Trial playbook: Microsoft Defender for Business
Welcome to the Defender for Business trial playbook!
This playbook is a simple guide to help you make the most of your 30-day free trial. Using the recommendations in this article from the Microsoft Defender team, you'll learn how Defender for Business can help you elevate your security from traditional antivirus protection to next-generation protection, endpoint detection and response, and threat and vulnerability management.
What is Defender for Business?
Defender for Business is a new endpoint security solution that was designed especially for small and medium-sized businesses (up to 300 employees). With this endpoint security solution, your organization's devices are better protected from ransomware, malware, phishing, and other threats.
Let's get started!
Set up your trial
Here's how to set up your trial subscription:
- Add users and assign licenses.
- Visit the Microsoft 365 Defender portal.
- Use the setup wizard.
- Set up and configure Defender for Business.
Step 1: Add users and assign licenses
As soon as you've signed up for Defender for Business, your first step is to add users and assign licenses.
You must be a global administrator to perform this task. The person who signed your company up for Microsoft 365 or Defender for Business is the global administrator by default. Learn more about roles and permissions.
Step 2: Visit the Microsoft 365 Defender portal
The Microsoft 365 Defender portal (https://security.microsoft.com) is your one-stop shop for using and managing Defender for Business. It includes a welcome banner and callouts to help you get started, cards that surface relevant information, and a navigation bar to give you easy access to the various features and capabilities.
- Visit the Microsoft 365 Defender portal.
- Explore the navigation bar on the left side of the screen to access your incidents, view reports, and manage your security policies and settings.
Step 3: Use the setup wizard in Defender for Business (recommended)
Defender for Business was designed to save small and medium-sized businesses time and effort. You can do initial setup and configuration with a setup wizard. The setup wizard guides you through granting access to your security team, setting up email notifications for your security team, and onboarding your company's Windows devices. Use the setup wizard.
You can only use the set-up wizard once.
Setup wizard flow: what to expect
Using the setup wizard is optional (see What happens if I don't use the wizard?). If you choose not to use the wizard, or if the wizard is closed before your set-up process is complete, you can complete the setup and configuration process on your own. See Step 4.
Assign user permissions. Grant your security team access to the Microsoft 365 Defender portal.
Set up email notifications for your security team.
Onboard and configure Windows devices. Onboarding devices right away helps protect those devices from day one.
While you're using the setup wizard, the system will detect whether you have Windows devices that are already enrolled in Intune. You'll be asked if you want to use automatic onboarding for all or some of those devices. You can onboard all Windows devices at once, or select specific devices to start with, and then add more devices later. Learn more about automatic onboarding.
To onboard other devices, see step 4.
View and if necessary, edit your security policies. Defender for Business includes default security policies for next generation protection and firewall protection that can be applied to your company's devices. These preconfigured security policies use recommended settings so you're protected as soon as your devices are onboarded to Defender for Business. And you still have the ability to edit policies or create new ones.
Step 4: Set up and configure Defender for Business
If you choose not to use the setup wizard, the following diagram depicts the overall setup and configuration process for Defender for Business.
If you used the setup wizard, but you need to onboard more devices, such as non-Windows devices, go directly to step 4 in the following procedure:
Review the requirements to configure and use Defender for Business.
Assign roles and permissions in the Microsoft 365 Defender portal.
Set up email notifications for your security team.
Onboard devices. With Defender for Business, you have several options to choose from for onboarding your company's devices. Start by selecting the operating system you want to onboard.
Devices Onboarding methods Windows clients Choose one of the following options to onboard Windows client devices to Defender for Business:
- Local script (for onboarding devices manually in the Microsoft 365 Defender portal)
- Group Policy (if you're already using Group Policy and prefer this method)
- Microsoft Intune (recommended; included in Microsoft 365 Business Premium)
macOS computers Choose one of the following options to onboard macOS devices:
- Local script for macOS (recommended)
- Microsoft Intune for macOS (Intune is included in Microsoft 365 Business Premium)
We recommend using a local script to onboard macOS devices. Although you can set up enrollment for macOS devices in Intune, the local script is the simplest method for onboarding macOS devices to Defender for Business.
Windows Server and Linux servers Windows Server and Linux servers are currently unsupported. Server onboarding and security capabilities are coming soon to Defender for Business. Mobile devices You'll need Microsoft Intune to onboard mobile devices, such as Android and iOS/iPadOS devices. If you have Microsoft 365 Business Premium, you've Intune as part of your subscription. Intune can also be purchased separately. See the following resources to get help enrolling these devices into Intune:
- Enroll Android devices
- Enroll iOS or iPadOS devices
View, and if necessary, configure your security policies. After you've onboarded your company's devices to Microsoft Defender for Business, your next step is to view and if necessary, edit your security policies and settings. Defender for Business includes preconfigured security policies that use recommended settings. However, you can edit your settings to suit your business needs.
Action Description Choose where to manage your security policies and devices. If you select the simplified configuration process, you can view and manage your security policies in the Microsoft 365 Defender portal (https://security.microsoft.com). However, you're not limited to this option. If you've been using Intune, you can keep using the Microsoft Endpoint Manager admin center to manage your security policies and devices. View or edit your next-generation protection policies. Next-generation protection settings include real-time protection, block at first sight, network protection, actions to take on potentially unwanted apps, and antivirus scheduled scans. View or edit your firewall policies. Firewall protection determines what network traffic is allowed to flow to or from your company's devices. Custom rules can be used to define exceptions to your firewall policies. Set up web content filtering. Web content filtering enables your security team to track and regulate access to websites based on their content categories, such as adult content, high bandwidth, legal liability, leisure, or uncategorized. Review settings for advanced features. In Defender for Business, your security features are preconfigured using recommended settings; however, you can review them, and if necessary, edit settings to suit your business needs.
To access settings for advanced features, in the Microsoft 365 Defender portal (https://security.microsoft.com), go to Settings > Endpoints > General > Advanced features.
View and edit other settings in the Microsoft 365 Defender portal. In addition to security policies that are applied to devices, there are other settings you can view and edit in Defender for Business. For example, you specify the time zone to use, and you can onboard (or offboard) devices.
Start using Defender for Business
In the next 30 days, we recommend you try out your new security capabilities, as described in the following sections:
- Use your Threat & Vulnerability Management dashboard
- View and respond to detected threats
- Review security policies
- Prepare for ongoing security management
Use your Threat & Vulnerability Management dashboard
Defender for Business includes a Threat & Vulnerability Management dashboard that is designed to save your security team time and effort. Use your Threat & Vulnerability Management dashboard.
- View your exposure score, which is associated with devices in your organization.
- View your top security recommendations, such as addressing impaired communications with devices, turning on firewall protection, or updating Microsoft Defender Antivirus definitions.
- View remediation activities, such as any files that were sent to quarantine, or vulnerabilities found on devices.
View and respond to detected threats
As threats are detected and alerts are triggered, incidents are created. Your organization's security team can view and manage incidents in the Microsoft 365 Defender portal. View and respond to detected threats.
- View and manage incidents.
- Respond to and mitigate threats.
- Review mediation actions in the Action Center.
- View and use reports.
Review security policies
In Defender for Business, security settings are configured through policies that are applied to devices. Defender for Business includes preconfigured policies to help protect your company's devices as soon as they are onboarded, safeguarding your organization against identity, device, application, and document security threats. Review security policies.
- Learn about your default policies.
- View your existing policies.
- Understand policy order.
- Understand next-generation configuration settings.
- Review your default firewall settings.
- Understand firewall settings you can configure.
- Set up web content filtering. Web content filtering enables your security team to track and regulate access to websites based on their content categories. It is not turned on by default, so you will need to set it up if you want this capability for your organization.
Prepare for ongoing security management
New security events, such as threat detections on a device, adding new devices, and employees joining or leaving the organization will require you manage your security. In Microsoft Defender for Business, there are many ways for you to manage device security.
- View a list of onboarded devices to see their risk level, exposure level, and health state.
- Take action on a device that has threat detections.
- Onboard a device to Defender for Business.
- Offboard a device from Defender for Business.
Submit and view feedback for