Microsoft Cybersecurity Stack: Advanced Identity and Endpoint Protection

Introduction

• Welcome
• What you should know
• Lab requirements

1. Configuring Virtualization-Based Security (VBS) in Windows 10

• What is virtualization-based security?
• Deploy Device Guard
• Manage Credential Guard
• Working with Windows AppLocker

2. Securing Email with Exchange Online Advanced Threat Protection (ATP)

• Intro to Exchange Online ATP
• Configuring Exchange ATP policies
• Investigating malicious activity patterns

3. Implementing Azure Advanced Threat Protection (ATP)

• Planning your Azure ATP capacity
• Creating your Azure ATP instance
• Investigating alerts and user activities
• Identifying suspicious activities and advanced attacks

4. Implementing Post-breach Defense with Advanced Threat Analytics (ATA)

• How ATA Works
• Planning your ATA deployment
• Deploy ATA in six steps
• Working with suspicious activities
• Managing ATA telemetry and settings

5. Protecting Cloud Identities in Azure AD

• What is Azure AD Identity Protection?
• Configure risk levels and policies
• Investigating risk events
• Set up notification and simulate risk events

6. Defending Against Advanced Threats with Windows

• Overview of Windows Defender ATP
• Assigning user access to the ATP portal
• Investigating alerts in the ATP portal
• Taking response actions in Defender ATP
• Automated investigation and response
• Advanced hunting

7. Managing Privileged Access in Azure

• What is Azure AD Privileged Identity Management (PIM)?
• Managing privileged role membership
• Privileged role activation and management
• Performing an access review

Conclusion

• Next steps