Tutorials and simulations in Microsoft Defender for Business

If you've just finished setting up Microsoft Defender for Business, you might be wondering where to start to learn about how Defender for Business works. This article describes some scenarios to try, and several tutorials and simulations that are available for Defender for Business. These resources are designed to help you see how Defender for Business can work for your company.

Got a minute? Please take our short survey about security. We'd love to hear from you!

Try these scenarios

The following table summarizes several scenarios to try with Defender for Business:

Scenario Description
Onboard devices using a local script In Defender for Business, you can onboard Windows and macOS devices by using a script that you download and run on each device. The script creates a trust with Azure Active Directory (Azure AD) (if that trust doesn't already exist), enrolls the device with Microsoft Intune (if you have Intune), and onboards the device to Defender for Business. To learn more, see Onboard devices to Microsoft Defender for Business.
Onboard devices using the Microsoft Endpoint Manager admin center If you were already using Intune before getting Defender for Business, you can continue to use Endpoint Manager admin center to onboard devices. Try onboarding your Windows, macOS, iOS, and Android devices with Microsoft Intune. To learn more, see Device enrollment in Microsoft Intune.
Edit security policies If you're managing your security policies in Defender for Business, use the Device configuration page to view and, if necessary, edit your policies. Defender for Business comes with default policies that use recommended settings to secure your company's devices as soon as they're onboarded. You can keep your default policies, edit them, and define your own to suit your business needs. To learn more, see View or edit policies in Microsoft Defender for Business.
Run a simulated attack Several tutorials and simulations are available in Defender for Business. These tutorials and simulations are designed to show you firsthand how the threat protection features of Defender for Business can work for your company. You can also use a simulated attack as a training exercise for your team. To try one or more of the tutorials, see Recommended tutorials for Microsoft Defender for Business.
View incidents in Microsoft 365 Lighthouse If you are a Microsoft Cloud Solution Provider using Microsoft 365 Lighthouse, you will be able to view incidents across your customers' tenants in your Microsoft 365 Lighthouse portal. To learn more, see Microsoft 365 Lighthouse and Microsoft Defender for Business.

The following table describes the recommended tutorials for Defender for Business customers:

Tutorial Description
Document drops backdoor Simulate an attack that introduces file-based malware on a test device. The tutorial describes how to get and use the simulation file, and what to watch for in the Microsoft 365 Defender portal.

This tutorial requires Microsoft Word to be installed on your test device.
Live Response tutorial Learn how to use basic and advanced commands with Live Response. Learn how to locate a suspicious file, remediate the file, and gather information on a device.
Threat & Vulnerability Management (core scenarios) Learn about threat and vulnerability management through three scenarios:

1. Reduce your company's threat and vulnerability exposure.
2. Request a remediation.
3. Create an exception for security recommendations.

Threat and vulnerability management uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.

Each tutorial includes a walkthrough document that explains the scenario, how it works, and what to do.

Tip

You'll see references to Microsoft Defender for Endpoint in the walkthrough documents. The tutorials listed in this article can be used with either Defender for Endpoint or Defender for Business.

How to access the tutorials

  1. Go to the Microsoft 365 Defender portal (https://security.microsoft.com) and sign in.

  2. In the navigation pane, under Endpoints, choose Tutorials.

  3. Choose one of the following tutorials:

    • Document drops backdoor
    • Live Response tutorial
    • Threat & Vulnerability Management (core scenarios)

Next steps