Microsoft 365 Defender Virtual Ninja Training – Microsoft Adoption
Season 3 starts on March 7th! Click here to add the first episode to your calendar.
Microsoft 365 Defender MVP special
December 21, 2022Season 2•Episode 9
In this special episode, Heike and colleagues talk with two of our MVPs to discuss their experience as MVPs. They’ll even share tips and tricks so that you can become an MVP, too! This episode is the perfect way to round out the year.
Guests:
Enterprise IoT overview
December 14, 2022Season 2•Episode 8
Discover how Microsoft Defender for IoT can help enterprises monitor assets and risks across their entire IoT environment. Join us as our expert, Nimrod Aldaag, talks about the lates product capabilities.
Guest:
Microsoft Defender for Cloud Apps deep dive
December 2, 2022Season 2•Episode 7
Caroline Lee is back to give you a deeper dive into Microsoft Defender for Cloud Apps, including capabilities such as information protection, user scoring, Advanced Hunting, and app governance. Don’t miss this one!
Guest:
Microsoft Defender for Cloud Apps Overview
November 30, 2022Season 2•Episode 6
Caroline Lee joins us to give you a guided tour of Microsoft Defender for Cloud Apps. Learn how discovery works, dive into connectors, learn to define policies, and more.
Guest:
Microsoft 365 Defender overview
November 16, 2022Season 2•Episode 5
Microsoft 365 Defender is an integrated, cross-domain threat detection and response solution that provides coordinated, automatic defense to block threats before they become attacks. Join us to get to know the components and capabilities of Microsoft 365 Defender.
Guest:
Microsoft Defender for Endpoint on Linux
November 9, 2022Season 2•Episode 4
Resident Microsoft Security expert John Nix discusses the end-to-end process for installing, configuring, and managing Microsoft Defender for Endpoint on the Linux devices in your enterprise that use.
Guest:
Spearfishing and phishing defense
November 2, 2022Season 2•Episode 3
Discover the best ways to defend your enterprise email against general and targeted phishing attacks in Microsoft Defender for Office 365.
Guest:
Microsoft Defender for Endpoint on macOS
October 26, 2022Season 2•Episode 2
Security expert and threat hunter Michael Malone describes the installation, configuration, and management of Microsoft Defender for Endpoint on macOS devices.
Guest:
Attack simulation training
October 19, 2022Season 2•Episode 1
Attack simulation training is an intelligent phish risk reduction tool that empowers employees to prevent attacks, measures their awareness of phishing risks, and provides actionable insights and recommendations that can change their behavior. Learn how to use attack simulation training right in Microsoft Defender for Office 365.
Guest:
Reporting in Microsoft Defender for Endpoint
June 14, 2022Season 1•Episode 9
Discover the out-of-the-box reporting capabilities you get with Microsoft Defender for Endpoint, and learn how they can help you spot trends in your environment.
You’ll also learn how to use Power BI and Microsoft Defender for Endpoint rich APIs to extend these capabilities.
Guest:
Microsoft Threat Experts
June 8, 2022Season 1•Episode 8
Microsoft Threat Experts provide your security operations center with expert-level monitoring, analysis, and support to identify and respond to critical threats in your unique environment. In this episode, we discuss how this service works and how to get started with Experts on Demand.
Guest:
Automated investigation and response
June 6, 2022Season 1•Episode 7
Automated investigation and response uses inspection algorithms to examine alerts, determine whether the threat requires action, and perform necessary remediation actions. Learn how automation handles and resolves alerts, enabling security operations experts to focus on more sophisticated threats and other high-value initiatives.
Guest:
The investigation experience
June 1, 2022Season 1•Episode 6
The incidents queue provides high-level information about each incident and is the starting point for your threat investigations.
In this episode, we bring you a deeper look into working with incidents and alerts, the rich machine time line, and various other tools that enhance your investigation experience.
