Protection against cyber threats with Microsoft Defender XDR

Course SC-5004

  • Duration:
    • 1 day

Dates:

  • Implementation planned - places still available
  • Implementation - probability high - still places available
  • There are no more seats available. For many courses, it may still be possible to participate online, via virtual classroom.
  • Course times: As a rule, our seminars are held from 10:00 am to 5:00 pm on day 1 and from 9:00 am to 4:00 pm on the following days. Changes are possible. The concrete seminar times you will find in the binding order confirmation.
02.06.2025 Virtual Classroom
  • 890 EUR / Person
 German
01.09.2025 Virtual Classroom
  • 890 EUR / Person
 German
01.12.2025 Virtual Classroom
  • 890 EUR / Person
 German

Deploy the Microsoft Defender for Endpoint environment to manage devices, conduct endpoint investigations, manage incidents in Defender XDR, and use advanced threat hunting with KQL (Kusto query language) to detect individual threats.

Mitigating incidents with Microsoft Defender

Learn how the Microsoft Defender portal provides a unified view of incidents across the Microsoft Defender product family.

  • Introduction
  • Using the Microsoft Defender portal
  • Managing incidents
  • Investigating incidents
  • Managing and investigating alerts
  • Managing automated investigations
  • Using the Info Centre
  • Exploring the advanced threat search
  • Investigating Microsoft Entra login logs
  • Understanding Microsoft security assessment
  • Analysing the threat assessment
  • Analysing reports
  • Configuring the Microsoft Defender portal
  • Knowledge assessment
  • Summary and resources

Deploying Microsoft Defender for Endpoint Environment

Learn how to deploy the Microsoft Defender for Endpoint environment, including device onboarding and security configuration.

  • Introduction
  • Creating the environment
  • Understanding operating system compatibility and features
  • Integrating devices
  • Managing access
  • Creating and managing roles for role-based access control
  • Configuring device groups
  • Configuring advanced environment features
  • Knowledge assessment
  • Summary and resources

Configure alerts and detections in Microsoft Defender for Endpoint

Learn how to configure settings to manage alerts and notifications. You will also learn how to enable indicators as part of the detection process.

  • Introduction
  • Configuring advanced features
  • Configuring alert notifications
  • Managing the suppression of alerts
  • Managing indicators
  • Knowledge assessment
  • Summary and resources

Configure and manage automation with Microsoft Defender for Endpoint

Learn how to configure automation in Microsoft Defender for Endpoint by managing environment settings.

  • Introduction
  • Configure advanced features
  • Manage settings for automated uploads and folders
  • Configure automated scanning and maintenance features
  • Blocking on risk devices
  • Knowledge assessment
  • Summary and resources

Performing device investigations in Microsoft Defender for Endpoint

Microsoft Defender for Endpoint provides comprehensive device information, including forensic information. Learn more about the information available in Microsoft Defender for Endpoint to help you with investigations.

  • Introduction
  • Using the device inventory list
  • Investigating the device
  • Using behaviour-based blocking
  • Recognising devices with device discovery
  • Knowledge assessment
  • Summary and resources

Lab exercises to protect against cyberthreats with Microsoft Defender XDR

In this module, you learned how to configure Microsoft Defender XDR, deploy Microsoft Defender for Endpoint, and onboard devices. You also configured policies, mitigated threats and responded to incidents with Defender XDR.

  • Introduction
  • Configuring the Microsoft Defender XDR environment
  • Deploying Microsoft Defender for Endpoint
  • Mitigating attacks with Microsoft Defender for Endpoint
  • Summary

advanced beginners, security operations analysts and Microsoft Defender

  • Experience using the Microsoft Defender portal
  • Basic understanding of Microsoft Defender for Endpoint
  • Basic knowledge of Microsoft Sentinel
  • Experience with the Kusto query language (KQL) in Microsoft Sentinel

You will need access to a Microsoft 365 E5 tenant with a P2 licence for Microsoft Defender for Endpoint to complete the exercises.

Including Microsoft Applied Skills Credential
Microsoft Applied Skills are scenario-based credentials that enable participants to validate specific skills. These credentials are an efficient and reliable way to demonstrate and deepen knowledge in scenario-based skills. Applied Skills Credentials are assessed at the end of the course in an interactive lab environment.

Hone your skills for current in-demand scenarios to demonstrate proficiency in specific scenario-based skillsets to help you achieve more on every project in your organisation (and throughout your career).

  • Focus on a skillset that is specific to a critical business problem or organisational challenge.
  • Earn credentials by passing an online, on-demand exam where you successfully complete a series of tasks in an interactive lab environment.
  • Enhance your profile by sharing your Microsoft-verified credentials and skills with your professional network so that there is no longer any doubt about your expertise.

As a Microsoft Training Services Partner, we prepare you optimally for the Microsoft Applied Skills Credentials in our training courses.

The course price includes

  • The original Microsoft training documents in English and digital form

We are also happy to organise this training as an in-house seminar. Ask for your individual offer.

The course is offered in German and English.

Contact us

SoftwareONE

IT CAMPUS
Customer Training Solutions

Blochstraße 1
D-04329 Leipzig
*The services of SoftwareONE Deutschland GmbH directly serving school and educational purposes are predominantly VAT-exempt according to § 4 No. 21 a) bb) UStG. Contact us - we are happy to help!