Microsoft 365 Defender
Virtual Ninja Trainingwith @HeikeRitter
This training series, based on the Ninja blogs, brings you up-to-date quickly on all things Microsoft 365 Defender. In each episode, our experts guide you through the powerful features and functionality of Microsoft Defender products so you can keep your data, endpoints, and users secure. From the fundamentals to deep dives, the show helps you build your knowledge so that you can optimize security for your organization.

Next episode on September 25
Join us on September 25, 2023 at 9:00AM PT for the next Virtual Ninja Training!
Add to calendar

Download Ninja Cat backgrounds
Add Ninja Cat to your Microsoft Teams meeting using our collection of backgrounds.
Download collectionUpcoming episodes
Improve your security posture with Microsoft Defender Experts for XDR
This episode is about the Microsoft Defender Experts for XDR managed extended detection and response (MXDR) service. Learn how it brings expertise to your team to triage, investigate, and respond to incidents quickly and improve your security posture. Service Delivery Managers Sebastian Molendijk and Meiko Lopez share how they help customers drive security operations center efficiency and help teams stay ahead of emerging threats with an end-to-end, turnkey experience.
Join the discussion and ask questionsGuest:
Meiko Lopez
Microsoft
Sebastien Molendijk
Microsoft
The next evolution of automatic attack disruption
Our season finale is going in-depth on an innovative, industry-first capability that marks a significant step forward for defenders gaining ground against human-operated attacks. Principal Product Manager Noam Hadash and Principal Security Research Lead Yair Tsarfaty will demo a sophisticated attack being automatically disrupted early in the kill chain and show you how your organization can benefit from this protection that’s only possible with Microsoft 365 Defender.
Join the discussion and ask questionsGuest:
Noam Hadash
Microsoft
Yair Tsarfaty
Microsoft
Episodes on demand
Live response
We’re on with Product Manager Lior Liberman and Senior Software Engineer Ameer Tabony to discuss the highly anticipated Live response feature. We will define what it is; learn which platforms support it today; and talk scripts, service limitations, and more. Join us as we share a powerful demo showcasing the script library and learn how analysts can use this tool to their advantage.
View this episode's Q&AGuest:
Ameer Tabony
Microsoft
Lior Liberman
Microsoft
Integrating Microsoft 365 Defender with Azure Logic Apps
A returning guest from season 4, Christos Ventouris, explains the powerful integration of Microsoft 365 Defender with Azure Logic Apps. Learn how these two platforms can automate and optimize your incident response, enhance cybersecurity infrastructure, and improve organizational resilience.
View this episode's Q&AGuest:
Christos Ventouris
Microsoft
Microsoft Defender for Endpoint configuration management deep dive
We’re back with Dan Levy for an in-depth explanation of the Microsoft Defender for Endpoint feature updates introduced in our last episode. Join us to understand what happens on a device that is managed using multiple tools and channels, get recommendations for managing permissions between the Microsoft 365 Defender and Microsoft Intune portal, streamline grouping and targeting efforts, and learn how to mitigate unsupported scenarios.
View this episode's Q&AGuest:
Dan Levy
Microsoft
What’s new in the Microsoft Defender for Endpoint configuration management space?
Join our season 5 opener to catch up on major Microsoft Defender for Endpoint feature updates in public preview. Senior Product Manager Dan Levy presents what’s new in this space, such as endpoint security policies being available in the Microsoft 365 Defender portal; explains how these updates improve the day-to-day activities of security admins.
View this episode's Q&AGuest:
Dan Levy
Microsoft
New Microsoft Teams protection
Celebrate season 4 with us as we venture into our last episode with Daniel Mozes and Malvika Balaraj. We catch up on the latest Microsoft Teams protection features, understanding how they work and how to use them firsthand through a superb demo. You also get to explore the product roadmap to discover where things are headed when it comes to additional protection in Microsoft Teams.
View this episode's Q&AGuest:
Daniel Mozes
Microsoft
Malvika Balaraj
Microsoft
Near-real-time detections in Microsoft 365 Defender
Learn about Microsoft 365 Defender’s exciting public preview feature – near real-time (NRT) custom detection rules. Senior Product Manager, Christos Ventouris, dives into the value of these detections and how they can be leveraged to allow you to keep up with attackers and mitigate threats as fast as possible.
View this episode's Q&AGuest:
Christos Ventouris
Microsoft
Simplified SaaS Security deployment with Microsoft Defender for Cloud Apps
Senior Product Manager Keith Fleming brings you up to speed on the evolution and growth of Microsoft Defender for Cloud Apps. Learn about the significance of shifting from the traditional CASB to a SaaS security perspective and get to know the few simple steps it takes to enable Defender for Cloud Apps in your environment.
View this episode's Q&AGuest:
Keith Fleming
Microsoft
Incident response: investigating a ransomware incident Part 2
Just like that, our mini-series wraps up! Corina is back to provide an epic finale to our ransomware investigation. A continuation of the previous episode, here she shows how to remediate and prevent future ransomware attacks against your organization.
View this episode's Q&AGuest:
Corina Feuerstein
Microsoft
Incident response: investigating a ransomware incident Part 1
Join our first incident response investigation focused on a ransomware attack. Tune into our discussion with Principal Product Manager Corina Feuerstein as she unveils the various components of an attack and the containment measures to take when you have been affected.
View this episode's Q&AGuest:
Corina Feuerstein
Microsoft
Incident response: business email compromise
Principal Security Researcher Pawel Partyka continues our incident response studies as he shares the necessary skills to manage business email compromise incidents like an expert using Microsoft 365 Defender.
View this episode's Q&AGuest:
Pawel Partyka
Microsoft
Incident response: malware investigations
Deepen your incident response knowledge with this episode, focused on malware investigations. DEX-XDR threat hunter and Principal Security Researcher Michael Melone introduces you to the incident response playbook for managing malware incidents effectively.
View this episode's Q&AGuest:
Michael Melone
Microsoft
Incident response: investigation capabilities in Microsoft 365 Defender
Season 4 begins with our first mini-series, focused on incident response. In this episode, Oren Saban shares how to efficiently pivot through an incident in Microsoft 365 Defender. His demo will equip you with tools to investigate incidents efficiently, focus on affected entities, and defend against threats in your environment.
View this episode's Q&AGuest:
Oren Saban
Microsoft
Identity threat detection and response
We’re wrapping up season 3 by adding another acronym to your repertoire! Or Tsemah breaks down what identity threat detection and response (ITDR) is and how this tool protects one of our most valuable and difficult-to-protect assets, our identities. Come with us as we dig into the importance of threat detection and response in the Microsoft 365 Defender portal, investigate some cyberattacks, and learn how to identify identities that pose threats to your environment.
Guest:
Or Tsemah
Microsoft
Attack disruption
Cyber Security Principal Product Manager Hadar Feldman is with us for a comprehensive walkthrough of the many capabilities in Microsoft 365 Defender that help disrupt attacks. Join us to learn more on how Microsoft 365 Defender automatically detects, disrupts, and defends against attacks.
Guest:
Hadar Feldman
Microsoft
Get to know the Microsoft Defender Vulnerability Management Premium Capabilities
Here we examine the Microsoft Defender Vulnerability Management key components alongside security professional, Brandon Lawson. We’re defining several critical assessments, applications, and analyses so you can more confidently understand how to protect and defend your environment.
Guest:
Brandon Lawson
Microsoft
Microsoft Defender for Identity and Defender for Endpoint: Better together
Led by security professional Daniel Naim, this episode explains the advantages of using Microsoft Defender for Identity and Defender for Endpoint together. Through a demo in the Microsoft 365 Defender portal, Daniel highlights how this unified product experience helps customers protect their organization’s identities and improve their overall security posture.
Guest:
Daniel Naim
Microsoft
SaaS security posture management (SSPM)
Join us as we learn about Microsoft Defender for Cloud Apps SSPM. David Mallett simplifies the initial deployment of this security feature, guides us through the integration of SaaS security and cloud access security brokers, and even explains how to avoid misconfigurations. Tune in to this episode as we learn why security posture is crucial for any organization.
Guest:
David Mallet
Microsoft
Mobile Threat Defense
Product expert, Yuji Aoki, shares key threat defense capabilities within Microsoft Defender for Endpoint for iOS and Android. From a complete onboarding walkthrough to a live demo to showcase the user experience, don’t miss these insights on how to best protect your mobile devices.
Guest:
Yuji Aoki
Microsoft
Defender Experts for Hunting Overview
Learn about Microsoft Defender Experts for Hunting—a service that proactively looks for threats 24/7/365, prioritizing significant threats and improving your SOC’s overall responsiveness. Join the conversation, where product experts Steve Lee and Elisa Lippincott discuss the Defender Experts for Hunting service and other essential threat-hunting capabilities.
Guest:
Elisa Lippincott
Microsoft
Steve Lee
Microsoft
Microsoft Sentinel integration
Together with Sentinel in the Field host Javier Soriano, we provide an overview of Microsoft Sentinel and discuss the integration points within Microsoft 365 Defender, showcasing bidirectional synchronization of incidents, demonstrating how to stream advanced hunting tables to Microsoft Sentinel, and examining remediation playbooks for Microsoft 365 Defender.
Guest:
Javier Soriano
Microsoft
Mastering Email Authentication and Slashing Overrides Part 2
Dive deeper into Microsoft Defender for Office 365 to better understand the complexities behind false-positives and false-negatives in email. Part 2 of this series outlines practices you can put in place now to prevent malicious, spam, or phishing emails in your environment.
Guest:
Paul Newell
Microsoft
Mastering Email Authentication and Slashing Overrides Part 1
Paul Newell shares the importance of using Microsoft Defender for Office 365 to implement email authentication practices. Find out how poor practices can cause false-positives, how overrides can cause false-negatives, and how standards can affect your organization’s incoming email.
Guest:
Paul Newell
Microsoft
Microsoft 365 Defender MVP special
In this special episode, Heike and colleagues talk with two of our MVPs to discuss their experience as MVPs. They’ll even share tips and tricks so that you can become an MVP, too! This episode is the perfect way to round out the year.
Guests:
Katie Ryckman
Microsoft
Ben Harris
Microsoft
Urja Gandhi
Microsoft
Joe Stocker
MVP
Fabian Bader
MVP
Enterprise IoT overview
Discover how Microsoft Defender for IoT can help enterprises monitor assets and risks across their entire IoT environment. Join us as our expert, Nimrod Aldaag, talks about the lates product capabilities.
Guest:
Nimrod Aldaag
Microsoft
Microsoft Defender for Cloud Apps deep dive
Caroline Lee is back to give you a deeper dive into Microsoft Defender for Cloud Apps, including capabilities such as information protection, user scoring, Advanced Hunting, and app governance. Don’t miss this one!
Guest:
Caroline Lee
Microsoft
Microsoft Defender for Cloud Apps Overview
Caroline Lee joins us to give you a guided tour of Microsoft Defender for Cloud Apps. Learn how discovery works, dive into connectors, learn to define policies, and more.
Guest:
Caroline Lee
Microsoft
Microsoft 365 Defender overview
Microsoft 365 Defender is an integrated, cross-domain threat detection and response solution that provides coordinated, automatic defense to block threats before they become attacks. Join us to get to know the components and capabilities of Microsoft 365 Defender.
Guest:
Kim Kischel
Microsoft
Microsoft Defender for Endpoint on Linux
Resident Microsoft Security expert John Nix discusses the end-to-end process for installing, configuring, and managing Microsoft Defender for Endpoint on the Linux devices in your enterprise that use.
Guest:
John Nix
Microsoft
Spearfishing and phishing defense
Discover the best ways to defend your enterprise email against general and targeted phishing attacks in Microsoft Defender for Office 365.
Guest:
Ben Harris
Microsoft
Microsoft Defender for Endpoint on macOS
Security expert and threat hunter Michael Malone describes the installation, configuration, and management of Microsoft Defender for Endpoint on macOS devices.
Guest:
Michael Melone
Microsoft
Attack simulation training
Attack simulation training is an intelligent phish risk reduction tool that empowers employees to prevent attacks, measures their awareness of phishing risks, and provides actionable insights and recommendations that can change their behavior. Learn how to use attack simulation training right in Microsoft Defender for Office 365.
Guest:
Brandon Koeller
Microsoft
Reporting in Microsoft Defender for Endpoint
Discover the out-of-the-box reporting capabilities you get with Microsoft Defender for Endpoint, and learn how they can help you spot trends in your environment. You’ll also learn how to use Power BI and Microsoft Defender for Endpoint rich APIs to extend these capabilities.
Guest:
Jake Mowrer
Microsoft
Microsoft Threat Experts
Microsoft Threat Experts provide your security operations center with expert-level monitoring, analysis, and support to identify and respond to critical threats in your unique environment. In this episode, we discuss how this service works and how to get started with Experts on Demand.
Guest:
Steve Newby
Company
Automated investigation and response
Automated investigation and response uses inspection algorithms to examine alerts, determine whether the threat requires action, and perform necessary remediation actions. Learn how automation handles and resolves alerts, enabling security operations experts to focus on more sophisticated threats and other high-value initiatives.
Guest:
Jesse Esquivel
Microsoft
The investigation experience
The incidents queue provides high-level information about each incident and is the starting point for your threat investigations. In this episode, we bring you a deeper look into working with incidents and alerts, the rich machine time line, and various other tools that enhance your investigation experience.
Guest:
Michael Melone
Microsoft
Next-generation protection
Microsoft Defender Antivirus is a major component of Microsoft Defender for Endpoint. This next-generation protection brings together machine learning, big data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect endpoints in your organization. Learn how Microsoft’s next-generation antivirus help secure your devices.
Guest:
Paul Huijbregts
Microsoft
Attack surface reduction
Learn about the features in Microsoft Defender for Endpoint that help you eliminate risks by reducing your attack surface—without reducing user productivity. In this session, we show you how attack surface reduction can minimize your organization’s susceptibility to cyber threats and attacks.
Guest:
Jeff Cook
Microsoft
Threat and vulnerability management
Threat and vulnerability management discovers vulnerabilities and misconfigurations on your endpoints and provides actionable insights that help you quickly remediate threats and vulnerabilities in your environment. Learn how you can use the threat and vulnerability management in Microsoft Defender for Endpoint to improve your organization’s security posture.
Guest:
Mark Thomas
Microsoft
Get started with Microsoft Defender for Endpoint
In this episode, we dive into the most common features and scenarios to help get you started fast with your tenant. You get an overview of your control center: the unified Microsoft 365 Defender portal, role-based access control, granting permissions, and the built-in evaluation lab.
Guest:
Dean Pickering
Microsoft
Resources:
Start your trialGet to know Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is a comprehensive solution for preventing, detecting, and automating the investigation of and response to threats against endpoints. Join us for this first episode to get to know Microsoft Defender for Endpoint components and capabilities.
Guest:
John Nix
Microsoft
Resources:
Episode 1 (PPTX)