EDR Interview Questions and Answers: • EDR Interview Question...
Here's a tutorial on Microsoft Defender for Endpoint (MDE) and Microsoft Defender XDR, presented in a question-and-answer format to help you learn and prepare for interviews. This is part 1, with part 2 coming up. It includes practical examples of how and why to use MDE and Microsoft Defender XDR.
Topics covered in this video:
• What are the services provided by the Microsoft 365 Defender suite and Microsoft Defender XDR?
• What is Microsoft Defender XDR?
• What us Microsoft 365 Defender suite?
• Microsoft Defender for Endpoint Overview
• What are the capabilities of MDE? Core Defender Vulnerability Management, Threat Management, Attack Surface Reduction, Next-generation protection, endpoint detection and response, automated investigation and remediation, and Microsoft threat experts.
• How to onboard clients or devices to MDE using a local script?
• How to onboard multiple clients or devices to MDE via Intune? Bulk Onboard devices to MDE via Intune.
• What is Device Discovery in MDE and Microsoft Defender XDR?
• How to discover and manage unmanaged devices in MDE?
• What are the Advanced Features in MDE and Microsoft Defender XDR?
○ Restrict correlation to within scoped device groups​
○ Enable EDR in block mode
○ Automatically resolve alerts
○ Allow or block file
○ Hide potential duplicate device records
○ Discovery of onboarded devices
○ Custom network indicators
○ Tamper protection
○ Show user details
○ Skype for business integration
○ Microsoft Defender for Cloud Apps
○ Web content filtering
○ Unified audit log
○ Device discovery
○ Download quarantined files
○ Live Response
○ Live Response for Servers
○ Live Response unsigned script execution
○ Share endpoint alerts with Microsoft Compliance Center
○ Microsoft Intune connection
○ Authenticated telemetry
○ Preview features
• How to test your antivirus with EICAR test file? AV Detection?
• Why and how to use Submissions page to submit suspected spam, phish, URLs, files, emails, email messages, Teams messages and user reported messages, and legitimate URLs, files, emails, email messages, Teams messages and user reported messages that are getting blocked, to Microsoft. Submit malware, non-malware, and other suspicious files to Microsoft for analysis.
• What is Network Protection in MDE and Microsoft Defender XDR?
• How to enabled Network Protection in MDE via Intune, PowerShell, Group Policy and Microsoft Configuration Manager
• How to enabled Network Protection in Microsoft Defender XDR via Intune, PowerShell, Group Policy and Microsoft Configuration Manager?
• What is Live Response in MDE and Microsoft Defender XDR?
• What response actions can you take on a device in MDE and Microsoft Defender XDR?
○ How to isolate a device in MDE or Microsoft Defender XDR? - Isolate Device
○ How to run an Antivirus scan on a device in MDE or Microsoft Defender XDR? -- Run Antivirus Scan -- Quick Scan, Full Scan
○ How to restrict an application from running on a device in MDE or Microsoft Defender XDR? -- Restrict App Execution
○ How to run an automated investigation on a device in MDE or Microsoft Defender XDR? -- Initiate Automated Investigation
○ How to connect in real-time to a device in MDE or Microsoft Defender XDR? -- Initiate Live Response Session ○ How to forcibly release a device from isolation in MDE or Microsoft Defender XDR? -- Download force release from isolation script
○ How to collect investigation package from a device in MDE or Microsoft Defender XDR? --- Collect Investigation Package
• What actions can you take on a compromised device in MDE and Microsoft Defender XDR?
• What response actions can you take on a file in MDE and Microsoft Defender XDR?
○ Stop and quarantine file
○ Download file
○ Collect File
○ Add Indicators - Add Indicators of Compromise - Manage Indicators
○ Deep Analysis
○ Go hunt
• What actions can you take on a suspicious file in MDE? What actions can you take on a suspicious file in Microsoft Defender XDR?
• What is Automated Investigation and Response (AIR) in MDE and Microsoft Defender XDR?
• What are the different remediation levels in MDE and Microsoft Defender XDR?
How to configure Automated Investigation and Response (AIR) in MDE and Microsoft Defender XDR?
MDE Playlist: • Microsoft Defender for...
Cyber Security Interview Q&As: • CyberSecurity Intervie...
Microsoft Defender for Endpoint Tutorial | Microsoft Defender for Endpoint Interview Questions and Answers | Microsoft Defender XDR Tutorial | Microsoft Defender XDR Interview Questions and Answers | Microsoft 365 Defender Suite | End Point Detection and Response | Extended Detection and Response
#microsoftdefender #microsoftsecurity #microsoft #endpointprotection #endpointsecurity #edr #xdr #microsoftdefenderforendpoint #microsoftdefenderxdr