Strengthen Your Cybersecurity Skills with Microsoft Defender XDR.
In the face of evolving cyber threats, effective defense strategies are essential. The Defend Against Cyberthreats with Microsoft Defender XDR learning path equips Security Operations Analysts with the expertise to deploy and manage Microsoft Defender for Endpoint environments.
Through six comprehensive modules, participants will learn to onboard devices, configure security settings, manage incidents, and utilize Advanced Hunting with Kusto Query Language (KQL) to detect unique threats. This intermediate-level Microsoft Applied Skills course ensures you can effectively investigate endpoints and respond to incidents using Microsoft Defender’s unified portal.
Key Benefits:
- Deploy and configure Microsoft Defender for Endpoint to enhance device security.
- Manage and respond to security incidents using a unified interface.
- Utilize KQL for advanced threat detection and investigation.
Elevate your cybersecurity capabilities. Enroll now to master threat defense with Microsoft Defender XDR.
Overview
Implement the Microsoft Defender for Endpoint environment to manage devices, perform investigations on endpoints, manage incidents in Defender XDR, and use Advanced Hunting with Kusto Query Language (KQL) to detect unique threats.
- Level: Intermediate
- Product: Microsoft DefenderMicrosoft Defender for EndpointMicrosoft Defender XDR
- Role: Security Operations Analyst
- Subject: Threat protection
Skills Covered
- Mitigate incidents using Microsoft Defender
- Deploy the Microsoft Defender for Endpoint environment
- Configure for alerts and detections in Microsoft Defender for Endpoint
- Configure and manage automation using Microsoft Defender for Endpoint
- Perform device investigations in Microsoft Defender for Endpoint
- Perform device investigations in Microsoft Defender for Endpoint
Prerequisites
- Experience using the Microsoft Defender portal
- Basic understanding of Microsoft Defender for Endpoint
- Basic understanding of Microsoft Sentinel
- Experience using Kusto Query Language (KQL) in Microsoft Sentinel
Target Audience
Module 1: Mitigate incidents using Microsoft Defender
Learn how the Microsoft Defender portal provides a unified view of incidents from the Microsoft Defender family of products.
- Introduction
- Use the Microsoft Defender portal
- Manage incidents
- Investigate incidents
- Manage and investigate alerts
- Manage automated investigations
- Use the action center
- Explore advanced hunting
- Investigate Microsoft Entra sign-in logs
- Understand Microsoft Secure Score
- Analyze threat analytics
- Analyze reports
- Configure the Microsoft Defender portal
- Knowledge check
- Summary and resources
Module 2: Deploy the Microsoft Defender for Endpoint environment
Learn how to deploy the Microsoft Defender for Endpoint environment, including onboarding devices and configuring security.
- Introduction
- Create your environment
- Understand operating systems compatibility and features
- Onboard devices
- Manage access
- Create and manage roles for role-based access control
- Configure device groups
- Configure environment advanced features
- Knowledge check
- Summary and resources
Module 3: Configure for alerts and detections in Microsoft Defender for Endpoint
Learn how to configure settings to manage alerts and notifications. You’ll also learn to enable indicators as part of the detection process.
- Introduction
- Configure advanced features
- Configure alert notifications
- Manage alert suppression
- Manage indicators
- Knowledge check
- Summary and resources
Module 4: Configure and manage automation using Microsoft Defender for Endpoint
Learn how to configure automation in Microsoft Defender for Endpoint by managing environmental settings.
- Introduction
- Configure advanced features
- Manage automation upload and folder settings
- Configure automated investigation and remediation capabilities
- Block at risk devices
- Knowledge check
- Summary and resources
Module 5: Perform device investigations in Microsoft Defender for Endpoint
Microsoft Defender for Endpoint provides detailed device information, including forensics information. Learn about information available to you through Microsoft Defender for Endpoint that aids in your investigations.
- Introduction
- Use the device inventory list
- Investigate the device
- Use behavioral blocking
- Detect devices with device discovery
- Knowledge check
- Summary and resources
Module 6: Defend against Cyberthreats with Microsoft Defender XDR lab exercises
In this module, you learned how to configure Microsoft Defender XDR, deploy Microsoft Defender for Endpoint, and onboard devices. You also configured policies, mitigated threats and responded to incidents with Defender XDR.
- Introduction
- Configure the Microsoft Defender XDR environment
- Deploy Microsoft Defender for Endpoint
- Mitigate Attacks with Microsoft Defender for Endpoint
- Summary
Dates & Locations
July 17, 2026 - July 17, 2026
July 17, 2026 - July 17, 2026
October 16, 2026 - October 16, 2026
October 16, 2026 - October 16, 2026
Exam & Certification
Microsoft Applied Skills: Defend against cyberthreats with Microsoft Defender XDR
Validate your technical skills and open doors to new possibilities of advancement with Microsoft Applied Skills.
To earn this Microsoft Applied Skills credential, learners demonstrate the ability to use Microsoft Defender XDR to detect and respond to cyberthreats.
Candidates for this credential should be familiar with investigating and gathering evidence about attacks on endpoints. They should also have experience using Microsoft Defender for Endpoint and Kusto Query Language (KQL).
Tasks performed
- Configure a Defender XDR environment
- Manage devices by using Defender for Endpoint
- Use Defender XDR to manage incidents
- Manage investigations on an endpoint
- Perform Advanced Hunting with KQL to detect unique threats
Training & Certification Guide
Frequently Asked Questions
Speak to a Training Consultant
All courses are HRD Claimable.
Get in touch with our team via the form or WhatsApp us on +6011-5119 6631
