Masterclass: Configuring and managing Microsoft Defender for endpoint (WDE)

This practical workshop was designed with security professionals in mind, who want to deepen their knowledge and skills in usage of Microsoft monitoring tools and framework. This class was designed by real-life cybersecurity practitioners and thus it is filled with practical exercises, realistic case studies and knowledge that can be put to use right after the class concludes. All exercises are based on O365 and Azure Cloud and performed in a realistic environment prepared by CQURE Experts.
During the first day the group will cover key Microsoft 365 Defender for Endpoint concepts, including overview of the EDR and its best deployment strategies, as well as automation with ServiceNow and 3rd parties.
The next day covers everything you need to know on the Microsoft 365 Defender Stack, including practical features of Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, Microsoft Defender for Cloud, Microsoft Defender for Server.
The final day of the training is a deep dive into advanced threat hunting. We will also cover the hacker’s perspective and how adversaries may try to hide malware and avoid detection by the EDR. We will run numerous attack scenarios and explore the ways on how they can be detected and remediated for the security of our systems.

Why this course?
This is a 3-day deep dive course on configuring and managing Microsoft Defender for endpoint, a must-go for enterprise administrators, security officers and architects. It is delivered by one of the best people in the market in the security field and what is more, this is an international Live Virtual Class so you will be able to share the learning experience with a group of IT pros from around the world without leaving your home or office!

Exercises
All exercises are based on O365 and Azure Cloud. During the course our finest specialists will use their unique tools, practical exercises and presentations slides with notes.

• SOC analysts
• Enterprise administrators
• infrastructure architects
• security professionals
• systems engineers
• network administrators
• IT professionals
• security consultants and other people responsible for implementing network and perimeter security.

To attend this training, you should have a good hands-on experience in administering Windows infrastructure and basic around public cloud concept (Office 365, Azure).

Day 1: Microsoft 365 Defender for Endpoint – EDR
1.Intro 101 to Microsoft Defender ecosystem
2.EDR deployment strategies
3.EDR installation and configuration
4.Fine tuning and hardening of EDR configuration
5.Managing and Maintaining Security Posture
6.Troubleshooting Common Issues
7.Automation with ServiceNow and 3rd party

Day 2: Integration with Defender Family
1.Microsoft 365 Defender Stack Overview
2.Microsoft Defender for Identity
3.Microsoft Defender for Cloud Apps
4.Microsoft Defender for Cloud
5.Microsoft Defender for Server
6.EDR integration with Microsoft Azure Sentinel

Day 3: Security Operations with Microsoft EDR (Defender for Endpoints) Advanced Threat Hunting with Defender
1.EDR integration with Microsoft Azure Sentinel
2.Security Operations best practices with Microsoft EDR and Sentinel
3.How to manage Incidents inside EDR and Sentinel
4.Kusto language 101 – basic and advanced queries
5.Advanced Hunting
6.Hacker ways to hide malware and bypass EDR
7.External Attack Surface Management and integration with Sentinel