Tutorials and simulations in Microsoft Defender for Business
This article describes some scenarios to try and several tutorials and simulations that are available for Defender for Business. These resources show how Defender for Business can work for your company.
Try these scenarios
The following table summarizes several scenarios to try with Defender for Business.
|Onboard devices using a local script||In Defender for Business, you can onboard Windows and Mac devices by using a script that you download and run on each device. The script creates a trust with Azure Active Directory (Azure AD), if that trust doesn't already exist; enrolls the device with Microsoft Intune, if you have Intune; and onboards the device to Defender for Business. To learn more, see Onboard devices to Defender for Business.|
|Onboard devices using the Microsoft Endpoint Manager admin center||If you were already using Intune before getting Defender for Business, you can continue to use Endpoint Manager admin center to onboard devices. Try onboarding your Windows, Mac, iOS, and Android devices with Microsoft Intune. To learn more, see Device enrollment in Microsoft Intune.|
|Edit security policies||If you're managing your security policies in Defender for Business, use the Device configuration page to view and edit your policies. Defender for Business comes with default policies that use recommended settings to secure your company's devices as soon as they're onboarded. You can keep the default policies, edit them, and define your own policies to suit your business needs. To learn more, see View or edit policies in Defender for Business.|
|Run a simulated attack||Several tutorials and simulations are available in Defender for Business. These tutorials and simulations show how the threat-protection features of Defender for Business can work for your company. You can also use a simulated attack as a training exercise for your team. To try the tutorials, see Recommended tutorials for Defender for Business.|
|View incidents in Microsoft 365 Lighthouse||If you're a Microsoft Cloud Solution Provider using Microsoft 365 Lighthouse, you can view incidents across your customers' tenants in your Microsoft 365 Lighthouse portal. To learn more, see Microsoft 365 Lighthouse and Defender for Business.|
Recommended tutorials for Defender for Business
The following table describes the recommended tutorials for Defender for Business customers.
|Document Drops Backdoor||Simulate an attack that introduces file-based malware on a test device. The tutorial describes how to use the simulation file and what to watch for in the Microsoft 365 Defender portal.
This tutorial requires that Microsoft Word is installed on your test device.
|Live Response||Learn how to use basic and advanced commands with Live Response. Learn how to locate a suspicious file, remediate the file, and gather information on a device.|
|Microsoft Defender Vulnerability Management(core scenarios)||Learn about Defender Vulnerability Management through three scenarios:
Defender Vulnerability Management uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
Each tutorial includes a walkthrough document that explains the scenario, how it works, and what to do.
You'll see references to Microsoft Defender for Endpoint in the walkthrough documents. The tutorials listed in this article can be used with either Defender for Endpoint or Defender for Business.
How to access the tutorials
Go to the Microsoft 365 Defender portal (https://security.microsoft.com) and sign in.
In the navigation pane, under Endpoints, choose Tutorials.
Choose one of the following tutorials:
- Document Drops Backdoor
- Live Response
- Microsoft Defender Vulnerability Management (core scenarios)
Submit and view feedback for