Contents
Errata, updates & book support
Chapter 1 Mitigate threats using Microsoft 365 Defender
Examine a malicious spear phishing email
Configuring a Safe Links policy
Data protection, labeling, and insider risk
Investigate and remediate an alert raised by Microsoft Defender for Office 365
Configuring Microsoft Defender for Endpoint
Respond to incidents and alerts
Managing risk through security recommendations and vulnerability management
Skill 1-3: Detect, investigate, respond, and remediate identity threats
Identifying and responding to Azure Active Directory identity risks
Using Microsoft Cloud App Security to identify and respond to threats in Software as a Service
Skill 1-4: Manage cross-domain investigations in the Microsoft 365 Defender Security portal
Examine a cross-domain incident
Manage a cross-domain incident using Microsoft 365 Defender
Securing Contoso Corporation from modern threats
Chapter 2 Mitigate threats using Azure Defender
Skill 2-1: Design and configure an Azure Defender implementation
Plan and configure Azure Defender settings, including selecting target subscriptions and workspace
Configure Azure Defender roles
Configure data retention policies
Assess and recommend cloud workload protection
Identify data sources to be ingested for Azure Defender
Configure automated onboarding for Azure resources and data collection
Skill 2-3: Manage Azure Defender alert rules
Create and manage alert suppression rules
Skill 2-4: Configure automation and remediation
Configure automated response in Azure Security Center
Design and configure a playbook in Azure Defender
Remediate incidents by using Azure Defender recommendations
Create an automatic response using an Azure Resource Manager template
Skill 2-5: Investigate Azure Defender alerts and incidents
Describe alert types for Azure workloads
Analyze Azure Defender threat intelligence
Respond to Azure Defender Key Vault alerts
Manage user data discovered during an investigation
Monitoring security at Tailwind Traders
Chapter 3 Mitigate threats using Azure Sentinel
Skill 3-1: Design and configure an Azure Sentinel workspace
Plan an Azure Sentinel workspace
Configure Azure Sentinel roles
Design Azure Sentinel data storage
Configure Azure Sentinel service security
Identify data sources to be ingested into Azure Sentinel
Identify the prerequisites for a data connector
Configure and use Azure Sentinel data connectors
Design and configure Syslog and CEF event collections
Design and configure Windows Events collections
Configure custom threat intelligence connectors
Create custom logs in Azure Log Analytics to store custom data
Custom log ingestion via the Azure Monitor HTTP Data Collector API
Custom log ingestion via Azure Logic Apps
Skill 3-3: Manage Azure Sentinel analytics rules
Design and configure analytics rules
Create custom analytics rules to detect threats
Activate Microsoft security analytics rules
Configure connector-provided scheduled queries
Configure custom scheduled queries
Define incident creation logic
Skill 3-4: Configure Security Orchestration, Automation, and Response (SOAR) in Azure Sentinel
Create Azure Sentinel Playbooks
Use Playbooks to remediate threats
Use Playbooks to manage incidents
Use Playbooks across Microsoft Defender solutions
Skill 3-5: Manage Azure Sentinel incidents
Investigate incidents in Azure Sentinel
Triage incidents in Azure Sentinel
Respond to incidents in Azure Sentinel
Investigate multi-workspace incidents
Identify advanced threats with user and entity behavior analytics (UEBA)
Skill 3-6: Use Azure Sentinel workbooks to analyze and interpret data
Activate and customize Azure Sentinel workbook templates
Configure advanced visualizations
View and analyze Azure Sentinel data using workbooks
Track incident metrics using the security operations efficiency workbook
Skill 3-7: Hunt for threats using the Azure Sentinel portal
Monitor hunting queries by using Livestream
Track query results with bookmarks
Use hunting bookmarks for data investigations
Convert a hunting query to an analytics rule
Perform advanced hunting with notebooks