Guest:
Next-generation protection
May 31, 2022Season 1•Episode 5
Microsoft Defender Antivirus is a major component of Microsoft Defender for Endpoint. This next-generation protection brings together machine learning, big data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect endpoints in your organization. Learn how Microsoft’s next-generation antivirus help secure your devices.
Guest:
Attack surface reduction
May 25, 2022Season 1•Episode 4
Learn about the features in Microsoft Defender for Endpoint that help you eliminate risks by reducing your attack surface—without reducing user productivity. In this session, we show you how attack surface reduction can minimize your organization’s susceptibility to cyber threats and attacks.
Guest:
Threat and vulnerability management
May 23, 2022Season 1•Episode 3
Threat and vulnerability management discovers vulnerabilities and misconfigurations on your endpoints and provides actionable insights that help you quickly remediate threats and vulnerabilities in your environment. Learn how you can use the threat and vulnerability management in Microsoft Defender for Endpoint to improve your organization’s security posture.
Guest:
Get started with Microsoft Defender for Endpoint
May 18, 2022Season 1•Episode 2
In this episode, we dive into the most common features and scenarios to help get you started fast with your tenant. You get an overview of your control center: the unified Microsoft 365 Defender portal, role-based access control, granting permissions, and the built-in evaluation lab.
Guest:
Resources:
Start your trial
Get to know Microsoft Defender for Endpoint
May 16, 2022Season 1•Episode 1
Microsoft Defender for Endpoint is a comprehensive solution for preventing, detecting, and automating the investigation of and response to threats against endpoints..jpg)
Join us for this first episode to get to know Microsoft Defender for Endpoint components and capabilities.
Guest:
Backgrounds Download all backgrounds
Videos
NinjaCat bonus content #1
NinjaCat bonus content #2
NinjaCat bonus content #3
NinjaCat bonus content #4
NinjaCat bonus content #5
NinjaCat bonus content #6
NinjaCat bonus content #7
Your browser does not support the video tag.
Your browser does not support the video tag.
Your browser does not support the video tag.
Your browser does not support the video tag.
Your browser does not support the video tag.
Your browser does not support the video tag.
Your browser does not support the video tag.
The complete level 400 training
Welcome to Microsoft Ninja training! This blog post will walk you through Microsoft Defender Threat Intelligence (Defender TI) level 400 training and help you become a Defender TI master.
Curriculum
This program is comprised of six training modules that will enable users to get to know and get the most out of their Defender TI instance. Throughout this training, you’ll get familiar with Defender TI, how it collects and analyzes threat intelligence, and how to use it to unmask adversaries and their tools and infrastructure. Once complete, you’ll be ready to leverage the advanced intelligence in Defender TI to up-level your threat hunting and incident response.
The modules listed below are split into four groups:
Part 1: Overview
- Module 0: Other Learning and Support Options
- Module 1: Use Cases, Users, and How to Get Started
Part 2: Data Collection, Threat Analysis, and Defender TI’s Dataset Overview
- Module 2: Data Collection and Threat Analysis
- Module 3: Understanding Internet Datasets and their Investigative Use
Part 3: Integrated Use Cases
- Module 4: Microsoft Defender Threat Intelligence Detections in Microsoft Sentinel
Part 4: Using Defender TI for Cyber Threat Investigations
- Module 5: Making Use of Projects
- Module 6: Understanding & Utilizing Finished Threat Intelligence
Part 1: Overview
Module 0: Other Learning and Support Options
The Ninja training is a level 400 training.
If you don’t want to go as deep or have a great feature request to share, other resources might be more suitable:
- Already a Ninja? Join our Private Preview program to be informed of new features. We will update this Ninja training as new features or integrated use cases are introduced.
- Have a good feature idea you want to share with us? Let us know on the MS Defender Threat Intelligence channel of the Cloud Security Private Community [EXTERNAL] Teams site.
Think you’re a true Microsoft Defender Threat Intelligence Ninja?
Take the knowledge check and find out. If you pass the knowledge check with a score of over 80%, you can request a certificate to prove your ninja skills!
Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.
