Defend against cyberthreats with Microsoft Defender XDR is a Microsoft Learn-based course for security operations analysts who use Microsoft Defender XDR (Extended Detection and Response) to protect their organization. Students learn to use the unified Defender XDR portal to investigate incidents that span Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps.
What You Will Learn
- Navigate the Microsoft Defender XDR portal and understand the unified incident queue
- Investigate multi-stage attacks that span endpoints, email, identity, and cloud application signals
- Use the advanced hunting query editor with KQL to proactively search for threats
- Take response actions including device isolation, email remediation, and account disabling
- Analyse attack stories using the Defender XDR incident graph and automated investigation results
Who Should Attend
SOC analysts, security engineers, and Microsoft security administrators responsible for threat detection and incident response using Microsoft Defender XDR.
Prerequisites
Familiarity with Microsoft 365 security concepts and basic security operations experience. Understanding of endpoint and email security is helpful.
