Perform evidence and entities investigations using Microsoft Defender for Endpoint

Module
7 Units

Intermediate

Security Operations Analyst

Microsoft 365

Microsoft Defender for Endpoint

Learn about the artifacts in your environment and how they relate to other artifacts and alerts that provide you with insight to understand the overall impact to your environment.

Learning objectives

Upon completion of this module, the learner is able to:

Investigate files in Microsoft Defender for Endpoint
Investigate domains and IP addresses in Microsoft Defender for Endpoint
Investigate user accounts in Microsoft Defender for Endpoint

Prerequisites

Intermediate understanding of Windows 10.

Introduction min
Investigate a file min
Investigate a user account min
Investigate an IP address min
Investigate a domain min
Knowledge check min
Summary and resources min