Microsoft Endpoint Security Academy
Welcome to the Microsoft Endpoint Security Academy. Explore Microsoft endpoint security video sessions delivered directly to partners, detailed learning paths, certifications, and further resources.
Sessions
Protect your IoT/OT infrastructure with Microsoft Defender for IoT. Learn about Defender for IoT's agentless network detection and response (NDR) that is rapidly deployed and interoperable with Microsoft 365 Defender, Microsoft Sentinel, and external Security Operations Center (SOC) tools. Explore differences between IT & OT security and upskill with a detailed demo within Defender for IoT.
In this session, explore how Microsoft Defender for Endpoint protects Android and iOS devices. Learn about configuration options, protection settings, reports and incident investigations.
There has been a long-standing split between ICS/SCADA (OT) and Corporate (IT) cybersecurity. This split was often driven by significant differences in technology/tooling. Microsoft Defender for IoT's integration with Microsoft Sentinel drives convergency by providing a single pane of coverage for both D4IOT (OT) and Microsoft Sentinel (IT) alerting. This solution includes Workbooks and Analytics rules providing a guide for OT detection and analysis.
Learn how Microsoft Sentinel and Microsoft Defender for IoT are driving together a convergence of OT and corporate cybersecurity disciplines in defense of critical infrastructure. This session provides the foundation for building a SOC geared towards IoT/OT monitoring and is globally applicable for organizations defending both IT/OT-based networks.
In this session, explore the benefits of connecting Microsoft Defender for IoT for OT/ICS environments to the cloud. Learn about the security and manageability aspects of cross-platform integrations.
Learn about integration of Microsoft Defender for IoT with ServiceNow’s Operational Technology (OT) Manager. With this integration, organizations can enrich their existing ServiceNow CMDB with detailed information about specialized OT assets such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Assets auto-discovered agentlessly by Defender for IoT are shared seamlessly with the CMDB, along with their properties such as Purdue Level, device manufacturer, type, firmware level, IP/MAC, etc.
Introducing a new ICS security solution into your organization and expanding the SOC team responsibilities to incorporate IoT/OT network security requires preparations. Explore the recommended best practices for implementing IoT/OT SOC workflows across your organization.
Microsoft Defender for IoT sensors are deployed on-premises to monitor your OT networks. In this session, will overview the security advantages of managing these sensors via the Azure portal.
Security teams invest heavily in bringing security-related telemetry data into a single place, with the vision of "one XDR to rule them all." However, many overlook the bulk of the network that remains obscure - IoT and unmanaged devices. Review how Microsoft Defender for IoT integrates with M365D to complete the XDR story with IoT visibility, assessment, and security.
With the Open Development Environment (ODE), you will be able to quickly support 100% of protocols used in OT, IoT and ICS environments (including custom or proprietary protocols that are not to be shared with the outside world). Deep packet inspection in the Defender for IoT platform can be easily extended by developing plug-ins that use the Horizon ODE for deep packet inspection. A patent has been granted to Microsoft for innovative, ICS-aware threat analytics and machine learning algorithms relating to OT/IoT/ICS security.
How to Discover and Secure IoT Devices in the Enterprise Environment with Microsoft Defender for IoT
In this session, learn how Microsoft Defender for IoT is leveraging multiple data sources (including an agentless solution and Microsoft Defender for Endpoints) to discover and secure IoT devices in enterprise networks. Printers, cameras, VoIP phones and other unmanaged devices are posing an increasing risk to enterprises, and the need to identify and protect, becomes a cardinal priority for security teams.
Microsoft's Section 52 is the Global IoT/OT research team. It consists of reverse engineers and threat researchers focusing their hunting IoT and OT related threats. In this session, explore Section 52's techniques for investigating potentially malicious Ladder Logic code.
Keeping Up
- Microsoft Defender for Endpoint Blog - Microsoft Tech Community
- Microsoft Defender for IoT Blog - Microsoft Tech Community
Learning Path
See the Microsoft 365 Defender Readiness Resources:
See the Threat Protection Readiness Resources for further upskilling:
Feedback
Have a content session recommendation or general feedback? Here’s how to give it:
- Create a documentation issue in GitHub to begin a conversation.
Contributions
We welcome contributors to this project. Please use the GitHub links near the upper right and consider submitting pull requests or filing issues as needed.