Become a Microsoft Defender for Office 365 Ninja! | June 2022

If you've already completed the training, you can focus on the latest updates (June 2022 update).

Do you want to become a Microsoft Defender for Office 365 ninja? We can help you get there! We collected content for two roles: “Security Operations (SecOps)” and “Email Security" teams. The content is structured into three different knowledge levels (Fundamentals, Intermediate, and Advanced) with multiple modules per level. Some of the topics are relevant for SecOps as well as for Email Security teams. This training will be updated on a regular basis to ensure you have access to the most current information available.

Table of Contents

Email Security - Fundamentals

(Deployment / Migration) 

Module 1. Technical overview 

Module 2. Getting started 

(Prevention & Detection) 

Module 3. Configuration (Part I) 

Module 4. Protection Feature

(Awareness) 

Module5. General Awareness 

Email Security - Intermediate

(Prevention & Detection)

Module 1. Configuration (Part II) 

Module 2. Alert Management 

Module 3. Mail flow 

Module 4. Zero Hour Auto-Purge (ZAP) 

(Investigation & Hunting) 

Module 5. Investigating Alerts 

Module 6. Advanced hunting (overview)

Module 7. Automated Investigation and Remediation (AIR) 

Module 8. Threat Insights 

(Response & Remediation) 

Module 9. Alert Handling 

Module 10. Manage Quarantined Messages 

(Reporting) 

Module 11. Reporting 

Security Operations - Advanced

(SOC Flows) 

Module 1. SIEM Integration & APIs 

Module 2. False Positive/False Negative Management Flows 

Module 3. Automation 

Module 4. Migration 

(Investigation & Hunting)

Module 5. Advanced hunting (Kusto training) 

(Training) 

Module 6. Attack Simulation Training 

(Awareness) 

Module 7. Security Operations

Module 8. Other Advance Topics

(Supplemental)

Supplemental Content (Tech Community links)

Legend:

Email Security - Fundamentals 

(Deployment / Migration) 

Module 1. Technical overview 

• DOCS Understanding where Microsoft Defender for Office 365 fits in the Microsoft 365 Security Center

• DOCS What is Microsoft Defender for Office 365? 

• BLOG Introducing Microsoft Defender for Office 365 

• DOCS Secure by default in Office 365 

• DOCS The unified Microsoft 365 security center overview 

• IG Interactive guide to Microsoft Defender for Office 365 

• BLOG Get the most out of Office 365 ATP (Microsoft Defender for Office 365) in the shift to remote work 

Module 2. Getting started 

• DOCS Evaluate Microsoft Defender for Office 365 

• DOCS Configuration analyzer for protection policies in EOP and Microsoft Defender for Office 365 

• GIT ORCA (Office 365 Advanced Threat Protection Recommended Configuration Analyzer)

• EXT Reviewing your configuration with ORCA 

• BLOG Enhanced Filtering for Connectors: Supporting hybrid mail routing configurations in Office 365 

• DOCS Threat Explorer and Real-time detections 

• BLOG Evaluate Defender for Office 365 in your environment!  [New!] 

• EXT Microsoft Defender for Office 365 setup guide (licensed partners access only) [New]

(Prevention & Detection) 

Module 3. Configuration (Part I)

• VIDEO Mastering Configuration in Microsoft Defender for Office 365 

• BLOG Mastering Configuration Blog Series 

• DOCS Preset security policies in Exchange Online Protection and Microsoft Defender for Office 365 

• DOCS Recommended settings for Exchange Online Protection and Microsoft Defender for Office 365 security 

• DOCS Protect against threats

• DOCS Report messages and files to Microsoft 

• DOCS User submissions policies (add-in for end users) 

• DOCS Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft

• BLOG Configurable impersonation protection and scope for Preset Security policies [New!]

Module 4. Protection Feature

• VIDEO Protect against malicious links with Safe Links in Microsoft Defender for Office 365

• BLOG Introducing differentiated protection for priority accounts in Microsoft Defender for Office 365 [New!] 

