YoVDO

SC-200: Mitigate threats using Microsoft Defender for Endpoint

Offered By: Microsoft via Microsoft Learn

Tags

SC-200: Microsoft Security Operations Analyst Courses Cybersecurity Courses Network Security Courses Incident Management Courses Threat Mitigation Courses Vulnerability Management Courses Threat Hunting Courses Security Automation Courses Microsoft Defender for Endpoint Courses

Course Description

Overview

  • Module 1: Learn how Microsoft Defender for Endpoint can help your organization stay secure.

    • In this module, you will learn how to:

    • Define the capabilities of Microsoft Defender for Endpoint.
    • Understand how to hunt threats within your network.
    • Explain how Microsoft Defender for Endpoint can remediate risks in your environment.
  • Module 2: Deploy the Microsoft Defender for Endpoint environment

    • Upon completion of this module, the learner will be able to:

    • Create a Microsoft Defender for Endpoint environment
    • Onboard devices to be monitored by Microsoft Defender for Endpoint
    • Configure Microsoft Defender for Endpoint environment settings
  • Module 3: Implement Windows security enhancements with Microsoft Defender for Endpoint

    • Upon completion of this module, the learner will be able to:

    • Explain Attack Surface Reduction in Windows
    • Enable Attack Surface Reduction rules on Windows 10 devices
    • Configure Attack Surface Reduction rules on Windows 10 devices
  • Module 4: Manage alerts and incidents in Microsoft Defender for Endpoint

    • Upon completion of this module, the learner will be able to:

    • Investigate incidents in Microsoft Defender for Endpoint
    • Investigate alerts in Microsoft Defender for Endpoint
    • Perform advanced hunting in Microsoft Defender for Endpoint
  • Module 5: Perform device investigations in Microsoft Defender for Endpoint

    • Upon completion of this module, the learner will be able to:

    • Use the device page in Microsoft Defender for Endpoint
    • Describe device forensics information collected by Microsoft Defender for Endpoint
    • Describe behavioral blocking by Microsoft Defender for Endpoint
  • Module 6: Perform actions on a device using Microsoft Defender for Endpoint

    • Upon completion of this module, the learner will be able to:

    • Perform actions on a device using Microsoft Defender for Endpoint
    • Conduct forensics data collection using Microsoft Defender for Endpoint
    • Access devices remotely using Microsoft Defender for Endpoint
  • Module 7: Perform evidence and entities investigations using Microsoft Defender for Endpoint

    • Upon completion of this module, the learner will be able to:

    • Investigate files in Microsoft Defender for Endpoint
    • Investigate domains and IP addresses in Microsoft Defender for Endpoint
    • Investigate user accounts in Microsoft Defender for Endpoint
  • Module 8: Configure and manage automation using Microsoft Defender for Endpoint

    • Upon completion of this module, the learner will be able to:

    • Configure advanced features of Microsoft Defender for Endpoint
    • Manage automation settings in Microsoft Defender for Endpoint
  • Module 9: Configure for alerts and detections in Microsoft Defender for Endpoint

    • After completion of this module, you'll be able to:

    • Configure alert settings in Microsoft Defender for Endpoint
    • Manage indicators in Microsoft Defender for Endpoint
  • Module 10: Utilize Threat and Vulnerability Management in Microsoft Defender for Endpoint

    • Upon completion of this module, the learner will be able to:

    • Describe Threat and Vulnerability Management in Microsoft Defender for Endpoint
    • Identify vulnerabilities on your devices with Microsoft Defender for Endpoint
    • Track emerging threats in Microsoft Defender for Endpoint

Syllabus

  • Module 1: Protect against threats with Microsoft Defender for Endpoint
    • Introduction to Microsoft Defender for Endpoint
    • Practice security administration
    • Hunt threats within your network
    • Summary and knowledge check
  • Module 2: Deploy the Microsoft Defender for Endpoint environment
    • Introduction
    • Create your environment
    • Onboard devices
    • Manage access
    • Create and manage roles for role-based access control
    • Configure device groups
    • Configure environment advanced features
    • Knowledge check
    • Summary and resources
  • Module 3: Implement Windows security enhancements with Microsoft Defender for Endpoint
    • Introduction
    • Understand attack surface reduction
    • Enable attack surface reduction rules
    • Knowledge check
    • Summary and resources
  • Module 4: Manage alerts and incidents in Microsoft Defender for Endpoint
    • Introduction
    • Explain security operations in Microsoft Defender for Endpoint
    • Manage and investigate incidents
    • Manage and investigate alerts
    • Manage automated investigations
    • Use the action center
    • Perform advanced hunting
    • Consult Microsoft threat experts
    • Knowledge check
    • Summary and resources
  • Module 5: Perform device investigations in Microsoft Defender for Endpoint
    • Introduction
    • Use the device inventory list
    • Investigate the device
    • Use behavioral blocking
    • Knowledge check
    • Summary and resources
  • Module 6: Perform actions on a device using Microsoft Defender for Endpoint
    • Introduction
    • Explain device actions
    • Run Microsoft Defender antivirus scan on devices
    • Collect investigation package from devices
    • Initiate live response session
    • Knowledge check
    • Summary and resources
  • Module 7: Perform evidence and entities investigations using Microsoft Defender for Endpoint
    • Introduction
    • Investigate a file
    • Investigate a user account
    • Investigate an IP address
    • Investigate a domain
    • Knowledge check
    • Summary and resources
  • Module 8: Configure and manage automation using Microsoft Defender for Endpoint
    • Introduction
    • Configure advanced features
    • Manage automation upload and folder settings
    • Configure automated investigation and remediation capabilities
    • Block at risk devices
    • Knowledge check
    • Summary and resources
  • Module 9: Configure for alerts and detections in Microsoft Defender for Endpoint
    • Introduction
    • Configure advanced features
    • Configure alert notifications
    • Manage alert suppression
    • Manage indicators
    • Knowledge check
    • Summary and resources
  • Module 10: Utilize Threat and Vulnerability Management in Microsoft Defender for Endpoint
    • Introduction
    • Understand Threat and Vulnerability Management
    • Explore vulnerabilities on your devices
    • Track emerging threats with threat analytics
    • Knowledge check
    • Summary and resources

Tags

Related Courses

SC-200: Configure your Microsoft Sentinel environment
Microsoft via Microsoft Learn SC-200: Connect logs to Microsoft Sentinel
Microsoft via Microsoft Learn SC-200: Create detections and perform investigations using Microsoft Sentinel
Microsoft via Microsoft Learn SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Microsoft via Microsoft Learn SC-200: Mitigate threats using Microsoft Defender for Cloud
Microsoft via Microsoft Learn