Welcome to the Microsoft 365 Defender Resource Hub.

Become a Microsoft Defender for Endpoint Ninja

Become a Microsoft Defender for Office 365 Ninja!

Become a Microsoft Defender for Cloud Apps Ninja!

Become a Microsoft Defender for Identity Ninja

Become an Azure Sentinel Ninja

Become a Microsoft Defender Threat Intelligence Ninja

Become a Microsoft Defender External Attack Surface Management Ninja

Become a Microsoft Defender for Cloud Ninja

Security Community Webinars

On-demand webcast series: “Tracking the adversary”

Microsoft 365 Security for IT Pros A must have for every IT Pro

Microsoft Security Blog

Subscribe to the Weekly Microsoft Sentinel Newsletter from Rod Trent

Subscribe to the Weekly Microsoft Defender Newsletter from Rod Trent

• Microsoft 365 Defender - Resource Hub
  • Microsoft Tech Community Blog posts
    • 2023
    • 2022
    • 2021
    • 2020
    • 2019
    • 2018
    • 2017
    • 2016
    • 2015
    • 2005
  • Podcasts
  • Other Blog Posts
  • Webinars and Videos
  • Advanced Hunting / KQL
  • Microsoft Security on Twitter
  • Microsoft Docs
  • Must Learn KQL Series
  • Microsoft 365 Defender related content on GitHub
  • Microsoft 365 Defender and Sentinel content on GitHub

• Defender for Endpoint and disconnected environments. Cloud-centric networking decisions
• Microsoft awarded Best Advanced Protection for Corporate and Consumer Users by AV-TEST
• Defender for Endpoint and disconnected environments. Which proxy configuration wins?
• Push ASR rules with Security Settings Management on Microsoft Defender for Endpoint managed devices
• Announcing device isolation support for Linux
• Recovering from Attack Surface Reduction rule shortcut deletions
• Introducing tamper protection for exclusions
• Disconnected environments, proxies and Microsoft Defender for Endpoint
• Leverage authenticated scans to prevent attacks on your Windows devices
• Mitigate risks with application block in Microsoft Defender Vulnerability Management
• Premium capabilities in Microsoft Defender Vulnerability Management are now generally available
• What’s new in Microsoft Defender Vulnerability Management | April 2023 Update
• Attack Simulation Training: New insights into targeted user behavior
• Automatic tenant Allow/Block list expiration management is now available
• Introducing the New Post-delivery Activities Report in Microsoft Defender for Office 365
• Enhanced threat detection with URL click alerts by Microsoft Defender for Office 365
• Announcing Collaboration Security for Microsoft Teams
• Protect your sensitive data against malicious apps
• Centrally manage permissions with the Microsoft 365 Defender role-based access control (RBAC) model
• Build custom incident response actions with Microsoft 365 Defender APIs
• Automate your alert response actions in Microsoft 365 Defender
• Improve your app posture and hygiene using Microsoft Defender for Cloud Apps
• Microsoft Defender for Identity now detects suspicious certificate usage
• Automatic disruption of Ransomware and BEC attacks with Microsoft 365 Defender
• XDR attack disruption in action – Defending against a recent BEC attack
• Respond to threats in near real-time with custom detections
• Simplifying SaaS Security: Deploying Microsoft Defender for Cloud Apps in 4 steps
• Defender for Cloud and Defender for Threat Intelligence are Better Together
• Performing a Successful Proof of Concept (PoC)
• Intel Profiles Deliver Crucial Information, Context About Threats
• MDTI Microsoft Sentinel Playbooks
• MDTI APIs in Microsoft Graph
• Identify Digital Assets Vulnerable to Subdomain Takeover
• Seeking Out Dead and Dying Servers
• Latest Engineering Semester Enables Tighter Integrations, Ease of Use
• Uncovering Trackers Using the Defender EASM UI Pt. 1
• Microsoft Defender External Attack Surface Overview, Concepts, and Vocabulary
• Why is Defender EASM Discovery important?
• Data Connectors for Azure Log Analytics and Data Explorer Now in Public Preview

