LearnNowOnline

Learn your way! Get started

SC-200 Microsoft Security Operations Analyst, Part 3 of 9: Microsoft Defender for Endpoint

with expert Cristian Calinescu

Watch trailer

Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack
Release date 3/25/2022
Level Beginner
Runtime 2h 12m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code Included
Exams Included
Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More

Course description

The SC-200 Microsoft Security Operations Analyst exam measures your ability to accomplish the following technical tasks: mitigate threats using Microsoft 365 Defender (25-30%); mitigate threats using Microsoft Defender for Cloud (25-30%); and mitigate threats using Microsoft Sentinel (40-45%) . This course covers Mitigate threats using Microsoft Defender for Endpoint.

Prerequisites

Basic understanding of Microsoft 365, environment, security, compliance and identity products. Windows 10/11 familiarity wit Azure services, DB, Storage basic understanding of Scripting concepts

Meet the expert

Cristian Calinescu is a Microsoft certified Azure Solutions Architect Expert, Senior Infrastructure Engineer and Infrastructure Security Operations Manager.

Course outline

Module 4

Protect against threats for Endpoint (26:16)
  • Introduction (00:08)
  • Protect against threats with Microsoft Defender f (00:49)
  • Microsoft Defender for Endpoint Explained (03:40)
  • Security Operations (04:03)
  • Deploy Microsft Defender for Endpoint environment (00:32)
  • Create your Environment (02:36)
  • Onboard Devices (01:20)
  • Demo: Onboard Device (07:20)
  • Manage Access (00:25)
  • Configure Device Groups (01:48)
  • Demo Create Device Group (03:24)
  • Summary (00:08)
Windows Security Enhancements (34:21)
  • Introduction (00:08)
  • Implement Windows Security Enhancements (00:32)
  • Attack Surface Reduction (02:39)
  • Enable Attack Surface Reduction Rules (02:13)
  • Demo: Enable ASR (05:26)
  • Device Investigations (00:16)
  • Device Inventory List (03:57)
  • Investigate Devices (01:08)
  • Demo: Devices (09:33)
  • Behavioral Blocking (06:05)
  • Endpoint Detection (01:11)
  • Demo: Enable EDR (00:59)
  • Summary (00:08)

Module 5

Perform Actions on a Device (32:12)
  • Introduction (00:08)
  • Perform actions on a device (00:14)
  • Device Actions (03:45)
  • Investigation Package (05:44)
  • Initiate Live Response Session (04:22)
  • Live Response Commands (04:11)
  • Demo: Live Response Session (03:00)
  • Perform evidence and entities investigations (00:32)
  • Investigate File (00:37)
  • Demo: Investigate File (09:28)
  • Summary (00:08)
Configure and Manage Automation (39:52)
  • Introduction (00:08)
  • Configure and manage automation (00:22)
  • Configure Advanced Features (00:27)
  • Demo: Advanced Features (08:38)
  • Block at Risk Devices (01:45)
  • Configure alerts and detections (02:56)
  • Demo: notification Alert (09:24)
  • Threat and Vulnerability Management (16:01)
  • Summary (00:08)