15 free Microsoft 365 security training modules worth your time
Microsoft 365 is a cloud-based productivity suite. Beyond just tools like Word and Excel, it integrates productivity applications with cloud functionalities, device administration, and enhanced security, all within a unified experience.
Managing Microsoft 365 can be difficult for many businesses, primarily regarding fortifying cybersecurity. Thankfully, there are complimentary Microsoft 365 security training modules. These modules cover various topics, ensuring that companies can navigate the platform’s security features effectively and protect their assets from potential cyber threats.
Create and manage sensitive information types
48 min
Learn how to use sensitive information types to support your information protection strategy:
- Recognize the difference between built-in and custom sensitivity labels.
- Configure sensitive information types with exact data match-based classification.
- Implement document fingerprinting.
- Create custom keyword dictionaries.
Implement Windows security enhancements with Microsoft Defender for Endpoint
31 min
Microsoft Defender for Endpoint gives you various tools to eliminate risks by reducing the surface area for attacks without blocking user productivity. Learn about Attack Surface Reduction (ASR) with Microsoft Defender for Endpoint.
Introduction to Microsoft Intune
23 min
Microsoft Intune is your strategic infrastructure for managing and protecting your organization’s devices, apps, and data. In addition, Microsoft Intune helps to ensure your end users have the best experience for productivity. You’ll learn about the endpoints you need to protect and the products and services encompassing Microsoft Intune.
Getting Started with Microsoft Identity
25 min
Microsoft identity platform is an evolution of the Azure Active Directory (Azure AD) developer platform. It allows developers to build applications that sign in users and access resources in both external applications such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications as well as internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization. You’ll learn the basics of Microsoft identity, including the different types of tokens, account types, and supported topologies.
Describe authentication and authorization in cybersecurity
18 min
Secure authentication and authorization are a cornerstone of protecting against cybersecurity threats. Learn about common identity-based attacks, different authentication methods, and ways to protect against unauthorized access.
Application types in Microsoft identity
5 min
The Microsoft Identity platform enables developers to build many different types of applications to satisfy diverse business requirements and different scenarios. By supporting multiple OAuth 2.0 standard authentication protocols, developers can create different types of applications that meet business needs including single page applications, web apps, mobile or native apps, and services or daemon apps. You’ll learn how you can implement different OAuth 2.0 protocol grant types (flows) in popular application types.
Secure custom APIs with Microsoft Identity
24 min
Many solutions involve creating web APIs to expose functionality to different clients and consumers. Developers can secure these APIs using Microsoft identity to ensure only approved apps can access the web APIs provided they’ve been granted the necessary permissions. You’ll learn how to secure a web API with Microsoft identity and how to call it from another application.
Improve your cloud security posture with Microsoft Defender for Cloud
1 hr 12 min
Learn how you can strengthen your security posture through Microsoft Defender for Cloud:
- Understand how Microsoft Defender for Cloud can help organizations keep ahead of their security and compliance needs.
- Explore Cloud Security Posture Management and the services and features available in Azure.
- Understand how to use Cloud Workload Protection to protect VMs and Servers, Containers, IoT, Data and Storage.
- Improve Azure security using Microsoft Sentinel.
Manage data loss prevention policies and reports in Microsoft 365
40 min
Learn how to manage data loss prevention policies and mitigate data loss prevention policy violations. Discover how to:
- Review and analyze DLP reports.
- Manage permissions for DLP reports.
- Identify and mitigate DLP policy violations.
- Mitigate DLP violations in Microsoft Defender for Cloud Apps.
Safeguard your environment with Microsoft Defender for Identity
1 hr 8 min
Learn about the Microsoft Defender for Identity component of Microsoft 365 Defender. Discover how to:
- Define the capabilities of Microsoft Defender for Identity.
- Understand how to configure Microsoft Defender for Identity sensors.
- Explain how Microsoft Defender for Identity can remediate risks in your environment.
Defend against attacks with Microsoft Defender for Identity
31 min
Learn how Microsoft Defender for Identity helps you to protect your environment against different types of threats by enabling you to detect and investigate attempts to compromise credentials, lateral movement attacks, reconnaissance activity, and more.
Examine data security and compliance in Microsoft 365 Copilot
25 min
Learn how Microsoft 365 Copilot adheres to existing privacy and compliance obligations, how it ensures data residency and compliance boundary, and how it uses access controls and isolation to protect sensitive business data.
Introduction to threat modeling
27 min
Threat modeling is an effective way to help secure your systems, applications, networks, and services. It’s an engineering technique that identifies potential threats and recommendations to help reduce risk and meet security objectives earlier in the development lifecycle. Learn how to:
- Understand the importance of capturing requirements and assumptions to help create a data-flow diagram.
- Read about the framework that helps you find security issues in a system.
- Learn about the security control categories that help you reduce or eliminate potential threats.
- Highlight the importance of verifying assumptions, requirements, and fixes before deployment.
Secure your infrastructure with threat modeling
1 hr 12 min
- Learn how to use the foundation of threat modeling to identify enterprise risks and find ways to reduce or eliminate them
- Understand the importance of a well defined, open-ended questionnaire to get a better view of the infrastructure.
- Visualize how each component interacts with the other with a detailed data-flow diagram.
- Identify infrastructure security gaps using a combination of security policies and the threat modeling framework.
- Reduce or eliminate risk with known security requirements and controls.
Choose a client application to use in a Privileged Access Workstation (PAW) with threat modeling
52 min
Learn how to use the foundation of threat modeling to assess a client application for security risks. Find ways to reduce or eliminate risks before installing an application into a privileged environment. You will:
- Understand the importance of a well defined, open-ended questionnaire.
- Visualize how the application interacts with the secured environment with a detailed data-flow diagram.
- Identify security gaps using the threat modeling framework.
- Reduce or eliminate risks with known security requirements and controls.
More resources:
- 18 free Microsoft Azure cybersecurity resources you should check out
- 17 free AWS cybersecurity courses you can take right now
- 11 search engines for cybersecurity research you can use right now
- 8 open-source OSINT tools you should try
- 12 open-source penetration testing tools you might not know about
- 20 cybersecurity projects on GitHub you should check out
- 6 free resources for getting started in cybersecurity