Prepare your Microsoft 365 Defender trial lab or pilot environment

Important

The improved Microsoft 365 security center is now available in public preview. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. Security teams can now manage all endpoint, email and cross product investigations, configuration and remediation without the need to navigate to separate product portals. Learn more about what's changed.

Applies to:

  • Microsoft 365 Defender

Creating a Microsoft 365 Defender trial lab or pilot environment and deploying it is a three-phase process:

Phase 1: Prepare
Phase 1: Prepare
Phase 2: Set up
Phase 2: Set up
Phase 3: Onboard
Phase 3: Onboard
Back to pilot
Back to pilot playbook
You are here!

You're currently in the preparation phase.

Preparation is key to any successful deployment. This section will guide you through what you need to consider as you prepare to create a trial lab or pilot environment for your Microsoft 365 Defender deployment.

Prerequisites

Learn about the licensing, hardware and software requirements, and other configuration settings to provision and use Microsoft 365 Defender. See the minimum requirements for Microsoft 365 Defender, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Cloud App Security.

Stakeholders and sign-off

Identify all the stakeholders that are involved in the project and who may need to sign-off, review, or stay informed, whether for evaluation or running a pilot project.

Note

Not all organizations might have the security organization maturity to have such roles. In such case, consult with your leadership team on review and approval accountabilities.

Add stakeholders to the table below as appropriate for your organization.

  • SO = Sign-off on this project

  • R = Review this project and provide input

  • I = Informed of this project

Name Role Action
Enter name and email Chief Information Security Officer (CISO) An executive representative who serves as sponsor inside the organization for the new technology deployment. SO
Enter name and email Head of Cyber Defense Operations Center (CDOC) A representative from the CDOC team in charge of defining how this change is aligned with the processes in the customers security operations team. SO
Enter name and email Security Architect A representative from the Security team in charge of defining how this change is aligned with the core Security architecture in the organization. R
Enter name and email Workplace Architect A representative from the IT team in charge of defining how this change is aligned with the core workplace architecture in the organization. R
Enter name and email Security Analyst A representative from the CDOC team who can provide feedback on the detection capabilities, user experience, and overall usefulness of this change from a security operations perspective. I

Prepare your Azure Active Directory

Skip this step if you have already enabled synchronization between Active Directory and Azure Active Directory on premises. Review existing best practices documentation from Azure Active Directory. The following steps are optimized to evaluate or run a pilot Microsoft 365 Defender project.

  1. Go to the Azure Active Directory portal > Azure AD Connect. Image of Azure Active Directory portal page

  2. Click Download from Microsoft Azure Active Directory Connect and transfer it to your Domain Controller. Image of Azure Active Directoru Connect download page

  3. On the domain controller, follow the Azure Active Directory Connect wizard. Read the license terms and privacy notice and select the checkbox if you agree. Click Continue. Image of Azure AD Connect welcome page

  4. Navigate to Express Settings. Image of Express Settings page

  5. Enter your global administrator credentials. Click Next. Image of Connect to Azure AD page where you should enter your global administrator credentials

  6. Enter your Active Directory Domain Services enterprise administrator credentials. Click Next. Image of Connect to AD DS page where you should enter your credentials

  7. Click Install to confirm the configuration. Image of configuration confirmation page

  8. Congratulations, you have successfully configured Azure Active Directory Connect. Image of a successfully configured Azure Active Directory Connect page

You can now add users and groups to Active Directory and configure a SAM-R policy.

Configuration order

The following table indicates the order Microsoft recommends for configuring the Microsoft 365 Defender components for your trial lab or pilot environment deployment.

Component Description Configuration order rank
Microsoft Defender for Office 365 Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.
Learn more.
1
Microsoft Defender for Identity Microsoft Defender for Identity uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
Learn more.
2
Microsoft Cloud App Security Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.
Learn more.
3
Microsoft Defender for Endpoint Microsoft Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
Learn more.
4

Next step

Phase 2: Setup
Phase 2: Setup
Set up your Microsoft 365 Defender trial lab or pilot environment