(Awareness) 

Module 5. General Awareness

• BLOG Protecting against coronavirus themed phishing attacks 

• BLOG New Threat analytics report shares the latest intelligence on recent nation-state cyber attacks 

• BLOG New Home for Microsoft Defender for Office 365 [New!]

>Ready for the Fundamentals Knowledge Check?

 ____________________________________________________________________________________________

Email Security - Intermediate

(Prevention & Detection) 

Module 1. Configuration (Part II)

• DOCS Email authentication (SPF, DMARC, DKIM) 

• DOCS Configure outbound spam filtering 

• DOCS Impersonation settings in anti-phishing policies in Microsoft Defender for Office 365 

• BLOG Improving “Defense in Depth” with Trusted ARC Sealers for Microsoft Defender for Office 365 [New!]

Module 2. Alert Management

• DOCS Managing Alerts: Alert policies in the Security & Compliance Center 

• VIDEO Managing alerts in Microsoft Defender for Office 365

• BLOG Announcing Priority Account Protection in Defender for Office 365 

• VIDEO Protect your most visible and most targeted user with Microsoft Defender for 365

 Module 3. Mail flow

• DOCS Outbound spam protection in Exchange Online Protection 

• DOCS Mail flow insights in the Security & Compliance Center 

• DOCS Mail flow rules (transport rules) in standalone Exchange Online Protection 

• DOCS Message trace in the Security & Compliance Center 

Module 4. Zero-Hour Auto Purge

• DOCS Zero-Hour Auto Purge (ZAP) in Exchange Online 

• VIDEO Zero-Hour Auto Purge (ZAP) in Microsoft Defender for Office 365

(Investigation & Hunting) 

Module 5. Investigating Alerts

• VIDEO Get more out of Microsoft Defender for Office 365 with Microsoft 365 Defender 

• BLOG Investigating alerts 

• VIDEO Incident correlation with Microsoft Defender for Office 365

• BLOG Microsoft Defender for Office 365 investigation improvements coming soon

• BLOG Investigate malicious email that was delivered in Office 365 

Module 6. Advanced Hunting (overview) 

• VIDEO Hunting in Microsoft Defender for Office 365 

Module 7. Automated Investigation and Remediation

• DOCS AIR Overview: Automated investigation and response (AIR) in Microsoft Defender for Office 365

• DOCS How automated investigation and response works in Microsoft Defender for Office 365 

• DOCS Details and results of an automated investigation in Microsoft 365 

• BLOG Self-healing in Microsoft 365 Defender 

Module 8. Threat Insights

• DOCS Walkthrough - Spoof intelligence insight in Microsoft Defender for Office 365 

• BLOG Business Email: Uncompromised – Part One 

• BLOG Business Email: Uncompromised – Part Two 

• BLOG Business Email: Uncompromised – Part Three 

• VIDEO How to prevent business email compromise using Microsoft Defender for Office 365 

(Response & Remediation) 

Module 9. Alert handling

• DOCS Remediation actions in Microsoft Defender for Office 365 

• DOCS Review and manage remediation actions in Office 365

• VIDEO Campaign Views in Microsoft Defender for Office 365

• BLOG Announcing Campaign Views and Compromised User Detection and Response

• VIDEO Detect and respond to compromise in Microsoft Defender for Office 365 

• BLOG Email remediation actions now available in unified Action Center [New!]

Module 10. Manage quarantined messages

• DOCS Manage quarantined messages and files as an administrator

• VIDEO Managing the user quarantine in Microsoft Defender for Office 365

• VIDEO Manage the admin quarantine in Microsoft Defender for Office 365 

• BLOG Simplifying the Quarantine Experience - Part One [New!]

• BLOG Simplifying the Quarantine Experience - Part Two [New!]

  (Reporting) 

Module 11. Reports / Custom Reporting

• DOCS  Smart reports and insights in the Security & Compliance Center

• DOCS  View Defender for Office 365 reports in the Reports dashboard in the Security & Compliance Center

• BLOG  Reporting an email in Microsoft Defender for Office 365 [New!]

>Ready for the Intermediate Knowledge Check?

 ____________________________________________________________________________________________

Security Operations - Advanced

(SOC Flows) 

Module 1. SIEM Integration & APIs

• BLOG Say hello to the new Microsoft Threat Protection APIs!

