Secure your organization with Microsoft Defender for Endpoint

Security Operations Analyst
Security Engineer
Microsoft 365
Microsoft Defender for Endpoint

This learning path provides an overview of Microsoft Defender for Endpoint and how to use it as part of a cybersecurity solution. Microsoft Defender for Endpoint can help you prevent, detect, investigate, and respond to threats across your organization's endpoints – your devices and systems.

Endpoint detection and response (EDR) capabilities provide advanced attack detections that are near real-time and actionable. When you implement EDR in your environment, your security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take action to remediate threats.

The deadline for agencies to adopt government-wide EDR approaches based on OMB requirements, per section 7 of the Executive Order on Improving the Nation's Cybersecurity, is September 9, 2021.

Microsoft Defender for Endpoint for US Government customers, built in the Azure US Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial and is based on the same prevention, detection, investigation, and remediation. However, there are some differences in the capabilities available for this offering. If you’re using Microsoft Defender for Endpoint as part of your cybersecurity solution, per the Executive Order, be sure to review the differences as you build your plan.


  • An understanding of basic security concepts

Modules in this learning path

Learn about Microsoft Defender for Endpoint and its key capabilities, such as threat and vulnerability management, attack surface reduction, automated investigation and remediation, endpoint detection and response, and more.

Learn about the different capabilities you can use to evaluate endpoint security using Microsoft Defender for Endpoint including the evaluation lab, the simulation gallery, different types of attack simulation scenarios, and more.

Learn about the three-phase process to onboard your organization to Microsoft Defender for Endpoint.

Learn about Microsoft Defender for Endpoint capabilities, such as threat and vulnerability management, exposure score, Microsoft Secure Score for devices, and security recommendations, so you can identify vulnerabilities across your devices and remediate them to strengthen your security posture.

Learn how to reduce potential attack surfaces across your environment with Microsoft Defender for Endpoint. Capabilities include application control, network protection, hardware-based isolation, controlled folder access, and web protection.

Learn about next-generation protection in Microsoft Defender for Endpoint including behavior-based, heuristic, and real-time antivirus protection, cloud-delivered protection, dedicated protection and product updates, and more.

Learn how to detect and respond to security issues using Microsoft Defender for Endpoint with the help of features and capabilities such as the incident queue, alerts queue, response actions on devices and files, and Live Response.

Learn how automated investigation and remediation (AIR) work in Microsoft Defender for Endpoint. You'll learn about concepts, including automation levels, how automated investigations are triggered, how to review investigation findings, and how automated remediation actions work.

Learn about the different reporting capabilities in Microsoft Defender for Endpoint including the threat protection report, vulnerable devices report, device health and compliance reports, custom reports, and threat analytics.