Prepare your Microsoft 365 Defender trial lab or pilot environment
The improved Microsoft 365 security center is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. Security teams can now manage all endpoint, email and cross product investigations, configuration and remediation without the need to navigate to separate product portals. Learn more about what's changed.
- Microsoft 365 Defender
Creating a Microsoft 365 Defender trial lab or pilot environment and deploying it is a three-phase process:
Phase 1: Prepare
Phase 2: Set up
Phase 3: Onboard
Back to pilot playbook
|You are here!|
You're currently in the preparation phase.
Preparation is key to any successful deployment. This section will guide you through what you need to consider as you prepare to create a trial lab or pilot environment for your Microsoft 365 Defender deployment.
Learn about the licensing, hardware and software requirements, and other configuration settings to provision and use Microsoft 365 Defender. See the minimum requirements for Microsoft 365 Defender, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Cloud App Security.
Stakeholders and sign-off
Identify all the stakeholders that are involved in the project and who may need to sign-off, review, or stay informed, whether for evaluation or running a pilot project.
Not all organizations might have the security organization maturity to have such roles. In such case, consult with your leadership team on review and approval accountabilities.
Add stakeholders to the table below as appropriate for your organization.
SO = Sign-off on this project
R = Review this project and provide input
I = Informed of this project
|Enter name and email||Chief Information Security Officer (CISO) An executive representative who serves as sponsor inside the organization for the new technology deployment.||SO|
|Enter name and email||Head of Cyber Defense Operations Center (CDOC) A representative from the CDOC team in charge of defining how this change is aligned with the processes in the customers security operations team.||SO|
|Enter name and email||Security Architect A representative from the Security team in charge of defining how this change is aligned with the core Security architecture in the organization.||R|
|Enter name and email||Workplace Architect A representative from the IT team in charge of defining how this change is aligned with the core workplace architecture in the organization.||R|
|Enter name and email||Security Analyst A representative from the CDOC team who can provide feedback on the detection capabilities, user experience, and overall usefulness of this change from a security operations perspective.||I|
Prepare your Azure Active Directory
Skip this step if you have already enabled synchronization between Active Directory and Azure Active Directory on premises. Review existing best practices documentation from Azure Active Directory. The following steps are optimized to evaluate or run a pilot Microsoft 365 Defender project.
Go to the Azure Active Directory portal > Azure AD Connect.
Click Download from Microsoft Azure Active Directory Connect and transfer it to your Domain Controller.
On the domain controller, follow the Azure Active Directory Connect wizard. Read the license terms and privacy notice and select the checkbox if you agree. Click Continue.
Navigate to Express Settings.
Enter your global administrator credentials. Click Next.
Enter your Active Directory Domain Services enterprise administrator credentials. Click Next.
Click Install to confirm the configuration.
Congratulations, you have successfully configured Azure Active Directory Connect.
The following table indicates the order Microsoft recommends for configuring the Microsoft 365 Defender components for your trial lab or pilot environment deployment.
|Component||Description||Configuration order rank|
|Microsoft Defender for Office 365||Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.
|Microsoft Defender for Identity||Microsoft Defender for Identity uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
|Microsoft Cloud App Security||Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.
|Microsoft Defender for Endpoint||Microsoft Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
Phase 2: Setup
|Set up your Microsoft 365 Defender trial lab or pilot environment|