Become a Microsoft Defender ATP Ninja

I found this amazing training content on MDATP, it is at next level I hope you all can make use of it.

The original blog post of this content is here – https://techcommunity.microsoft.com/t5/microsoft-defender-atp/become-a-microsoft-defender-atp-ninja/ba-p/1515647

Do you want to become a ninja for Microsoft Defender ATP? We can help you get there! We collected content for two roles: “Security Operations (SecOps)” and “Security Administrator (SecAdmin)”. The content is structured into three different knowledge levels, with multiple modules: Fundamentals, Intermediate, and Expert. Some topics can be relevant for SecOps as well as for SecAdmins and are listed for both roles. We will keep updating this training on a regular basis and highlight new resources.

Security Operations Fundamentals
Module 1. Technical overview
Module 2. Getting started
Module 3. Threat and vulnerability management
Module 4. Attack surface reduction
Module 5. Next generation protection
Module 6. Investigation – Incident
Module 7. Alert handling
Module 8. Automated investigation and remediation
Module 9. Microsoft Threat Experts
Module 10. Reporting
Module 11. Evaluation Lab

Security Operations Intermediate
Module 1. Architecture
Module 2. Threat and vulnerability management
Module 3. Next generation protection.
Module 4. Advanced hunting
Module 5. Automated investigation and remediation
Module 6. Threat analytics
Module 7. Unified indicators of compromise (IOCs)
Module 8. Evaluation lab
Module 9. Community (blogs, webinars, GitHub)

Security Operations Expert
Module 1. Responding to threats
Module 2. Alert handling
Module 3. Deep file analysis
Module 4. Advanced hunting
Module 5. Unified indicators of compromise IOCs
Module 6. Custom reporting
Module 7. Community (blogs, webinars, GitHub)

_{Security Administrator Fundamentals}
Module 1. Architecture
Module 2. Onboarding
Module 3. Grant and control access
Module 4. Security configuration
Module 5. Reporting
Module 6. SIEM Integration

Security Administrator Intermediate
Module 1. Threat and vulnerability management (TVM)
Module 2. Attack surface reduction
Module 3. Next generation protection
Module 4. Advanced hunting
Module 5. Conditional access
Module 6. Microsoft Cloud App Security (MCAS)
Module 7. Community (blogs, webinars, GitHub)

Security Administrator Expert
Module 1. Custom reporting (PowerBI)
Module 2.  Advanced hunting
Module 3. Custom Integrations, APIs
Learn about our partner integrations

Security Operations Fundamentals

Module 1. Technical overview

•  Short overview “What is Microsoft Defender ATP”
•  End-to-end security for your endpoints

Module 2. Getting started

•  Portal overview
•  Use basic permissions to access the portal
•  How to use RBAC

Module 3. Threat and vulnerability management

•  What is threat and vulnerability management
•  “Bringing IT & security together: How Microsoft is reinventing threat and vulnerability management”
•  Reduce organizational risk with threat and vulnerability management

Module 4. Attack surface reduction

•  Learn about all the features to help you reduce the attack surface  
•  Understand attack surface reduction rules

Module 5. Next generation protection

•  Microsoft Defender Antivirus: Your next generation protection

Module 6. Investigation – Incident

•  Learn about the rich investigation experience
•  Work with incidents
•  Investigate and remediate threats with Microsoft Defender ATP

Module 7. Alert handling

•  Get the most out of an alert page
•  Working with alerts
•  Alert categories aligned with MITRE ATT&CK
•  How alerts are enhanced to include MITRE ATT&CK technique information

Module 8. Automated investigation and remediation

•  How automation works
•  Defining metrics for successful security operations

Module 9. Microsoft Threat Experts

•  What is Microsoft Threat Experts
•  Getting started with Microsoft Threat Experts

Module 10. Reporting

•  Out of the box reports

Module 11. Evaluation Lab

•  Get started with the evaluation lab
•  Short walk-through the evaluation lab

Security Operations Intermediate

Module 1.Architecture

•  Understand the architecture of the service

Module 2. Threat and vulnerability management

•  Discovery and remediation
•  Reduce organizational risk with threat and vulnerability management

Module 3. Next generation protection

•  Learn about our approach to fileless threats
•  Stopping attacks in their tracks through behavioral blocking and containment
•  Firmware level protection with a new Unified Extensible Firmware Interface (UEFI) scanner

