Microsoft Defender for Identity Ninja Training

Published Feb 24 2021 09:00 AM 40.8K Views
Microsoft

Microsoft Defender for Identity Ninja Training


Welcome to the Microsoft Defender for Identity Ninja Training!

 

Microsoft Defender for Identity (renamed from Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.  This Ninja blog covers the features, detentions, and functions of Microsoft Defender for Identity.

 

Short Link:  aka.ms/MDINinja

 

In addition, after each level, we offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training: Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.

 

In terms of overall structuring, the training sessions are split into three different knowledge levels:

 

Module

Description

Level 1: Beginner (Fundamentals)

Introduction to Microsoft Defender for Identity, and planning your Deployment.

Level 2: Intermediate (Associate)

Identity Security Posture Assessments, Investigate Lateral Movement Paths, Indicators of compromise

Level 3: Advanced (Expert)

Advanced Hunting with Microsoft 365 Defender

 

Legend/Acronyms

(D)

Microsoft Documentation

(V)

Video

(G)

Interactive Guide

(B)

Blog

MCAS

Microsoft Cloud App Security

RBAC

Role-based access control

MDI

Microsoft Defender for Identity

AATP

Azure Advanced Threat Protection

ATP

Advanced Threat Protection

AIP

Azure Information Protection

ASC

Azure Security Center

AAD

Azure Active Directory

CASB

Cloud Access Security Broker

MTP

Microsoft Threat Protection

GCC

Government Community Cloud

GCC-H

Government Community Cloud High


Note: Threat protection product names from Microsoft are changing. Read more about this and other updates here. We'll be updating names in products and in the docs soon.

 

  • Microsoft 365 Defender (previously Microsoft Threat Protection)
  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

Fundamentals:

In this module you will familiarize yourself with Microsoft Defender for Identity and its detection capabilities. You will also learn about Microsoft Defender for Identity architecture, deployment options, licensing and the Microsoft Defender for Identity community.

 

The purpose of the Microsoft Defender for Identity Security Alert lab tutorial is to illustrate Defender for Identity's capabilities in identifying and detecting suspicious activities and potential attacks against your network. 

Planning your Microsoft Defender for Identity Deployment

Deploying Microsoft Defender for Identity Deployment

 

Ready for the Fundamentals Knowledge Check?

 

Intermediate:

In this module you will familiarize yourself with Microsoft Defender for Identity Security Posture Assessments, identifying indicators of compromise, suspicious activities and attacks, and lateral movement paths. 

Identity Security Posture Assessments

Identify Suspicious Activities and Advanced Attacks

Investigate Lateral Movement Paths
In this module we will learn what Lateral Movement Paths are, and how to investigate.

Indicators of Compromise

In this module we will investigate users, computers, and entities.  This module includes gathering information around users, computers, and entities.  Investigating activities and resources that may have been accessed.  

Interactive Guides

  • Detect suspicious activity w/Defender for Identity (G)
    • In this interactive guide, you'll learn how to detect suspicious activities and potential attacks on your network with Microsoft Defender for Identity. You'll see how Defender for Identity can help you identify reconnaissance attacks, investigate attacker behavior inside your network, and provide recommendations on reducing domain vulnerabilities.
  • Attack Response: Microsoft Defender for Identity (G)
    • In this interactive guide, you’ll learn how to investigate and respond to attacks with Microsoft Defender for Identity. You’ll see how Microsoft Defender for Identity can help you examine suspicious activities, trace lateral movement, and prevent future breaches.

Ready for the Intermediate Knowledge Check?

 

Advanced:

In this module you will familiarize yourself with Microsoft Defender for Identity Advanced Hunting within the Microsoft 365 Defender portal.


Advanced Hunting with Microsoft 365 Defender
In this module you will create advanced KQL threat-hunting queries.  This module includes Microsoft Defender for Identity advanced KQL threat-hunting queries, and the creation of custom detection rules.

Ready for the Experts Knowledge Check?

 

Once you’ve finished the training and the knowledge checks, please click here to request your certificate (you'll see it in your inbox within 3-5 business days.

26 Comments
Version history
Last update:
‎May 11 2021 02:04 PM
Updated by:
www.000webhost.com