• Welcome to the Microsoft Defender External Attack Surface Management Tech Community
• Introducing the Microsoft Defender for Office 365 Security Operations Guide
• Email Protection Basics in Microsoft 365: Spoof and Impersonation
• Build custom email security reporting with Microsoft Defender for Office 365 and PowerBI
• Getting started as a Security MVP (Most Valuable Professional)
• New network-based detections and improved device discovery using Zeek
• Announcing new removable storage management features on Windows
• Use the new Microsoft 365 Defender API for all your alerts
• Detecting and remediating command and control attacks at the network layer
• Tamper protection will be turned on for all enterprise customers
• Microsoft Defender for Endpoint is now available on Android company-owned personally enabled devices
• Improving device discoverability and classification within MDE using Defender for Identity
• Attack Surface Reduction (ASR) Rules Report 2.0 in Microsoft 365 Defender
• Optimize your hunting performance with the new query resources report
• Protect apps that use non-standard ports with Defender for Cloud Apps
• Investigate incidents more effectively with the new attack story view in Microsoft 365 Defender
• Identity Protection alerts now available in Microsoft 365 Defender
• Hunt in Microsoft 365 Defender without KQL!
• Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps
• Leverage advanced hunting to better understand your discovered devices
• Firmware assessments support now in public preview in Microsoft Defender Vulnerability Management
• Announcing Software Usage Insights in public preview
• Reduce OpenSSL 3.0 vulnerabilities risks with Microsoft Defender Vulnerability Management
• Support for Common Vulnerabilities and Exposures (CVEs) without a security update in public preview
• Announcing Microsoft Defender Vulnerability Management in public preview
• Introducing new actions from the Email Entity page!
• Exciting Feature Updates to Attack Simulation Training
• Email Protection Basics in Microsoft 365: Spam & Phish
• Microsoft Defender for Office 365 Ninja Training: June 2022 Update
• Announcing the release of step-by-step guides!
• Email Protection Basics in Microsoft 365: Bulk Email
• Improving “Defense in Depth” with Trusted ARC Sealers for Microsoft Defender for Office 365
• Evaluate Defender for Office 365 in your environment!
• Configurable impersonation protection and scope for Preset Security policies
• Configurable impersonation protection and scope for Preset Security policies
• Simplifying the Quarantine Experience - Part Two
• Email remediation actions now available in unified Action Center
• Introducing the UrlClickEvents table in advanced hunting with Microsoft Defender for Office 365
• Introducing differentiated protection for priority accounts in Microsoft Defender for Office 365
• How to deploy Attack Surface Reduction rules to Azure VMs using Azure Guest Configurations
• Network Protection and Web Protection for macOS and Linux is now in Public Preview!
• Tamper protection on macOS is now generally available
• New Device Health Reporting for Microsoft Defender for Endpoint is now in Public Preview
• Announcing File page enhancements in Microsoft Defender for Endpoint
• Introducing the new alert suppression experience
• Mobile Network Protection in Microsoft Defender for Endpoint on Android & iOS now in Public Preview
• Prevent compromised unmanaged devices from moving laterally in your organization with “Contain”
• Mobile device support is now available for US Government Customers using Defender for Endpoint
• Hunting for network signatures in Microsoft Defender for Endpoint
• Evaluation Lab: new domain-joined devices support in Public Preview
• Troubleshooting mode for Microsoft Defender for Endpoint now Generally Available
• Announcing the public preview of Defender for Endpoint personal profile for Android Enterprise
• Security Settings Management in Microsoft Defender for Endpoint is now generally available
• Tamper Protection is now available on macOS
• Device Inventory - The evolution of the endpoint view
• Enhanced Antimalware Protection in Microsoft Defender for Endpoint Android
• Enhanced antimalware engine capabilities for Linux and macOS
• New Reporting Functionality for Device Control and Windows Defender Firewall
• Unified submissions in Microsoft 365 Defender now Generally Available!
• The new Microsoft 365 Defender APIs in Microsoft Graph are now available in public preview!
• Protect sensitive SharePoint sites with Defender for Cloud Apps
• Monthly news - July 2022
• Monthly news - June 2022
• Microsoft Defender for Cloud Apps experiences are now part of Microsoft 365 Defender
• New URL & domain pages in Microsoft 365 Defender
• The power of incidents in Microsoft 365 Defender
• Microsoft 365 Defender Streaming API: Identity and CloudApp Events in General Availability
• Introducing predefined policies in app governance
• Detecting and Remediating Impossible Travel
• What’s new: Unified Microsoft SIEM & XDR GitHub community
• New and improved incident queue
• Reduce time to response with classification
• Announcing expanded support and functionality for Live Response APIs
• Defending against ransomware with Microsoft Defender for Endpoint and Intel TDT: A Case Study
• The Splunk Add-on for Microsoft Security is now available
• Deprecating the legacy SIEM API
• Microsoft threat & vulnerability management integrates with Vulcan Cyber
• Announcing general availability of vulnerability management support for Android and iOS
• Microsoft Defender for Endpoint Plan 1 Now Included in M365 E3/A3 Licenses
• Zero-touch onboarding of Microsoft Defender for Endpoint on iOS now in public preview
• Streamlining the submissions experience in Microsoft Defender for Office 365