- Take the knowledge check here.
- If you score 80% or more in the knowledge check, request your participation certificate here.
If you achieved less than 80%, please review the questions that you got wrong, study more, and take the assessment again.
Module 1: Use Cases, Users, and How to Get Started
Defender TI is an analyst workbench aggregating many intelligence data sources in a way that is searchable and pivotable. Data sources include both raw data ingested via a world-wide collection engine as well as finished intelligence in the form of articles. The workbench allows for correlating data and aggregating identified attributes or entities by grouping them into projects or assigning tags, which can be shared within an organization. The intent of the platform is to enable organizations to derive insights, which will be utilized to defend themselves against threat actors in cyberspace (read more).
Defender TI aids the following target user functions:
- Security Operations
- Incident Response
- Threat Hunting
- Cyber Threat Intelligence Analysis
- Cybersecurity Research
Common tactical use cases include:
- Identify Existing Threat Intelligence
- Data Enrichment
- Infrastructure Chaining
- Monitoring Internet Infrastructure Changes
- Collaborating on Investigations
For more information regarding Defender TI’s target user functions and use cases, see «Microsoft Defender Threat Intelligence’s Target User Functions and Use Cases».
If you want to get an initial overview of Microsoft Defender Threat Intelligence’s technical capabilities, the Microsoft Security Public Community webinar, «Special Report: Ukraine | A Microsoft Overview of Russia’s Cyberattack Activity in Ukraine» and our Microsoft Security Digital Event «Stop Ransomware with Microsoft Security» are good starting points. You might also find the What is Microsoft Defender Threat Intelligence (Defender TI)? useful.
Lastly, want to try it yourself? Defender TI 30-day Premium trials are available to start in the M365 Admin Center (read more). If your organization is not ready to trial the Premium Defender TI experience, you can also register for Community Defender TI access with your standard Microsoft authentication when accessing the Defender TI standalone portal. Community access presents users with limited datasets and data history as well as limited access to articles (read more).
Part 2: Data Collection, Threat Analysis, and Defender TI’s Dataset Overview
While the previous section provides an overview of our Defender TI platform, use cases it supports, and how to get started, this section provides thorough information regarding Defender TI’s data collection processes, threat analysis, and data sets.
It also provides dataset investigative examples to provide more information regarding the value Defender TI’s datasets can bring to analysts.
Module 2: Data Collection and Threat Analysis
It is oftentimes difficult to make a determination as to whether a security alert identified truly malicious activity without the ability to conduct additional research into the entities associated with the alert. Entities could include IP addresses, domain names, host names, URLs, file names or hashes, and more. Analysts will have to turn to outside sources in order to gather needed context on these entities to properly triage the activity that has been identified.
Defender TI is built on top of well over a decade’s worth of collection against Internet datasets. The technologies in place enable the collection, processing, and storage of data at a scale unmatched by most in the industry. Improvements to the ability to search across and pivot through datasets occur on an ongoing basis, in conjunction with improving the ability for analysts to collaborate across research and investigations.
This module will provide an overview of the primary methods by which Internet data is collected.
Defender TI collects internet telemetry data via its’ Passive DNS sensor network, web crawling with virtual users, global proxy network, internet scanning, and select 3rd parties. As a result, the following datasets are available in the Defender TI platform:
- Resolutions
- Whois
- Certificates
- Subdomains
- Trackers
- Host pairs
- Components
- Cookies
- Reverse DNS
- DNS
- Services
For more information, see «How Does Microsoft Defender Threat Intelligence Collect Internet Telemetry Data?». Note: As mentioned previously in Module 1, Community users will have access to limited datasets and the history of those datasets (read more).
By collecting these internet datasets, Defender TI leverages an ML algorithm to produce real-time reputation scores for IP addresses, domains, and hosts.
In addition, analysts can gain more context into these IP addresses, domains, and hosts by leveraging Defender TI’s Analyst Insights feature (read more).
