Microsoft Sentinel & Defender XDR
Virtual Ninja Trainingwith Heike Ritter and Javier Soriano
This training series, based on the Ninja blogs, brings you up-to-date quickly on all things Microsoft Sentinel & Defender XDR. In each episode, our experts guide you through the powerful features and functionality of Microsoft Defender products so you can keep your data, endpoints, and users secure. From the fundamentals to deep dives, the show helps you build your knowledge so that you can optimize security for your organization.
More episodes coming soon
Stay tuned for more details about our upcoming season!
Download Ninja Cat backgrounds
Add Ninja Cat to your Microsoft Teams meeting using our collection of backgrounds.
Download collectionEpisodes on demand
Filter episodes
Attack Disruption: Live demo
This episode features Threat Hunter and Microsoft MVP Mattias Borg as he explains the anatomy of an attack. Through a live demo of an attack in action, gain exclusive insights into what attackers do behind the scenes, the tools they use and how Microsoft Defender steps up to counter these threats, offering a robust defense to help keep your organization secure.
Guest:
Mattias Borg
Microsoft MVP
Azure Network Security: A Closer Look at Azure DDoS Protection
In this episode, special guest host Andrew Mathu welcomes Senior Product Manager Saleem Bseeu to explore Azure DDoS Protection and its powerful capabilities for protecting applications and services from Distributed Denial of Service (DDoS) attacks. With today’s digital landscape posing constant threats, this discussion highlights the critical role DDoS protection plays in maintaining the security and availability of network infrastructure.
Guest:
Andrew Mathu
Microsoft
Saleem Bseeu
Microsoft
Microsoft Sentinel Data tiering best practices
In this episode product experts Yael Bergman and Maria de Sousa-Valadas introduce the powerful new Auxiliary Logs tier, now in Public Preview and explain how to use Summary rules to aggregate data from any log tier in Microsoft Sentinel and Log Analytics. Tune in to learn the full potential of these features, as well as practical tips and use cases to help you reduce ingestion costs and gain more insights from your verbose logs.
Guest:
Maria de Sousa-Valadas Castaño
Microsoft
Yael Bergman
Microsoft
LIVE AMA: Improving security posture management with Copilot for Security innovations
We are with Senior Product Manager Patrick David in this Live AMA for another opportunity to ask questions about the Microsoft Purview innovations unveiled at Ignite.
Guest:
Patrick David
Microsoft
Defender for Endpoint RDP Telemetry
In this episode Cyber Security Researcher Danielle Kuznets Nohi and Senior Product Manager Saar Cohen join us to discuss the importance of Remote Desktop Protocol in Human Operated Attacks considering the current threat landscape. Through a demo, witness critical visibility enhancements made to this important layer of telemetry and learn the powerful capabilities of this tool to identify vulnerable assets and provide deeper threat insights.
Guest:
Danielle Kuznets Nohi
Microsoft
Saar Cohen
Microsoft
LIVE AMA: Defender XDR’s Data Security Context with Insider Risk Management
Join Microsoft experts Maayan Magenheim and Sravan Kumar Mera for a Live AMA as they answer all your questions related to the new Insider Risk Management (IRM) integration with Defender XDR.
Guest:
Maayan Magenheim
Microsoft
Sravan Kumar Mera
Microsoft
Improving security posture management with Copilot for Security innovations
Senior Product Manager Patrick David returns to share the latest innovations of Copilot for Security in Microsoft Purview recently announced at Ignite. Join us to explore how these key features can be used to help tackle business challenges, streamline operations, and accelerate investigations.
Guest:
Patrick David
Microsoft
Unlocking Advanced Cloud Detection & Response capabilities for containers
Learn how the Microsoft Cloud Detection & Response solution empowers SOCs with faster, deeper investigations through near real-time detections, new cloud-native responses, and rich log collection. In this episode Product Managers Maayan Magenheim and Daniel Davrayev demo a real container related incident to show how these new capabilities enhance the entire incident response process, bridging knowledge gaps and proactively securing containerized workloads across multi-cloud environments.
Guest:
Daniel Davrayev
Microsoft
Maayan Magenheim
Microsoft
Defender XDR’s Data Security Context with Insider Risk Management
Join us as product experts Maayan Magenheim and Sravan Kumar Mera showcase the Public Preview of Microsoft Purview Insider Risk Management (IRM) integration into Defender XDR. Learn how Insider Risk and SOC analysts can now distinguish internal and external threats and gain critical insights, including exfiltration context and user activity tracking. Through a valuable demo, we explore the benefits for incident investigation, threat hunting, the correlation of IRM alerts with other DLP and identity protection alerts and more.
Guest:
Maayan Magenheim
Microsoft
Sravan Kumar Mera
Microsoft
Microsoft Defender for Identity for Entra Connect
In this episode, product experts Lior Shapira and Ayala Ziv explain how Microsoft Defender for Identity sensor for Entra Connect servers enables comprehensive monitoring of synchronization activities between Entra Connect and Active Directory, providing critical insights into potential security threats. Tune in to explore the latest detections and posture recommendations for Entra Connect by learning the importance of protecting hybrid identities and exploring real-world scenarios.
