Initialize Microsoft 365 Defenders Security Products Configurations
Contents
Initialize Microsoft 365 Defenders Security Products Configurations#
This guide focuses on configuring Microsoft 365 defender products before onboarding any device to Microsoft Defender for Endpoint (MDE) and Microsoft Defender for Identity (MDI) or connecting Azure AD applications to Microsoft Cloud App Security (MCAS).
Pre-requirements#
Configure Microsoft Cloud App Security#
Navigate to Microsoft 365 Security Center
Go to
More Resources
>Microsoft Cloud App Security
> open.
You will be taken to the MCAS portal: https://portal.cloudappsecurity.com/
Click on Investigate > Connected Apps.
Click on the three dots to the right of the
Office 365
application >Edit settings...
. Make sure your settings look like the image below. They should be set by default.
Finally, click on
Connect
to connect theOffice 365 app
to MCAS.
You can click on the Office 365 application again and run a quick test:
If office 365 auditing is propagated properly, you should see office 365 app connected.
This is important to do before connecting solutions such as Azure Sentinel to collect data from MCAS.
Configure Microsoft Defender for Identity#
Navigate to Microsoft 365 Security Center
Go to
More Resources
>Azure Advanced Threat Protection
> open.
Create a new MDI instance
You should be able to add a username and password to connect to your Active Directory Forest. These credentials are used by the MDI sensor when it is installed on an endpoint. If you have not deployed your Active Directory yet, you can still set this up. SimuLand creates a few users while deploying the lab environment. If you are using the default users, here is the information for every user:
Finally, you can download the MDI sensor onboarding package. Make sure you save the
Access Key
value. It will be used while installing the MDI sensor on an endpoint. Use the compressed file while deploying a lab environment.
Configure Microsoft Defender for Endpoint#
Navigate to Microsoft 365 Security Center
Go to
More Resources
>Microsoft Defender Security Center
> open
You will be redirected to https://securitycenter.windows.com/ to start the onboarding process. If not, browse to https://securitycenter.windows.com/onboarding2/start to force it. Then, set your
storage location
,retention policy
andorganization size
.
Next, click on
Start using Microsoft Defender for Endpoint
to continue.
You might get a message that says
To experience Microsoft Defender for Endpoint, you need to onboard and test at least one device. You can also onboard devices later.
.Click
Proceed anyway
.
Beginning July 6th, 2021, we’ll gradually start routing users accessing securitycenter.windows.com to the newly unified Microsoft 365 Defender portal — the new home of Microsoft Defender for Endpoint.
Finally, download an MDE onboarding package to use it during deployment.
Go to
Settings
>Onboarding
.Select deployment method
Local Script
and click onDownload onboarding package
.Use the compressed file while deploying a lab environment.