├── Defender Masterclass - Labs - Getting started - June21.pdf ├── Defender Masterclass 1 - Attack Scenario Answers.pdf ├── Defender Masterclass 1 - Attack Scenario Questions.pdf ├── Defender Masterclass 1 - Defender and Teams Integration Lab.pdf ├── Defender Masterclass 1 - Image Final.png ├── Defender Masterclass 1 - Power Platform Lab Slides.pdf ├── Defender Masterclass 1 - Slides.pdf ├── Defender Masterclass 1 - adaptivecard.json ├── Defender Masterclass 2 - Event Placeholder.ics ├── Defender Masterclass 2 - Image Final.png ├── Defender Masterclass 2 - Live Response Slides.pdf ├── Defender Masterclass 2 - Main Slide Deck.pdf ├── Defender Masterclass 2 - Multitenant Teams Bot Microsoft Defender Integration Lab - Word Ver.docx ├── Defender Masterclass 2 - Multitenant Teams Bot Microsoft Defender Integration Lab.pdf ├── Defender Masterclass 3 - ASR Lab Guide.docx ├── Defender Masterclass 3 - Automated Incident Report Lab Guide PDF.pdf ├── Defender Masterclass 3 - Automated Incident Report Lab Guide.docx ├── Defender Masterclass 3 - Image Final.png ├── Defender Masterclass 3 - Image Updated.png ├── Defender Masterclass 3 - Incident Report Template.docx ├── Defender Masterclass 3 - Slides.pdf ├── Defender Masterclass 4 - Image Final.png ├── Defender Masterclass 4 - Image concept.png ├── Defender Masterclass 4 Capture the Flag - Placeholder.ics └── README.md /Defender Masterclass - Labs - Getting started - June21.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass - Labs - Getting started - June21.pdf -------------------------------------------------------------------------------- /Defender Masterclass 1 - Attack Scenario Answers.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 1 - Attack Scenario Answers.pdf -------------------------------------------------------------------------------- /Defender Masterclass 1 - Attack Scenario Questions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 1 - Attack Scenario Questions.pdf -------------------------------------------------------------------------------- /Defender Masterclass 1 - Defender and Teams Integration Lab.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 1 - Defender and Teams Integration Lab.pdf -------------------------------------------------------------------------------- /Defender Masterclass 1 - Image Final.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 1 - Image Final.png -------------------------------------------------------------------------------- /Defender Masterclass 1 - Power Platform Lab Slides.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 1 - Power Platform Lab Slides.pdf -------------------------------------------------------------------------------- /Defender Masterclass 1 - Slides.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 1 - Slides.pdf -------------------------------------------------------------------------------- /Defender Masterclass 1 - adaptivecard.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://adaptivecards.io/schemas/adaptive-card.json", 3 | "type": "AdaptiveCard", 4 | "version": "1.2", 5 | "body": [ 6 | { 7 | "type": "ImageSet", 8 | "images": [ 9 | { 10 | "type": "Image", 11 | "size": "Medium", 12 | "url": "https://betanews.com/wp-content/uploads/2017/01/win-defender.jpg" 13 | } 14 | ] 15 | }, 16 | { 17 | "type": "TextBlock", 18 | "text": "New Microsoft Defender Alert", 19 | "size": "Large", 20 | "weight": "Bolder", 21 | "wrap": true 22 | }, 23 | { 24 | "type": "TextBlock", 25 | "text": "ALERT DESCRIPTION", 26 | "isSubtle": true, 27 | "wrap": true 28 | }, 29 | { 30 | "type": "ActionSet", 31 | "actions": [ 32 | { 33 | "type": "Action.ShowCard", 34 | "title": "Assign Alert", 35 | "card": { 36 | "type": "AdaptiveCard", 37 | "body": [ 38 | { 39 | "type": "Input.ChoiceSet", 40 | "id": "alertassign", 41 | "value": "${r", 42 | "choices": [ 43 | { 44 | "title": "Joni Sherman", 45 | "value": "jonis@" 46 | }, 47 | { 48 | "title": "Adele Vance", 49 | "value": "adelev@" 50 | } 51 | ], 52 | "style": "expanded", 53 | "isVisible": true 54 | } 55 | ], 56 | "actions": [ 57 | { 58 | "type": "Action.Submit", 59 | "title": "Assign Alert", 60 | "data": { 61 | "x": "alertassign" 62 | } 63 | } 64 | ] 65 | } 66 | }, 67 | { 68 | "type": "Action.Submit", 69 | "title": "Isolate Machine", 70 | "data": { 71 | "x": "isolate" 72 | } 73 | }, 74 | { 75 | "type": "Action.OpenUrl", 76 | "title": "View Details", 77 | "url": "https://securitycenter.windows.com/alerts/DETAILURL/details" 78 | } 79 | ] 80 | } 81 | ] 82 | } 83 | -------------------------------------------------------------------------------- /Defender Masterclass 2 - Event Placeholder.ics: -------------------------------------------------------------------------------- 1 | BEGIN:VCALENDAR 2 | PRODID:-//Microsoft Corporation//Outlook 16.0 MIMEDIR//EN 3 | VERSION:2.0 4 | METHOD:PUBLISH 5 | X-MS-OLK-FORCEINSPECTOROPEN:TRUE 6 | BEGIN:VTIMEZONE 7 | TZID:GMT Standard Time 8 | BEGIN:STANDARD 9 | DTSTART:16011028T020000 10 | RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 11 | TZOFFSETFROM:+0100 12 | TZOFFSETTO:-0000 13 | END:STANDARD 14 | BEGIN:DAYLIGHT 15 | DTSTART:16010325T010000 16 | RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 17 | TZOFFSETFROM:-0000 18 | TZOFFSETTO:+0100 19 | END:DAYLIGHT 20 | END:VTIMEZONE 21 | BEGIN:VEVENT 22 | CLASS:PUBLIC 23 | CREATED:20210309T155157Z 24 | DESCRIPTION:Check your inbox for emails from PLC UK Support for joining lin 25 | k!\n 26 | DTEND;TZID="GMT Standard Time":20210317T130000 27 | DTSTAMP:20210309T155157Z 28 | DTSTART;TZID="GMT Standard Time":20210317T090000 29 | LAST-MODIFIED:20210309T155157Z 30 | PRIORITY:5 31 | SEQUENCE:0 32 | SUMMARY;LANGUAGE=en-gb:Microsoft Defender Masterclass II Event Placeholder 33 | TRANSP:OPAQUE 34 | UID:040000008200E00074C5B7101A82E0080000000000DAA022FC14D701000000000000000 35 | 010000000B47C78A56C45C04CB689F42F9C8697A1 36 | X-ALT-DESC;FMTTYPE=text/html:

Check your inbox for emails from PLC UK Supp 541 | ort for joining link!

542 | X-MICROSOFT-CDO-BUSYSTATUS:BUSY 543 | X-MICROSOFT-CDO-IMPORTANCE:1 544 | X-MICROSOFT-DISALLOW-COUNTER:FALSE 545 | X-MS-OLK-CONFTYPE:0 546 | BEGIN:VALARM 547 | TRIGGER:-PT15M 548 | ACTION:DISPLAY 549 | DESCRIPTION:Reminder 550 | END:VALARM 551 | END:VEVENT 552 | END:VCALENDAR 553 | -------------------------------------------------------------------------------- /Defender Masterclass 2 - Image Final.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 2 - Image Final.png -------------------------------------------------------------------------------- /Defender Masterclass 2 - Live Response Slides.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 2 - Live Response Slides.pdf -------------------------------------------------------------------------------- /Defender Masterclass 2 - Main Slide Deck.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 2 - Main Slide Deck.pdf -------------------------------------------------------------------------------- /Defender Masterclass 2 - Multitenant Teams Bot Microsoft Defender Integration Lab - Word Ver.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 2 - Multitenant Teams Bot Microsoft Defender Integration Lab - Word Ver.docx -------------------------------------------------------------------------------- /Defender Masterclass 2 - Multitenant Teams Bot Microsoft Defender Integration Lab.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 2 - Multitenant Teams Bot Microsoft Defender Integration Lab.pdf -------------------------------------------------------------------------------- /Defender Masterclass 3 - ASR Lab Guide.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 3 - ASR Lab Guide.docx -------------------------------------------------------------------------------- /Defender Masterclass 3 - Automated Incident Report Lab Guide PDF.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 3 - Automated Incident Report Lab Guide PDF.pdf -------------------------------------------------------------------------------- /Defender Masterclass 3 - Automated Incident Report Lab Guide.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 3 - Automated Incident Report Lab Guide.docx -------------------------------------------------------------------------------- /Defender Masterclass 3 - Image Final.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 3 - Image Final.png -------------------------------------------------------------------------------- /Defender Masterclass 3 - Image Updated.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 3 - Image Updated.png -------------------------------------------------------------------------------- /Defender Masterclass 3 - Incident Report Template.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 3 - Incident Report Template.docx -------------------------------------------------------------------------------- /Defender Masterclass 3 - Slides.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 3 - Slides.pdf -------------------------------------------------------------------------------- /Defender Masterclass 4 - Image Final.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 4 - Image Final.png -------------------------------------------------------------------------------- /Defender Masterclass 4 - Image concept.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JamesGrahamMSFT/DefenderMasterclass1/3d0f3f3d5eb7e08a9fe8a65c7bf77f7ac5e17e20/Defender Masterclass 4 - Image concept.png -------------------------------------------------------------------------------- /Defender Masterclass 4 Capture the Flag - Placeholder.ics: -------------------------------------------------------------------------------- 1 | BEGIN:VCALENDAR 2 | PRODID:-//Microsoft Corporation//Outlook 16.0 MIMEDIR//EN 3 | VERSION:2.0 4 | METHOD:PUBLISH 5 | X-MS-OLK-FORCEINSPECTOROPEN:TRUE 6 | BEGIN:VTIMEZONE 7 | TZID:GMT Standard Time 8 | BEGIN:STANDARD 9 | DTSTART:16011028T020000 10 | RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 11 | TZOFFSETFROM:+0100 12 | TZOFFSETTO:-0000 13 | END:STANDARD 14 | BEGIN:DAYLIGHT 15 | DTSTART:16010325T010000 16 | RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 17 | TZOFFSETFROM:-0000 18 | TZOFFSETTO:+0100 19 | END:DAYLIGHT 20 | END:VTIMEZONE 21 | BEGIN:VEVENT 22 | CLASS:PUBLIC 23 | CREATED:20210507T095707Z 24 | DESCRIPTION:Check https://aka.ms/defendermasterclass-repo for updates.\n \n 25 | You will receive the link to the event from PLC UK Support to join the eve 26 | nt. \n \nThank you\,\nJames Graham \n \n 27 | DTEND;TZID="GMT Standard Time":20210630T130000 28 | DTSTAMP:20210507T095707Z 29 | DTSTART;TZID="GMT Standard Time":20210630T090000 30 | LAST-MODIFIED:20210507T095707Z 31 | LOCATION:Teams Live Event 32 | PRIORITY:5 33 | SEQUENCE:0 34 | SUMMARY;LANGUAGE=en-gb:Microsoft Defender Masterclass 4 Capture the Flag - 35 | Placeholder 36 | TRANSP:OPAQUE 37 | UID:040000008200E00074C5B7101A82E0080000000080640CB92F43D701000000000000000 38 | 0100000006CA7C3717AF42A4F8F727C6081534C6D 39 | X-ALT-DESC;FMTTYPE=text/html: 537 |