Guest:
Ayala Ziv
Microsoft
Lior Shapira
Microsoft
Bulk Sender Insights in Microsoft Defender for Office 365
In this episode, Senior Product Manager Puneeth Kuthati explains the importance of bulk sender insights within Defender for Office 365. Discover how these insights help differentiate trustworthy bulk senders from potential threats, tackle the challenges of fine-tuning bulk email filters, and strike the right balance to ensure important emails reach your inbox without overwhelming it. By analyzing sender behavior and trends, organizations can strengthen email security, reduce unwanted bulk traffic, and minimize false positives.
Guest:
Puneeth Kuthati
Microsoft
Defender for Office 365: In-depth defense with dual-use scenario
We are joined by Senior Product Manager Manfred Fischer and Cloud Solution Architect Dominik Hoefling to explore the built-in protection mechanisms in Defender for Office 365. Tune into this episode as we dive deep into a dual-use scenario demonstration to learn how customers using third-party email filtering services can still leverage the powerful features and controls of Microsoft Defender for Office 365.
Guest:
Dominik Hoefling
Microsoft
Manfred Fischer
Microsoft
Promptbooks in Copilot for Security
Join us as product experts Mamta Kumar, Amit Ghodke, Patrick David, and Dana Iris Gutkind unveil the latest Promptbooks in Copilot for Security. Get an exclusive demo as we explore the cross-products prompts from Microsoft Entra, Intune, Purview, and Defender.
Guest:
Amit Ghodke
Microsoft
Dana Iris Gutkind
Microsoft
Mamta Kumar
Microsoft
Patrick David
Microsoft
Proactive Protection with Microsoft Security Exposure Management: Part 2
In this episode, we explore Microsoft Security Exposure Management, learning how it quantifies risks, generates reports for key stakeholders, unifies the security stack, and optimizes attack surface management. Join us to discover the tools and processes that power proactive risk management, helping organizations stay ahead of evolving threats.
Guest:
Tomer Teller
Microsoft
Proactive Protection with Microsoft Security Exposure Management: Part 1
In this episode, we explore Microsoft Security Exposure Management, learning how it quantifies risks, generates reports for key stakeholders, unifies the security stack, and optimizes attack surface management. Join us to discover the tools and processes that power proactive risk management, helping organizations stay ahead of evolving threats.
Guest:
Tomer Teller
Microsoft
Defending operational technology (OT) environments with Microsoft Defender XDR
Senior Product Managers Adi Weisberg and Ariel Saghiv share their expertise in this episode, offering valuable guidelines and insights for OT security teams on how to effectively leverage Microsoft Defender XDR capabilities to secure IT and OT environments across your entire digital estate.
Guest:
Adi Weisberg
Microsoft
Ariel Saghiv
Microsoft
Automating Copilot for Security using Logic Apps
Learn how Copilot for Security and Logic Apps now work together to streamline automation, enhance insights, and improve analysis – giving SOC teams more time to focus on what really matters: hunting down threats. In this episode, see a demo that highlights a practical use case, proving why automation is a must for modern security teams. Don’t miss experts Yaniv Shasha and Craig Freyman reveal the potential of these tools to transform your security operations.
Guest:
Craig Freyman
Microsoft
Yaniv Shasha
Microsoft
Demystifying correlations in the Unified Security Operations Platform
In this episode, we dive into the power of correlation – a tool that can give you an edge over attackers through proactive and efficient defense. We’ll explore why incident correlation is essential for enhancing your security operations and how it can help you stay ahead of potential threats. Through Tiander’s demo, you will learn key concepts and strategies needed to successfully align your SOC processes with correlation techniques. Join us for your gateway to correlation clarity.
Guest:
Tiander Turpijn
Microsoft
Simplifying your Microsoft Sentinel migration experience
In this episode, we learn common challenges of SIEM Migration and explore initiatives being taken by Microsoft Sentinel to simplify this process for customers with the SIEM Migration capabilities. With expert guidance from Senior Product Manager Prateek Taneja, we explore the latest support enhancements, including new language translation capabilities and other features designed to ensure a seamless and efficient transition to Microsoft Sentinel.
Guest:
Prateek Taneja
Microsoft
Network Security Protection with Azure Firewall, Azure WAF, and Azure DDoS
Join us for an insightful overview of Azure Network Security, where we introduce the robust protection capabilities of Azure Firewall, Azure Web Application Firewall (WAF), and Azure DDoS Protection. Product Manager Andrew Mathu highlights the key features and benefits of these security products, showcasing how they collectively fortify your network against various threats.
Guest:
Andrew Mathu
Microsoft
Enhancements in Microsoft Defender for multi-tenant and device security management
Join our conversation with Senior Product Managers Maayan Mazig and Ofer Schreiber as they share the new multi-tenant capabilities for managing Defender for Endpoint security settings, extended support for the Unified Security Operations platform, and improved content management within Defender XDR. Don’t miss the demo where we explore the new aggregated view of security policies in the Unified Security Operations Platform, enhancing visibility and control for users.
Guest:
Maayan Mazig
Microsoft
Ofer Schreiber
Microsoft
Unified Security Operations Platform GA launch and exclusive demo
Tune into this episode to gain a comprehensive understanding of the Unified Security Operations platform, now available in GA. Principal Product Manager Tiander guides us through the customer onboarding journey, covering essential pre-setup requirements. Get an exclusive demo of the platform as we explore the integrated features and discuss the significant benefit this platform offers to customers.
