針對您的試驗實驗室或試驗環境設定 Microsoft 365 Defender 基礎Configure Microsoft 365 Defender pillars for your trial lab or pilot environment

重要

已改善的 Microsoft 365 安全性中心 現在已提供公開預覽。The improved Microsoft 365 security center is now available in public preview. 這種新的經驗會將 Defender、Office 365 的 Defender、Microsoft 365 Defender 等,帶入 Microsoft 365 的安全性中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 安全小組現在可以管理所有端點、電子郵件及跨產品調查、設定和修正,而不需要流覽個別的產品入口網站。Security teams can now manage all endpoint, email and cross product investigations, configuration and remediation without the need to navigate to separate product portals. 深入瞭解已變更的專案。Learn more about what's changed.

適用於:Applies to:

  • Microsoft 365 DefenderMicrosoft 365 Defender

建立 Microsoft 365 Defender 試用版實驗室或試驗環境,並部署此為三階段程式:Creating a Microsoft 365 Defender trial lab or pilot environment and deploying it is a three-phase process:

階段 1:準備Phase 1: Prepare
階段 1:準備Phase 1: Prepare		 階段 2:設定Phase 2: Set up
階段 2:設定Phase 2: Set up		 階段 3:上機
階段 3:上機Phase 3: Onboard		 返回試驗Back to pilot
回到試驗手冊Back to pilot playbook
您目前在這裡!You are here!

您目前處於組組階段。You're currently in the configuration phase.

準備是任何成功部署的關鍵。Preparation is key to any successful deployment. 本文將引導您瞭解部署 Microsoft Defender for Endpoint 時需要考慮的要點。In this article, you'll be guided on the points you'll need to consider as you prepare to deploy Microsoft Defender for Endpoint.

Microsoft 365 Defender 柱柱Microsoft 365 Defender pillars

Microsoft 365 Defender 由四個石柱組成。Microsoft 365 Defender consists of four pillars. 雖然一個石柱可以為網路組織的安全性提供值,但啟用四個 Microsoft 365 Defender 基礎會賦予貴組織最大的價值。Although one pillar can already provide value to your network organization's security, enabling the four Microsoft 365 Defender pillars will give your organization the most value.

適用于of_Microsoft使用者 、Microsoft Defender for Endpoint 端點、雲端應用程式、Microsoft Cloud App 安全性及資料之 Microsoft Defender for Office 365 之使用者的 365 Defender 解決方案影像

本節將引導您進行設定:This section will guide you to configure:

  • 適用於 Office 365 的 Microsoft DefenderMicrosoft Defender for Office 365
  • 適用於身分識別的 Microsoft DefenderMicrosoft Defender for Identity
  • Microsoft Cloud App SecurityMicrosoft Cloud App Security
  • 適用於端點的 Microsoft DefenderMicrosoft Defender for Endpoint

設定 Office 365 的 Microsoft DefenderConfigure Microsoft Defender for Office 365

注意

如果您已經啟用 Office 365 的 Defender,請略過此步驟。Skip this step if you've already enabled Defender for Office 365.

有一個 PowerShell 模組稱為 Office 365 進位威脅防護建議組設定分析程式 (ORCA) ,可協助判斷其中一些設定。There's a PowerShell Module called the Office 365 Advanced Threat Protection Recommended Configuration Analyzer (ORCA) that helps determine some of these settings. 當您在租使用者中以系統管理員的系統管理員角色執行時,get-ORCAReport 將可協助產生反垃圾郵件、防網路釣魚和其他郵件內容設定的評估。When run as an administrator in your tenant, get-ORCAReport will help generate an assessment of the anti-spam, anti-phish, and other message hygiene settings. 您可以下載此模組 https://www.powershellgallery.com/packages/ORCA/You can download this module from https://www.powershellgallery.com/packages/ORCA/.

  1. 流覽至 Office 365 安全性& > 合規性中心的威脅管理 > 政策Navigate to Office 365 Security & Compliance Center > Threat management > Policy.

    365 of_Office安全規範&威脅管理政策頁面的圖像

  2. 按一下 [防網路釣魚, 選取 [ 建立 並填入策略名稱與描述。Click Anti-phishing, select Create and fill in the policy name and description. [下一步]Click Next.

    Of_Office 365 安全性&合規性中心防網路釣魚政策頁面的圖像,您可以在此命名您的政策

    注意

    在適用于 Office 365 的 Microsoft Defender 中編輯您的進位防網路釣魚政策。Edit your Advanced anti-phishing policy in Microsoft Defender for Office 365. 進位網路釣魚閾值變更2 - 進一無二Change Advanced Phishing Threshold to 2 - Aggressive.

  3. 按一下 [ 新增條件 下拉式功能表,然後選取您的網域 (收) 網域。Click the Add a condition drop-down menu and select your domain(s) as recipient domain. [下一步]Click Next.

    365 of_Office安全規範中心&網路釣魚政策頁面的圖像,您可以在其中新增其應用程式的條件

  4. 檢查您的設定。Review your settings. 按一下 [建立此策略> 以確認。Click Create this policy to confirm.

    圖像of_Office 365 安全性&合規性中心防網路釣魚政策頁面,您可以在其中檢查您的設定,然後按一下建立此政策按鈕

  5. 選取 [安全附件然後開啟 SharePoint、OneDrive 和 Microsoft Teams 的 ATP 選項。Select Safe Attachments and select the Turn on ATP for SharePoint, OneDrive, and Microsoft Teams option.

    可of_Office SharePoint、OneDrive 和 Microsoft Teams & ATP 的 365 安全規範中心頁面圖像

  6. 按一下 + 圖示以建立新的安全附件原則,然後以收件者網域的網域方式將附件原則應用至您的網域。Click the + icon to create a new safe attachment policy, apply it as recipient domain to your domains. 按一下 [儲存]Click Save.

    可在 of_Office 365 安全&中心頁面建立新安全附件策略的影像

  7. 接下來,選取 [安全連結策略 ,然後按一下鉛筆圖示以編輯預設策略。Next, select the Safe Links policy, then click the pencil icon to edit the default policy.

  8. 請確定未 選取 [ 不要追蹤使用者何時點選安全連結選項,同時選取其他選項。Make sure that the Do not track when users click safe links option is not selected, while the rest of the options are selected. 請參閱 安全連結設定 以瞭解詳細資料。See Safe Links settings for details. 按一下 [儲存]Click Save.

    ![顯示of_Office 365 安全性&規範中心頁面的圖像,顯示未選取 使用者按一下安全時不要追蹤選項

  9. 接著,選取 反惡意攻擊 策略,選取預設值,然後選擇鉛筆圖示。Next select the Anti-malware policy, select the default, and choose the pencil icon.

  10. 按一下 [設定 >, 然後選取 [是,並使用預設通知 文字啟用 惡意攻擊偵測回應Click Settings and select Yes and use the default notification text to enable Malware Detection Response. 開啟 一般附件類型篩選Turn the Common Attachment Types Filter on. 按一下 [儲存]Click Save.

    365 of_Office安全&中心頁面的圖像,顯示已預設通知開啟惡意程式碼偵測回應,且一般附件類型篩選器已開啟

  11. 流覽至 Office 365 安全性&合規性中心 > 搜尋 > 稽核記錄搜尋,並開啟稽核。Navigate to Office 365 Security & Compliance Center > Search > Audit log search and turn Auditing on.

    可在 of_Office 365 安全性&中心頁面開啟稽核記錄搜尋的圖像

  12. 整合 Microsoft Defender for Office 365 與 Microsoft Defender for Endpoint。Integrate Microsoft Defender for Office 365 with Microsoft Defender for Endpoint. 流覽至 Office 365安全性&合規性中心威脅管理總管,然後針對畫面右上角的端點設定選取 > > **** Microsoft Defender。Navigate to Office 365 Security & Compliance Center > Threat management > Explorer and select Microsoft Defender for Endpoint Settings on the upper right corner of the screen. 在 [端點的 Defender for Connection- 對話方塊中,開啟 [連接至 Microsoft Defender for Endpoint。In the Defender for Endpoint connection dialog box, turn on Connect to Microsoft Defender for Endpoint.

    可在 of_Office 365 安全性&中心頁面開啟 Microsoft Defender 端點連結的影像

設定 Microsoft Defender 的身分識別Configure Microsoft Defender for Identity

注意

如果您已經啟用 Microsoft Defender 的身分識別,請略過此步驟Skip this step if you've already enabled Microsoft Defender for Identity

  1. 流覽至 Microsoft 365 資訊安全中心,>選取更多 Microsoft > Defender 用於身分識別的資源Navigate to Microsoft 365 Security Center > select More Resources > Microsoft Defender for Identity.

    365 of_Microsoft 365 資訊安全中心頁面上有開啟 Microsoft Defender 身分識別選項的影像

  2. 按一下 [建立 以啟動 Microsoft Defender 的身分識別精靈。Click Create to start the Microsoft Defender for Identity wizard.

    ![[of_Microsoft識別精靈的 Defender 頁面圖像,您應該按一下 建立按鈕

  3. 選擇 提供使用者名稱和密碼,以連接到您的 Active Directory 樹目錄Choose Provide a username and password to connect to your Active Directory forest.

    身分of_Microsoft Defender 歡迎頁面的圖像

  4. 輸入 Active Directory 內部部署認證。Enter your Active Directory on-premises credentials. 這可以是具有 Active Directory 讀取權限的任何使用者帳戶。This can be any user account that has read access to Active Directory.

    身分of_Microsoft Defender for Identity Directory 服務頁面的圖像,您應該將認證放在這個頁面

  5. 接下來,選擇 下載感應器設定 ,然後傳輸檔案到您的網域控制站。Next, choose Download Sensor Setup and transfer file to your domain controller.

    圖像of_Microsoft識別的 Defender 頁面,您可以在此選取下載感應器設定

  6. 執行 Microsoft Defender for Identity 感應器設定,然後按照精靈執行。Execute the Microsoft Defender for Identity Sensor Setup and begin following the wizard.

    ![身分of_Microsoft Defender 頁面的圖像,您應該按一下 Microsoft Defender for Identity 感應器精靈,

  7. 按一下 感應器 部署類型的 [下一步。Click Next at the sensor deployment type.

    身分of_Microsoft Defender 頁面的圖像,您應該按一下旁以前往下一頁

  8. 複製便捷鍵,因為您需要在精靈中輸入下一個。Copy the access key because you need to enter it next in the Wizard.

    影像of_the感應器頁面,您應該複製下一個 Microsoft Defender for Identity 感應器設定精靈頁面中輸入的存取鍵

  9. 將便捷鍵複製到精靈,然後按一下 [ 安裝Copy the access key into the Wizard and click Install.

    ![of_Microsoft識別感應器精靈頁面的影像,您應該在這裡提供便捷鍵,然後按一下安裝按鈕

  10. 恭喜您,您已成功在網域控制站上針對身分識別將 Microsoft Defender 設成。Congratulations, you've successfully configured Microsoft Defender for Identity on your domain controller.

    ![of_Microsoft識別感應器精靈安裝完成的圖像,您應該按一下完成按鈕

  11. 在 Microsoft Defender for Identity settings 區段下,選取 **Microsoft Defender for Endpoint **,然後開啟切換開關。Under the Microsoft Defender for Identity settings section, select **Microsoft Defender for Endpoint **, then turn on the toggle. 按一下 [儲存]Click Save.

    影像of_the Microsoft Defender 的身分識別設定頁面,您應該將 Microsoft Defender for Endpoint 切換為開啟

注意

Windows Defender ATP 已重新組織為端點的 Microsoft Defender。Windows Defender ATP has been rebranded as Microsoft Defender for Endpoint. 我們所有入口網站都推出重新建立變更的一致性。Rebranding changes across all of our portals are being rolled out the for consistency.

設定 Microsoft 雲端 App 安全性Configure Microsoft Cloud App Security

注意

如果您已啟用 Microsoft Cloud App 安全性,請略過此步驟。Skip this step if you've already enabled Microsoft Cloud App Security.

  1. 流覽至 Microsoft 365 資訊安全中心 > 其他資源 Microsoft 雲端 > App 安全性Navigate to Microsoft 365 Security Center > More Resources > Microsoft Cloud App Security.

    可在 of_Microsoft 365 資訊安全中心頁面看到 Microsoft Cloud App 卡片的影像,應該按一下開啟按鈕

  2. 在整合 Microsoft Defender for Identity 的資訊提示中,選取啟用 Microsoft Defender 進行身分識別資料整合At the information prompt to integrate Microsoft Defender for Identity, select Enable Microsoft Defender for Identity data integration.

    影像of_the資訊提示以整合 Microsoft Defender 的身分識別,您應該在這裡選取啟用 Microsoft Defender 進行身分識別資料整合連結

    注意

    如果您沒看到這個提示,可能表示您的 Microsoft Defender 的身分識別資料整合功能已啟用。If you don’t see this prompt, it might mean that your Microsoft Defender for Identity data integration has already been enabled. 不過,如果您不確定,請與您的 IT 系統管理員聯繫以確認。However, if you are not sure, contact your IT Administrator to confirm.

  3. 請前往 [ 設定,開啟 Microsoft Defender 的 身分識別整合切換開關,然後按一下 [ 儲存Go to Settings, turn on the Microsoft Defender for Identity integration toggle, then click Save.

    ![影像of_the設定頁面,您應該開啟 Microsoft Defender 的身分識別整合切換,然後按一下 儲存

    注意

    針對新的 Microsoft Defender 身分識別實例,此整合切換開關會自動開啟。For new Microsoft Defender for Identity instances, this integration toggle is automatically turned on. 繼續下一個步驟之前,請確認您的 Microsoft Defender 身分識別整合功能已啟用。Confirm that your Microsoft Defender for Identity integration has been enabled before you proceed to the next step.

  4. 在雲端探索設定下,選取 Microsoft Defender 進行端點整合,然後啟用整合。Under the Cloud discovery settings, select Microsoft Defender for Endpoint integration, then enable the integration. 按一下 [儲存]Click Save.

    影像of_the Microsoft Defender for Endpoint 頁面,其中已選取 Microsoft Defender for Endpoint 整合下的封鎖未封鎖的應用程式核取方塊。

  5. 在雲端探索設定下,選取 使用者擴充,然後啟用與 Azure Active Directory 的整合。Under Cloud discovery settings, select User enrichment, then enable the integration with Azure Active Directory.

    使用者擴充區段的圖像,其中已選取 Azure Active Directory 使用者名稱核取方塊的豐富探索使用者識別碼

設定 Microsoft Defender 端點Configure Microsoft Defender for Endpoint

注意

如果您已經啟用端點的 Microsoft Defender,請略過此步驟。Skip this step if you've already enabled Microsoft Defender for Endpoint.

  1. 流覽至 Microsoft 365 資訊安全中心 > 其他資源 Microsoft > Defender 資訊安全中心Navigate to Microsoft 365 Security Center > More Resources > Microsoft Defender Security Center. 按一下 [開啟]。Click Open.

    Microsoft 365 of_Microsoft中 Defender 資訊安全中心的影像選項

  2. 請遵循 Microsoft Defender for Endpoint 精靈。Follow the Microsoft Defender for Endpoint wizard. [下一步]Click Next.

    Microsoft Defender of_the歡迎精靈頁面的影像

  3. 根據您的偏好資料儲存位置、資料保留政策、組織規模,以及選擇參加預覽功能來選擇。Choose based on your preferred data storage location, data retention policy, organization size, and opt-in for preview features.

    選取of_the儲存國家/地區、保留規定和組織大小的圖像頁面。

    注意

    之後您無法變更某些設定,例如資料儲存位置。You cannot change some of the settings, like data storage location, afterwards.

    [下一步]Click Next.

  4. 按一下 [繼續 ,它會針對端點租使用者提供您的 Microsoft Defender。Click Continue and it will provision your Microsoft Defender for Endpoint tenant.

    ![頁面上of_the按一下 繼續按鈕以建立雲端實例

  5. 透過群組原則、Microsoft Endpoint Manager 或執行本地腳本到 Microsoft Defender for Endpoint,來設置端點。Onboard your endpoints through Group Policies, Microsoft Endpoint Manager or by running a local script to Microsoft Defender for Endpoint. 為了簡化,本指南使用本地腳本。For simplicity, this guide uses the local script.

  6. 按一下 [下載套件 ,然後複製設置腳本至 (端點) 。Click Download package and copy the onboarding script to your endpoint(s).

    提示of_page下載套件按鈕以將上線腳本複製到端點或端點的圖像

  7. 在端點上,以系統管理員的名次執行設置腳本,然後選擇 Y。On your endpoint, run the onboarding script as Administrator and choose Y.

    圖像of_the您執行設置腳本並選擇 Y 以繼續進行的命令列

  8. 恭喜您,您的第一個端點已經上線。Congratulations, you've onboarded your first endpoint.

    顯示of_the的影像,您可以在此取得已上線第一個端點的確認。

  9. 從 Microsoft Defender for Endpoint 精靈複製貼上偵測測試。Copy-paste the detection test from the Microsoft Defender for Endpoint wizard.

    ![影像of_the偵測測試步驟,您應該按一下 複製以複製偵測測試腳本,您應該貼到命令提示文字中

  10. 將 PowerShell 腳本複製到提升許可權的命令提示文字,然後執行它。Copy the PowerShell script to an elevated command prompt and run it.

    影像of_command提示,您應該將 PowerShell 腳本複製到提升許可權的命令提示文字並加以執行

  11. 精靈選取 開始使用 Microsoft Defender for Endpoint。Select Start using Microsoft Defender for Endpoint from the Wizard.

    ![影像of_the精靈中的確認提示,您應該按一下 開始使用 Microsoft Defender for Endpoint

  12. 請流覽 Microsoft Defender 資訊安全中心Visit the Microsoft Defender Security Center. 請前往設定 然後選取進 一功能Go to Settings and then select Advanced features.

    圖像of_Microsoft Defender 資訊安全中心設定功能表,您應該選取進一功能

  13. 開啟與 Microsoft Defender 的身分識別整合Turn on the integration with Microsoft Defender for Identity.

    需要of_Microsoft的 Microsoft Defender 身分識別選項切換按鈕圖像

  14. 開啟與 Office 365 威脅情報的整合Turn on the integration with Office 365 Threat Intelligence.

    需要of_Microsoft Defender 資訊安全中心進功能、Office 365 威脅情報選項切換開關的圖像

  15. 開啟與 Microsoft Cloud App 安全性的整合Turn on integration with Microsoft Cloud App Security.

    需要of_Microsoft Defender 資訊安全中心進功能、Microsoft 雲端 App 安全性選項切換開關的圖像

  16. 向下卷軸並按一下 [儲存偏好 設定以確認新的整合。Scroll down and click Save preferences to confirm the new integrations.

    圖像of_Save您需要按一下的喜好設定按鈕

開始使用 Microsoft 365 Defender 服務Start the Microsoft 365 Defender service

注意

自 2020 年 6 月 1 日起,Microsoft 會自動針對所有合格租使用者啟用 Microsoft 365 Defender 功能。Starting June 1, 2020, Microsoft automatically enables Microsoft 365 Defender features for all eligible tenants. 請參閱此 Microsoft 技術社群文章,瞭解授權資格的詳細資訊See this Microsoft Tech Community article on license eligibility for details.

請前往 Microsoft 365 資訊安全中心Go to Microsoft 365 Security Center. 流覽至 設定, 然後選取 Microsoft 365 Defender。Navigate to Settings and then select Microsoft 365 Defender.

Microsoft 365 of_Microsoft設定頁面的影像顯示 365 Defender 選項螢幕擷取畫面Image of_Microsoft 365 Defender option screenshot from the Microsoft 365 Security Center Settings page

有關更全方位的指引,請參閱開啟Microsoft 365 Defender。For a more comprehensive guidance, see Turn on Microsoft 365 Defender.

恭喜您!Congratulations! 您剛建立 Microsoft 365 Defender 試用版實驗室或試驗環境!You've just created your Microsoft 365 Defender trial lab or pilot environment! 現在您可以熟悉 Microsoft 365 Defender 使用者介面了!Now you can familiarize yourself with the Microsoft 365 Defender user interface! 查看您可從下列 Microsoft 365 Defender 互動式指南中學到什麼,並瞭解如何使用儀表板執行日常的安全性作業工作。See what you can learn from the following Microsoft 365 Defender interactive guide and know how to use each dashboard for your day-to-day security operation tasks.

接下來,您可以模擬攻擊,並查看交叉產品功能偵測、建立警示,並自動回應端點上的無檔案攻擊。Next, you can simulate an attack and see how the cross product capabilities detect, create alerts, and automatically respond to a fileless attack on an endpoint.

下一步Next step

攻擊模擬階段Attack simulation phase 針對您的 Microsoft 365 Defender 試驗環境執行攻擊模擬。Run the attack simulation for your Microsoft 365 Defender pilot environment.