Chec 542 | k https://aka.ms/defende 543 | rmasterclass-repo for updates.

& 544 | nbsp\;

You will receive the link to the event 545 | from PLC UK Support to join the event.

< 546 | o:p> \;

Thank you\,

James Graham

 \;

551 | X-MICROSOFT-CDO-BUSYSTATUS:BUSY 552 | X-MICROSOFT-CDO-IMPORTANCE:1 553 | X-MICROSOFT-DISALLOW-COUNTER:FALSE 554 | X-MS-OLK-AUTOFILLLOCATION:FALSE 555 | X-MS-OLK-CONFTYPE:0 556 | BEGIN:VALARM 557 | TRIGGER:-PT15M 558 | ACTION:DISPLAY 559 | DESCRIPTION:Reminder 560 | END:VALARM 561 | END:VEVENT 562 | END:VCALENDAR 563 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Welcome to the Defender Masterclass repository. 2 | 3 | Update - 18th June 2021 4 | 5 | Masterclass III slides added above - On-demand recording available at https://aka.ms/defendermasterclass3-ondemand 6 | 7 | YouTube channel - https://aka.ms/defendermasterclass-recordings 8 | 9 | ![image](https://user-images.githubusercontent.com/58002777/123130607-cc934400-d444-11eb-8f7c-0995d68983ad.png) 10 | 11 | Silver – Completed skills challenge or Completed MS-500 MS Learn Collection + registered for at least one Masterclass Event. 12 | 13 | Gold – Completed Ultimate Skills Challenge or Silver + MS-500 pass + registered for at least two Masterclass Events. 14 | 15 | To claim, send an email: 16 | 17 | Email: james.graham@microsoft.com 18 | 19 | Subject: Defender Masterclass Badge Claim 20 | 21 | Body: Provide proof of completing the skills challenge (aka.ms/defendermasterclass-skillschallenge or aka.ms/defendermasterclass-ultimatechallenge – now closed) or completed modules – screenshots will suffice, with proof that it’s you. MS-500 – proof of certification (screenshot will suffice). 22 | 23 | Qualified submissions will receive Badge via email 24 | 25 | ![image](https://user-images.githubusercontent.com/58002777/123130409-ac638500-d444-11eb-9a0c-751737a2db81.png) 26 | ![image](https://user-images.githubusercontent.com/58002777/123130471-b08fa280-d444-11eb-9984-55d945d3fbcb.png) 27 | 28 | ---------------------------------------------------------------- 29 | 30 | 31 | Masterclass IV Registration - https://aka.ms/defendermasterclass4-reg - new date! 30th June! 32 | 33 | ![image](https://github.com/JamesGrahamMSFT/DefenderMasterclass1/blob/main/Defender%20Masterclass%204%20-%20Image%20Final.png) 34 | 35 | ![image](https://github.com/JamesGrahamMSFT/DefenderMasterclass1/blob/main/Defender%20Masterclass%203%20-%20Image%20Updated.png) 36 | 37 | Agenda: 38 | 39 | 1. Opening Keynote – Avi Sagiv 40 | 41 | 2. Threat Analytics and Attack Surface Reduction Hands-On Exercises – Mark Thomas 42 | 43 | 3. Break 44 | 45 | 4. Threat Analytics and Attack Surface Reduction continued 46 | 47 | 5. Break 48 | 49 | 6. Azure Virtual Desktop Overview – George Wood 50 | 51 | 7. Securing Windows 10 Multisession – James Graham 52 | 53 | 8. Break 54 | 55 | 9. Automated Threat Incident Reports with Microsoft Defender and Power Automate – James Graham 56 | 57 | 10. Closing Session – James Graham 58 | 59 | 11. Close 60 | 61 | YouTube channel - https://aka.ms/defendermasterclass-recordings 62 | 63 | Previous Skills Challenges - now closed. 