Guest:
Tiander Turpijn
Microsoft
Distinguishing security tooling for Microsoft Copilots
In the rapidly evolving landscape of generative AI, Microsoft stands at the forefront with numerous innovative Copilot solutions. Join our discussion with Senior Product Managers Gloria Lee, Maria Young, and Bailey Bercik as they demystify the differences between Copilot for Security and Copilot for Microsoft 365 and discuss use cases for each and the topic of Responsible AI.
Guest:
Bailey Bercik
Microsoft
Gloria Lee
Microsoft
Maria Young
Microsoft
Secure Oauth applications with App governance – Microsoft App to App protection
Join this episode to examine the increase of attacks targeting OAuth applications and learn how App governance can serve as a robust defense mechanism to secure these vulnerable entry points. Senior Product Manager Greg Wiselka guides us through the process of activating App governance, including understanding the necessary licensing requirements, configuring permissions, and managing enterprise applications. You’ll learn practical steps to implement App governance efficiently, as we discuss the built-in threat protection policies available, along with strategies for customizing these policies to fit your specific security needs, ensuring your organization’s applications remain secure and compliant.
Guest:
Greg Wiselka
Microsoft
Edge for Business advances
Join us as product expert Keith Fleming unveils the latest capabilities of the Microsoft Edge Enterprise Browser through Defender for Cloud Apps. Discover how the end user experience has been seamlessly enhanced, devoid of latency or compatibility issues – from session monitoring to control features such as upload, download, and copy-paste actions – enjoy these advancements without the need for a proxy. With the solution now more secure than ever, both admins and end users can effortlessly navigate through functionalities. Tune in to witness a demo of these advancements and heightened security in managing your online activities.
Guest:
Keith Fleming
Microsoft
Harnessing adaptive authentication with Microsoft ITDR (Rescheduled from May 27)
In this episode, Chris Ayres and Daniel Lynch take us through the latest advancements in on-premises MFA capabilities, spotlighting how Microsoft’s ITDR product can apply policies to users that are identified as subject to compromise. Additionally, experience first-hand the integration of Microsoft Defender XDR and Microsoft Entra and how user risk signals can be used to enforce conditional access across both cloud and on-premises applications. With enhanced protection and response features, join us to understand why this topic is a cornerstone of future initiatives.
Guest:
Chris Ayres
Microsoft
Daniel Lynch
Microsoft
Introducing the Copilot for Security Prompting Workshop (Rescheduled from May 15)
Join us as we hear from Senior Cloud Advocate Rod Trent, unveiling and guiding us through his invaluable new Copilot for Security prompting workshop. Tune in for a demo that explores the content, teaches you how to leverage this tool, and ultimately, master the craft of creating effective prompts for security.
Guest:
Rod Trent
Microsoft
Microsoft Defender for Servers integration with Defender Vulnerability Management
Senior Product Manager Tom Janetscheck conducts a valuable demo of Microsoft Defender for Servers, highlighting its seamless integration into Microsoft Defender Vulnerability Management. This episode unravels the complexities surrounding external dependencies and the array of integration options available for Defender Vulnerability Management in Defender for Cloud. Join us as we demystify these essential components of server protection, empowering organizations to enhance the resilience of their digital infrastructure.
Guest:
Tom Janetscheck
Microsoft
Answering Your Questions: Attack Disruption Explained
Attack Disruption is an automated response feature within Microsoft Defender XDR, designed to contain an ongoing attack quickly and effectively by leveraging high-confidence signals from both Microsoft Defender and non-Microsoft products. Since its release, Attack Disruption has garnered significant interest as well as sparked numerous questions regarding the feature. In this episode, Senior Product Manager Christos Ventouris addressees the most frequently asked questions about Attack Disruption and shares clarifications on its functionality.
Guest:
Christos Ventouris
Microsoft
Javier Soriano
Microsoft
New Defender XDR Copilot for Security Capabilities (Rescheduled from May 20)
Since launching the Early Access version of Copilot for Security scenarios for the SOC in October, Microsoft product teams have been diligently expanding and enhancing its capabilities. Tune into this episode to learn the latest advancements, now available in the April release of Copilot for Security GA. We dive into the notable enhancements and new features, such as Guided Response for all incident types, comprehensive device and file summaries, end-user communications, and much more.
Guest:
Corina Feuerstein
Microsoft
Javier Soriano
Microsoft
Exploring Quality Prompting Techniques in Copilot for Security
Join us for this episode to familiarize yourself with quality prompting techniques in Copilot for Security. Learn from our expert, Principal Product Manager Shobhit Garg, as we uncover how precise and strategic prompts can empower Security Professionals to identify gaps, detect vulnerabilities, and plan remediation with the help of Copilot for Security. Don’t miss out on the insightful demo to proactively safeguard your environment against threats and reduce your attack surface area.
