Enable the evaluation environment
- Microsoft 365 Defender
This article is Step 2 of 3 in the process of setting up the evaluation environment for Microsoft Defender for Office 365. For more information about this process, see the overview article.
Use the following steps to enable the evaluation for Microsoft Defender for Office 365.
- Step 1: Audit and verify the public MX record
- Step 2: Audit accepted domains
- Step 3: Audit inbound connectors
- Step 4: Activate the evaluation
Step 1: Audit and verify the public MX record
To effectively evaluate Microsoft Defender for Office 365, it's important that inbound external email is relayed through the Exchange Online Protection (EOP) instance associated with your tenant.
- In the M365 Admin Portal at https://admin.microsoft.com, expand ...Show all if necessary, expand Settings, and then select Domains. Or, to go directly to the Domains page, use https://admin.microsoft.com/Adminportal/Home#/Domains.
- On the Domains page, select your verified email domain by clicking anywhere on the entry other than the check box.
- In the domain details flyout that opens, select the DNS records tab. Make note of the MX record that's generated and assigned to your EOP tenant.
- Access your external (public) DNS zone and check the primary MX record associated with your email domain:
- If your public MX record currently matches the assigned EOP address (for example, contoso-com.mail.protection.outlook.com) then no further routing changes should be required.
- If your public MX record currently resolves to a third-party or on-premises SMTP gateway then additional routing configurations may be required.
- If your public MX record currently resolves to on-premises Exchange then you may still be in a hybrid model where some recipient mailbox have not yet been migrated to EXO.
Step 2: Audit accepted domains
- In the Exchange admin center (EAC) at https://admin.exchange.microsoft.com, expand Mail flow, and then click Accepted domains.Or, to go directly to the Accepted domains page, use https://admin.exchange.microsoft.com/#/accepteddomains.
- On the Accepted domains page, make note of the Domain type value for your primary email domain.
- If the domain type is set to Authoritative then it is assumed all recipient mailboxes for your organization currently reside in Exchange Online.
- If the domain type is set to InternalRelay then you may still be in a hybrid model where some recipient mailboxes still reside on-premises.
Step 3: Audit inbound connectors
- In the Exchange admin center (EAC) at https://admin.exchange.microsoft.com, expand Mail flow, and then click Connectors. Or, to go directly to the Connectors page, use https://admin.exchange.microsoft.com/#/connectors.
- On the Connectors page, make note of any connectors with the following settings:
- The From value is Partner org that might correlate to a third-party SMTP gateway.
- The From value is Your org that might indicate you're still in a hybrid scenario.
Step 4: Activate the evaluation
Use the instructions here to activate your Microsoft Defender for Office 365 evaluation from the Microsoft 365 Defender portal.
For detailed information, see Try Microsoft Defender for Office 365.
In the Microsoft 365 Defender portal at https://security.microsoft.com expand Email & collaboration > select Policies & rules > select Threat policies > scroll down to the Others section, and then select Evaluation mode. Or, to go directly to the Evaluation mode page, use https://security.microsoft.com/atpEvaluation.
On the Evaluation mode page, click Start evaluation.
In the Turn on protection dialog, select No, I only want reporting, and then click Continue.
In the Select the users you want to include dialog, select All users, and then click Continue.
In the Help us understand your mail flow dialog, one of the following options is automatically selected based on our detection of the MX record for your domain:
I'm only using Microsoft Exchange Online: The MX records for your domain point to Microsoft 365. There's nothing left to configure, so click Finish.
I'm using a third-party and/or on-premises service provider: In the upcoming screens, select the vendor name along with the inbound connector that accepts mail from that solution. You also decide if you need an Exchange Online mail flow rule (also known as a transport rule) that skips spam filtering for incoming messages from the third-party protection service or device. When you're finished, click Finish.
Step 3 of 3: Set up the pilot for Microsoft Defender for Office 365
Return to the overview for Evaluate Microsoft Defender for Office 365
Return to the overview for Evaluate and pilot Microsoft 365 Defender
Submit and view feedback for