Learn how to configure advanced identity and endpoint security with the Microsoft cybersecurity stack: Enterprise Mobility + Security (EMS) and Azure Active Directory Premium.
Overview
Syllabus
Introduction
- Welcome
- What you should know
- Lab requirements
- What is virtualization-based security?
- Deploy Device Guard
- Manage Credential Guard
- Working with Windows AppLocker
- Intro to Exchange Online ATP
- Configuring Exchange ATP policies
- Investigating malicious activity patterns
- Planning your Azure ATP capacity
- Creating your Azure ATP instance
- Investigating alerts and user activities
- Identifying suspicious activities and advanced attacks
- How ATA Works
- Planning your ATA deployment
- Deploy ATA in six steps
- Working with suspicious activities
- Managing ATA telemetry and settings
- What is Azure AD Identity Protection?
- Configure risk levels and policies
- Investigating risk events
- Set up notification and simulate risk events
- Overview of Windows Defender ATP
- Assigning user access to the ATP portal
- Investigating alerts in the ATP portal
- Taking response actions in Defender ATP
- Automated investigation and response
- Advanced hunting
- What is Azure AD Privileged Identity Management (PIM)?
- Managing privileged role membership
- Privileged role activation and management
- Performing an access review
- Next steps
Taught by
Pete Zerger