Guest:
Shobhit Garg
Microsoft
CISO experience with Copilot for Security
Benjamin Powell, Senior Product Marketing Manager, discusses how Copilot for Security aids Chief Information Security Officers (CISOs) in their vital duties. Join us to learn how this tool assists with tasks such as risk assessment, planning, compliance, investigations, and fostering trust. Through the utilization of Copilot, CISOs can enhance their preparedness with reliable information, ensuring effectiveness from the boardroom to operational settings.
Guest:
Benjamin Powell
Microsoft
Getting started with Copilot for Security
Our focus in this episode is to guide new Copilot for Security license users through this new tool to maximize the knowledge and confidence to be actively engaged right away. Together with Senior Product Manager, Sean Wasonga, we navigate initial steps and dive into essential tasks such as setting permissions and ensuring seamless plugin connections. Join us as we demystify the process and pave the way for a proactive approach to security management.
Guest:
Sean Wasonga
Microsoft
Unified RBAC
Senior Product Manager Gadi Palatchi presents the newly unveiled RBAC model: Microsoft Defender XDR Unified RBAC. Tune in to learn all about the centralized portal which enables administrators to efficiently manage access to Defender data and experiences within the XDR portal, including analysts’ access permissions. Join the conversation as Microsoft endeavors to transition all customers to this new model by year’s end and your feedback on the user experience is invaluable.
Guest:
Gadi Palatchi
Microsoft
Control your copilot for security with custom plug-ins
In this episode, Principal Product Manager Yaniv Shasha unveils how to tailor and manage your copilot for security through custom plug-ins. Through this conversation, learn the concept of RAG (retrieval augment generative) and its role in copilot for security, discover the architecture and criteria for plug-ins, and understand their use of the automation model. Additionally, we explore distinctions between 1st party and 3rd party plug-ins, alongside an insightful demonstration of a custom plug-in, featuring the GEO IP functionality both before and after its integration.
Guest:
Yaniv Shasha
Microsoft
Navigating the threat landscape with Microsoft Defender for Office 365 leadership
Girish Chander, General Manager of Microsoft Security is with us to dive into critical aspects of Microsoft Defender for Office 365. He covers key topics such as current trends, operational scale, recent updates, and customer protection strategies. Don’t miss this opportunity to gain insights into the threat landscape, Microsoft’s email security capabilities, and learn practical advice for customer security to help bolster your organization’s defenses.
Guest:
Girish Chander
Microsoft
Microsoft Defender for Cloud integration into Defender XDR
Join us as we explore the latest announcement regarding the General Availability of Microsoft Defender for Cloud workloads integrated into Defender XDR – enhancing the ability to craft a more complete attack story. Our product experts, Maayan Magenheim and Eran Shitrit guide us through the significant value and additional insights this integration offers to SOC analysts. Together we dive into a detailed demo of the features and functionalities available within the Defender XDR portal and address key questions surrounding the integration, its implications for security operations, and its impact on SOC teams.
Guest:
Eran Shitrit
Microsoft
Maayan Magenheim
Microsoft
Day in the life of a SOC analyst
We are thrilled to welcome back Michael Melone, principal security researcher and DEX-XDR threat hunter! Join us as he navigates a day in the life of a SOC analyst, discussing overhunting and the detection funnel (based on concepts from Michael’s book, Designing Secure Systems) while highlighting key areas for analyst focus amid various hunting challenges. Tune in for crucial insights into optimizing detection effectiveness.
Guest:
Michael Melone
Microsoft
Stay ahead of threats with proactive security – Part 2
Our conversation with Shay Amar continues for a deeper dive into specific scenarios concerning exposure management (Xspm). Join us as we witness another insightful demo within the Microsoft Defender XDR portal, highlighting remediation procedures, exposed entities, strategic grouping tactics, connections for a comprehensive understanding of your environment’s capabilities and more.
Guest:
Shay Amar
Microsoft
Stay ahead of threats with proactive security – Part 1
Stopping cyberattacks at machine speed is crucial, but prevention can be even more powerful. Join this conversation with our expert, Shay Amar, to hear about how the unified security operations platform is expanding with additional proactive security capabilities. Learn how to get visibility across facets of attack surfaces as well as improve and manage your exposure to cyberthreats by consolidating data silos and unifying posture solutions.
Guest:
Shay Amar
Microsoft
Optimizing your SOC’s threat coverage and data value
Senior Product Manager Michal Schechter is with us to introduce SOC optimization, an exciting new feature designed to offer security operations center (SOC) teams’ valuable recommendations for enhancing their environment. The focus is on data value and threat coverage, with the possibility to expand into other categories in the future. Join us as we unveil compelling topics, including ensuring accurate data ingestion into your security information and event management system, optimizing data ingestion and costs, and ensuring comprehensive coverage against pertinent threats.
Guest:
Javier Soriano
Microsoft
Michal Shechter
Microsoft
Microsoft Defender Vulnerability Management: New capabilities for risk mitigation and threat protection
Tune into this episode to hear from expert Ayelet Artzi as she shares the latest advances in Microsoft Defender Vulnerability Management along with best practices to reduce risk and exposure in your hybrid and multicloud environments. Explore current features and gain valuable perspectives on the future vision for Defender Vulnerability Management and security posture management as a whole.