Module 3: Understanding Internet Datasets and their Investigative Use
Microsoft collects, analyzes, and indexes internet data to assist users in detecting and responding to threats, prioritizing incidents, and proactively identifying adversaries’ infrastructure associated with actor groups targeting their organization. We learned how Defender TI provides raw and finished threat intelligence in Module 2. The focus of this module is to dive into the raw intelligence, in the form of internet datasets, Defender TI includes.
Defender TI’s internet data is categorized into two distinct groups: core and derived. Core datasets include Resolutions, Whois, SSL Certificates, Subdomains, DNS, Reverse DNS, and Services. Derived datasets include Trackers, Components, Host Pairs, and Cookies.
Trackers, Components, Host Pairs, and Cookies datasets are collected by observing the Document Object Model (DOM) of web pages crawled. Additionally, Components and Trackers are also observed from detection rules that are triggered based on the banner responses from port scans or SSL Certificate details. To learn more and practice working with Defender TI’s datasets, see «Microsoft Defender Threat Intelligence’s Datasets and How to Use Them During Investigations.»
Part 3: Integrated Use Cases
Now that we have a foundational understanding of Defender TI’s use cases, features, and raw and finished intelligence, let’s learn how Defender TI’s threat intelligence can be used to drive more detections within Microsoft Sentinel.
As Defender TI evolves, more integrated use cases will come to speed up security operations, incident response, threat hunting, and threat intelligence workflows. Be on the lookout for new content in this section as new integrated use cases present themselves natively across the Microsoft Security ecosystem or through configuration.
In addition, if you have ideas for new integrated use cases, feel free to email [email protected], add a comment in the Module 4’s blog, or join our Cloud Security Private Community and start a discussion in the MS Defender Threat Intelligence channel.
Module 4: Defender TI Detections in Microsoft Sentinel
Defender TI provides free threat intelligence indicators to Microsoft Sentinel customers. These indicators come from Defender TI’s malware and phishing indicator feeds as well as indicators from Defender TI’s articles. While users cannot export the indicators and ingest them into their TIP or SIEM, they can enable the «Microsoft Threat Intelligence Analytics» Analytic rule in Sentinel. This rule runs every hour and correlates these indicators against event logs stored in their Log Analytics workspace to generate more high-confidence detections. Once a detection happens, they will be able to view the associated entities (threat intelligence indicators from Defender TI) in their Microsoft Sentinel Threat Intelligence blade (read more).
Part 4: Using Defender TI for Cyber Threat Investigations
At this point, you’ve learned a great deal about how Defender TI can be used within its user interface and how it can integrate with Microsoft Sentinel to generate more detections. These next modules will focus on how you can apply what you’ve learned from the previous modules by putting those teachings into practice.
Note: For those of you with Defender TI Community access, your dataset, dataset history, and feature access will be limited compared to our Defender TI Premium experience. As such, many of the exercises below in Module 6 may be difficult to execute without a Defender TI Premium license. Module 1 covers how you can work with your team to start a Defender TI Premium Trial if you’d like to practice the following exercises and evaluate full access to our Defender TI solution.
Module 5: Making Use of Projects
The Microsoft Defender Threat Intelligence (Defender TI) platform allows users to develop private personal or team project types for organizing indicators of interest and indicators of compromise from an investigation (read more).
Module 6: Understanding and Utilizing Finished Threat Intelligence
Threat intelligence is the data that organizations need in order to map threats to the enterprise and enable the best possible decision making related to risk. Defender TI serves as a valuable source of attack surface threat intelligence on global, industry, and local threats, with content from hundreds of OSINT sources complementing original research shared from Microsoft’s own Defender, MSTIC, and Section52 research groups. As an analyst working with threat intelligence, it’s easy to become overwhelmed by the volume of data out there, but within the Defender TI portal, the ability to quickly find data relevant to your needs is kept top of mind. For more information regarding Defender TI’s articles, vulnerability articles, and exercises to practice gathering raw intelligence, see «Understanding and Utilizing Finished Threat Intelligence with Microsoft Defender Threat Intelligence».
