Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering Microsoft 365 Defender
  • Table Of Contents Toc
Mastering Microsoft 365 Defender

Mastering Microsoft 365 Defender

By : Ru Campbell, Hedberg
5 (29)
Buy this Book
close
close
Mastering Microsoft 365 Defender

Mastering Microsoft 365 Defender

5 (29)
By: Ru Campbell, Hedberg
Buy this Book

Overview of this book

This book will help you get up and running with Microsoft 365 Defender and help you use the whole suite effectively. You’ll start with a quick overview of cybersecurity risks that modern organizations face, such as ransomware and APT attacks, how Microsoft is making massive investments in security today, and gain an understanding of how to deploy Microsoft Defender for Endpoint by diving deep into configurations and their architecture. As you progress, you’ll learn how to configure Microsoft Defender Antivirus, and onboard and manage macOS, Android, and Linux MDE devices for effective solutions. You’ll also learn how to deploy Microsoft Defender for Identity and explore its different deployment methods that can protect your hybrid identity platform, as well as how to configure Microsoft Defender for Office 365 and Cloud Apps, and manage KQL queries for advanced hunting with ease. Toward the end, you’ll find out how M365D can be integrated with Sentinel and how to use APIs for incident response. By the end of this book, you will have a deep understanding of Microsoft 365 Defender, and how to protect and respond to security threats.
Table of Contents (33 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share your thoughts
Icon
Download a free PDF copy of this book
1
Part 1: Cyber Threats and Microsoft 365 Defender
Icon
Part 1: Cyber Threats and Microsoft 365 Defender
Lock Free Chapter
2
Chapter 1: Microsoft and Modern Cybersecurity Threats
Icon
Chapter 1: Microsoft and Modern Cybersecurity Threats
Icon
The cybersecurity threat landscape
Icon
The cyber kill chain and MITRE ATT&CK
Icon
Microsoft and Zero Trust
Icon
Summary
Icon
Questions
Icon
Further reading
3
Chapter 2: Microsoft 365 Defender: The Big Picture
Icon
Chapter 2: Microsoft 365 Defender: The Big Picture
Icon
Microsoft Defender for Endpoint
Icon
Microsoft Defender for Identity
Icon
Microsoft Defender for Office 365
Icon
Microsoft Defender for Cloud Apps
Icon
Microsoft 365 Defender XDR – centralizing investigation and response
Icon
Summary
Icon
Questions
Icon
Further reading
4
Part 2: Microsoft Defender for Endpoint
Icon
Part 2: Microsoft Defender for Endpoint
5
Chapter 3: The Fundamentals of Microsoft Defender for Endpoint
Icon
Chapter 3: The Fundamentals of Microsoft Defender for Endpoint
Icon
An overview of MDE deployment
Icon
Exploring the Microsoft 365 Defender portal
Icon
Navigating Microsoft Intune
Icon
Understanding and enabling Security Management
Icon
Summary
Icon
Questions
Icon
Further reading
6
Chapter 4: Onboarding Windows Clients and Servers
chevron up
Icon
Chapter 4: Onboarding Windows Clients and Servers
Icon
Onboarding Windows clients
Icon
Onboarding Windows Server
Icon
Summary
Icon
Questions
Icon
Further reading
7
Chapter 5: Getting Started with Microsoft Defender Antivirus for Windows
Icon
Chapter 5: Getting Started with Microsoft Defender Antivirus for Windows
Icon
Exploring MDAV interfaces
Icon
Exploring MDAV components
Icon
Summary
Icon
Questions
Icon
Further reading
8
Chapter 6: Advanced Microsoft Defender Antivirus for Windows
Icon
Chapter 6: Advanced Microsoft Defender Antivirus for Windows
Icon
Cloud-delivered protection
Icon
Block at first sight
Icon
Always-on protection
Icon
Potentially unwanted application protection
Icon
Running modes
Icon
Tamper protection
Icon
Ongoing management of MDAV
Icon
Summary
Icon
Questions
Icon
Further reading
9
Chapter 7: Managing Attack Surface Reduction for Windows
Icon
Chapter 7: Managing Attack Surface Reduction for Windows
Icon
Understanding ASR rules
Icon
Controlled folder access
Icon
Exploit protection
Icon
ASR at the network layer
Icon
Summary
Icon
Questions
Icon
Further reading
10
Chapter 8: Managing Additional Capabilities for Windows
Icon
Chapter 8: Managing Additional Capabilities for Windows
Icon
Device discovery
Icon
Device control
Icon
WFAS
Icon
Summary
Icon
Questions
Icon
Further reading
11
Chapter 9: Onboarding and Managing macOS
Icon
Chapter 9: Onboarding and Managing macOS
Icon
Onboarding macOS
Icon
Managing macOS protection settings
Icon
Summary
Icon
Questions
Icon
Further reading
12
Chapter 10: Onboarding and Managing Linux Servers
Icon
Chapter 10: Onboarding and Managing Linux Servers
Icon
Onboarding Linux
Icon
Managing Linux protection settings
Icon
Summary
Icon
Questions
Icon
Further reading
13
Chapter 11: Onboarding and Managing iOS and Android
Icon
Chapter 11: Onboarding and Managing iOS and Android
Icon
Onboarding mobile devices
Icon
Working with mobile protection features
Icon
Summary
Icon
Questions
Icon
Further reading
14
Part 3: Microsoft Defender for Identity
Icon
Part 3: Microsoft Defender for Identity
15