• Updated Hunting and Investigation Experiences for Microsoft Defender for Office 365
• Introducing the Microsoft Defender for Office 365 Migration Guide
• CloudAppEvents in advanced hunting now includes non-Microsoft apps and new data columns
• Protect printers, cameras and the rest of your IoT devices with Microsoft 365 Defender
• Using gMSA account in Microsoft Defender for Identity in multi-domain forests.
• Protect your printers, cameras and the rest of your IoT devices starting today!
• Announcing Preview of New Security Management Capabilities for Microsoft Defender for Endpoint.
• Evaluation Lab: Expanded OS support & Atomic Red Team simulations
• Announcing the public preview of Microsoft Defender for Endpoint Mobile - Tamper protection
• AI-driven adaptive protection in Microsoft Defender for Endpoint
• Microsoft Defender for Endpoint Plan 1 Now Generally Available
• Announcing performance analyzer for Microsoft Defender Antivirus
• Device Control Device Installation update
• Defending Windows Server 2012 R2 and 2016
• Announcing live response for macOS and Linux
• Web content filtering now generally available on Windows
• Boost protection of your Linux estate with behavior monitoring, extended distro coverage, and more
• Automatically triage phish submissions in Microsoft Defender for Office 365
• Microsoft Defender for Office 365 Ninja Training: September 2021 Update
• Improving the reporting experience in Microsoft Defender for Office 365
• Automatic Redirection to Microsoft 365 Defender is coming!
• Reporting an email in Microsoft Defender for Office 365
• Mastering Configuration in Defender for Office 365 - Part Three
• New Incident Graph view in Microsoft 365 Defender
• Assign incidents and alerts to someone else
• Announcing the new advanced hunting page and link to incident feature
• Announcing Microsoft Defender for Cloud Apps
• Microsoft Defender for Identity and Npcap
• Advanced Hunting: Surfacing more email data from Microsoft Defender for Office 365
• Microsoft 365 Defender Ninja August 2021 special edition!
• Microsoft 365 Defender Ninja Training: August 2021 update
• Take your security to the next level with professional security services
• Introducing Microsoft Defender for Endpoint Plan 1
• Make sure Tamper Protection is turned on
• Announcing Apple M1 native support
• Public Preview: Custom file IoC enhancements and API schema update
• Best practices for optimizing custom indicators
• Microsoft Defender for Endpoint Ninja Training: August 2021 update
• DeepSurface integrates with Microsoft's vulnerability management capabilities
• Download quarantined files now in public preview
• Protect your removable storage and printers with Microsoft Defender for Endpoint
• Announcing live response API public preview
• Evaluation lab updates: device renewal and new simulations
• Simplifying the Quarantine Experience
• Microsoft Teams gets more Phishing Protection!
• Making the SecOps Team More Efficient - Focused Email Actions
• ICYMI: Announcing Microsoft 365 Defender Streaming API
• Vulnerability management for Linux now generally available
• Unmanaged device protection capabilities are now generally available
• Threat & vulnerability management integrates with ServiceNow VR
• New threat & vulnerability management APIs - create reports, automate, integrate
• Announcing new capabilities on Android and iOS
• Welcome to Microsoft 365 Defender!
• How to migrate advanced hunting to Microsoft 365 Defender
• Secure configuration assessment for macOS and Linux now in public preview
• Announcing Exciting Updates to Attack Simulation Training
• Microsoft Defender for Identity Experiences in Microsoft 365 Defender
• Setting up a New Phish Simulation Program - Part Two
• Setting up a New Phish Simulation Program - Part One
• Using Microsoft Defender for Identity Data to Make Powerful Advanced Hunting Queries
• Enhancing Microsoft Defender for Identity Data Using Microsoft 365 Defender
• Secure Access for applications with Microsoft Cloud App Security
• Uncover your blind spots: seamlessly control cloud usage risks to your organization
• Prevent sophisticated attacks: Microsoft Cloud App Security and Microsoft 365 Defender -Bypass Blocking PDF Previews in OWA -Microsoft Cloud App Security update: March 2021
• MCAS: Top 5 Queries You Need to Save
• MSTICPy and Jupyter Notebooks in Azure Sentinel, an update
• Non-interactive logins: minimizing the blind spot
• What’s new: Incident timeline
• How to use Azure Sentinel for Incident Response, Orchestration and Automation
• Group-IB Threat Intelligence and Attribution Connector - Azure Sentinel
• IoT Asset discovery based on FW logs
• Web Shell Threat Hunting with Azure Sentinel
• Best practices for migrating detection rules from ArcSight, Splunk and QRadar to Azure Sentinel
• What’s new: Automation rules
• Monitoring the Software Supply Chain with Azure Sentinel
• What’s new: Alert Enrichment – Custom Details and Entity Mapping
• Whats new: Azure Sentinel and Microsoft 365 Defender incident integration
• Microsoft Ignite 2021: Blob and File Storage Investigations
• Visibility of Azure key vault activity in Sentinel Azure Key Vault Workbook
• Mastering Configuration in Defender for Office 365 - Part Two
• Mastering Configuration in Defender for Office 365 - Part One
• Introducing the Email Entity Page in Microsoft Defender for Office 365!
• Become a Microsoft Defender for Office 365 Ninja!
• Business Email: Uncompromised - Part Three
• New Home for Microsoft Defender for Office 365
• Best practices for leveraging Microsoft 365 Defender API's - Episode Three
• Unified experiences across endpoint and email are now generally available in Microsoft 365 Defender
• Launching threat analytics for Microsoft 365 Defender
• Azure Sentinel and Microsoft 365 Defender incident integration
• Best practices for leveraging Microsoft 365 Defender API's - Episode Two
• Microsoft Cloud App Security: The Hunt in a multi-stage incident
• Microsoft 365 Defender now delivers unified experiences across endpoint, email and collaboration
• Endpoint Discovery - Navigating your way through unmanaged devices
• Network device discovery and vulnerability assessments
• Configuring exclusions for Splunk on RedHat Linux 7.9
• New threat and vulnerability management experiences in Microsoft 365 security
• Enhancing Linux antivirus with behavior monitoring capabilities!
• Mac updates: Control your USB devices with Microsoft Defender for Endpoint on Mac!
• Migrate advanced hunting from Microsoft Defender for Endpoint to Microsoft 365 Defender -Announcing a global switch for tamper protection
• Investigating the Print Spooler EoP exploitation
• Advanced hunting: updates to threat and vulnerability management tables
• One app for VPN and mobile threat defense
• Delivering world class SecOps experiences
• Business Email: Uncompromised – Part Two
• Business Email: Uncompromised – Part One
• MITRE ATT&CK Techniques now available in the device timeline
• Protecting sensitive information on devices
• Microsoft Defender for Endpoint Ninja Training: February 2021 update
• Microsoft Defender Antivirus: 12 reasons why you need it
• Extending threat and vulnerability management to more devices
• Windows Virtual Desktop support is now generally available
• How to use tagging effectively (Part 3)
• Microsoft Defender for Endpoint: Automation defaults are changing
• EDR for Linux is now generally available
• How to use tagging effectively (Part 2)
• How to use tagging effectively (Part 1)
• Microsoft 365 Defender Ninja Training: January 2021 update
• Hunt for Azure Active Directory sign-in events
• Best practices for leveraging Microsoft 365 Defender API's - Episode One