Microsoft 365 Defender Virtual Ninja Training — Microsoft Adoption
Enterprise IoT Overview
Season 2•Episode 8
Learn how Microsoft Defender for IoT can help enterprises track assets and risks across their entire IoT environment.
Join our expert Nimrod Aldaag as he talks about the possibilities of the latest product.
Guest:
Detailed view of Microsoft Defender for Cloud Apps
Season 2•Episode 7
Caroline Lee is back to talk about Microsoft Defender for Cloud Applications, including features like information protection, user ratings, advanced search, and application management. Don’t miss it!
Guest:
Microsoft Defender for Cloud Apps Overview
November 30, 2022Season 2•Episode 6
Caroline Lee joins us to take you on a tour of Microsoft Defender for Cloud Applications. Learn how discovery works, dive into connectors, learn how to define policies, and more.
Guest:
Microsoft 365 Defender Overview
November 16, 2022Season 2•Episode 5
Microsoft 365 Defender is an integrated, cross-domain threat detection and response solution that provides coordinated, automated protection to stop threats before they become attacks.
Join us to explore the features and capabilities of Microsoft 365 Defender.
Guest:
Microsoft Defender for Linux 9 Endpoint0004
November 9, 2022Season 2•Episode 4
Microsoft resident security expert John Nix discusses the end-to-end process of installing, configuring, and managing Microsoft Defender for Endpoint on Linux devices in your enterprise that use it.
Guest:
Spearfishing and Anti-Phishing
November 2, 2022Season 2•Episode 3
Learn the best ways to protect corporate email from spear-phishing and spear-phishing attacks in Microsoft Defender for Office 365.
Guest:
Microsoft Defender for macOS Endpoint
October 26, 2022Season 2•Episode 2
Security expert and threat hunter Michael Malone describes installing, configuring, and managing Microsoft Defender for Endpoint on macOS devices.
Guest:
Attack simulation training
October 19, 2022Season 2•Episode 1
Attack Simulation Training is an intelligent phishing risk mitigation tool that enables employees to prevent attacks, measure their awareness of phishing risks, and provide actionable insights and recommendations that can change their behavior.
Learn how to use attack simulation training right in Microsoft Defender for Office 365.
Guest:
Microsoft Defender reporting for endpoint
June 14, 2022Season 1•Episode 9
Discover the out-of-the-box reporting capabilities you get with Microsoft Defender for Endpoint and see how they can help you identify trends in your environment. You’ll also learn how to use the rich Power BI and Microsoft Defender endpoint APIs to extend these capabilities.
Guest:
Microsoft Threat Experts
June 8, 2022Season 1•Episode 8
Microsoft Threat Experts provide your Trust Center with expert-level monitoring, analysis, and support to identify and respond to critical threats in your unique environment. In this episode, we’ll discuss how this service works and how to get started with on-demand experts.
Guest:
Automated investigation and response
June 6, 2022Season 1•Episode 7
Automated investigation and response uses inspection algorithms to validate alerts, determine if a threat requires action, and take the necessary remedial action.
Learn how automation handles and resolves alerts, allowing security professionals to focus on more complex threats and other critical initiatives.
Guest:
Investigation experience
June 1, 2022Season 1•Episode 6
The incident queue provides high-level information about each incident and is the starting point for your threat investigations. In this episode, we’ll take an in-depth look at incident and alert handling, the rich machine timeline, and various other tools that enhance investigation capabilities.
Guest:
New generation protection
May 31, 2022Season 1•Episode 5
Microsoft Defender Antivirus is the core component of Microsoft Defender for the endpoint. This next-generation protection combines machine learning, big data analytics, advanced threat resilience research, and Microsoft cloud infrastructure to protect your organization’s endpoints. Learn how Microsoft Next Generation Antivirus helps protect your devices.