Guest:
Ayelet Artzi
Microsoft
Powershell
Miriam Wiesner, security researcher at Microsoft and author of the book PowerShell Automation and Scripting for Cybersecurity: Hacking and Defense for Red and Blue Teamers, joins us to share some of her valuable scripts. You will be among the first to see exclusive content from her book and useful blue team scripts, which you can use with Live Response, for example.
Guest:
New PowerShell module
Senior Product Manager Martin Schvartzman is with us to introduce the new PowerShell module for Microsoft Defender for Identity. In this episode, we discuss how this tool will make it easier than ever to deploy and configure Defender for Identity at scale and to better protect your organization against identity-based cyber threats.
Guest:
Martin Schvartzman
Microsoft
Protect multi-tenant organizations by using Microsoft Defender XDR
Join our conversation with Product Manager Ofer Schreiber as we dive into the enhanced multitenant capabilities of Microsoft Defender XDR. Together, we learn how Defender XDR for multitenant organizations (MTOs) enables you to safeguard multiple organizations effortlessly from a single pane of glass, driving efficiency and delivering advanced protection for MTOs and managed security service providers.
Guest:
Ofer Schreiber
Microsoft
Announcing new capabilities to protect on-premises resources with MFA via Microsoft Entra Private Access
Our season 6 finale dives into Microsoft Entra Private Access, an identity centric Zero Trust Network Access that secures access to all private applications. Join our discussion with Principal Product Managers Ashish Jain and Navi Beesetti to learn how customers can now extend modern conditional access controls coupled with multifactor authentication, plus single sign-on to all private applications across on-premises, hybrid, and multi-cloud environments from any device. Additionally, discover how Microsoft Entra Private Access offers additional capabilities such as SSH support and remote access, creating a full VPN replacement.
Guest:
Ashish Jain
Microsoft
Navi Beesetti
Microsoft
Demystifying Defender for IoT
Senior Product Manager Vishakha Ghosh joins this episode to guide us through Microsoft Defender for IoT. You learn the best practices for securing operational technology (OT) and industrial control systems (ICSs), and you gain insights into how organizations using this innovative solution can build a consolidated security operations center that can effectively handle both OT and IT alerts. Don’t miss out as we break down the silos between these two critical areas of cybersecurity.
Guest:
Vishakha Ghosh
Company
Deception
We’re diving into another groundbreaking innovation announced at Microsoft Ignite. Microsoft Defender for Endpoint has seamlessly integrated deception as a built-in capability, revolutionizing its Endpoint Detection and Response (EDR) solutions. Returning guest Senior Product Manager Dean Pickering is with us to explain how deception creates an artificial attack surface and deploys AI-generated decoys and lures to captivate and identify adversaries in the early stages of an attack. Join us to learn about high-confidence detections, automatic threat disruption, and upcoming augmented attack disruption capabilities, all without the need for extra deployment or management efforts.
Guest:
Dean Pickering
Microsoft
Gaining control of SAP applications security and automatic attack disruption
For this episode, Javier Soriano is back to host and is joined by Principal Group Product Manager Yoav Daniely to explain the significance of SAP systems and applications and the platform’s ability to handle massive volumes of business-critical data hosted in the cloud or on premises. Learn about the dangers of an SAP system breach; dive into the Microsoft offering to protect SAP applications; get the latest product news; and get the latest on new features and demos, including the new capability of Microsoft Defender + Sentinel to disrupt SAP attacks automatically.
Guest:
Javier Soriano
Microsoft
Security Copilot for SOC analysts – boosting efficiency and expertise with Security Copilot in Microsoft Defender XDR
Returning guest Principal Program Manager Corina Feuerstein highlights the seamless fusion of Microsoft Security Copilot with the Defender XDR platform. Join us for a demo that shines light on the industry-transforming Microsoft Azure OpenAI within Security Copilot, which helps you accelerate investigations to outmaneuver adversaries at scale.
Guest:
Corina Feuerstein
Microsoft
Security Copilot overview
Join us as Product Manager Gabriel Damaschin introduces the capabilities of the highly anticipated Microsoft Security Copilot, driven by cutting-edge generative AI technology. In this episode, we discuss how the extensive capabilities and various applications of this tool enable you to operate at lightning-fast speeds and how Security Copilot extends its valuable support beyond the security operations center.
Guest:
Unifying SIEM & XDR: a new era in SecOps
In this episode—live from Microsoft Ignite—Principal Product Managers Javier Soriano and Tiander Turpijn lead the conversation on the newest unified security operations platform – Microsoft Sentinel & Defender XDR. Learn how this innovation offers you enhanced analyst efficiency by combining security information and event management (SIEM) and extended detection and response (XDR), reducing interruptions through consolidation of duplicate features, and enabling proactive attack detection and disruption across Microsoft and non-Microsoft products.
Guest:
Javier Soriano
Microsoft
Tiander Turpijn
Microsoft
QR Code Phishing Protection
Join our highly anticipated discussion of the latest advancements in QR code phishing protection. Returning guest and Principal Product Lead Brandon Koeller demonstrates the depth and breadth of security challenges associated with QR codes and the steps required for device protection. Don’t miss this valuable episode on how the Microsoft Defender XDR team is building robust protective measures against evolving attack methods so you can stay vigilant in the face of potential malware attacks.