• Get email notifications on new incidents from Microsoft 365 Defender
• Advanced hunting product name changes
• New Threat analytics report shares the latest intelligence on recent nation-state cyber attacks
• Azure Active Directory audit logs now available in Advanced Hunting (public preview)
• Additional email data in advanced hunting -Announcing EDR in block mode general availability -Microsoft Defender for Endpoint on iOS is generally available
• Microsoft Defender for Office 365 investigation improvements coming soon
• EDR for Linux is now available in public preview
• Hunt across cloud app activities with Microsoft 365 Defender advanced hunting
• Microsoft 365 Defender connector now in Public Preview for Azure Sentinel
• Improved incident queue in Microsoft 365 Defender
• Introducing a new threat and vulnerability management report
• Investigating Alerts in Defender for Office 365
• ZeroLogon is now detected by Microsoft Defender for Identity CVE-2020-1472 exploitation
• Self-healing in Microsoft 365 Defender
• Announcing Priority Account Protection in Microsoft Defender for Office 365
• Microsoft delivers unified SIEM and XDR to modernize security operations
• Office 365 ATP is now Microsoft Defender for Office 365
• Microsoft Defender for Endpoint adds depth and breadth to threat defense across platforms
• Say hello to the new Microsoft Threat Protection APIs!
• Microsoft Defender ATP for Mac is moving to system extensions
• How behavioral blocking & containment stops post-exploitation tools like BloodHound, Kerberoasting
• A new look for threat analytics
• Microsoft Threat Protection now uses more descriptive incident names
• Hunt for threats using events captured by Azure ATP on your domain controller
• Introducing EDR in block mode: Stopping attacks in their tracks
• Introducing an improved timeline investigation with event flagging
• Pull in more intelligence and act fast while you hunt
• See how consolidated incidents improve SOC efficiency through this attack sprawl simulation
• The Action center in Microsoft Threat Protection – Your one-stop shop for remediation actions
• Pivot fast and investigate freely with go hunt & other advanced hunting enhancements
• Multi-tenant access for Managed Security Service Providers
• Changes in the support case submission experience
• Announcing high value asset tagging in Microsoft Defender ATP
• SHA-2 signing enforcement on Windows 7 and Windows Server 2008 R2
• Microsoft Defender ATP awarded a perfect 5-star rating by SC Media
• Introducing event timeline – an innovative, new way to manage your security exposure
• An update on Web Content Filtering
• Configuring Microsoft Defender Antivirus for non-persistent VDI machines
• Improving defenses against Exchange server compromise
• Safe Documents is Generally Available
• Microsoft Defender ATP for Linux is now generally available!
• Announcing Microsoft Defender ATP for Android
• Microsoft Threat Protection leads in real-world detection in MITRE ATT&CK evaluation
• A deeper dive into the APT29 MITRE ATT&CK evaluation
• Microsoft Defender ATP has a new UEFI scanner
• New partnerships with innovative leaders helps you fight advanced threats!
• Say hello to the new alert page in Microsoft Defender ATP
• Migrate the old Power BI App to Microsoft Defender ATP Power BI templates!
• Microsoft Defender ATP evaluation lab breach & attack simulators are now available in public preview
• Demystifying attack surface reduction rules - Part 4
• Defending networks against human-operated ransomware
• Automate the boring for your SOC with automatic investigation and remediation!
• Indicators enhancements: Allow/Block by certificates & more
• Demystifying attack surface reduction rules - Part 3
• Onboarding and servicing non-persistent VDI machines with Microsoft Defender ATP
• Harden endpoint security for COVID-19 and working from home with Threat & Vulnerability Management
• Deploy Microsoft Defender ATP for Mac in just a few clicks
• MITRE ATT&CK evaluation results
• Demystifying attack surface reduction rules - Part 2
• Demystifying attack surface reduction rules - Part 1
• Threat & Vulnerability Management APIs are now generally available
• Live response for earlier versions of Windows is now in public preview
• Secure your remote workforce with Microsoft Defender ATP
• Secure Configuration Assessment (SCA) for Windows Server now in public preview
• Microsoft Defender ATP service notification improvements
• Connect the dots using a device network overview Power BI report
• Raw data export: Announcing Microsoft Defender ATP Streaming API GA
• Microsoft Defender ATP for Linux is coming! ...And a sneak peek into what’s next
• Enable tamper protection in Threat & Vulnerability Management to increase your security posture
• Put regulation fears to rest when deploying Microsoft Defender ATP
• Web content filtering with Microsoft Defender ATP now in public preview
• Extending Microsoft Defender ATP network of partners
• Block Access to Unsanctioned Apps using Microsoft Defender ATP & Microsoft Cloud App Security
• Enforcement of TLS 1.2 for connections to Microsoft Defender ATP

