Endpoint Security Engineering

Master Endpoint Security Engineering

Harden endpoints, stop advanced attacks, and maintain a resilient security posture across your entire fleet. Master Microsoft Defender for Endpoint, Intune security policies, attack surface reduction, and endpoint hardening techniques to detect, block, and respond to threats targeting Windows, macOS, Linux, and mobile devices.

Preview Course See Pricing

View Pricing Download Lab Pack Take End of Course Exam → 36 CPE Credits

What you'll be able to do

✓Deploy, configure, and optimise Microsoft Defender for Endpoint across Windows, macOS, Linux, and mobile devices

✓Design and enforce effective Intune security policies, compliance rules, and attack surface reduction (ASR) controls

✓Implement comprehensive endpoint hardening, exploit protection, and next-generation antivirus strategies

✓Investigate and respond to endpoint threats using advanced hunting, live response, and automated remediation

✓Tune Defender for Endpoint and Intune to reduce noise while maximising real threat detection and prevention

✓Build and maintain a resilient, scalable endpoint security program that works in hybrid and cloud-first environments

Course Agenda View all 16 modules

Course overview

The Endpoint Security Engineering course is built specifically for Security Engineers and Administrators who configure, tune, and maintain Microsoft Defender for Endpoint, Intune security policies, and endpoint hardening. You'll gain hands-on expertise to:

✓ Deploy, configure, and optimise Microsoft Defender for Endpoint for maximum protection and visibility

✓ Design and enforce secure Intune policies for device compliance, configuration, and attack surface reduction

✓ Implement endpoint hardening, exploit protection, and next-generation antivirus strategies

✓ Investigate and respond to endpoint threats using advanced hunting, automated response, and forensic capabilities

By the end, you'll have the practical skills and confidence to own your organisation's endpoint security program — reducing risk, minimising breaches, and keeping endpoints secure at scale across hybrid and cloud environments.

Who this course is for

You're a Security Engineer or Administrator responsible for configuring, tuning, and maintaining Microsoft Defender for Endpoint, Intune security policies, and endpoint hardening. This course is built for you if you want to:

✓ Move from basic setup to advanced configuration and optimisation of enterprise endpoint security

✓ Master Defender for Endpoint and Intune to effectively block modern endpoint threats

✓ Gain deep skills in attack surface reduction, device hardening, and threat investigation

✓ Own your organisation's endpoint security posture with confidence and measurable results

In short: if you're ready to become the go-to expert who keeps endpoints secure at scale and significantly reduces breach risk, this course is for you.

What you'll learn

By the end of this Endpoint Security Engineering course you will be able to:

✓ Deploy and fully configure Microsoft Defender for Endpoint with optimal security settings

✓ Create, manage, and tune Intune policies for device compliance, configuration profiles, and attack surface reduction

✓ Implement endpoint hardening techniques including exploit protection, application control, and secure boot

✓ Perform advanced threat hunting, forensic investigation, and automated response on endpoints

✓ Reduce alert fatigue by fine-tuning detections while maintaining high protection levels

✓ Measure, monitor, and continuously improve endpoint security posture across the organisation

Key course takeaways

✓ Build and maintain a production-grade endpoint security program using Microsoft Defender for Endpoint and Intune

✓ Master advanced configuration and tuning of Defender for Endpoint to stop sophisticated attacks

✓ Deploy effective attack surface reduction rules, device hardening, and policy enforcement at scale

✓ Rapidly investigate and remediate endpoint threats with confidence and speed

✓ Significantly reduce endpoint risk while lowering operational overhead and alert noise

✓ Become the endpoint security expert organisations rely on to protect their most exposed attack surface

Lab Pack — Endpoint Security Engineering Toolkit

KQL query packs: Device health monitoring, ASR audit analysis, AV health, 20+ custom detection rules, 40+ hunting queries by ATT&CK tactic.

Configurations: Sysmon baseline (NE-tuned), ASR deployment config (safe/careful/high-risk with per-rule FP analysis), exploit protection system-wide XML.

Scripts: Windows endpoint triage collection (PowerShell), ASR audit report generation, device health assessment.

Templates: Gap assessment, maturity model scoring, ASR readiness report, containment decision tree, forensic readiness checklist, architecture document template.

Endpoint Security Engineering Lab Pack

20+ KQL rules · ASR configs · Sysmon baseline · triage scripts · architecture templates

Download Lab Pack (.zip)

Things you need to know

What are the prerequisites for this course?

There are no prerequisites. The course teaches endpoint security from first principles. Familiarity with the Microsoft 365 admin center and Intune will help you move faster through the early modules, but neither is required. Every concept is explained at first use.

What are the device requirements?

A device with at least 8 GB of RAM. Access to a Microsoft 365 E5 developer tenant (free from Microsoft) with Defender for Endpoint and Intune for hands-on configuration. The lab pack provides synthetic data if you cannot use a live environment.

How will the course benefit your career?

Endpoints remain the most common initial access vector in breaches. Organisations need engineers who can tune Defender for Endpoint beyond defaults, promote ASR rules to block mode with confidence, and build custom detections that catch what vendor rules miss. This course gives you those skills.

The demand for endpoint security engineers continues to grow as organisations move from basic MDE onboarding to fully tuned, multi-platform endpoint security programs.

Usage rights and disclaimer

Course materials: Licensed for individual professional development. You may deploy configurations, detection rules, scripts, and policies in your production environment. You may not redistribute course content or share account credentials.

Endpoint security configurations: All Intune policies, KQL queries, detection rules, Sysmon configs, and automation playbooks are provided as-is. Test every configuration in audit mode before enforcement. Ridgeline Cyber Defence is not responsible for operational impact from deployed configurations.

Fictional environment: All scenarios use Northgate Engineering. Any resemblance to real organizations is coincidental.

Version and changelog

Current version: 1.0 | Last updated: June 2026

June 2026 — v1.0: Course page restructured. 16 modules across 4 phases. Complete endpoint security engineering from OS internals through architecture deployment. 20+ custom detection rules, 40+ hunting queries, forensic readiness stack, cross-platform coverage, zero trust integration.

This course is actively maintained. Endpoint security configurations are updated as MDE capabilities evolve.

COURSE ASSESSMENT

End of Course Exam

Complete the course, then prove your skills under time pressure. Pass mark: 70. Earn your certificate with CPE credits.

40minutes

3phases

100points

1scenario

Take End of Course Exam

Requires 80% course completion. One random scenario per attempt. Certificate issued on pass.