在 Defender 專案中執行您的試驗 Microsoft 365Run your pilot Microsoft 365 Defender project

重要

改良的 Microsoft 365 安全性中心現在可用。The improved Microsoft 365 security center is now available. 這個新的體驗會將適用於端點的 Defender、適用於 Office 365 的 Defender、Microsoft 365 Defender 和更多功能帶到 Microsoft 365 安全性中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新功能Learn what's new.

適用於:Applies to:

  • Microsoft 365 DefenderMicrosoft 365 Defender

本指南可協助您執行試驗專案,方法是提供指標,以確保您具有結構完善的計畫,並引導您完成使用攻擊類比功能,最後會以重要 aways 為前提,以反映及記錄結果。This guide helps you run a pilot project by providing pointers to ensure you have a well-structured plan, guiding you through using the attack simulation feature, and finally concluding the pilot with key take-aways for you to reflect on and document results.

執行 Microsoft 365 Defender 試驗的階段

執行試驗可協助您有效地判斷採用 Microsoft 365 Defender 的益處。Running a pilot helps you effectively determine the benefit of adopting Microsoft 365 Defender. 在實際執行環境中啟用 Microsoft 365 的 Defender 並啟動您的使用案例之前,最好是規劃如何決定要在試驗專案中完成的工作,以及設定成功準則。Before enabling Microsoft 365 Defender in your production environment and starting your use cases, it's best to plan to determine the tasks to accomplish for your pilot project and set the success criteria.

如何使用本次試驗行動手冊How to use this pilot playbook

本指南提供如何設定試驗專案 Microsoft 365 Defender 及逐步指示的概述。This guide provides an overview of Microsoft 365 Defender and step-by-step instructions on how to set up your pilot project.

Microsoft 365Defender 是一種整合的後續企業防護套件,其可在所有端點、身分識別、電子郵件和應用程式上共同協調保護、偵測、防護、調查和回應,以提供複雜攻擊的整合式防護。Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates protection, detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks. 這樣做的方式是將下列功能結合到單一安全性解決方案中:It does so by combining and orchestrating the following capabilities into a single security solution:

  • Microsoft Defender for Endpoint (端點) Microsoft Defender for Endpoint (endpoints)
  • Microsoft Defender Office 365 (電子郵件) Microsoft Defender for Office 365 (email)
  • Microsoft Defender 身分識別 (身分識別) Microsoft Defender for Identity (identity)
  • Microsoft Cloud App Security (應用程式) Microsoft Cloud App Security (apps)

影像 of_Microsoft 365 defender 解決方案,適用于使用者、microsoft defender for Identity、端點 Microsoft defender for Endpoint、雲端應用程式、Microsoft Cloud App Security 及資料的 microsoft defender Office 365

透過整合型 Microsoft 365 Defender 解決方案,安全性專業人員可以結合 microsoft defender for Endpoint、microsoft defender for Office 365、microsoft defender 身分識別及 Microsoft Cloud App Security 接收,以及決定威脅的完整範圍和影響、它如何進入環境、受到影響的方式,以及目前對組織的影響。With the integrated Microsoft 365 Defender solution, security professionals can stitch together the threat signals that Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Cloud App Security receive, and determine the full scope and impact of the threat, how it entered the environment, what it's affected, and how it's currently impacting the organization. Microsoft 365Defender 採取自動動作,以防止或停止攻擊及自我修復受影響的信箱、端點和使用者身分識別。Microsoft 365 Defender takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities. 如需詳細資訊,請參閱Microsoft 365 Defender 概述See the Microsoft 365 Defender overview for details.

下列範例時程表視您環境中的適當資源而異。The following sample timeline varies depending on having the right resources in your environment. 有些偵測和工作流程可能需要比其他的更多學習時間。Some detections and workflows might need more learning time than the others.

執行 Microsoft 365 Defender 試驗的範例時程表

重要

為了獲得最佳結果,請盡可能請盡可能遵循試驗指示。For optimum results, follow the pilot instructions as closely as possible.

試驗行動手冊階段Pilot playbook phases

在執行 Microsoft 365 Defender 試驗中有四個階段:There are four phases in running a Microsoft 365 Defender pilot:

階段Phase 描述Description
規劃Planning
大約1天~ 1 day
深入瞭解在執行 Microsoft 365 Defender 試驗專案之前必須考慮的事項:Learn what you need to consider before running your Microsoft 365 Defender pilot project:

-範圍- Scope
-使用案例- Use cases
- 需求:- Requirements
-測試計劃- Test plan
-成功準則- Success criteria
-計分卡- Scorecard
製備Preparation
大約2天~2 days
Access Microsoft 365 的安全性中心設定 Microsoft 365 的 Defender 試驗環境。Access Microsoft 365 Security Center to set up your Microsoft 365 Defender pilot environment. 您將會指導您:You'll be guided to:

-識別利益關係人,並尋找您試驗的登出- Identify stakeholders and seek sign-off for your pilot
-環境考慮- Environment considerations
-Access- Access
-Azure Active Directory 安裝程式- Azure Active Directory setup
-設定順序- Configuration order
-註冊 Microsoft 365 E5 試用版- Sign up for Microsoft 365 E5 Trial
-設定網域- Configure domain
-指派 Microsoft 365 E5 授權- Assign Microsoft 365 E5 licenses
-完成入口網站中的設定向導- Complete the setup wizard in the portal
攻擊模擬Attack simulation
大約2天~2 days
若要模擬攻擊,您將會得到下列指導:To simulate an attack, you'll be guided to:

-確認測試環境需求- Verify the test environment requirements
-執行模擬- Run the simulation
-調查事件- Investigate an incident
-解決事件- resolve the incident
關閉及摘要Closing and summary
大約1天~ 1 day
當您到達程式的結尾時,系統會將您導向:When you've reached the end of the process, you'll be guided to:

-流覽您的最後一個輸出- Go through your final output
-向您的專案關係人呈現您的輸出- Present your output to your stakeholders
-提供意見反應- Provide feedback
-執行後續步驟- Take next steps

下一步Next step

規劃階段Planning phase 規劃 Microsoft 365 Defender 試驗專案Plan your Microsoft 365 Defender pilot project