• EDR capabilities for macOS have now arrived
• Advanced hunting data schema changes
• Short & sweet educational videos for Microsoft Defender ATP
• Create custom reports using Microsoft Defender ATP APIs and Power BI
• Recordings now online: Microsoft Defender ATP sessions from #MSIgnite 2019
• Microsoft Defender ATP for Mac - EDR in Public Preview
• How insights from system attestation and advanced hunting can improve enterprise security
• Reducing risk with new Threat & Vulnerability Management capabilities
• Experts on demand: now generally available
• Microsoft Defender ATP sessions at #MSIgnite 2019
• Tamper protection now generally available for Microsoft Defender ATP customers
• Manage Windows Defender Firewall with Microsoft Defender ATP and Intune
• Forrester names Microsoft a Leader in 2019 Endpoint Security Suites Wave
• Enhanced visibility into web threats with Microsoft Defender ATP
• Microsoft Defender ATP EDR support for Windows Server 2008 R2 now generally available
• New! API Explorer and Connected applications
• MITRE ATT&CK technique info in Microsoft Defender ATP alerts
• Microsoft Defender ATP supports custom IOCs for URLs, IP addresses, and domains
• Enhance your SOC with Microsoft Defender ATP Automatic Investigation and Remediation
• Test security products the right way and find new protection features with MDATP evaluation lab
• Hunting for reconnaissance activities using LDAP search filters
• Advanced hunting updates: USB events, machine-level actions, and schema changes
• Gartner names Microsoft a Leader in 2019 Endpoint Protection Platforms Magic Quadrant
• Microsoft Defender ATP 'Ask Me Anything' August 2019 - Summary
• Migrate your custom Threat Intelligence (TI) to indicators!
• Microsoft Defender Advanced Threat Protection is now available as an offer to US GCC High customers
• The Golden Hour remake - Defining metrics for a successful security operations
• Download files for in-depth investigation
• MDATP Streaming API - Public Preview - DIY example
• Microsoft Defender ATP Evaluation lab is now available in public preview
• Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time
• Microsoft Defender ATP alert categories are now aligned with MITRE ATT&CK!
• Microsoft Defender ATP automation & cloud app discovery now available in previous Windows 10 builds!
• Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection
• MDATP Python automation - Automate machine isolation with Python script
• Microsoft Defender ATP unified indicators of compromise (IoCs) experience
• Microsoft Defender ATP for Mac now in open public preview
• Incident response at your fingertips with Microsoft Defender ATP live response
• Microsoft Defender ATP and Malware Information Sharing Platform integration
• Updates to attack surface reduction rules for Office apps
• Pushing custom Indicator of Compromise (IoCs) to Microsoft Defender ATP
• Microsoft Defender ATP third-party solution integrations
• Microsoft Threat Experts reaches general availability
• Protecting disconnected devices with Microsoft Defender ATP
• MDATP Threat & Vulnerability Management now publicly available!
• Native support for the discovery of Shadow IT
• Introducing a risk-based approach to threat and vulnerability management
• Tamper protection in Microsoft Defender ATP
• Announcing Microsoft Defender ATP for Mac
• Palo Alto Networks and WDATP ad-hoc integration
• MITRE evaluation highlights industry-leading EDR capabilities in Windows Defender ATP
• Automate Windows Defender ATP response action: Machine isolation
• Windows 10: Windows Defender Exploit Guard-Attack Surface Reduction rules
• Ticketing system integration – Alert update API
• Help protect the exec – go with the Flow!
• WDATP API “Hello World” (or using a simple PowerShell script to pull alerts via WDATP APIs)
• Microsoft Defender ATP integrates with Microsoft Information Protection to discover, protect, and monitor sensitive data on Windows devices
• Microsoft Defender ATP built-in threat summary and health reports

