Skip to content
Microsoft Defender for Endpoint
Intermediate

Protect Endpoints with Microsoft Defender for Endpoint

Endpoint detection and response, attack surface reduction, and automated investigation with MDE.

Start Learning Hands-on labs and real-world scenarios
About

About This Course

Microsoft Defender for Endpoint is the EDR platform that protects devices across Windows, macOS, Linux, and mobile. This course covers deployment, configuration, investigation, and automated response — everything you need to run MDE in production.

You will start with onboarding devices and configuring security policies — attack surface reduction rules, exploit protection, network protection, and controlled folder access. These are the preventive controls that block threats before they execute. Then you move into detection and response: reading device timelines, investigating file and process trees, using live response for remote forensics, and understanding how automated investigation handles common alert types without analyst intervention.

The course also covers threat and vulnerability management — using MDE's built-in TVM module to identify software vulnerabilities, misconfigurations, and exposed attack surfaces across your device fleet. This is the proactive side of endpoint security, and it runs directly in the same portal where you investigate incidents.

Outcomes

What You'll Learn

01

Deploy and configure Microsoft Defender for Endpoint across Windows, macOS, and Linux

02

Configure attack surface reduction rules and exploit protection policies

03

Investigate endpoint alerts using device timelines, file analysis, and live response

04

Set up automated investigation and remediation for common threat scenarios

Before You Start

Prerequisites

  • Experience with endpoint management through Intune or Group Policy is helpful but not required
  • A Microsoft 365 tenant with Defender for Endpoint licensing for hands-on labs — a trial works
Audience

Who Is This Course For

This course is for security analysts, endpoint administrators, and IT professionals who manage device security. If your organization uses Microsoft Defender for Endpoint or is evaluating it, this course teaches you to deploy, configure, and operate the platform. Experience with endpoint management through Intune or Group Policy is helpful but not required.

Curriculum

What's Inside

01

Deployment and Onboarding

  • Device onboarding for Windows, macOS, and Linux
  • Configuration profiles and security baselines
  • Intune and Group Policy integration
  • Onboarding validation and troubleshooting
02

Attack Surface Reduction

  • ASR rules and exploit protection
  • Network protection and web content filtering
  • Controlled folder access and application control
  • Device control for removable media
03

Detection and Investigation

  • Alert investigation and device timelines
  • File and process analysis
  • Live response for remote forensics
  • Indicator management and custom detections
04

Automated Response and TVM

  • Automated investigation and remediation
  • Threat and vulnerability management
  • Software inventory and vulnerability assessment
  • Security recommendations and remediation tracking