Protect Endpoints with Microsoft Defender for Endpoint

Microsoft Defender for Endpoint is the EDR platform that protects devices across Windows, macOS, Linux, and mobile. This course covers deployment, configuration, investigation, and automated response — everything you need to run MDE in production.

You will start with onboarding devices and configuring security policies — attack surface reduction rules, exploit protection, network protection, and controlled folder access. These are the preventive controls that block threats before they execute. Then you move into detection and response: reading device timelines, investigating file and process trees, using live response for remote forensics, and understanding how automated investigation handles common alert types without analyst intervention.

The course also covers threat and vulnerability management — using MDE’s built-in TVM module to identify software vulnerabilities, misconfigurations, and exposed attack surfaces across your device fleet. This is the proactive side of endpoint security, and it runs directly in the same portal where you investigate incidents.

Curriculum

Deployment and Onboarding

• Device onboarding for Windows, macOS, and Linux
• Configuration profiles and security baselines
• Intune and Group Policy integration
• Onboarding validation and troubleshooting

Attack Surface Reduction

• ASR rules and exploit protection
• Network protection and web content filtering
• Controlled folder access and application control
• Device control for removable media

Detection and Investigation

• Alert investigation and device timelines
• File and process analysis
• Live response for remote forensics
• Indicator management and custom detections

Automated Response and TVM

• Automated investigation and remediation
• Threat and vulnerability management
• Software inventory and vulnerability assessment
• Security recommendations and remediation tracking

Who Is This For

This course is for security analysts, endpoint administrators, and IT professionals who manage device security. If your organization uses Microsoft Defender for Endpoint or is evaluating it, this course teaches you to deploy, configure, and operate the platform. Experience with endpoint management through Intune or Group Policy is helpful but not required.