Service to Service connection to Microsoft Intune
  • Attack surface reduction rules
  • Controlled folder access
  • Device control
Endpoint protection – Next-generation protection
  • Cloud protection
  • Behavior monitoring
  • Real-time protection
  • EDR in block mode
Endpoint detection and response
  • Alerts and Incidents management
  • Automated investigation and response (AIR)
  • Remediation actions
  • Device investigation
  • Device response actions
Additional configurations
  • Advanced features
  • Indicators
  • Web content filtering
  • Vulnerability Management
Advanced Hunting
  • KQL primer
  • Important MDE queries
Endpoint DLP (if time permits)

Prix & Delivery methods

Formation en ligne

Durée
4 jours

Prix
  • sur demande
Formation en salle équipée

Durée
4 jours

Prix
  • sur demande

Agenda

Instructor-led Online Training:   Course conducted online in a virtual classroom.
FLEX Classroom Training (hybrid course):   Course participation either on-site in the classroom or online from the workplace or from home.

Allemand

European Time Zones

Formation en ligne
Option présentielle : Hambourg, Allemagne
Formation en ligne
Option présentielle : Berlin, Allemagne
Formation en ligne
Option présentielle : Munich, Allemagne
Formation en ligne
Option présentielle : Francfort, Allemagne
Formation en ligne
Option présentielle : Hambourg, Allemagne

Anglais

European Time Zones

Formation en ligne
Formation en ligne
Formation en ligne
FLEX Classroom Training (hybrid course):   Course participation either on-site in the classroom or online from the workplace or from home.

Allemagne

Hambourg
Berlin
Munich
Francfort
Hambourg

Si vous ne trouvez pas de date adéquate, n'hésitez pas à vérifier l'agenda de toutes nos formations FLEX internationales