Guest:
Brandon Koeller
Microsoft
Ignite Special
In this special episode, we’re joined by Senior Director of XDR + SIEM Scott Woodgate as he provides a comprehensive recap of the key announcements and highlights from this year’s Microsoft Ignite. From cutting-edge technology developments to game-changing product releases, we break down the most significant takeaways, ensuring that you’re up to speed with the latest innovations in the Microsoft ecosystem. Join us as we explore how these announcements will shape the future of technology and empower businesses worldwide.
Guest:
Scott Woodgate
Microsoft
Advanced Hunting & Data visualization in Microsoft 365 Defender
This episode is about using advanced hunting in Microsoft 365 Defender to transform raw data into insightful visualizations. You will learn the concept of advanced hunting and how to use this powerful feature to track attack surface reduction rules and web protection activities. Kijo Girardi, FastTrack Japan security expert, shares valuable insights into using advanced hunting in practical scenarios to assist security professionals in their daily security operations.
Guest:
Kijo Girardi
Microsoft
Enhanced phishing protection
We’re delighted to begin season 6 focused on the latest advancements in phishing protection. Product Manager Sinclaire Hamilton explains how Microsoft Defender SmartScreen protects the credentials used in your organization and how industry-first technology built into the operating system protects password entries in real time. Learn to configure this enhanced technology, submit feedback on the feature, and see—for the first time—when users in your organization enter unsafe passwords.
Guest:
Sinclaire Hamilton
Microsoft
The next evolution of automatic attack disruption
Our season finale is going in-depth on an innovative, industry-first capability that marks a significant step forward for defenders gaining ground against human-operated attacks. Principal Product Manager Noam Hadash and Principal Security Research Lead Yair Tsarfaty will demo a sophisticated attack being automatically disrupted early in the kill chain and show you how your organization can benefit from this protection that’s only possible with Microsoft 365 Defender.
Guest:
Noam Hadash
Microsoft
Yair Tsarfaty
Microsoft
Improve your security posture with Microsoft Defender Experts for XDR
This episode is about the Microsoft Defender Experts for XDR managed extended detection and response (MXDR) service. Learn how it brings expertise to your team to triage, investigate, and respond to incidents quickly and improve your security posture. Service Delivery Managers Sebastian Molendijk and Meiko Lopez share how they help customers drive security operations center efficiency and help teams stay ahead of emerging threats with an end-to-end, turnkey experience.
Guest:
Meiko Lopez
Microsoft
Sebastien Molendijk
Microsoft
Live response
We’re on with Product Manager Lior Liberman and Senior Software Engineer Ameer Tabony to discuss the highly anticipated Live response feature. We will define what it is; learn which platforms support it today; and talk scripts, service limitations, and more. Join us as we share a powerful demo showcasing the script library and learn how analysts can use this tool to their advantage.
Guest:
Ameer Tabony
Microsoft
Lior Liberman
Microsoft
Integrating Microsoft 365 Defender with Azure Logic Apps
A returning guest from season 4, Christos Ventouris, explains the powerful integration of Microsoft 365 Defender with Azure Logic Apps. Learn how these two platforms can automate and optimize your incident response, enhance cybersecurity infrastructure, and improve organizational resilience.
Guest:
Christos Ventouris
Microsoft
Microsoft Defender for Endpoint configuration management deep dive
We’re back with Dan Levy for an in-depth explanation of the Microsoft Defender for Endpoint feature updates introduced in our last episode. Join us to understand what happens on a device that is managed using multiple tools and channels, get recommendations for managing permissions between the Microsoft 365 Defender and Microsoft Intune portal, streamline grouping and targeting efforts, and learn how to mitigate unsupported scenarios.
Guest:
Dan Levy
Microsoft
What’s new in the Microsoft Defender for Endpoint configuration management space?
Join our season 5 opener to catch up on major Microsoft Defender for Endpoint feature updates in public preview. Senior Product Manager Dan Levy presents what’s new in this space, such as endpoint security policies being available in the Microsoft 365 Defender portal; explains how these updates improve the day-to-day activities of security admins.
Guest:
Dan Levy
Microsoft
New Microsoft Teams protection
Celebrate season 4 with us as we venture into our last episode with Daniel Mozes and Malvika Balaraj. We catch up on the latest Microsoft Teams protection features, understanding how they work and how to use them firsthand through a superb demo. You also get to explore the product roadmap to discover where things are headed when it comes to additional protection in Microsoft Teams.
Guest:
Daniel Mozes
Microsoft
Malvika Balaraj
Microsoft
Near-real-time detections in Microsoft 365 Defender
Learn about Microsoft 365 Defender’s exciting public preview feature – near real-time (NRT) custom detection rules. Senior Product Manager, Christos Ventouris, dives into the value of these detections and how they can be leveraged to allow you to keep up with attackers and mitigate threats as fast as possible.
Guest:
Christos Ventouris
Microsoft
Simplified SaaS Security deployment with Microsoft Defender for Cloud Apps
Senior Product Manager Keith Fleming brings you up to speed on the evolution and growth of Microsoft Defender for Cloud Apps. Learn about the significance of shifting from the traditional CASB to a SaaS security perspective and get to know the few simple steps it takes to enable Defender for Cloud Apps in your environment.
