SC-5006: Get Started with Microsoft Copilot for Security

Overview Implement the Microsoft Defender for Endpoint environment to manage devices, perform investigations on endpoints, manage incidents in Defender XDR, and use Advanced Hunting with Kusto Query Language (KQL) to detect unique threats. Who Should Attend Security Operations Analyst Course Prerequisites Experience using the Microsoft Defender portal Basic understanding of Microsoft Defender for Endpoint Basic understanding of Microsoft Sentinel Experience using Kusto Query Language (KQL) in Microsoft Sentinel Course Outline Mitigate incidents using Microsoft Defender Use the Microsoft Defender portal Manage incidents Investigate incidents Manage and investigate alerts Manage automated investigations Use the action center Explore advanced hunting Investigate Microsoft Entra sign-in logs Understand Microsoft Secure Score Analyze threat analytics Analyze reports Configure the Microsoft Defender portal Deploy the Microsoft Defender for Endpoint environment Create your environment Understand operating systems compatibility and features Onboard devices Manage access Create and manage roles for role-based access control Configure device groups Configure environment advanced features Configure for alerts and detections in Microsoft Defender for Endpoint Configure advanced features Configure alert notifications Manage alert suppression Manage indicators Configure and manage automation using Microsoft Defender for Endpoint Configure advanced features Manage automation upload and folder settings Configure automated investigation and remediation capabilities Block at risk devices Perform device investigations in Microsoft Defender for Endpoint Use the device inventory list Investigate the device Use behavioral blocking Detect devices with device discovery Defend against Cyberthreats with Microsoft Defender XDR lab exercises Configure the Microsoft Defender XDR environment Deploy Microsoft Defender for Endpoint Mitigate Attacks with Microsoft Defender for Endpoint