Cloud Security with Microsoft Defender XDR

Cloud Security Overview

Security matters. Modern organizations face a wide range of security threats targeting identities, devices, applications, and data. This module introduces the current threat landscape and explains the core security concepts and strategies used to protect cloud-based environments, including Zero Trust and layered defense.

• Threat Landscape
• Common Threats and Attack Types
• The Defender's Dilemma
• Zero Trust Model
• Shared Responsibility Model
• Attack Kill Chain
• Identity and Access Management
• Threat Protection
• Security Management
• Information Protection
• LAB: Cloud Security Overview

Microsoft Entra: Securing Your Cloud Identities

Identities are a primary attack target in cloud environments and must be protected accordingly. This module focuses on securing cloud identities using Microsoft Entra ID by implementing strong authentication, detecting identity-based attacks, and enforcing access policies.

• Single Sign On
• Password-Based Attacks
• Multi-Factor Authentication
• PasswordLess Authentication
• Token Theft
• Entra Authentication Methods
• Identity Protection
• Conditional Access
• Privileged Identity Management
• LAB: Securing Your Identities

Microsoft Defender for Identity

Microsoft Defender for Identity helps protect on-premises Active Directory environments by detecting identity-based threats and suspicious activities. This module explains how Defender for Identity identifies reconnaissance, credential theft, and lateral movement attacks within traditional AD environments.

• Kerberos-Based Attacks
• Microsoft Defender for Identity Features
• Configuring Defender for Identity
• Protecting Your Accounts
• Identify Threats: Reconnaissance and Lateral Movement
• Detect Pass-the-Hash and Pass-the-Ticket Attacks
• LAB: Microsoft Defender for Identity

Microsoft Defender for Office 365

Email and collaboration tools are common attack vectors for phishing, malware, and social engineering. This module covers how Microsoft Defender for Office 365 protects users and collaboration platforms by detecting malicious content and enforcing security policies.

• Protect Against Malware, Spam, Phishing, Spoofing
• Email Authentication: SPF, DKIM and DMARC
• Attack Simulator
• Safe Attachments and Safe Links
• Threat Protection for Collaboration: SharePoint, OneDrive and Teams
• LAB: Microsoft Defender for Office 365

Microsoft Defender for Endpoint

Endpoints are a frequent target for attackers exploiting vulnerabilities and misconfigurations. Microsoft Defender for Endpoint provides visibility into device security posture, detects malicious behavior, and supports investigation and automated response.

• Endpoint Security Overview
• Protect Your Devices
• Onboarding Devices
• Threat and Vulnerability Management
• Endpoint Detection and Response
• Device Investigations
• Automated Investigation and Remediation
• LAB: Microsoft Defender for Endpoint

Microsoft Defender for Cloud Apps

Organizations rely on a growing number of cloud applications, increasing the risk of data exposure and shadow IT. Microsoft Defender for Cloud Apps helps monitor cloud app usage, control access, and protect sensitive data across SaaS applications.

• Cloud Discovery
• App Connectors
• Control Access to Apps with Policies
• Conditional Access App Control
• Protect Sensitive Information
• LAB: Microsoft Defender for Cloud Apps

Detect and Stop attacks with Microsoft Defender XDR

Microsoft Defender XDR correlates signals from multiple security services to provide end-to-end visibility into attacks. This module focuses on investigating incidents, understanding attack timelines, performing threat hunting, and responding to advanced threats across identities, devices, and applications.

• Microsoft Defender XDR
• Protect Your Environment
• Security Recommendations and Secure Score
• Attack Investigation
• Threat Hunting
• LAB: Microsoft Defender XDR

Microsoft Security Copilot

Investigating incidents and analyzing security data can be complex and time-consuming. Microsoft Security Copilot assists security teams by providing AI-driven insights, generating queries, summarizing incidents, and supporting threat hunting and reporting.

• Investigate Incidents with Copilot
• Analyze Suspicious Scripts
• Hunt Like a Pro
• Copilot Plugins
• Prompt Engineering Basics for Security Use Cases

Information Governance and Protection

Protecting sensitive data and meeting compliance requirements are essential responsibilities in modern organizations. This module covers how Microsoft Purview helps classify, protect, and govern data by applying policies that control access, usage, retention, and data loss.

• Microsoft Purview Portal
• Sensitive Information Types
• Trainable Classifiers
• Sensitivity Labels
• Data Loss Prevention
• Communication Compliance
• Insider Risk Management
• Retention Labels and Policies
• LAB: Information Governance and Protection