This lab guide covers the complete Microsoft Defender security suite — the essential course for any Microsoft security professional. Starting from Defender for Office 365 email policies and attack simulations, through cloud app discovery and CASB controls, endpoint security baselines in Intune, on-premises identity threat detection, and all the way to multi-cloud security posture management and advanced KQL threat hunting. Every lab includes step-by-step instructions and production screenshots from a real Microsoft 365 and Azure environment at abdelwahed.me.
📧
Defender for Office 365
Anti-phishing, anti-spam, Safe Links, Safe Attachments, preset security policies, and attack simulation training.
☁️
Defender for Cloud Apps
CASB visibility, cloud discovery, shadow IT detection, policy templates, OAuth app control, and activity logs.
💻
Defender for Endpoint
Intune security baselines, antivirus management, disk encryption, firewall policies, and conditional access.
🆔
Defender for Identity
On-premises AD monitoring, Pass-the-Hash/Ticket detection, honeypot accounts, and VPN sign-in correlation.
🛡️
Defender for Cloud
CSPM, multi-cloud onboarding for AWS and GCP, secure score, regulatory compliance, and workload protections.
🔍
Advanced Hunting & Action Center
KQL threat hunting queries, custom detection rules, Entra ID Protection, and automated incident response.
01Microsoft Defender for Office 365 — Key Features & OverviewEmail
02Preset Security Policies — Standard vs Strict ProtectionEmail
03Setting Up Preset Security Policies in the Defender PortalEmail
04Attack Simulation Training — Launch & Monitor Phishing SimulationsEmail
05Threat Explorer — Investigate & Take Action on Email ThreatsEmail
06Microsoft Defender for Cloud Apps — CASB OverviewCloud Apps
07Cloud Discovery — Shadow IT Reports & Snapshot UploadCloud Apps
08Policy Templates & Policy Management in Cloud AppsCloud Apps
09Create Activity Policy to Detect Repeated Downloads & DeletesCloud Apps
10Activity Log & Cloud App CatalogCloud Apps
11Microsoft Defender for Endpoint — Intune Security BaselinesEndpoint
12Create Security Baseline Profile for Windows 10 and LaterEndpoint
13Managing Antivirus, Disk Encryption & Firewall via IntuneEndpoint
14Conditional Access Policies in Intune & Entra IDEndpoint
15Microsoft Defender for Identity — AD Sensors & Entity TagsIdentity
16Microsoft Entra ID Protection — Risk Detection & RemediationIdentity
17Action Center — Centralized Incident ManagementXDR
18Microsoft Secure Score — Posture Measurement & ImprovementCloud
19Microsoft Defender for Cloud — CSPM, CWPP & Secure ScoreCloud
20Environment Settings, Defender Plans, AWS & GCP OnboardingCloud
21Regulatory Compliance, Security Policies & Cloud Security ExplorerCloud
22Advanced Hunting with KQL — Queries, Rules & VisualizationHunting
🎓
SC-200 Candidates
Preparing for the Microsoft Security Operations Analyst exam with real portal lab practice.
🔐
Security Analysts
SOC engineers and security admins managing Microsoft 365 and Azure Defender environments.
☁️
Cloud Architects
Professionals designing secure multi-cloud environments with Microsoft Defender at the core.
Version24.12
·
Pages39
·
PlatformMicrosoft 365 Defender
·
Portalsecurity.microsoft.com
·
AuthorAhmed Abdelwahed
Download the Complete Guide
39 pages covering the full Microsoft Defender security suite — step-by-step labs, real portal screenshots, zero fluff. Free to download.
