This article is contributed. See the original author and article here.

Microsoft Defender for Identity Ninja Training


 


MDI-Ninja.png


 


Welcome to the Microsoft Defender for Identity Ninja Training!


 


Microsoft Defender for Identity (renamed from Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.  This Ninja blog covers the features, detentions, and functions of Microsoft Defender for Identity.


 


Short Link:  aka.ms/MDINinja


 


In terms of overall structuring, the training sessions are split into three different knowledge levels:


 






















Module



Description



Level 1: Beginner (Fundamentals)



Introduction to Microsoft Defender for Identity, and planning your Deployment.



Level 2: Intermediate (Associate)



Identity Security Posture Assessments, Investigate Lateral Movement Paths, Indicators of compromise



Level 3: Advanced (Expert)



Advanced Hunting with Microsoft 365 Defender



 









































































Legend/Acronyms



(D)



Microsoft Documentation



(V)



Video


(G)

Interactive Guide



(B)



Blog



MCAS



Microsoft Cloud App Security



RBAC



Role-based access control



MDI



Microsoft Defender for Identity



AATP



Azure Advanced Threat Protection



ATP



Advanced Threat Protection



AIP



Azure Information Protection



ASC



Azure Security Center



AAD



Azure Active Directory



CASB



Cloud Access Security Broker



MTP



Microsoft Threat Protection



GCC



Government Community Cloud



GCC-H



Government Community Cloud High




Note: Threat protection product names from Microsoft are changing. Read more about this and other updates here. We’ll be updating names in products and in the docs soon.


 



  • Microsoft 365 Defender (previously Microsoft Threat Protection)

  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)

  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)

  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection)


Fundamentals:


In this module you will familiarize yourself with Microsoft Defender for Identity and its detection capabilities. You will also learn about Microsoft Defender for Identity architecture, deployment options, licensing and the Microsoft Defender for Identity community.


 



The purpose of the Microsoft Defender for Identity Security Alert lab tutorial is to illustrate Defender for Identity‘s capabilities in identifying and detecting suspicious activities and potential attacks against your network. 



Planning your Microsoft Defender for Identity Deployment



Deploying Microsoft Defender for Identity Deployment



Intermediate:


In this module you will familiarize yourself with Microsoft Defender for Identity Security Posture Assessments, identifying indicators of compromise, suspicious activities and attacks, and lateral movement paths. 


Identity Security Posture Assessments



Identify Suspicious Activities and Advanced Attacks



Investigate Lateral Movement Paths
In this module we will learn what Lateral Movement Paths are, and how to investigate.



Indicators of Compromise


In this module we will investigate users, computers, and entities.  This module includes gathering information around users, computers, and entities.  Investigating activities and resources that may have been accessed.  



Interactive Guides



  • Detect suspicious activity w/Defender for Identity (G)


    • In this interactive guide, you’ll learn how to detect suspicious activities and potential attacks on your network with Microsoft Defender for Identity. You’ll see how Defender for Identity can help you identify reconnaissance attacks, investigate attacker behavior inside your network, and provide recommendations on reducing domain vulnerabilities.



  • Attack Response: Microsoft Defender for Identity (G)


    • In this interactive guide, you’ll learn how to investigate and respond to attacks with Microsoft Defender for Identity. You’ll see how Microsoft Defender for Identity can help you examine suspicious activities, trace lateral movement, and prevent future breaches.




Advanced:


In this module you will familiarize yourself with Microsoft Defender for Identity Advanced Hunting within the Microsoft 365 Defender portal.



Advanced Hunting with Microsoft 365 Defender
In this module you will create advanced KQL threat-hunting queries.  This module includes Microsoft Defender for Identity advanced KQL threat-hunting queries, and the creation of custom detection rules.


Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.