• What’s new in Windows Defender ATP, November 2018
• New! Windows Defender ATP Incidents narrate the end-to-end attack story
• Automating investigation and response for memory-based attacks
• SecOps is more effective thanks to Microsoft Windows Defender Advanced Threat Protection
• Microsoft Cloud App Security and Windows Defender ATP - better together
• WDATP September 2018 preview features are out
• Hunting tip of the month: Downloads originating from email links
• Optimized reporting latency and expedite mode
• Interpreting Exploit Guard ASR audit alerts
• Improve your defensive posture with Exploit Guard ASR
• Advanced hunting now includes network adapters information
• Hunting tip of the month: Browser downloads
• Getting Started with Windows Defender ATP Advanced Hunting
• Hunting tip of the month: PowerShell commands
• What’s new in the WDATP Portal?
• Protecting Windows Server with Windows Defender ATP
• Enhancing conditional access with machine-risk data from Windows Defender Advanced Threat Protection
• New demo: Advanced Threat Protection across Windows 10 and Office
• Exploit Guard - Network Protection
• Announcing: Windows Defender ATP support for Windows 7 and Windows 8.1

• Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’
• Microsoft partners extend Windows Defender ATP across platforms
• Windows Defender ATP helps analysts investigate and respond to threats
• Windows Defender ATP Windows 10 Fall Creators Update now open for public preview
• Windows Defender ATP machine learning: Detecting new and unusual breach activity
• Windows Defender ATP Fall Creators Update
• Microsoft signs agreement to acquire Hexadite
• Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack
• The Story of Windows Defender

• Windows Defender Advanced Threat Protection Preview Expands
• Announcing Windows Defender Advanced Threat Protection

• Windows 10 to offer application developers new malware defenses

Yes no typo , it was around 2005 when 'Windows Defender' appeared

• What’s in a name?? A lot!! Announcing Windows Defender!

• Talking Security hosted by Frans Oudendorp
• Security Unlocked hosted by Natalia Godyla and Nic Fillingham
• Security Insiders hosted by Maarten Goet
• Hairless in the Cloud hosted by Jan Geisbauer and Marco Scheel
• GeekZeugs by Alexander Benoit and Eric Berg
• RunAsRadio
• Microsoft Security Insights

• Defender for Endpoint - FalconForce
• [Feb 2023] Ultimate Comparison of Defender for Endpoint Features by OS
• Microsoft Defender for Endpoint blog Series
• Microsoft Defender for Endpoint series – Defender Vulnerability Management – Part5
• Assessment and Control of Browser Extensions
• Microsoft Defender for Endpoint Internals 0x02 — Audit Settings and Telemetry
• Microsoft Defender for Endpoint Internals 0x03 — MDE telemetry unreliability and log augmentation
• Deep Diver – Defender for Cloud Apps Malware Detection in Office 365 Workloads
• Handling Inactive Devices in Microsoft Defender for Endpoint
• Microsoft Defender for Endpoint series – What is Defender for Endpoint? – Part1
• Microsoft Sentinel – Insights of Defender for Cloud Apps Data Connector
• Unboxing Microsoft Defender for Business, Part 1: Simplified configuration process
• Updated March 2022: Ultimate Comparison of Defender for Endpoint Features by Operating System
• MDE HUNTING 101
• Article 1 – Tips & Tricks #Investigate with Microsoft Defender for Identity
• Article 2 – Tips & Tricks #Deploy Microsoft Defender for Identity (gMSA Accounts)
• Managing Microsoft Defender for Endpoint with the new Security Management feature in MEM
• Sysmon vs Microsoft Defender for Endpoint, MDE Internals 0x01
• Defending Azure Active Directory with Azure Sentinel
• Keep an eye on your Azure AD guests with Microsoft Sentinel
• Alert changes to sensitive AD groups using MDI
• Automated response to C2 traffic on your devices
• Defender for Endpoint – unified solution for Windows Server 2012 R2 and 2016 (Part1)
• Enabling and configuring Web content filtering in Microsoft Defender for Endpoint (MDE)
• Microsoft Defender for Endpoint on AWS: Part 1
• Use advanced hunting to Identify Defender clients with outdated definitions
• Device Control Device Installation update
• The Impossible Travel Alert: Friend or Foe?
• Defender TVM: Configuration Benchmark Management
• Using the Defender for Endpoint API and PowerShell
• How To Hunt For LDAP Reconnaissance Within M365 Defender?
• Using Microsoft Defender For Endpoint During Investigation
• Hunting for Lateral Movement: Local Accounts
• Detecting network beacons via KQL using simple spread stats functions
• FalconFriday — Masquerading; LOLBin file renaming— 0xFF0C
• Practical Compromise Recovery Guidance For Active Directory
• Incident Response In A Microsoft Cloud Environment
• Use kusto to breakdown time stamps
• Adding TAXII Threat Intel
• ALERTRULE FROM GITHUB TO AZURE SENTINEL
• How to Use Microsoft Teams as a Frontend to Azure Sentinel
• How to Find the Enhanced Functions Capabilities in the Azure Sentinel Console
• Start Having Visibility In Service Accounts With Defender For Identity
• Gundog
• Microsoft Defender — Detect Hidden Windows Run
• Detecting SolarWinds SUNBURST IOC, from Microsoft Defender for Endpoint and Azure Sentinel
• Using Active Directory Replication Metadata for hunting purposes
• Getting started with Microsoft Defender for Endpoint for iOS
• Integrate Microsoft Defender for Endpoint with Azure Defender
• Integrate Microsoft Defendr for Endpoint with MCAS
• Defender for Endpoint (MDATP) for Windows Servers
• MTP Advanced Hunting – Public free E-Mail services
• Hunting for Local Group Membership changes
• Microsoft Threat Protection Jupyter notebook AdvancedHunting sample
• Showcasing some Endpoint Detection & Response Features of Microsoft Defender ATP
• Microsoft Defender ATP for Android
• Assigning MDATP tags through the machine name & logged on user with Logic Apps
• MANAGE OFFICE ATP ALERTS LIKE A BOSS
• Microsoft Defender ATP Web Content Filtering – Migrate Rules from Existing Security Software
• Microsoft Defender ATP Web Content Filtering – Administration, Limitations, and User Experience
• MDATP 💙 THOR
• Windows Defender configuration tool ConfigureDefender 3.0.0.0 released
• Analyzing your Microsoft Defender ATP data in real-time in ELK using the new streaming API
• 24/7 protection during Covid-19 – Defender ATP Auto IR
• Threat & Vulnerability Management – improve client security with MDATP
• Microsoft Defender Antivirus (MDAV) “Cloud Protection” (Cloud-Delivered Protection aka MAPS)
• BLOCK IT.
• DEEP DIVE: FORENSICS VIA MDATP LIVE RESPONSE
• Microsoft Defender ATP – network control made easy
• Microsoft Defender ATP for Linux
• How to create your Defender ATP Admin Audit Log Dashboard
• EmptyDC Jan Geisbauer
• How to generate a monthly Defender ATP Threat and Vulnerability Report
• Automate MDATP response with Microsoft Flow
• Windows Defender ATP: harnessing the collective intelligence of the InfoSec community for threat hunting
• MDATP: talking to the User
• Examining access token privileges with MDATP and Kusto
• My Pluralsight Course – Incident Response and Remediation With Azure Security Center
• Hunting for MiniNt security audit block in registry
• Microsoft Defender ATP Streaming API
• Send Intune security task notifications to Microsoft Teams, email, etc. using Microsoft Flow
• How to accelerate your Microsoft Defender ATP Evaluation
• How to Create a Custom Slack Alert for Windows Defender Advanced Threat Protection (ATP) using Microsoft Flow in 5 minutes
• Automate response with Defender ATP and Microsoft Flow
• Hunting for USB Rubber Ducky/ Bad USB with ATP
• Managing Alerts from MDATP in ServiceNow – Part I: Bearer Token Request And ServiceNow Connect
• Hunting Windows Defender Exploit Guard with ATP
• Announcing new exciting capabilities of Windows Defender ATP (April 2018)
• Automated Response for Windows Defender ATP
• Managing Role Based Access (RBAC) for Microsoft Defender Advanced Threat Protection
• Retrieving Windows Defender Exploit Guard Windows Event logs with PowerShell
• Defender ATP and PowerBI

