Every organization must prepare for the possibility of cybercrime within its networks or on its computer systems. Are you able to investigate crimes, like fraud, insider threats, industrial espionage, employee misuse, and computer intrusion? These days, every IT Pro should learn to recover key intelligence from Windows systems.
Learn how to do just that, from leading expert Erdal Ozkaya, and find out what you need to become a digital forensic professional, incident responder, and media exploitation expert, capable of piecing together Windows system events, second by second.
Erdal joins forces with Hasain “the Wolf” Alshakarti and Raymond Comvalius to show how cybercrime happens, what you can do to prevent it, and how to respond when it occurs.
1 | Windows Security and Forensics Take a look at the current state of the security landscape, Windows Security, and what “computer forensics” are.
2 | Windows Memory Attacks and Forensics Learn how and why hackers attack a system’s memory and see how Memory Forensics can help address the problem.
3 | Windows Authentication Attacks and Forensics See demonstrations of how attackers use credential dependencies to gain elevated access to systems and to perform lateral movement. Plus, learn how to detect and prevent many of these attacks.
4 | Windows Forensics Explore Digital Forensics and find out what to do as a first responder to preserve evidence for legal actions.
5 | Network Forensics Explore network forensics, along with with case studies, best practices, and online analysis techniques.
6 | Malware Incident Response Learn about malware incident response, including identifying, locating, and removing malware.
Here is the link for Microsoft Virtual Academy
Erdal
Watch the Video’s in YouTube
For more Video Tutorials
CISO Insight
Having worked at Microsoft and held the Microsoft MVP award since 2009, I have watched the Microsoft security ecosystem evolve from a standalone antivirus product into one of the most comprehensive security platforms available. For organisations invested in the Microsoft ecosystem, understanding how to leverage these native capabilities is one of the highest-ROI security decisions a CISO can make.
The Microsoft Security Ecosystem: A CISO’s Perspective
Microsoft’s security portfolio has expanded dramatically over the past decade. What began with Windows Defender and basic endpoint protection now encompasses identity and access management (Entra ID), cloud security posture management (Defender for Cloud), SIEM and SOAR (Sentinel), endpoint detection and response (Defender for Endpoint), email security (Defender for Office 365), and data loss prevention across the entire Microsoft 365 ecosystem. For organisations with significant Microsoft investments, this integrated approach provides visibility and control that would require multiple third-party vendors to replicate.
The strategic advantage of the Microsoft security stack is integration. When identity, endpoint, email, and cloud security share a common data model and management plane, correlation and automated response become dramatically simpler. A suspicious sign-in detected by Entra ID can automatically trigger an endpoint investigation in Defender, restrict email access, and create a Sentinel incident — all without manual intervention. This level of cross-domain automation is difficult to achieve with multi-vendor architectures.
Practical Considerations for CISOs
While the Microsoft security stack offers compelling integration benefits, CISOs should evaluate it with the same rigour applied to any vendor investment. Key considerations include licensing complexity (security features are distributed across E3, E5, and add-on licences), the need for Microsoft-skilled security personnel, potential vendor concentration risk, and coverage gaps for non-Microsoft platforms. The most effective approach for many enterprises is a Microsoft-first strategy supplemented by specialist tools for specific use cases where Microsoft’s capabilities are less mature.
Frequently Asked Questions
Is the Microsoft security stack sufficient as a standalone solution?
For organisations with a predominantly Microsoft environment and E5 licensing, the native security stack covers most enterprise security requirements. However, organisations with significant non-Microsoft infrastructure, specialised compliance needs, or advanced threat hunting requirements may benefit from supplementary solutions. Evaluate against your specific threat model and operational requirements rather than adopting a one-size-fits-all approach.
What Microsoft licence is needed for comprehensive security?
Microsoft 365 E5 provides the most comprehensive security feature set, including Defender for Endpoint P2, Defender for Office 365 P2, Defender for Identity, Defender for Cloud Apps, Entra ID P2, and Sentinel entitlements. E3 includes basic security features. Many organisations start with E3 and add specific security components through add-on licences based on their risk priorities.
Related reading: For Zero Trust implementation with Microsoft technologies, visit our Zero Trust Security Hub or download the CISO Toolkit.