• BLOG Best practices for leveraging Microsoft 365 Defender API's - Episode One

• BLOG Best practices for leveraging Microsoft 365 Defender API's - Episode Two

• BLOG Improve the Effectiveness of your SOC with Office 365 ATP and the O365 Management API

• DOCS Custom or third-party reporting solutions for Microsoft Defender for Office 365

Module 2. False Positive / False Negative Management Flows

• DOCS Manually submit messages to Microsoft for analysis (FP/FN submission)

• DOCS Handle FPs/FNs: How to report false positives/negatives in automated investigation and response capabilities 

Module 3. Automation

• VIDEO Use Office Advanced Threat Protection automation for efficient Incident Response

Module 4. Migration 

• BLOG Introducing the Microsoft Defender for Office 365 Migration Guide 

• VIDEO Microsoft Defender for Office 365 Migration Overview 

• DOCS Migration from a third-party protection Service to Microsoft Defender for Office 365

(Investigation & Hunting) 

Module 5. Advanced Hunting (Kusto training)

• VIDEO KQL part 1 of 3: Learn the KQL you need (part of Azure Sentinel webinar series)

• VIDEO KQL part 2 of 3: KQL hands-on lab exercises (part of Azure Sentinel webinar series)

• VIDEO KOL part 3 of 3: Optimizing KQL queries (part of Azure Sentinel webinar series)       

•  EXT Pluralsight KQL training 

(Training) 

Module 6. Attack Simulation Training

• BLOG Attack simulation training in Microsoft Defender for Office 365 now Generally Available

• VIDEO Attack Simulation Training with Microsoft

• DOCS Get started using Attack Simulation Training in Microsoft Defender for Office 365

• BLOG Setting up a New Phish Simulation Program - Part One

• BLOG Setting up a New Phish Simulation Program - Part Two

• BLOG Announcing Attack Simulation Training Read APIs - Now in Beta! [New!]

• BLOG End user email notifications are now customizable [New!]

• BLOG Attack Simulation Training: User tags based targeting in simulations - now live [New!]  

• BLOG End user email notifications are now customizable - Part 2 [New!]

• BLOG Introducing Additional Dynamic Tags in Attack Simulation [New!] 

• BLOG Customize login pages in Attack Simulation Training [New!]

 (Awareness)

Module 7. Security Operations 

• VIDEO Improving your SecOps efficiency with Defender for Office 365 Workflow) 

• VIDEO Microsoft Defender for Office 365 The Unified SecOps Experience 

• DOCS Microsoft Defender for Office 365 Security Operations Guide [New!] 

• DOCS Manage incidents and alerts from Microsoft Defender for Office 365 in Microsoft 365 Defender [New!]

• BLOG Introducing the UrlClickEvents table in advanced hunting with Microsoft Defender for Office 365[New!]

Module 8. Other Advance Topics 

• DOCS  Connect Microsoft Defender for Office 365 to Microsoft Sentinel [New!]

>Ready for the Experts Knowledge Check?

 ____________________________________________________________________________________________

Supplemental Content

• MTC Microsoft Defender for Office 365 - Microsoft Tech Community

• MTC Microsoft Security and Compliance - Microsoft Tech Community

• MTC Microsoft Defender for Office 365 - Homepage

Once you’ve finished the training and the knowledge checks, please click here to request your certificate. You'll see it in your inbox within 3-5 business days.

Please let us know what you think about this training here: https://aka.ms/MDONinjasurvey

Interested in other ninja trainings? There are also ninja trainings for: 

Microsoft Defender for Endpoint (MDE) - http://aka.ms/mdeninja 

Microsoft Defender for Cloud Apps (MDCA) - http://aka.ms/mdcaninja 

Microsoft Defender for Identity (MDI) - http://aka.ms/mdininja

Follow us on LinkedIn as #DefenderForOffice365. Bookmark the Security blog to keep up with expert coverage on security matters. Also, follow @MSFTSecurity on Twitter and Microsoft Security on LinkedIn for the latest news and updates on cybersecurity.