64 | 65 | https://aka.ms/defendermasterclass-skillschallenge 66 | 67 | https://aka.ms/defendermasterclass-ultimatechallenge 68 | 69 | ------------------------------------------------------------------------------------------------------------------ 70 | ![image](https://github.com/JamesGrahamMSFT/DefenderMasterclass1/blob/main/Defender%20Masterclass%202%20-%20Image%20Final.png) 71 | 72 | Masterclass II On-Demand Recording - https://aka.ms/defendermasterclass2-ondemand 73 | 74 | Power Virtual Agent end2end recording - 75 | 76 | Part 1: https://youtu.be/vwCsWHV627g 77 | 78 | Part 2: https://youtu.be/QjYO4zSGWz0 79 | 80 | Part 3: https://youtu.be/FJ56fE85cPE 81 | 82 | Feedback form - https://aks.ms/defendermasterclass-feedback 83 | 84 | Masterclass II - 17th March 2021 9AM - 1PM UK 85 | 86 | Agenda: 87 | 88 | Introducation and Updates - James Graham (host) - Slides uploaded 89 | 90 | Opening Keynote - Becky Cholerton - Slides uploaded 91 | 92 | Advanced Threat Hunting - Christos Ventouris - No Slides 93 | 94 | Live Response - Steve Newby - Slides uploaded 95 | 96 | Teams Multitenant Power Virtual Agent Integration Lab - Jack Lewis - Slides uploaded 97 | 98 | Close - James Graham - Slides uploaded 99 | 100 | Supporting - Ally Turnbull, Mark Thomas 101 | 102 | Prerequisites - please complete Defender Masterclass - Labs Getting Started.pdf https://github.com/JamesGrahamMSFT/DefenderMasterclass1/blob/main/Defender%20Masterclass%20-%20Labs%20Getting%20started.pdf 103 | 104 | ---------------------------------------------------------------------------------------------------- 105 | 106 | ![image](https://github.com/JamesGrahamMSFT/DefenderMasterclass1/blob/main/Defender%20Masterclass%201%20-%20Image%20Final.png) 107 | 108 | Masterclass I - 13th January 2021 109 | 110 | Slides for Masterclass I now uploaded. 111 | 112 | Recordings: https://aka.ms/defendermasterclass-recordings 113 | 114 | Masterclass I - Attack Scenario 1 https://youtu.be/ufRkI4Zdx7k 115 | 116 | Masterclass I - Attack Scenario 2 https://youtu.be/BVIiuGMwlZ0 117 | 118 | Masterclass I - Power Platform Lab https://youtu.be/Yk01aOnHs4I 119 | 120 | Link to this repo - https://aka.ms/defendermasterclass-repo 121 | 122 | Registration page - https://aka.ms/defendermasterclass-reg 123 | 124 | Feedback form - https://aks.ms/defendermasterclass-feedback 125 | 126 | 127 | To complete the Microsoft Defender Teams/PowerPlatform integration lab please ensure you have completed the Labs - Getting Started guidance. This is not required if you already have access to an existing non production tenant. 128 | 129 | 130 | 131 | --------------------------------------------------------------------------------