Guest:
Keith Fleming
Microsoft
Incident response: investigating a ransomware incident Part 2
Just like that, our mini-series wraps up! Corina is back to provide an epic finale to our ransomware investigation. A continuation of the previous episode, here she shows how to remediate and prevent future ransomware attacks against your organization.
Guest:
Corina Feuerstein
Microsoft
Incident response: investigating a ransomware incident Part 1
Join our first incident response investigation focused on a ransomware attack. Tune into our discussion with Principal Product Manager Corina Feuerstein as she unveils the various components of an attack and the containment measures to take when you have been affected.
Guest:
Corina Feuerstein
Microsoft
Incident response: business email compromise
Principal Security Researcher Pawel Partyka continues our incident response studies as he shares the necessary skills to manage business email compromise incidents like an expert using Microsoft 365 Defender.
Guest:
Pawel Partyka
Microsoft
Incident response: malware investigations
Deepen your incident response knowledge with this episode, focused on malware investigations. DEX-XDR threat hunter and Principal Security Researcher Michael Melone introduces you to the incident response playbook for managing malware incidents effectively.
Guest:
Michael Melone
Microsoft
Incident response: investigation capabilities in Microsoft 365 Defender
Season 4 begins with our first mini-series, focused on incident response. In this episode, Oren Saban shares how to efficiently pivot through an incident in Microsoft 365 Defender. His demo will equip you with tools to investigate incidents efficiently, focus on affected entities, and defend against threats in your environment.
Guest:
Oren Saban
Microsoft
Identity threat detection and response
We’re wrapping up season 3 by adding another acronym to your repertoire! Or Tsemah breaks down what identity threat detection and response (ITDR) is and how this tool protects one of our most valuable and difficult-to-protect assets, our identities. Come with us as we dig into the importance of threat detection and response in the Microsoft 365 Defender portal, investigate some cyberattacks, and learn how to identify identities that pose threats to your environment.
Guest:
Or Tsemah
Microsoft
Attack disruption
Cyber Security Principal Product Manager Hadar Feldman is with us for a comprehensive walkthrough of the many capabilities in Microsoft 365 Defender that help disrupt attacks. Join us to learn more on how Microsoft 365 Defender automatically detects, disrupts, and defends against attacks.
Guest:
Hadar Feldman
Microsoft
Get to know the Microsoft Defender Vulnerability Management Premium Capabilities
Here we examine the Microsoft Defender Vulnerability Management key components alongside security professional, Brandon Lawson. We’re defining several critical assessments, applications, and analyses so you can more confidently understand how to protect and defend your environment.
Guest:
Brandon Lawson
Microsoft
Microsoft Defender for Identity and Defender for Endpoint: Better together
Led by security professional Daniel Naim, this episode explains the advantages of using Microsoft Defender for Identity and Defender for Endpoint together. Through a demo in the Microsoft 365 Defender portal, Daniel highlights how this unified product experience helps customers protect their organization’s identities and improve their overall security posture.
Guest:
Daniel Naim
Microsoft
SaaS security posture management (SSPM)
Join us as we learn about Microsoft Defender for Cloud Apps SSPM. David Mallett simplifies the initial deployment of this security feature, guides us through the integration of SaaS security and cloud access security brokers, and even explains how to avoid misconfigurations. Tune in to this episode as we learn why security posture is crucial for any organization.
Guest:
David Mallet
Microsoft
Mobile Threat Defense
Product expert, Yuji Aoki, shares key threat defense capabilities within Microsoft Defender for Endpoint for iOS and Android. From a complete onboarding walkthrough to a live demo to showcase the user experience, don’t miss these insights on how to best protect your mobile devices.
Guest:
Yuji Aoki
Microsoft
Defender Experts for Hunting Overview
Learn about Microsoft Defender Experts for Hunting—a service that proactively looks for threats 24/7/365, prioritizing significant threats and improving your SOC’s overall responsiveness. Join the conversation, where product experts Steve Lee and Elisa Lippincott discuss the Defender Experts for Hunting service and other essential threat-hunting capabilities.
Guest:
Elisa Lippincott
Microsoft
Steve Lee
Microsoft
Microsoft Sentinel integration
Together with Sentinel in the Field host Javier Soriano, we provide an overview of Microsoft Sentinel and discuss the integration points within Microsoft 365 Defender, showcasing bidirectional synchronization of incidents, demonstrating how to stream advanced hunting tables to Microsoft Sentinel, and examining remediation playbooks for Microsoft 365 Defender.
Guest:
Javier Soriano
Microsoft
Mastering Email Authentication and Slashing Overrides Part 2
Dive deeper into Microsoft Defender for Office 365 to better understand the complexities behind false-positives and false-negatives in email. Part 2 of this series outlines practices you can put in place now to prevent malicious, spam, or phishing emails in your environment.
Guest:
Paul Newell
Microsoft
Mastering Email Authentication and Slashing Overrides Part 1
Paul Newell shares the importance of using Microsoft Defender for Office 365 to implement email authentication practices. Find out how poor practices can cause false-positives, how overrides can cause false-negatives, and how standards can affect your organization’s incoming email.
Guest:
Paul Newell
Microsoft
Microsoft 365 Defender MVP special
In this special episode, Heike and colleagues talk with two of our MVPs to discuss their experience as MVPs. They’ll even share tips and tricks so that you can become an MVP, too! This episode is the perfect way to round out the year.
