Defend against cyberthreats with Microsoft Defender XDR

training code: SC-5004 / ENG DL 1d / EN

This training prepares participants for the practical use of Microsoft Defender XDR in the role of a security operations analyst. Participants will learn how to handle incidents in the Microsoft Defender portal, deploy and configure Microsoft Defender for Endpoint, configure alerts and detections, automate responses, and conduct investigations on devices. The course also includes hands-on lab exercises on threat detection and response using Advanced Hunting (KQL).

SOC analysts / Security Operations Analysts responsible for detecting, analyzing, and handling incidents.
Security engineers and administrators who deploy and maintain Microsoft Defender for Endpoint and Microsoft Defender XDR.
Individuals preparing for incident response and threat hunting (KQL) tasks within the Microsoft ecosystem.

Incident handling in the Microsoft Defender portal – learning how to analyze and manage incidents and alerts in the Microsoft Defender portal.
Deployment of Microsoft Defender for Endpoint – the process of onboarding devices and configuring basic security settings.
Alert and Detection Configuration – configuring notifications, indicators, and settings related to threat detection.
Response Automation – configuring automated responses, remediation actions, and other automation mechanisms in MDE.
Device investigations – using telemetry data and forensic information to analyze incidents on endpoints.
Advanced Hunting (KQL) – basic threat hunting scenarios and event correlation in Defender XDR.

1.Incident response using Microsoft Defender.

- A unified view of incidents and alerts in the Microsoft Defender portal.
- Basics of working with incidents, related evidence, and corrective actions.

2.Deployment of the Microsoft Defender for Endpoint environment.

- Device onboarding and configuration of basic security settings.
- Roles and access (RBAC) and device groups.

3.Configuring alerts and detection in Microsoft Defender for Endpoint.

- Notifications, alert management, and alert suppression.
- Indicators as part of the detection process.

4.Automation and response in Microsoft Defender for Endpoint.

- Automation settings, automated investigations, and remediation actions.
- Overview of automation capabilities and best practices.

5.Device investigations in Microsoft Defender for Endpoint.

- Device inventory, event analysis, and telemetry data.
- Forensics and behavior blocking mechanisms.

6.Lab exercises: defending against cyber threats using Microsoft Defender XDR.

- Configuring the Defender XDR environment and deploying Microsoft Defender for Endpoint.
- Attack simulation: analysis, mitigation, and incident response, as well as the basics of Advanced Hunting (KQL).

Experience using the Microsoft Defender portal.
Basic knowledge of Microsoft Defender for Endpoint and fundamental SOC concepts (alert, incident, triage, remediation).
Basic knowledge of Microsoft Sentinel (recommended) and experience using Kusto Query Language (KQL).
Completion of the “Introduction to Microsoft Security, Compliance, and Identity (SC-900)” track is recommended.

manual in electronic form available on the platform: https://learn.microsoft.com/pl-pl/training/
access to Altkom Akademia's student portal

Training: English
Materials: English

Contact our consultant

Your name*

Phone*

Email*

Company name

Message*

I consent to the storage and processing of my personal data for the purposes of the application process by Altkom Akademia S.A., 51 Chłodna St., 00-867 Warsaw, in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("RODO"). The provision of data is voluntary, but necessary for the execution of the application. I am aware of the fact that I have the right to withdraw my consent to the processing of my data, to rectify, delete or restrict the processing. Contact the Altkom Data Protection Officer: iodo@altkom.pl If you want to know more about the protection of personal data at Altkom Akademia SA, please visit: https://www.altkomakademia.pl/en/privacy-policy/.

I consent to the processing of my personal data for marketing purposes. Expressing consent is voluntary. I am aware of the fact that I have the right to withdraw consent to the processing of my data, rectify it, delete it or limit its processing. The administrator of your data is Altkom Akademia S.A., ul. Chłodna 51, 00-867 Warsaw. Contact to the personal data protection officer at Altkom: iodo@altkom.pl If you want to know more about the protection of personal data at Altkom Akademia SA, please visit: https://www.altkomakademia.pl/en/privacy-policy/.

Defend against cyberthreats with Microsoft Defender XDR

Microsoft 365 Administrator

Introduction to Microsoft Security, Compliance, and Identity

Defend against cyberthreats with Microsoft Defender XDR

Microsoft Cybersecurity Architect

AWS Skill Builder - Roczna subskrypcja indywidualna

Kanban Systems Improvement (KSI)

ITIL® 4 Specialist: Drive Stakeholder Value (DSV) - accredited training with exam

Prepare security and compliance to support Microsoft 365 Copilot

Networking with Windows Server 2019/2022

DevOps Foundation (DOFD) - accredited training with exam

Professional Agile Leadership - Essentials™ (PAL-E)

PowerShell 5.0 and Desired State Configuration

Implement information protection and data loss prevention by using Microsoft Purview

Introduction to web application security