Perform device investigations in Microsoft Defender for Endpoint

Intermediate
Security Operations Analyst
Microsoft Defender
Windows Security
Microsoft Defender for Endpoint

Microsoft Defender for Endpoint provides detailed device information, including forensics information. Learn about information available to you through Microsoft Defender for Endpoint that aids in your investigations.

Learning objectives

Upon completion of this module, the learner is able to:

  • Use the device page in Microsoft Defender for Endpoint
  • Describe device forensics information collected by Microsoft Defender for Endpoint
  • Describe behavioral blocking by Microsoft Defender for Endpoint

Prerequisites

Intermediate understanding of Windows 10.