• Microsoft Sentinel from the field
• All Things M365 Compliance
• KQL Cafe
• Introduction into KQL/
• 057 - EN - Defender for Office 365 with Pawel Partyka
• The NEW Attack Simulator in M365 w/ End User Training
• Elevate your endpoint security with Microsoft Defender ATP
• Security Community Webinars
• Join Our Security Community
• MS Defender ATP Overview and Full Attack Simulation
• Live response in Microsoft Defender ATP
• Webinar: Stopping attacks in their tracks through behavioral blocking and containment
• Azure Sentinel and Defender ATP Webinar
• Microsoft Defender ATP Threat & Vulnerability Management
• Upcoming webinar 📣 The Power of Advanced Hunting - Unleash the hunter in you!
• SANS - Windows Defender ATP’s Advanced Hunting: Using Flexible Queries to Hunt Across Your Endpoints
• Conditional Access with WDATP - The Endpoint Zone 1805
• How to Configure Splunk to pull Windows Defender ATP alerts
• How to customize Windows Defender ATP Alert Email Notifications
• Check Windows Defender ATP Client Status with PowerShell
• Microsoft Defender ATP [Attack Simulation & Investigation] Demos
• Automate machine isolation with MDATP and Microsoft Flow - YouTube MVP Demo
• Windows Defender ATP now extends beyond Windows clients October 11,2017
• Windows Defender ATP Investigation and Response
• Microsoft 365 Conditional access based on device-risk with Windows Defender ATP
• Windows Defender ATP Secure Score
• RSA Conference 2018 Windows Defender ATP – Unified platform for endpoint security
• RSA Conference 2018 Taking Ransomware to task with Windows Defender ATP

• Kusto Detective Agency
• Exploring Anomalies with Log Analytics using KQL
• Kusto King blog
• Become a KQL Ninja
• Kusto Query Language (KQL) - cheat sheet
• Sigma-Hunting-App
• Go hunt, join us on GitHub
• Microsoft MDATP Hunting Queries on GitHub
• Kusto Query Language (KQL) from Scratch
• Maarten Goet - Wortell
• Advanced Hunting Cheat Sheet by @PowershellPoet, @maarten_goet, @Pawp81, @Bakk3rM and @MicrosoftMT
• SecGroundZero

blog post series to educate about the simplicity and power of the Kusto Query Language (KQL) by @rodtrent

