Microsoft Defender XDR

Explore how Microsoft Defender XDR detects and responds to real-world attack techniques—from initial access to lateral movement—using live lab scenarios.

Microsoft Defender XDR is built to correlate threat signals across endpoints, identities, email, and cloud apps. This module walks you through the attacker kill chain step-by-step, helping you understand how different stages of an attack surface in Defender tools. Across the module, you'll investigate alerts and signals related to Initial Access, Privilege Escalation, Lateral Movement, and more. By working through real-world scenarios, you'll develop hands-on experience with Microsoft Defender for Endpoint and Identity, building the skills needed to detect, investigate, and respond to complex threats using XDR.

XDR: Introduction

This room will introduce you to the Microsoft Defender XDR portal and how to navigate around the portal.

XDR: Defense Evasion

Detect and investigate techniques that adversaries use to avoid detection with Defender XDR.

XDR: Privilege Escalation

Detect and investigate privilege escalation with Defender XDR.

XDR: Lateral Movement

Detect and investigate techniques malicious actors use to enter and control systems on a network using Defender XDR.

XDR: Execution

Investigate and prevent techniques that run malicious code on local or remote systems using Defender XDR.

Need to know

KQL

Get hands-on with analysing security logs to detect and investigate threats efficiently using KQL.

Next steps

Azure Security Challenges

Test your skills across red and blue team scenarios in Azure. This challenge-based module covers a mix of offensive and defensive tasks designed to sharpen your real-world Azure security expertise.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).