Incident Response in Microsoft 365


Learn how to set yourself up for a quick and successful response to cybersecurity incidents in the cloud

Buy Now



We will look at a recent highly publicized incident that impacted a wide range of businesses across the private and public sectors here in the United States, and which primarily focused on exfiltration of email data from Exchange Online. We will briefly discuss Microsoft’s approach with Zero Trust, and the top recommendations to reduce the risk of experiencing an incident like this to begin with. To wrap it all up, we will describe how to set yourself up for success in terms of Incident Response.

This course was originally recorded in the summer of 2021. Although some of the particulars that we discussed have changed since then, many of the principles and “lessons” remain the same. As well, be aware that the focus here is on using native and free tools (such as the Hawk module), which are always available regardless of what other subscriptions or security products are in place.

Contents of course:

  • Lectures:
    • Introduction
    • Free IR Tools
    • Investigating admins
    • Investigating enterprise apps
    • Investigating phishing
  • Downloadables:
    • PPTX deck
    • Labs for IR
    • Incident Response Plan policy example