Guest:
Attack surface reduction
May 25, 2022Season 1•Episode 4
Learn about Microsoft Defender Endpoint features to help you mitigate risk by reducing your attack surface without compromising user productivity. In this session, we’ll show you how vulnerability reduction can minimize your organization’s vulnerability to cyber threats and attacks.
Guest:
Threat and Vulnerability Management
May 23, 2022Season 1•Episode 3
Threat and Vulnerability Management identifies vulnerabilities and misconfigurations on your endpoints and provides actionable information to help you quickly address threats and vulnerabilities in your environment. Learn how to use Microsoft Defender Threat and Vulnerability Management for Endpoint to improve the security of your organization.
Guest:
Get started with Microsoft Defender for Endpoint
May 18, 2022Season 1•Episode 2
In this issue, we cover the most common features and scenarios to help you get started quickly with a client.
You get an overview of your control center: a single Microsoft 365 Defender portal, role-based access control, permissions, and a built-in assessment lab.
Guest:
Resources:
Start trial
Introduction to Microsoft Defender for
endpoint
May 16, 2022Season 1•Episode 1
Microsoft Defender for Endpoint is a comprehensive solution for preventing, detecting, and automating the investigation and response to endpoint threats. Join us in this first edition to learn about the features and capabilities of Microsoft Defender for Endpoint.
Guest:
Backgrounds Download all backgrounds
Video
Bonus content Ninjacat #1
Bonus content Ninjacat #2
Bonus content Ninjacat #3
Bonus Content Ninjacat #4 9000 9000
Bonus Content Ninjacat Ninjacat Bonus Content Ninjacat Ninjacat Bonus Content Ninjacat Bonus Content Ninjacat NinjaCat #6
Bonus Content NinjaCat #7
Your browser does not support the video tag.
Your browser does not support the video tag.
Your browser does not support the video tag.
Your browser does not support the video tag.
Your browser does not support the video tag.
Your browser does not support the video tag.
Your browser does not support the video tag.
Ninja just left Twitch for the Microsoft mixer — that’s why it’s a big deal Interesting.
Ninja has established himself as one of the biggest Fortnite players on the planet and effortlessly became Mixer’s biggest signing since the service began operating as Beam in 2016.
Since then, Microsoft’s game streaming service has struggled to compete with services like Twitch and YouTube, but the company’s deep pockets that allowed it to acquire Ninja could change everything.
«We are thrilled to welcome Ninja and his community to Mixer,» Mixer said in a statement. «Mixer is a place that has been shaped around a positive and welcoming person from day one, and we look forward to the energy that Ninja and his community will bring.
»
«I’ve been holding on to this for quite some time,» Ninja commented. “I’m just really excited to let everyone know. I’ll be streaming on Mixer all the time now, and honestly, I can’t find the words. I’m worried at best. I feel like I’m going back to basics.»
Although the service has changed, Ninja has stated that the content of his videos will remain the same. Twitch, which has been capitalizing on Ninja’s presence for some time now, had this to say about the news:
«We loved have been watching Ninja on Twitch for many years and are proud of everything he has done for himself, his family and the gaming community. We wish him the best of luck in his future endeavours.”
- Learn how to set up Ninja EPIC streaming on Twitch
Mixer, like its big Twitch competitor, is game-focused and appeals to both low-level and professional streamers.
It’s tightly integrated with Xbox One and the Windows 10 Dashboard, which takes some of the hassle out of streaming from those platforms.
is similar to Twitch, supported by monetization options and its own site-wide currency called Sparks. Viewers can earn sparks just by watching videos and then gift those sparks to their favorite streamer who can then turn them into cash.
Mixer still has some way to go before he can actually challenge Twitch though. There are around 69,000 streamers on Mixer, which is a drop in the bucket compared to 1.5 million on Twitch. However, a high-profile signing like Ninja will bring more users to the platform, so who knows what might happen in the next few years.
If you’re on Twitch, check out this 4-tested guide to Subscriber Growth Tactics.
-
Save
-
Facebook
-
Twitter
-
LinkedIn
-
Mix
-
Reddit.