Module 4. Advanced hunting

•  Quick overview & a short tutorial that will get you started fast

Module 5. Automated investigation and remediation

• Automate the boring for your SOC with automatic investigation and remediation!
•  Configure automated investigation and remediation capabilities
•  Manage automation file uploads
•  Manage automation folder exclusions

Module 6. Threat analytics

•  Get familiar with threat analytics

Module 7. Unified indicators of compromise (IOCs)

•  Working with IOCs

Module 8. Evaluation lab

•  Short walk-through the evaluation lab
•  Breach & attack simulators for the evaluation lab

Module 9. Community (blogs, webinars, GitHub)

•  Various repositories

Security Operations Expert

Module 1. Responding to threats

•  Overview of live response
•  Response actions on machines
•  Response actions on a file

Module 2. Alert handling

•  Manage alert suppression rules

Module 3. Deep file analysis

•  Use the built-in sandbox to detonate files

Module 4. Advanced hunting

•  Learn the query language
•  Advanced hunting schema reference
•  Hunting for reconnaissance activities using LDAP search filters
• ⤴ Plural sight KQL training

Module 5. Unified indicators of compromise IOCs

•  Custom IOCs for URLs, IP addresses, and domains
•  Manage indicators

Module 6. Custom reporting

•  Create custom reports using Power BI
•  Custom reports on GitHub

Module 7. Community (blogs, webinars, GitHub)

•  Microsoft Defender ATP Blog
•  Tech Community
•  Custom PowerBI reports on GitHub

Security Administrator Fundamentals

Module 1. Architecture

•  Understand the architecture of the service

Module 2. Onboarding

•  Onboarding machines  
•  Deploy Microsoft Defender ATP for Mac in just a few clicks
•  Onboarding and servicing non-persistent VDI machines
•  Configuring Microsoft Defender Antivirus for non-persistent VDI machines

Module 3. Grant and control access

•  Use basic permissions to access the portal
•  How to use RBAC

Module 4. Security configuration

•  Use Microsoft Endpoint Manager to manage security configuration
•  Manage Microsoft Defender Firewall with Microsoft Defender ATP and Microsoft Intune
•  Turn on tamper protection

Module 5. Reporting

•  Out of the box reports
•  Visibility into web threats

Module 6. SIEM Integration

•  Management APIs

Security Administrator Intermediate

Module 1. Threat and vulnerability management (TVM)

•  Discovery and remediation
•  Custom TVM reports on GitHub
•  Customized views with APIs

Module 2. Attack surface reduction

•  Learn about all the features to help you reduce the attack surface  
•  Learn more about Application control
•  Get a better understanding of Network protection
•  Understand attack surface reduction rules
•  How to configure attack surface reduction rules and how to use exclusions
•  How to report and troubleshoot Microsoft Defender ATP ASR Rules
•  Migrate from a 3rd party HIPS solution into ASR rules
•  Reputation analysis – Microsoft Defender SmartScreen

Module 3. Next generation protection

•  Configuring Microsoft Defender Antivirus for non-persistent VDI machines
•  Learn about our approach to fileless threats
•  Firmware level protection with a new Unified Extensible Firmware Interface (UEFI) scanner

Module 4. Advanced hunting

•  Quick overview & a short tutorial that will get you started fast

Module 5. Conditional access

•  How to configure conditional access

Module 6. Microsoft Cloud App Security (MCAS)

•  Learn about the integration with MCAS
•  Block access to unsanctioned apps using Microsoft Defender ATP & Microsoft Cloud App Security

Module 7. Community (blogs, webinars, GitHub)

•  Advanced hunting queries on GitHub

Security Administrator Expert

Module 1. Custom reporting (PowerBI)

•  Create custom reports using APIs and Power BI
•  Create custom reports using Power BI
•  Connect the dots using a device network overview Power BI report
•  Custom reports on GitHub

Module 2. Advanced hunting

•  Learn the query language
•  Advanced hunting schema reference
• ⤴ Plural sight KQL training

Module 3. Custom Integrations, APIs

•  Use Microsoft Defender ATP APIs
•  Available APIs
•  API Explorer and Connected applications
•  Microsoft Defender ATP API Explorer
•  Customized views with APIs
•  Use the official Flow Connector
•  Raw data export
•  Streaming API

Learn about our partner integrations

•  Links to our various partner integrations