Category: Certificates

I’m happy to report I have completed the intensive internal training at Microsoft, related to Microsoft Defender for Endpoint (MDE), of about 70 hours!

This means that soon I will start taking real cases from customers!

Wish me luck!

Certificate of the 1 hour assessment I just passed.

The full course outline is below:

MDE – Foundational Training – General

• Foundational Training – Getting started
• Internal Tools and Customer Communication
• Initial Scoping

MDE Lab Creation

• Create Your Azure Labs
• Local Virtual Machines
• Creating local VM’s – Hyper-V

Basic Portal overviews / General cross platform features

• M365 Converged Portal
• MDE – Threat and Vulnerability Management (TVM)
• MDE Alerting
• MDE – Tagging and Grouping
• Defender Antivirus – Network Protection
• MDE – Microsoft Threat Experts
• MDE – Response Actions
• MDE – Indicators
• Microsoft Defender Endpoint licensing requirements & offering plans
• Defender for Cloud Integration, Onboarding and Offboarding
• Action Center
• Device inventory and Timeline
• Basic Connectivity Information
• Defender AV (Compatibility with 3rd party AV)
• Malware Submissions WDSI
• Microsoft Defender for Office Integration
• Live Response
• Intune Integration
• Advanced Hunting
• Region Reset
• Azure Permissions + MDE RBAC
• Suppression Rules
• Tenant Attach
• Device Discovery
• Contain Device
• EDR Network Device Discovery
• Device Health and Compliance Report
• False Positives
• MDE – Troubleshooting Mode

Windows – MDE Foundational

• Microsoft Defender Antivirus
• Microsoft Defender Antivirus
• Antimalware Extension (IAAS)
• MDE – Run Client Analyzer
• MDE – Machine Isolation
• MDE – Offboarding Machines
• MDE – Client Analyzer II
• MDE – Onboarding Machines
• MDE – Indicators
• Defender Antivirus – Exploit Protection
• SCCM / SCEM Enrolment, Onboarding and Offboarding
• Defender AV Updates
• Defender AV – Log Collection
• MDE – API Offboarding
• Modern Unified Solution for 2012R2 / 2016
• System Center Endpoint Protection logs
• Troubleshooting SmartScreen
• MDE – Web Content Filtering (WCF)
• MSRT – Microsoft Safety Removal Tool
• Defender Antivirus – Attack Surface Reduction (ASR)
• Potentially Unwanted Applications (PUA)
• MDE Security Configuration Management
• Safety Scanner
• Foundational – Controlled Folder Access (CFA)
• MDE Troubleshooting Device Control for Windows
• Troubleshooting Device Control for Windows
• Automated Investigation and Response (AIR)
• Host Firewall Reporting
• Device Groups and Tags
• EDR in Block Mode
• Azure ARC (windows)
• On / Offboarding with Group Policy

MDE Log Collection Methods

• MDE Client Analyzer Logs
• Defender Log Collection
• ASR Log Collection
• Linux and macOS Log Collection
• Android and iOS Log Collection

Linux – MDE Foundational

• MDE – Linux onboarding
• MDE – Client Analyzer for Linux Servers / macOS
• Configuring AV Exclusions on Linux
• TVM on Linux
• Running AV Scans on Linux
• Cloud Protection – Linux
• Managing Updates
• Configuring AuditD Exclusions on Linux
• Licensing – Linux
• Configuring Network Protection on Linux
• Deploying Defender for Linux

Mac – MDE Foundational

• Internal Mac Test Machines
• MDE – macOS Onboarding

Android / iOS – MDE Foundational

• MDE for Android – Hands on lab
• MDE for iOS – Hands on lab
• Android / iOS Network Protection
• Android / iOS Network Protection

Endpoint Protection Foundational assessment

• The final exam