I’m happy to report I have completed the intensive internal training at Microsoft, related to Microsoft Defender for Endpoint (MDE), of about 70 hours!
This means that soon I will start taking real cases from customers!
Wish me luck!
Certificate of the 1 hour assessment I just passed.
The full course outline is below:
MDE – Foundational Training – General 
- Foundational Training – Getting started
- Internal Tools and Customer Communication
- Initial Scoping
MDE Lab Creation
- Create Your Azure Labs
- Local Virtual Machines
- Creating local VM’s – Hyper-V
Basic Portal overviews / General cross platform features
- M365 Converged Portal
- MDE – Threat and Vulnerability Management (TVM)
- MDE Alerting
- MDE – Tagging and Grouping
- Defender Antivirus – Network Protection
- MDE – Microsoft Threat Experts
- MDE – Response Actions
- MDE – Indicators
- Microsoft Defender Endpoint licensing requirements & offering plans
- Defender for Cloud Integration, Onboarding and Offboarding
- Action Center
- Device inventory and Timeline
- Basic Connectivity Information
- Defender AV (Compatibility with 3rd party AV)
- Malware Submissions WDSI
- Microsoft Defender for Office Integration
- Live Response
- Intune Integration
- Advanced Hunting
- Region Reset
- Azure Permissions + MDE RBAC
- Suppression Rules
- Tenant Attach
- Device Discovery
- Contain Device
- EDR Network Device Discovery
- Device Health and Compliance Report
- False Positives
- MDE – Troubleshooting Mode
Windows – MDE Foundational
- Microsoft Defender Antivirus
- Microsoft Defender Antivirus
- Antimalware Extension (IAAS)
- MDE – Run Client Analyzer
- MDE – Machine Isolation
- MDE – Offboarding Machines
- MDE – Client Analyzer II
- MDE – Onboarding Machines
- MDE – Indicators
- Defender Antivirus – Exploit Protection
- SCCM / SCEM Enrolment, Onboarding and Offboarding
- Defender AV Updates
- Defender AV – Log Collection
- MDE – API Offboarding
- Modern Unified Solution for 2012R2 / 2016
- System Center Endpoint Protection logs
- Troubleshooting SmartScreen
- MDE – Web Content Filtering (WCF)
- MSRT – Microsoft Safety Removal Tool
- Defender Antivirus – Attack Surface Reduction (ASR)
- Potentially Unwanted Applications (PUA)
- MDE Security Configuration Management
- Safety Scanner
- Foundational – Controlled Folder Access (CFA)
- MDE Troubleshooting Device Control for Windows
- Troubleshooting Device Control for Windows
- Automated Investigation and Response (AIR)
- Host Firewall Reporting
- Device Groups and Tags
- EDR in Block Mode
- Azure ARC (windows)
- On / Offboarding with Group Policy
MDE Log Collection Methods
- MDE Client Analyzer Logs
- Defender Log Collection
- ASR Log Collection
- Linux and macOS Log Collection
- Android and iOS Log Collection
Linux – MDE Foundational
- MDE – Linux onboarding
- MDE – Client Analyzer for Linux Servers / macOS
- Configuring AV Exclusions on Linux
- TVM on Linux
- Running AV Scans on Linux
- Cloud Protection – Linux
- Managing Updates
- Configuring AuditD Exclusions on Linux
- Licensing – Linux
- Configuring Network Protection on Linux
- Deploying Defender for Linux
Mac – MDE Foundational
- Internal Mac Test Machines
- MDE – macOS Onboarding
Android / iOS – MDE Foundational
- MDE for Android – Hands on lab
- MDE for iOS – Hands on lab
- Android / iOS Network Protection
- Android / iOS Network Protection
Endpoint Protection Foundational assessment
- The final exam
