You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/defender-endpoint-trial-user-guide.md
+8-21Lines changed: 8 additions & 21 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ ms.author: siosulli
7
7
manager: deniseb
8
8
audience: ITPro
9
9
ms.topic: how-to
10
-
ms.date: 07/07/2022
10
+
ms.date: 06/25/2024
11
11
ms.collection:
12
12
- m365-security
13
13
- tier2
@@ -22,7 +22,7 @@ f1.keywords: NOCSH
22
22
23
23
Welcome to the Microsoft Defender for Endpoint Plan 2 trial user guide!
24
24
25
-
This playbook is a simple guide to help you make the most of your free trial. Using the suggested steps in this article from the Microsoft Defender team, you'll learn how Defender for Endpoint can help you to prevent, detect, investigate, and respond to advanced threats.
25
+
This playbook is a simple guide to help you make the most of your free trial. Using the suggested steps in this article from the Microsoft Defender team, you learn how Defender for Endpoint can help you to prevent, detect, investigate, and respond to advanced threats.
26
26
27
27
## What is Defender for Endpoint?
28
28
@@ -63,8 +63,7 @@ This playbook is a simple guide to help you make the most of your free trial. Us
63
63
3.[Visit the Microsoft Defender portal](#step-3-visit-the-microsoft-365-defender-portal).
64
64
4.[Onboard endpoints using any of the supported management tools](#step-4-onboard-endpoints-using-any-of-the-supported-management-tools).
6.[Experience Microsoft Defender for Endpoint through simulated attacks](#step-6-experience-microsoft-defender-for-endpoint-through-simulated-attacks).
67
-
7.[Set up the Microsoft Defender for Endpoint evaluation lab](#step-7-set-up-the-microsoft-defender-for-endpoint-evaluation-lab).
66
+
6.[Set up the Microsoft Defender for Endpoint evaluation lab](#step-6-set-up-the-microsoft-defender-for-endpoint-evaluation-lab).
68
67
69
68
## Step 1: Confirm your license state
70
69
@@ -74,17 +73,17 @@ To make sure your Defender for Endpoint subscription is properly provisioned, yo
74
73
75
74
## Step 2: Set up role-based access control and grant permissions to your security team
76
75
77
-
Microsoft recommends using the concept of least privileges. Defender for Endpoint uses built-in roles within Microsoft Entra ID. [Review the different roles that are available](/azure/active-directory/roles/permissions-reference) and choose appropriate roles for your security team. Some roles may need to be applied temporarily and removed after the trial has been completed.
76
+
Microsoft recommends using the concept of least privileges. Defender for Endpoint uses built-in roles within Microsoft Entra ID. [Review the different roles that are available](/azure/active-directory/roles/permissions-reference) and choose appropriate roles for your security team. Some roles might need to be applied temporarily and removed after the trial is finished.
78
77
79
78
Use [Privileged Identity Management](/azure/active-directory/active-directory-privileged-identity-management-configure) to manage your roles to provide extra auditing, control, and access review for users with directory permissions.
80
79
81
80
Defender for Endpoint supports two ways to manage permissions:
82
81
83
-
- Basic permissions management: Set permissions to either full access or read-only. Users with Global Administrator or Security Administrator roles in Microsoft Entra ID have full access. The Security reader role has read-only access and doesn't grant access to view machines/device inventory.
82
+
- Basic permissions management: Set permissions to either full access or read-only. Users who have either the Global Administrator or Security Administrator role in Microsoft Entra ID have full access. The Security Reader role has read-only access and doesn't grant access to view machines/device inventory.
84
83
- Role-based access control (RBAC): Set granular permissions by defining roles, assigning Microsoft Entra user groups to the roles, and granting the user groups access to device groups. For more information, see [Manage portal access using role-based access control](rbac.md).
85
84
86
-
> [!NOTE]
87
-
> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.
85
+
> [!IMPORTANT]
86
+
> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
@@ -112,19 +111,7 @@ After onboarding devices (endpoints), you'll configure the various capabilities,
112
111
113
112
Use [this table](onboarding.md) to choose components to configure. We recommend configuring all available capabilities, but you're able to skip the ones that don't apply.
114
113
115
-
## Step 6: Experience Microsoft Defender for Endpoint through simulated attacks
116
-
117
-
You might want to experience Defender for Endpoint before you onboard more than a few devices to the service. To do this, you can run controlled attack simulations on a few test devices. After running the simulated attacks, you can review how Defender for Endpoint surfaces malicious activity and explore how it enables an efficient response.
118
-
119
-
To run any of the provided simulations, you need at least [one onboarded device](onboard-configure.md).
120
-
121
-
1. Access the tutorials. In the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, under **Endpoints**, choose **Tutorials**.
122
-
123
-
2. Read the walkthrough document provided with each attack scenario. Each document includes OS and application requirements and detailed instructions that are specific to an attack scenario.
124
-
125
-
3.[Run a simulation](attack-simulations.md).
126
-
127
-
## Step 7: Set up the Microsoft Defender for Endpoint evaluation lab
114
+
## Step 6: Set up the Microsoft Defender for Endpoint evaluation lab
128
115
129
116
The Microsoft Defender for Endpoint evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action. Using the simplified set-up experience in evaluation lab, you can focus on running your own test scenarios and the pre-made simulations to see how Defender for Endpoint performs.
Copy file name to clipboardExpand all lines: defender-endpoint/device-control-report.md
+7-3Lines changed: 7 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ title: View device control events and information in Microsoft Defender for Endp
3
3
description: Monitor your organization's data security through device control reports.
4
4
ms.service: defender-endpoint
5
5
ms.localizationpriority: medium
6
-
ms.date: 05/16/2024
6
+
ms.date: 06/25/2024
7
7
ms.author: siosulli
8
8
author: siosulli
9
9
ms.topic: conceptual
@@ -20,7 +20,11 @@ search.appverid: met150
20
20
21
21
# View device control events and information in Microsoft Defender for Endpoint
22
22
23
-
Microsoft Defender for Endpoint device control helps protect your organization from potential data loss, malware, or other cyberthreats by allowing or preventing certain devices to be connected to users' computers. You can view information about device control events with advanced hunting or by using the device control report.
23
+
Microsoft Defender for Endpoint device control helps protect your organization from potential data loss, malware, or other cyberthreats by allowing or preventing certain devices to be connected to users' computers. Your security team can view information about device control events with advanced hunting or by using the device control report.
24
+
25
+
> [!IMPORTANT]
26
+
> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
27
+
24
28
25
29
To access the [Microsoft Defender portal](https://security.microsoft.com/advanced-hunting), your subscription must include Microsoft 365 for E5 reporting.
26
30
@@ -100,7 +104,7 @@ In the **Reports** dashboard, the **Device protection** card shows the number of
100
104
101
105
The **View details** button shows more media usage data in the **Device control report** page.
102
106
103
-
The page provides a dashboard with aggregated number of events per type and a list of events and shows 500 events per page, but if you're an administrator (such as a global administrator or security administrator), you can scroll down to see more events and can filter on time range, media class name, and device ID.
107
+
The page provides a dashboard with aggregated number of events per type and a list of events and shows 500 events per page, but if you're an administrator (such as a Security Administrator), you can scroll down to see more events and can filter on time range, media class name, and device ID.
104
108
105
109
> [!div class="mx-imgBorder"]
106
110
> :::image type="content" source="media/Detaileddevicecontrolreport.png" alt-text="The Device Control Report Details page in the Microsoft Defender portal" lightbox="media/Detaileddevicecontrolreport.png":::
0 commit comments