Guests:
Katie Ryckman
Microsoft
Ben Harris
Microsoft
Urja Gandhi
Microsoft
Joe Stocker
MVP
Fabian Bader
MVP
Enterprise IoT overview
Discover how Microsoft Defender for IoT can help enterprises monitor assets and risks across their entire IoT environment. Join us as our expert, Nimrod Aldaag, talks about the lates product capabilities.
Guest:
Nimrod Aldaag
Microsoft
Microsoft Defender for Cloud Apps deep dive
Caroline Lee is back to give you a deeper dive into Microsoft Defender for Cloud Apps, including capabilities such as information protection, user scoring, Advanced Hunting, and app governance. Don’t miss this one!
Guest:
Caroline Lee
Microsoft
Microsoft Defender for Cloud Apps Overview
Caroline Lee joins us to give you a guided tour of Microsoft Defender for Cloud Apps. Learn how discovery works, dive into connectors, learn to define policies, and more.
Guest:
Caroline Lee
Microsoft
Microsoft 365 Defender overview
Microsoft 365 Defender is an integrated, cross-domain threat detection and response solution that provides coordinated, automatic defense to block threats before they become attacks. Join us to get to know the components and capabilities of Microsoft 365 Defender.
Guest:
Kim Kischel
Microsoft
Microsoft Defender for Endpoint on Linux
Resident Microsoft Security expert John Nix discusses the end-to-end process for installing, configuring, and managing Microsoft Defender for Endpoint on the Linux devices in your enterprise that use.
Guest:
John Nix
Microsoft
Spearfishing and phishing defense
Discover the best ways to defend your enterprise email against general and targeted phishing attacks in Microsoft Defender for Office 365.
Guest:
Ben Harris
Microsoft
Microsoft Defender for Endpoint on macOS
Security expert and threat hunter Michael Malone describes the installation, configuration, and management of Microsoft Defender for Endpoint on macOS devices.
Guest:
Michael Melone
Microsoft
Attack simulation training
Attack simulation training is an intelligent phish risk reduction tool that empowers employees to prevent attacks, measures their awareness of phishing risks, and provides actionable insights and recommendations that can change their behavior. Learn how to use attack simulation training right in Microsoft Defender for Office 365.
Guest:
Brandon Koeller
Microsoft
Reporting in Microsoft Defender for Endpoint
Discover the out-of-the-box reporting capabilities you get with Microsoft Defender for Endpoint, and learn how they can help you spot trends in your environment. You’ll also learn how to use Power BI and Microsoft Defender for Endpoint rich APIs to extend these capabilities.
Guest:
Jake Mowrer
Microsoft
Microsoft Threat Experts
Microsoft Threat Experts provide your security operations center with expert-level monitoring, analysis, and support to identify and respond to critical threats in your unique environment. In this episode, we discuss how this service works and how to get started with Experts on Demand.
Guest:
Steve Newby
Company
Automated investigation and response
Automated investigation and response uses inspection algorithms to examine alerts, determine whether the threat requires action, and perform necessary remediation actions. Learn how automation handles and resolves alerts, enabling security operations experts to focus on more sophisticated threats and other high-value initiatives.
Guest:
Jesse Esquivel
Microsoft
The investigation experience
The incidents queue provides high-level information about each incident and is the starting point for your threat investigations. In this episode, we bring you a deeper look into working with incidents and alerts, the rich machine time line, and various other tools that enhance your investigation experience.
Guest:
Michael Melone
Microsoft
Next-generation protection
Microsoft Defender Antivirus is a major component of Microsoft Defender for Endpoint. This next-generation protection brings together machine learning, big data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect endpoints in your organization. Learn how Microsoft’s next-generation antivirus help secure your devices.
Guest:
Paul Huijbregts
Microsoft
Attack surface reduction
Learn about the features in Microsoft Defender for Endpoint that help you eliminate risks by reducing your attack surface—without reducing user productivity. In this session, we show you how attack surface reduction can minimize your organization’s susceptibility to cyber threats and attacks.
Guest:
Jeff Cook
Microsoft
Threat and vulnerability management
Threat and vulnerability management discovers vulnerabilities and misconfigurations on your endpoints and provides actionable insights that help you quickly remediate threats and vulnerabilities in your environment. Learn how you can use the threat and vulnerability management in Microsoft Defender for Endpoint to improve your organization’s security posture.
Guest:
Mark Thomas
Microsoft
Get started with Microsoft Defender for Endpoint
In this episode, we dive into the most common features and scenarios to help get you started fast with your tenant. You get an overview of your control center: the unified Microsoft 365 Defender portal, role-based access control, granting permissions, and the built-in evaluation lab.
Guest:
Dean Pickering
Microsoft
Resources:
Start your trialGet to know Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is a comprehensive solution for preventing, detecting, and automating the investigation of and response to threats against endpoints. Join us for this first episode to get to know Microsoft Defender for Endpoint components and capabilities.
Guest:
John Nix
Microsoft
Resources:
Episode 1 (PPTX)Upcoming episodes
More episodes coming soon
Stay tuned for more details about our upcoming season.