• Must Learn KQL Part 1: Tools and Resources - Posted November 17, 2021 - Video Edition
  
• Must Learn KQL Part 2: Just Above Sea Level - Posted November 18, 2021
  
• Must Learn KQL Part 3: Workflow - Posted November 19, 2021 - Video Edition
  
• Must Learn KQL Part 4: Search for Fun and Profit - Posted November 22, 2021
  
• Must Learn KQL Part 5: Turn Search into Workflow - Posted November 29, 2021 - Video Edition
  
• Must Learn KQL Part 6: Interface Intimacy - Posted December 2, 2021, Updated May 13, 2022 - Video Edition
  
• Must Learn KQL Part 7: Schema Talk - Posted December 7, 2021 - Video Edition
  
• Must Learn KQL Part 8: The Where Operator - Posted December 8, 2021 - Video Edition
  
• Must Learn KQL Part 9: The Limit/Take Operators - Posted December 13, 2021 - Video Edition
  
• Must Learn KQL Part 10: The Count Operator - Posted December 14, 2021 - Video Edition
  
• Must Learn KQL Part 11: The Summarize Operator - Posted January 5, 2022 - Video Edition
  
• Must Learn KQL Part 12: The Render Operator (with Bin and Time) - Posted January 10, 2022 - Video Edition
  
• Must Learn KQL Part 13: The Extend Operator - Posted January 18, 2022 - Video Edition
  
• Must Learn KQL Part 14: The Project Operator - Posted January 20, 2022 - Video Edition
  
• Must Learn KQL Part 15: The Distinct Operator - Posted January 24, 2022
  
• Must Learn KQL Part 16: The Order/Sort and Top Operators - Posted January 26, 2022
  
• Must Learn KQL Part 17: The Let Statement - Posted February 1, 2022
  
• Must Learn KQL Part 18: The Union Operator - Posted February 7, 2022
  
• Must Learn KQL Part 19: The Join Operator - Posted February 14, 2022
  
• Must Learn KQL Part 20: Building your first Microsoft Sentinel Analytics Rule - Posted February 17, 2022
  
  
  

• Eshlomo - Advanced Hunting Queries
• NotNinjaCat @RavivTamir
• Microsoft Defender ATP @WindowsATP
• Microsoft Threat Protection @MicrosoftMTP
• Dan Michelson
• Hadar Feldman
• Tomer Teller
• Heike Ritter
• Christian H. Müller
• Alex Benoit
• Jan Geisbauer
• Matias Borg
• Oliver Kieselbach
• Amar Hasayen
• Maarten Goet
• Eric Soldierer
• Christian H. Mueller
• Huy
• @thijslecomte
• @YongRheeMSFT
• @castello_johnny
• Alex Verboon
• Matt Soseman
• Frans Oudendorp
• Corina Feuerstein
• Daniel Naim
• Pawel Partyka
• Olaf Hartong
• Mehmet Ergene
• @BlueVoyant
• @Sec_GroundZero
• @ashwinpatil
• @reprise_99 Matt Zorich
• Sami Lamppu
• Ru Campell
• Jeffrey Appel
• BertJanCyber

• Microsoft 365 Defender
• Microsoft Defender for Endpoint
• Microsoft Defender for Identity
• Microsoft Defender for Office 365
• Microsoft Cloud App Security
• Microsoft Sentinel

Stay up to date about latest releases (fixes, new features etc.)

• What’s new with Microsoft Cloud App Security?
• What’s new in Microsoft Defender for Identity
• What’s new in Microsoft Defender for Endpoint
• What’s new in Microsoft 365 Defender
• What’s new in Microsoft Defender for Office 365
• What’s new in Microsoft Sentinel

• MTP - Advanced Hunting
• Microsoft Defender Advanced Threat Protection PowerShell Module
• WindowsDefenderATP-Hunting-Queries
• MicrosoftDefenderATP-API-PowerShell
• defender-atp-manageability
• MDATP PowerBI
• Github - Power BI Report templates powered by Microsoft Defender Advanced Threat Protection Advance Hunting Queries
• MDATP PowerBI
• CGCFAD WDATP-Advanced-Hunting
• richlilly2004 MDATP hunting queries
• Huy - DebugPrivilege
• AndyFul - ConfigureDefender
• David Sass - DefenderASR
• CGCFAD Hunting Queries
• Eli Shlomo
• KQL Tools
• GunDog
• mdatp pwsh
• blue-teaming-with-kql
• Threat hunting and detection by Cyb3r-Monk
• Microsoft Defender 365 raw data schema - Overview
• Azure Sentinel KQL Queries by reprise99
• KQL Reference Manual by SecGroundZero
• Blue teaming with KQL by Ashwin Patil
• Sentinel Queries
• SecGroundZero KQL Reference Material
• ashwin-patil - Blue Teaming with KQL
• Linux - iOS
• Adarsh Pandey
• Marco Gerber
• Live Response Scripts from YongRhee
• Azure AD - Attack and Defense Playbook
• BertJanCyber
• Ugur Koc