Chapter 12: Deploying Microsoft Defender for Identity
Icon
Chapter 12: Deploying Microsoft Defender for Identity
Icon
Why is MDI important?
Icon
Deploying MDI
Icon
Summary
Icon
Questions
Icon
Further reading
16
Chapter 13: Managing Defender for Identity
Icon
Chapter 13: Managing Defender for Identity
Icon
Implementing RBAC
Icon
Managing MDI security alerts
Icon
Managing MDI exclusions
Icon
Introducing entity tags
Icon
Managing MDI health issues
Icon
Summary
Icon
Questions
Icon
Further reading
17
Part 4: Microsoft Defender for Office 365
Icon
Part 4: Microsoft Defender for Office 365
18
Chapter 14: Deploying Exchange Online Protection
Icon
Chapter 14: Deploying Exchange Online Protection
Icon
Understanding the importance of EOP
Icon
Understanding how EOP works
Icon
Deploying EOP
Icon
Summary
Icon
Questions
Icon
Further reading
19
Chapter 15: Deploying Defender for Office 365
Icon
Chapter 15: Deploying Defender for Office 365
Icon
What is Microsoft Defender for Office 365?
Icon
Exploring the features of MDO
Icon
Exploring preset security policies
Icon
Deploying custom policies in MDO
Icon
Summary
Icon
Questions
Icon
Further reading
20
Part 5: Microsoft Defender for Cloud Apps
Icon
Part 5: Microsoft Defender for Cloud Apps
21
Chapter 16: Implementing and Managing Microsoft Defender for Cloud Apps
Icon
Chapter 16: Implementing and Managing Microsoft Defender for Cloud Apps
Icon
Exploring MDA settings
Icon
Discovering and managing shadow IT
Icon
Managing cloud apps with policies
Icon
Governing OAuth apps
Icon
Summary
Icon
Questions
Icon
Further reading
22
Part 6: Proactive Security and Incident Response
Icon
Part 6: Proactive Security and Incident Response
23
Chapter 17: Maintaining Security Hygiene and Threat Awareness
Icon
Chapter 17: Maintaining Security Hygiene and Threat Awareness
Icon
Introducing Secure Score
Icon
Exploring the basics of MDVM
Icon
Understanding your MDVM inventories
Icon
Establishing compliance with security baseline assessments
Icon
Addressing security vulnerabilities and recommendations
Icon
Using Threat Analytics
Icon
Summary
Icon
Questions
Icon
Further reading
24
Chapter 18: Extended Detection and Response with Microsoft 365 Defender
Icon
Chapter 18: Extended Detection and Response with Microsoft 365 Defender
Icon
Introducing XDR
Icon
How M365D works as an XDR
Icon
Understanding incident response and management
Icon
Real-time response with device, file, and user actions
Icon
How does M365D differ from a traditional SIEM or niche SOAR solution?
Icon
Summary
Icon
Questions
Icon
Further reading
25
Chapter 19: Advanced Hunting with KQL
Icon
Chapter 19: Advanced Hunting with KQL
Icon
Understanding advanced hunting
Icon
Constructing KQL queries to hunt
Icon
Creating custom detections
Icon
Summary
Icon
Questions
Icon
Further reading
26
Chapter 20: Microsoft Sentinel Integration
Icon
Chapter 20: Microsoft Sentinel Integration
Icon
Understanding Microsoft 365 Defender’s relationship with Sentinel
Icon
Connecting Microsoft 365 Defender to Sentinel
Icon
Summary
Icon
Questions
Icon
Further reading
27
Chapter 21: Understanding Microsoft 365 Defender APIs
Icon
Chapter 21: Understanding Microsoft 365 Defender APIs
Icon
Making sense of the different APIs
Icon
Accessing the APIs
Icon
Summary
Icon
Challenges
Icon
Further reading
28
Part 7: Glossary and Answers
Icon
Part 7: Glossary and Answers
29
Chapter 22: Glossary
Icon
Chapter 22: Glossary
30
Chapter 23: Answers
Icon
Chapter 23: Answers
Icon
Chapter 1
Icon
Chapter 2
Icon
Chapter 3
Icon
Chapter 4
Icon
Chapter 5
Icon
Chapter 6
Icon
Chapter 7
Icon
Chapter 8
Icon
Chapter 9
Icon
Chapter 10
Icon
Chapter 11
Icon
Chapter 12
Icon
Chapter 13
Icon
Chapter 14
Icon
Chapter 15
Icon
Chapter 16
Icon
Chapter 17
Icon
Chapter 18
Icon
Chapter 19
Icon
Chapter 20
31
Index
Icon
Index
Icon
Why subscribe?
32
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share your thoughts
Icon
Download a free PDF copy of this book

Onboarding Windows Clients and Servers

In this chapter, you will learn how Windows clients and servers are onboarded to MDE. As established in the last chapter, MDE supports a diverse arrangement of operating systems and devices. For Windows, this list is as follows:

  • Windows 7 SP1 and 8.1 Pro/Enterprise
  • Windows 10 and 11 Pro, Education, Pro Education, and Enterprise (including IoT and LTSC 2016+)
  • Windows Server 2008 R2 SP1, 2012 R2, 2016, SAC 1803+, 2019, and 2022
  • Azure Virtual Desktop and Windows 365

In the last chapter, you learned what onboarding is (insofar as it relates to EDR capabilities and not necessarily full endpoint protection) and the prerequisites such as internet connectivity. In this chapter, we’ll explore onboarding further by looking into details about how you can use each available option and the differences between them.

Be warned: there are a lot of options. For example, Windows Server alone can be onboarded in at least six...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Mastering Microsoft 365 Defender
End of Section 6
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon