Hi, Let’s begin the Microsoft Defender Training and Certification process. Microsoft’s Defender for Cloud Ninja training now got a dedicated assessment and certificate for Defender for Servers! If you feel you are a Defender for Servers Ninja, take the assessment, and after achieving more than 80%, request your certificate!
This blog post shows a comprehensive collection of resources for Microsoft Defender for Cloud (formerly known as Azure Security Center and Azure Defender). It will assist you in progressing from a beginner level with no prior knowledge of Microsoft Defender for Cloud to effectively designing and implementing various scenarios.
HTMD blog post serves as an all-in-one training roadmap, guiding you through the ins and outs of Microsoft Defender for Cloud to bolster your proficiency. We have a blog post related to Intune Exam MD 102 Study Guide Starter Kit – Microsoft Intune Certification, and it covers the Study guide for Exam MD-102: Endpoint Administrator Associate.
During the Microsoft Ignite 2021 event on November 2nd, a significant announcement marked a transformative milestone in Microsoft’s cloud security offerings. Azure Security Center and Azure Defender were rebranded, and henceforth, they would be known as Microsoft Defender for Cloud.
What is MS Defender for Cloud Ninja Training?
The Microsoft Defender for Cloud Ninja Training consists of an extensive program designed to shape you into a Cloud Ninja proficient in Microsoft Defender products. The Microsoft Security Team provides this comprehensive training and is regularly updated with fresh insights and resources monthly.
In this training journey, you will gain in-depth knowledge of Microsoft Defender for Cloud; this training serves as an invaluable resource. It provides a holistic and immersive learning experience.
To pass the exam successfully, a minimum of 24 correct answers (80%) out of the 30 questions must be achieved.
What is MS Defender for Servers Ninja Training?
Defender for Servers Ninja training is an advanced training program, and it is designed to enhance participants’ knowledge and skills in securing servers using Microsoft Defender for Servers. It protects server environments from various threats and vulnerabilities.
Microsoft Defender Training and Certification
Microsoft Defender Training and Certification allow people to enhance their skills and expertise in utilizing Microsoft Defender solutions for comprehensive endpoint security and threat protection. This training and certification program is designed to validate knowledge and proficiency in deploying, configuring, and managing Microsoft Defender tools and technologies effectively.
If you have actively completed studying all the modules and feel prepared for the knowledge check, you can proceed with the following steps to assess your understanding and readiness. There are two types of Ninja Certificates are as follows.
- MS Defender for Cloud Ninja Certificate
- MS Defender for Servers Ninja Certificate
A. MS Defender for Cloud Ninja Certificate
The MS Defender for Cloud Ninja Certificate is a certification that recognizes individuals who have demonstrated a high level of knowledge and expertise in utilizing Microsoft Defender for Cloud. This certificate validates proficiency in effectively securing cloud environments and leveraging the full capabilities of Microsoft Defender for Cloud.
To earn the Defender for Cloud Ninja Certificate, follow the steps below.
- Take the knowledge Check
- Qualification for the Participation Certificate
- Participation Certificate
1. Take the knowledge Check
Take the knowledge check from Microsoft Defender for Cloud Ninja Training: Knowledge Check (office.com); it presents questions covering various areas and plans available in Defender for Cloud. This assessment evaluates your understanding of the subject matter and knowledge across different aspects of Defender for Cloud.
2. Qualification for the Participation Certificate
Qualification for the Participation Certificate you should achieve a score of 80% or higher in the knowledge check, or a minimum of 24 correct answers (80%) out of the 30 questions presented must be achieved.
Score Information | Description |
---|---|
If your score falls below 80% | Don’t be discouraged. Instead, utilize it as an opportunity for growth. Carefully review the questions you answered incorrectly, identify the areas that need improvement, and dedicate additional study time to those specific topics. |
If you prepared well | Retake the “knowledge check” to validate your improved understanding of the content. Try to achieve a score of 80% or higher. |
3. Cloud Ninja Participation Certificate
After attaining the required score, you should request your participation certificate. This certificate is a testament to your knowledge and competence in leveraging Defender for Cloud effectively. After completing these steps, you will earn the MS Defender for Cloud Ninja Certificate.
Note! – After completing the knowledge check and requesting your participation certificate, the processing time is involved. You may take up to 24 hours to receive the certificate via email.
B. MS Defender for Servers Ninja Certificate
The MS Defender for Servers Ninja Certificate is a distinguished certification that acknowledges individuals with a high level of expertise in leveraging Microsoft Defender for Servers to enhance server security. To earn the Defender for Servers Ninja Certificate, follow the steps below.
- Take the knowledge Check
- Qualification for the Participation Certificate
- Participation Certificate
1. Take the knowledge Check
Take the knowledge check from Microsoft Defender for Servers Ninja Training: Knowledge Check (Page 1 of 25) (office.com). The knowledge check for the Defender for Servers Ninja Certificate encompasses a comprehensive range of questions, encompassing various areas and plans available within Defender for Cloud.
2. Qualification for the Participation Certificate
It would be best to attain a score of 80% or higher in the knowledge check. Then only you will get the Participation Certificate. If your score falls below 80%, you should carefully analyze the questions you struggled with; you can identify specific topics or concepts that need additional attention.
3. Participation Certificate
Once you have achieved the required score on the knowledge check, it is time to take the next step and request your well-deserved participation certificate. It can take up to 24 hours for you to receive your certificate via email.
Modules
Module refers to a section of content that focuses on a specific topic or theme. Completing all the modules encompassed in the training program is essential to attain the esteemed title of Microsoft Defender for Cloud Ninja.
Each module offers unique and valuable content, covering various topics relevant to becoming a proficient Defender for Cloud Ninja. The below table provides a quick overview of the topics covered in each module.
Module | Description |
---|---|
1 – Introducing Microsoft Defender for Cloud and Microsoft Defender Cloud plans | In this module, you will familiarize yourself with Microsoft Defender for Cloud and understand the use case scenarios. You will also learn about Microsoft Defender for Cloud, and Microsoft Defender Cloud plans pricing and overall architecture data flow. |
2 – Planning Microsoft Defender for Cloud | In this module, you will learn the main considerations to plan Microsoft Defender for Cloud deployment correctly, from supported platforms to best practices implementation. |
3 – Enhance your Cloud Security Posture | In this module, you will learn how to leverage Cloud Security Posture management capabilities, such as Secure Score and Attack Path, to continuous improvement of your cloud security posture. This module includes automation samples that can be used to facilitate secure score adoption and operations. |
4 – Cloud Security Posture Management Capabilities in Microsoft Defender for Cloud | In this module, you will learn how to use the cloud security posture management capabilities available in Microsoft Defender for Cloud, which includes vulnerability assessment, inventory, workflow automation, and custom dashboards with workbooks. |
5 – Regulatory Compliance Capabilities in Microsoft Defender for Cloud | In this module, you will learn about the regulatory compliance dashboard in Microsoft Defender for Cloud and give you insights on how to include additional standards. In this module, you will also familiarize yourself with Azure Blueprints for regulatory standards. |
6 – Cloud Workload Protection Platform Capabilities in Azure Defender | In this module, you will learn how the advanced cloud capabilities in Microsoft Defender for Cloud work, which includes JIT, File Integrity Monitoring, and Adaptive Application Control. This module also covers how threat protection works in Microsoft Defender for Cloud, the different categories of detections, and how to simulate alerts. |
7 – Streaming Alerts and Recommendations to a SIEM Solution | In this module, you will learn how to use native Microsoft Defender for Cloud capabilities to stream recommendations and alerts to different platforms. You will also learn about Azure Sentinel native connectivity with Microsoft Defender for Cloud. Lastly, you will learn to leverage Graph Security API to stream alerts from Microsoft Defender for Cloud to Splunk. |
8 – Integrations and APIs | In this module, you will learn about the different integration capabilities in Microsoft Defender for Cloud, how to connect Tenable to Microsoft Defender for Cloud, and how other supported solutions can be integrated with Microsoft Defender for Cloud. |
9 – Defender for DevOps | In this module, you will learn more about Defender for DevOps. You will be able to follow the interactive guide to understand the core capabilities and how to navigate through the product. |
10 – Defender for APIs | In this module, you will learn more about the new plan announced at RSA 2023. You will be able to follow the steps to onboard the plan and validate the threat detection capability. |
Module 1 – Introducing Microsoft Defender for Cloud and Microsoft Defender
In this module, you will be able to familiarize yourself with this powerful security solution and gain a comprehensive understanding of its use case scenarios. The below list shows the Introducing Microsoft Defender for Cloud and Microsoft Defender options.
- What is Microsoft Defender for Cloud?
- Getting Started with Microsoft Defender for Cloud
- A new name for multi-cloud security: Microsoft Defender for Cloud
- Microsoft Defender for Cloud Total Economic Impact Study
- Introduction to Microsoft Defender for Cloud
- Securing the hybrid cloud with Microsoft Defender for Cloud
- Hybrid security management across your data center
- Microsoft Defender for Cloud Data Flow
Module 2 – Planning Microsoft Defender for Cloud
This module is dedicated to planning the deployment of Microsoft Defender for the Cloud. Throughout this module, you will acquire the essential knowledge and skills required to plan the deployment of security solutions effectively.
- Supported Platforms
- Microsoft Defender for Cloud – Use cases
- Microsoft Defender for Servers P1 and P2
- Microsoft Defender for Cloud Plans
- Features for IaaS workloads
- Features for PaaS workloads
- Built-in RBAC Roles in Microsoft Defender for Cloud
- Enterprise Onboarding Guide
- Assigning Permissions in Microsoft Defender for Cloud
- Design Considerations for Log Analytics Workspace
- Microsoft Defender for Cloud Monitoring Agent Deployment Options
- Onboarding on-premises machines using Windows Admin Center
- Understanding Security Policies in Microsoft Defender for Cloud
- Creating Custom Policies
- Configuring Microsoft Defender for Cloud Resource Type Pricing with Azure Policy
- Centralized Policy Management in Microsoft Defender for Cloud using Management Groups
- Planning Data Collection for IaaS VMs
- Considerations for Multi-Tenant Scenario
- Best Practices for Log Analytics Workspace when using Microsoft Defender for Cloud and Azure Sentine…
- How to Effectively Perform an Microsoft Defender for Cloud PoC
- Microsoft Defender for Cloud PoC Series – Microsoft Defender for Resource Manager
- Microsoft Defender for Cloud PoC Series – Microsoft Defender for Storage
- Microsoft Defender for Cloud PoC Series – Microsoft Defender for DNS
- Microsoft Defender for Cloud PoC Series – Microsoft Defender for App Service
- Microsoft Defender for Cloud PoC Series – Microsoft Defender for Container Registries
- Microsoft Defender for Cloud PoC Series – Microsoft Defender CSPM
- Microsoft Defender for DevOps GitHub Connector – Microsoft Defender for Cloud PoC Series
- Grant tenant-wide permissions to yourself
- Protect non-Azure resources using Azure Arc and Microsoft Defender for Cloud
Module 3 – Enhance your Cloud Security Posture
This module focused on leveraging the Cloud Security Posture Management (CSPM) capabilities offered by Microsoft Defender for Cloud. The below list shows the enhanced cloud security posture module options.
- Overview of Secure Score in Microsoft Defender for Cloud
- Azure Secure Score vs. Microsoft Secure Score
- Best Practices to improve your secure score
- How to calculate your secure score
- Secure Score Capabilities
- How Secure Score affects your governance
- Enhance your Secure Score in Microsoft Defender for Cloud
- Security recommendations
- Creating Exemptions and Enforcing Policies
- Resource exemption
- Customizing Endpoint Protection Recommendation in Microsoft Defender for Cloud
- How to keep track of Resource Exemptions in Microsoft Defender for Cloud
- Deliver a Security Score weekly briefing
- Send Microsoft Defender for Cloud Recommendations to Azure Resource Stakeholders
- Secure Score Over Time Reports
- Secure Score Reduction Alert
- Weekly Secure Score Progress Report
- Average Time taken to remediate resources
- Improved experience for managing the default Azure security policies
- Security Policy Enhancements in Defender for Cloud
- Create custom recommendations and security standards
- Secure Score Overtime Workbook
- Automation Artifacts for Secure Score Recommendations
- Remediation Scripts
- Security Controls in Microsoft Defender for Cloud
- Enable MFA
- Restrict Unauthorized Network Access
- Secure Management Ports
- Secure management ports demo
- Apply adaptive application control
- Enable auditing and logging
- Enable auditing and logging demo
- Remediate security configurations
- Apply system updates
- Enable endpoint protection demo
- Encrypt data in transit
- Encrypt data at rest
- Protect Applications Against DDoS Attacks
- Implement security best practices
Module 4 – Cloud Security Posture Management Capabilities in Microsoft Defender for Cloud
Check the Cloud Security Posture Management Capabilities in Microsoft Defender for Cloud module option 4. In this module, you will gain valuable knowledge on utilizing these capabilities to strengthen your cloud security posture. The key areas covered include vulnerability assessment, inventory management, workflow automation, and creating custom dashboards using workbooks.
- Overview of the Asset Inventory feature in Microsoft Defender for Cloud
- Software inventory filters added to asset inventory
- Drive your organization to security actions using Governance experience
- Managing Asset Inventory in Microsoft Defender for Cloud
- New Security Baseline recommendation
- Overview of Vulnerability Assessment in Microsoft Defender for Cloud
- Vulnerability Assessment Deployment Options
- Vulnerability Assessment Workbook Template
- Vulnerability Assessment for Containers
- Microsoft Threat and Vulnerability Management added as vulnerability assessment solution
- Exporting Azure Container Registry Vulnerability Assessment in Microsoft Defender for Cloud
- Improvements in Continuous Export feature
- Implementing Workflow Automation
- Workflow Automation Artifacts
- Creating Custom Dashboard for Microsoft Defender for Cloud
- Using Microsoft Defender for Cloud API for Workflow Automation
- Understanding Network Map
- Using Adaptive Network Hardening
- Identify security vulnerabilities workloads managed by Microsoft Defender for Cloud
- Multi Cloud support in Microsoft Defender for Cloud
- What you need to know when deleting and re-creating the security connector(s) in Defender for Cloud
- Connect AWS Account with Microsoft Defender for Cloud
- Connect GCP Account with Microsoft Defender for Cloud
- Protection for multi cloud workloads
- Custom recommendations for AWS and GCP
- Azure Monitor Workbooks integrated into Microsoft Defender for Cloud and three templates provided
- How to Generate a Microsoft Defender for Cloud exemption and disable policy report
- Azure Workbooks in Microsoft Defender for Cloud
- Defender CSPM
- Defender CSPM Plan Options
- Cloud Security Explorer
- Identify and remediate attack paths
- Agentless scanning for machines
- Cloud security explorer and Attack path analysis
- Governance Rules at Scale
- Governance Improvements
- Data Security Aware Posture Management
- A Proactive Approach to Cloud Security Posture Management with Microsoft Defender for Cloud
- Prioritize Risk remediation with Microsoft Defender for Cloud Attack Path Analysis
- Understanding data aware security posture capability
- Agentless Container Posture
- Agentless Container Posture Management
- Microsoft Defender for Cloud – Automate Notifications when new Attack Paths are created
Module 5 – Regulatory Compliance Capabilities in Microsoft Defender for Cloud
Throughout this module, you will gain valuable insights on utilizing this dashboard to effectively assess and maintain regulatory compliance. Additionally, you will familiarize yourself with Azure Blueprints, which offer a structured approach to achieving compliance with regulatory standards.
- Regulatory compliance dashboard
- Understanding Regulatory Compliance Capabilities in Microsoft Defender for Cloud
- Regulatory Compliance dashboard and security benchmark
- Adding new regulatory compliance standards
- Blueprint samples for regulatory compliance standards
- Regulatory Compliance workbook
- Regulatory compliance dashboard now includes Azure Audit reports
- Azure Security Benchmark v3 integration with Regulatory Compliance dashboard
- Latest updates in the regulatory compliance dashboard (Nov 2022)
- Microsoft cloud security benchmark: Azure compute benchmark is now aligned with CIS!
Module 6 – Cloud Workload Protection Platform Capabilities in Microsoft Defender for Clouds
This module explores the advanced cloud capabilities offered by Microsoft Defender for Cloud. Throughout this module, you will gain in-depth knowledge of how these advanced features function and how they contribute to enhanced security in your cloud environment.
- Enhanced Security in Microsoft Defender for Cloud
- Understanding Just-in-Time VM Access
- Demystifying Microsoft Defender Once for All
- Reducing the Attack Surface with Just-In-Time VM Access
- Implementing JIT VM Access
- Automate JIT VM Access Deployment with PowerShell
- File Integrity Monitoring in Microsoft Defender
- Define known-safe applications using Adaptive Application Control
- Understanding Threat Protection in Microsoft Defender
- Microsoft Defender for Servers
- Microsoft Defender for Network Layer
- Microsoft Defender for Containers
- Microsoft Defender for Storage
- Microsoft Defender for SQL
- Microsoft Defender for SQL and the Vulnerability Assessment (VA)
- Microsoft Defender for SQL Anywhere
- Microsoft Defender for KeyVault
- Microsoft Defender for AppService
- Microsoft Defender for IoT
- Microsoft Defender for Resource Manager and DNS
- Microsoft Defender for Resource Manager
- Microsoft Defender for DNS
- Understanding Security Incident
- Overview of Security Alerts in Microsoft Defender for Cloud
- Alert Reference Guide
- ‘Copy alert JSON’ button added to security alert details pane
- Alert Suppression
- Simulating Alerts in Microsoft Defender for Cloud
- Alert validation
- Simulating alerts for Windows
- Simulating alerts for Linux
- Simulating alerts for Containers
- Simulating alerts for Storage
- Simulating alerts for Microsoft Key Vault
- Simulating alerts for Microsoft Defender for DNS
- Simulating alerts for Microsoft Defender for Resource Manager
- Troubleshooting Alerts
- Integration with Microsoft Defender for Endpoint
- Resolve security threats with Microsoft Defender for Cloud
- Protect your servers and VMs from brute-force and malware attacks with Microsoft Defender for Cloud
- Investigating Microsoft Defender for Cloud alerts using Azure Sentinel
- Service Layer Protection – Microsoft Defender for Resource Manager and DNS
- Identify vulnerable container images in CI/CD workflows
- Azure Arc and Azure Microsoft for Kubernetes
- Enhance your CI/CD deployment with Microsoft Defender for ACR
- Filter security alerts by IP address
- Alerts by resource group
- Defender for Servers Security Alerts Improvements
Module 7 – Streaming Alerts and Recommendations to a SIEM Solution
This module is dedicated to leveraging the native capabilities of Microsoft Defender for Cloud for streaming recommendations and alerts to various platforms. Throughout this module, you will gain valuable insights and practical knowledge on utilizing these capabilities to enhance your security operations effectively.
- Continuous Export capability in Microsoft Defender for Cloud
- Deploying Continuous Export using Azure Policy
- Microsoft Defender for Cloud How Azure Sentinel and Microsoft Defender for Cloud Work Together
- Connecting Microsoft Sentinel with Microsoft Defender for Cloud
- Closing an Incident in Azure Sentinel and Dismissing an Alert in Microsoft Defender for Cloud
- Accessing Microsoft Defender for Cloud Alerts in Splunk using Graph Security API Integration
- Microsoft Defender and Microsoft Sentinel – Better Together
- Microsoft Sentinel bi-directional alert synchronization
Module 8 – Integrations and APIs
This comprehensive module is dedicated to exploring the integration capabilities of Microsoft Defender for Cloud. Throughout this module, you will gain valuable insights into how you can seamlessly connect Microsoft Defender for Cloud with other security solutions.
- Integration with Tenable
- Integrate security solutions in Microsoft Defender for Cloud
- Defender for Cloud integration with Defender EASM
- Defender for Cloud integration with Defender TI
- REST APIs for Microsoft Defender for Cloud
- Obtaining Secure Score via REST API
- Using Graph Security API to Query Alerts in Microsoft Defender for Cloud
- Automate(d) Security with Microsoft Defender for Cloud and Logic Apps
- Automating Cloud Security Posture and Cloud Workload Protection Responses
Module 9 – Defender for DevOps
This module is dedicated to exploring Defender for DevOps. Throughout this module, you will gain a comprehensive understanding of the core capabilities of Defender for DevOps and learn how to navigate through the product effectively.
- Overview of Defender for DevOps
- Defender for DevOps Interactive Guide
- Introduction of Defender for DevOps
- Defender for DevOps Appendix from Defender for Cloud Book by MSPress
- Configure the Microsoft Security DevOps Azure DevOps extension
- Configure the Microsoft Security DevOps GitHub action
- Automate SecOps to Developer Communication with Defender for DevOps
- Compliance for Exposed Secrets Discovered by Defender for DevOps
- Automate Defender for DevOps Recommendation Remediation
- DevOps Security Workbook
- Remediating Security Issues in Code with Pull Request Annotations
- Code to Cloud Security using Microsoft Defender for DevOps
Module 10 – Defender for APIs
This module is dedicated to exploring the new plan announced at RSA 2023. You will be able to follow the steps to onboard the plan and validate the threat detection capability.
- What is Microsoft Defender for APIs?
- Onboard Defender for APIs
- Validating Microsoft Defender for APIs Alerts .
- API Security with Defender for APIs
- Microsoft Defender for API Security Dashboard
Microsoft Defender for API Security Dashboard
The Defender for API Security dashboard is a powerful workbook designed to offer a unified and comprehensive view of your API security posture. This dynamic dashboard provides deep visibility into various aspects of your API endpoints that are onboarded to Defender for APIs.
This workbook will give you valuable insights and a holistic understanding of your API environment, including unhealthy recommendations, data classifications, authorization status, usage patterns, and exposure levels.
Author
About Author – Vidya is a computer enthusiast. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She loves writing on Windows 11 and related technologies. She is also keen to find solutions and write about day-to-day tech problems.