I’ve been working through the SC-200 recently. I’ve picked out some of the video and interactive walkthrough guides that demonstrate some of the functionality for anyone who is new to the product.

Getting Started

Overview

When starting out with Microsoft Threat Protection it’s useful to get an overview of the components and services that create the platform.

Microsoft Defender ATP had the products rebranded, this public document highlights the old and new product names.

Defender Services Overview

Defender Products Interaction

The diagram below shows how Microsoft’s Defender products interact with different areas of the kill chain and help mitigate threats.

Here’s a nice page from Microsoft that includes some short sharp videos to get going for Defender for Endpoint

Short & sweet educational videos on Microsoft Defender for Endpoint – Microsoft Tech Community

Labs

It may be useful to set up a lab during the process of learning, Microsoft provides some resources for this

Evaluate Microsoft 365 Defender | Microsoft Docs

Microsoft Defender for Endpoint evaluation lab | Microsoft Docs

Prepare your Microsoft 365 Defender trial lab environment | Microsoft Docs

Threat and vulnerability Management

Explore how to reduce organizational risk with Threat and Vulnerability Management

Practice security administration – Learn | Microsoft Docs

Reduce organizational risk with threat vulnerability management

Understand Threat and Vulnerability Management – Learn | Microsoft Docs

Explore how to investigate and remediate threats with Microsoft Defender for Endpoint

Hunt threats within your network – Learn | Microsoft Docs

M365 Defender

Protect your organization with Microsoft 365 Defender

Understand the evolving threat landscape – Learn | Microsoft Docs

Safeguard your organization with Microsoft Defender for Office 365

Configure, protect, and detect – Learn | Microsoft Docs

Detect suspicious activities and potential attacks with Microsoft Defender for Identity

Introduction to Microsoft Defender for Identity – Learn | Microsoft Docs

Investigate and respond to attacks with Microsoft Defender for Identity

Review compromised accounts or data – Learn | Microsoft Docs

Cloud App Security

Discover, protect and control your apps with Cloud App Security

https://docs.microsoft.com/en-us/learn/modules/microsoft-cloud-app-security/walkthrough

Detect threats and manage alerts with Cloud App Security

https://docs.microsoft.com/en-us/learn/modules/microsoft-cloud-app-security/detect-threats

Insider Threats

Minimize internal risks with insider risk management in Microsoft 365

Take action on insider risk alerts through cases – Learn | Microsoft Docs

Kusto Query Language

Logs – Microsoft Azure

Training References

SC-200 part 1: Mitigate threats using Microsoft Defender for Endpoint – Learn | Microsoft Docs
SC-200 part 2: Mitigate threats using Microsoft 365 Defender – Learn | Microsoft Docs
SC-200 part 3: Mitigate threats using Azure Defender – Learn | Microsoft Docs
SC-200 part 4: Create queries for Azure Sentinel using Kusto Query Language (KQL) – Learn | Microsoft Docs
SC-200 part 5: Configure your Azure Sentinel environment – Learn | Microsoft Docs
SC-200 part 6: Connect logs to Azure Sentinel – Learn | Microsoft Docs
SC-200 part 7: Create detections and perform investigations using Azure Sentinel – Learn | Microsoft Docs
SC-200 part 8: Perform threat hunting in Azure Sentinel – Learn | Microsoft Docs

Azure Network Security Ninja Training
Azure Security Center Ninja Training
Azure Sentinel Ninja Training
Microsoft 365 Defender Ninja Training
Microsoft Cloud App Security Ninja Training
Microsoft Defender for Endpoint Ninja Training
Microsoft Defender for Identity Ninja Training
Microsoft Defender for Office 365 Ninja Training
Microsoft Cloud Workshop

Documents

https://aka.ms/mdatpdocs
https://aka.ms/mdatpdocsautoIR

Webinars

Security Community Webinars – Microsoft Tech Community

Microsoft Defender Masterclass

GitHub – JamesGrahamMSFT/DefenderMasterclass1: This is a repository for the Microsoft Defender Masterclass series.
(1) Microsoft Defender Masterclass – YouTube

MITRE ATT&CK Matrix

Mitre Att&ck Framework
Understand security alerts – Learn | Microsoft Docs
Mitre and Att&ck training

Useful Sites

Insider Threat Report – Crowd Research Partners
The “Big Picture” of Insider IT Sabotage Across U.S. Critical Infrastructures (cmu.edu)
Insider Threats in Healthcare (Part 7 of 9: Insider Threats Across Industry Sectors) (cmu.edu)

Community

Join Our Security Community – Microsoft Tech Community

Webinars

Security Community Webinars

Kusto

awesome-azure-learning/kustoquerylanguage.md at master · ddneves/awesome-azure-learning · GitHub

Videos

Microsoft Defender for Endpoint – Getting Started

KQL Training

Kusto Query Lanuage (KQL) from scratch
On-demand webcast series: “Tracking the adversary

Lots of useful content in one place to get you up and running