Microsoft Defender course/training: Learn how to use Microsoft Defender

please provide your instagram id bro.. I also working as an soc analyst

For real

It is 3 small videos in the course. Everything else is fine. I have left them in the course to show the demonstrations. As soon as Microsoft releases an updated lab, I will update the content with something better.

To focus vulnerability scanning on only the latest images or specific tags within your Azure Container Registry and improve your Azure secure score, you'll need to customize the scanning policies. Microsoft Defender for Cloud, formerly known as Azure Security Center, provides a way to manage and enforce security policies across your Azure resources, including the Container Registry. Here's how you might approach this:
Access Microsoft Defender for Cloud:
Go to the Azure portal.
Open Microsoft Defender for Cloud.
Navigate to the 'Environment settings' under the 'Management' section.
Select the Subscription and Container Registry:
Choose the subscription where your container registry is located.
Select the specific container registry you want to configure.
Configure the Security Policy:
Find the policy related to container image scanning (like "Vulnerabilities in Azure Container Registry images should be remediated").
Modify the policy to specify that only images with the 'latest' tag or images newer than a certain age should be scanned. This might involve setting custom parameters or exclusions.
Implement Tagging Strategies:
Ensure your image deployment process is tagging images correctly. Consistently use the 'latest' tag for the most recent and relevant images you want to be scanned.
Older or less critical images should have different tags that don't get picked up by the policy.
Automation and Scripting:
Consider using Azure CLI or PowerShell scripts to automate the process of tagging and untagging images. You can write scripts to retag older images and ensure only the latest images retain the 'latest' tag.
Monitor and Review:
Regularly monitor the results of the scans and the security recommendations in Microsoft Defender for Cloud.
Review and adjust your policies and tagging strategies as needed to ensure that only the desired images are being scanned.
Consult Documentation and Support:
Azure's documentation and support channels can provide specific guidance and best practices for setting up and customizing your vulnerability scanning policies.
By effectively managing your scanning policies and image tags, you can focus security resources on the most relevant container images and improve your Azure secure score. Keep in mind that while focusing on the latest images can reduce noise and overhead, it's also crucial to ensure that all deployed images, not just the latest, are secure and compliant. Regularly review and update your policies and practices to balance security with efficiency.

lol sorry for the jump scare

pls help onthis You have a Microsoft 365 subscription that has Microsoft 365 Defender enabled.
You need to identify all the changes made to sensitivity labels during the past seven days.
What should you use?
A. the Incidents blade of the Microsoft 365 Defender portal
B. the Alerts settings on the Data Loss Prevention blade of the Microsoft 365 compliance center
C. Activity explorer in the Microsoft 365 compliance center
D. the Explorer settings on the Email & collaboration blade of the Microsoft 365 Defender portal @@examlabpractice

It sounds like a combination of several issues might have contributed to the situation:
Rushed Deployment: Moving complex systems to Azure and deploying Defender and Sentinel quickly may have caused configuration issues. Security technologies like Microsoft Defender and Sentinel require careful tuning to match the specific environment, which takes time.
Lack of Tuning and Customization: Microsoft Sentinel and Defender come with default settings, which can often generate a high number of alerts. These "incidents" are typically based on predefined rules and might not account for the nuances of your environment. If the deployment was rushed, it’s likely that the security rules weren't properly tuned, leading to a high number of false positives.
No Incident Triage Process: Not having a process in place to investigate and triage alerts might have led to those incidents being neglected. Even if the tools work, human oversight is crucial to filtering out false positives and focusing on real threats.
Lack of Expertise in Investigation: If the partner company didn't have enough expertise or resources for detailed investigations, that might explain why they pointed you to general Microsoft documentation instead of offering tailored assistance.
Steps to Improve
Tuning Sentinel and Defender: You can significantly reduce false positives by tuning Sentinel’s analytics rules and creating custom detection rules that align with your environment. This involves:
Reviewing Default Rules: Disable or modify rules that generate too many false positives.
Threshold Adjustments: Adjust thresholds or conditions for specific detection rules.
Adding Whitelists: Set up exclusions for known and trusted traffic or behaviors to avoid redundant alerts.
Machine Learning & User Behavior Analytics: Use more advanced features in Defender and Sentinel to adapt to typical behaviors and detect true anomalies.
Incident Response Playbooks: Implement automatic playbooks for handling certain types of incidents. For example, if a certain pattern of behavior is always a false positive, you can automate a response to mark it as such and focus on higher-priority alerts.
Train or Involve Your Security Team: A well-trained internal security team should manage the investigation of the remaining 20% of alerts. They will need access to detailed log data and will need to know how to use the tools.
Leverage Microsoft’s Security Experts: Since Microsoft has promised assistance, work with them to conduct a proper assessment of your configuration and guide you through improving the alerting system. Their experience in tuning Sentinel for specific environments can be valuable.
Engage a Better-Qualified Partner: If you feel the current partner didn't provide adequate support, it might be worth engaging another partner with proven expertise in Sentinel/Defender and Azure security best practices.
The key to success is ongoing tuning, automation, and having a dedicated team to analyze incidents. With proper configuration, both Defender and Sentinel can become effective tools in identifying and responding to real threats.

@@examlabpractice Thanks a lot John.. I am sure it is a pleasure working with you. I agree with you 100%. My approach was quite similar.. I wanted to start from scratch and do everything properly or alternatively use battle proven Palo Alto. The second option was purely theoretical. As for the first one I honestly didn’t know how long it could take and whether it would deliver any value by the end of the day. Your message kind of indicates that it is possible and my good friends from Palo, CRWD and Thales just had to be ‘loyal to their flags’. So, is there a reference site where things just work’?? (I am seeking YES or NO to that.).. I mean two months of password spray investigation cannot be considered as a reference site particularly when it was done by folks who thought that executive email accounts could be protected by ordinary passwords and environments segregation was an unnecessary luxury.. (I assume it is well-known story)

Microsoft has not released anything new. Please understand that the deprecated section is a VERY small section. Everything else is still very much up to date

E5 to do everything. I would recommend you get a free Microsoft E5 developer account. Do a google search and you can learn how to open one

At the moment, no. I'm VERY frustrated about it. Microsoft gave the training industry almost no warning about this. Hopefully they'll come out with something to replace it soon because there isn't really any way for someone to test anything out on your own without trial by fire

@@examlabpractice Thanks for your response, I'm trying to learn, almost losing my mind searching everywhere for a workaround 😀

Unfortunately it’s hard now that they took the lab away. But I plan to update with a solution when I can. Once solution is to setup a virtual machine and join it, then inject it with malware. By the way, this is just a sample of my full course. The full course goes deeper into defender. See description for details

@@examlabpractice I’ve got the full training on udemy

Great, well I am hoping A) Microsoft will provide a solution soon. B) I can find my own solution. For now, I would recommend you move on. This is really just a small part of the course anyway. It only involves 3 videos in the whole course. Also, you can also message me on udemy as opposed to here. I respond just as quick there as I do here ;)

My understanding of defender agent is that it does not natively support 2012 R2. It natively supports 2016 and higher

l we have more than 500 servers and customers don't want to upgrade. Do you have any troubleshooting steps which I can follow?