This article is contributed. See the original author and article here.
Microsoft Defender for Identity Ninja Training
Welcome to the Microsoft Defender for Identity Ninja Training!
Microsoft Defender for Identity (renamed from Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. This Ninja blog covers the features, detentions, and functions of Microsoft Defender for Identity.
Short Link: aka.ms/MDINinja
In terms of overall structuring, the training sessions are split into three different knowledge levels:
Module | Description |
Level 1: Beginner (Fundamentals) | Introduction to Microsoft Defender for Identity, and planning your Deployment. |
Level 2: Intermediate (Associate) | Identity Security Posture Assessments, Investigate Lateral Movement Paths, Indicators of compromise |
Level 3: Advanced (Expert) | Advanced Hunting with Microsoft 365 Defender |
Legend/Acronyms | |
(D) | Microsoft Documentation |
(V) | Video |
(G) | Interactive Guide |
(B) | Blog |
MCAS | Microsoft Cloud App Security |
RBAC | Role-based access control |
MDI | Microsoft Defender for Identity |
AATP | Azure Advanced Threat Protection |
ATP | Advanced Threat Protection |
AIP | Azure Information Protection |
ASC | Azure Security Center |
AAD | Azure Active Directory |
CASB | Cloud Access Security Broker |
MTP | Microsoft Threat Protection |
GCC | Government Community Cloud |
GCC-H | Government Community Cloud High |
Note: Threat protection product names from Microsoft are changing. Read more about this and other updates here. We’ll be updating names in products and in the docs soon.
- Microsoft 365 Defender (previously Microsoft Threat Protection)
- Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
- Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
- Microsoft Defender for Identity (previously Azure Advanced Threat Protection)
Fundamentals:
In this module you will familiarize yourself with Microsoft Defender for Identity and its detection capabilities. You will also learn about Microsoft Defender for Identity architecture, deployment options, licensing and the Microsoft Defender for Identity community.
- What is Microsoft Defender for Identity? (V)
- Understanding Microsoft Defender for Identity Licensing and Privacy (D)
- Microsoft 365 Defender enriches the Microsoft Defender for Identity experience (B)
- Defender for Identity Community (D)
- This is a Microsoft Defender for Identity Tech Community space that provides an opportunity to connect and discuss the latest news, updates, and best practices with Microsoft professionals and peers.
- Defender for Identity Security Lab and Playbooks (D)
The purpose of the Microsoft Defender for Identity Security Alert lab tutorial is to illustrate Defender for Identity‘s capabilities in identifying and detecting suspicious activities and potential attacks against your network.
- Lab Setup (D)
- Reconnaissance Playbook (D)
- Lateral Movement Playbook (D)
- Domain Dominance Playbook (D)
Planning your Microsoft Defender for Identity Deployment
- Microsoft Defender for Identity Architecture (D)
- Microsoft Defender for Identity Prerequisites (D)
- Microsoft Defender for identity FAQs (D)
Deploying Microsoft Defender for Identity Deployment
- Microsoft Defender for Identity Installation Overview (V)
- Create your Azure ATP instance (D)
- Connect to Active Directory (D)
- Configuring the Microsoft Defender for Identity Sensor (D)
- Excluding entities from detection’s (D)
- Working with sensitive accounts (D)
Intermediate:
In this module you will familiarize yourself with Microsoft Defender for Identity Security Posture Assessments, identifying indicators of compromise, suspicious activities and attacks, and lateral movement paths.
Identity Security Posture Assessments
- Identity Security Posture Assessments Overview (V)
- Bolster your security posture with Identity Security Posture Assessments (V)
- Identity Security Posture Assessments Documentation (D)
Identify Suspicious Activities and Advanced Attacks
- Microsoft Defender for Identity Detection’s – Part 1 (V)
- Microsoft Defender for Identity Detection’s – Part 2 (V)
- Reconnaissance Alerts (D)
- Compromised Credential Alerts (D)
- Lateral Movement Alerts (D)
- Domain Dominance Alerts (D)
- Exfiltration Alerts (D)
Investigate Lateral Movement Paths
In this module we will learn what Lateral Movement Paths are, and how to investigate.
Indicators of Compromise
In this module we will investigate users, computers, and entities. This module includes gathering information around users, computers, and entities. Investigating activities and resources that may have been accessed.
- Incident investigation with Microsoft Defender for identity (V)
- Tutorial: Investigate a user (D)
- Tutorial: Investigate a computer (D)
- Tutorial: Investigate an entity (D)
Interactive Guides
- Detect suspicious activity w/Defender for Identity (G)
- In this interactive guide, you’ll learn how to detect suspicious activities and potential attacks on your network with Microsoft Defender for Identity. You’ll see how Defender for Identity can help you identify reconnaissance attacks, investigate attacker behavior inside your network, and provide recommendations on reducing domain vulnerabilities.
- Attack Response: Microsoft Defender for Identity (G)
- In this interactive guide, you’ll learn how to investigate and respond to attacks with Microsoft Defender for Identity. You’ll see how Microsoft Defender for Identity can help you examine suspicious activities, trace lateral movement, and prevent future breaches.
Advanced:
In this module you will familiarize yourself with Microsoft Defender for Identity Advanced Hunting within the Microsoft 365 Defender portal.
Advanced Hunting with Microsoft 365 Defender
In this module you will create advanced KQL threat-hunting queries. This module includes Microsoft Defender for Identity advanced KQL threat-hunting queries, and the creation of custom detection rules.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments