MEAPSA

Perform device investigations in Microsoft Defender for Endpoint

Microsoft Defender for Endpoint provides detailed device information, including forensics information. Learn about information available to you through Microsoft Defender for Endpoint that will aid in your investigations.

Security Operations Analyst

Microsoft 365

Defender Endpoint

Windows Security

Module Objectives

Upon completion of this module, the learner will be able to:

Use the device page in Microsoft Defender for Endpoint
Describe device forensics information collected by Microsoft Defender for Endpoint
Describe behavioral blocking by Microsoft Defender for Endpoint

Units

Introduction min
Use the device inventory list min
Investigate the device min
Use behavioral blocking min
Detect devices with device discovery min
Knowledge check min
Summary and resources min

Prerequisites

Intermediate understanding of Windows 10.