Skip to content

Commit

Permalink
Merge pull request #291 from KenMAG/master
Browse files Browse the repository at this point in the history 
Grammar (Acrolinx) and fine-tuning updates.
  • Loading branch information
@KenMAG
KenMAG authored Jun 14, 2024
2 parents 417068d + e820d21 commit 6e79844
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 26 deletions.
26 changes: 13 additions & 13 deletions Instructions/Labs/LAB_AK_01_Lab1_Ex1_Explore_M365_Defender.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ lab:

![M365 Defender](../Media/SC-200-Lab_M1_L1_Ex1.png)

You are a Security Operations Analyst working at a company that is implementing Microsoft Defender XDR. You start by assigning preset security policies in EOP and Microsoft Defender for Office 365.
You're a Security Operations Analyst working at a company that is implementing Microsoft Defender XDR. You start by assigning preset security policies used in Exchange Online Protection (EOP) and Microsoft Defender for Office 365.

>**Note:** An **[interactive lab simulation](https://mslabs.cloudguides.com/guides/SC-200%20Lab%20Simulation%20-%20Explore%20Microsoft%20365%20Defender)** is available that allows you to click through this lab at your own pace. You may find slight differences between the interactive simulation and the hosted lab, but the core concepts and ideas being demonstrated are the same.
Expand All @@ -22,30 +22,30 @@ Tenants must not be converted to a paid subscription. Tenants obtained as a part

### Task 1: Obtain Your Microsoft 365 Credentials

Once you launch the lab, a free trial tenant will be made available to you to access in the Microsoft virtual Lab environment. This tenant will be automatically assigned a unique username and password. You must retrieve this username and password so that you can sign into Azure and Microsoft 365 within the Microsoft Virtual Lab environment.
Once you launch the lab, a free trial tenant is made available to you to access in the Microsoft virtual Lab environment. This tenant is automatically assigned a unique username and password. You must retrieve this username and password so that you can sign into Azure and Microsoft 365 within the Microsoft Virtual Lab environment.

Because this course can be offered by learning partners using any one of several Authorized Lab Hosting (ALH) providers, the actual steps involved to retrieve the tenant ID associated with your tenant may vary by lab hosting provider. Therefore, your instructor will provide you with the necessary instructions for how to retrieve this information for your course. The information that you should note for later use includes:

- **Tenant suffix ID.** This ID is for the onmicrosoft.com accounts that you will use to sign into Microsoft 365 throughout the labs. This is in the format of **{username}@ZZZZZZ.onmicrosoft.com**, where ZZZZZZ is your unique tenant suffix ID provided by your lab hosting provider. Record this ZZZZZZ value for later use. When any of the lab steps direct you to sign into Microsoft 365 portals, you must enter the ZZZZZZ value that you obtained here.
- **Tenant suffix ID.** This ID is for the onmicrosoft.com accounts that you'll use to sign into Microsoft 365 throughout the labs. This is in the format of **{username}@ZZZZZZ.onmicrosoft.com**, where ZZZZZZ is your unique tenant suffix ID provided by your lab hosting provider. Record this ZZZZZZ value for later use. When any of the lab steps direct you to sign into Microsoft 365 portals, you must enter the ZZZZZZ value that you obtained here.
- **Tenant password.** This is the password for the admin account provided by your lab hosting provider.

### Task 2: Apply Microsoft Defender for Office 365 preset security policies

In this task, you will assign preset security policies for Exchange Online Protection (EOP) and Microsoft Defender for Office 365 in the Microsoft 365 security portal.
In this task, you'll assign preset security policies for Exchange Online Protection (EOP) and Microsoft Defender for Office 365 in the Microsoft 365 security portal.

1. Login to WIN1 virtual machine as Admin with the password: **Pa55w.rd**.
1. Log in to WIN1 virtual machine as Admin with the password: **Pa55w.rd**.

1. Start the Microsoft Edge browser.

1. In the Edge browser, go to the Microsoft Defender XDR portal at (https://security.microsoft.com).
1. In the Microsoft Edge browser, go to the Microsoft Defender XDR portal at (https://security.microsoft.com).

1. In the **Sign in** dialog box, copy and paste in the tenant Email account for the admin username provided by your lab hosting provider and then select **Next**.
1. In the **Sign in** dialog box, copy, and paste in the tenant Email account for the admin username provided by your lab hosting provider and then select **Next**.

1. In the **Enter password** dialog box, copy and paste in the admin's tenant password provided by your lab hosting provider and then select **Sign in**.
1. In the **Enter password** dialog box, copy, and paste in the admin's tenant password provided by your lab hosting provider and then select **Sign in**.

>**Note:** If you receive a message "The operation could not be completed. Please try again later. If the problem persists, contact Microsoft support." just click **OK** to continue.
1. If shown, close the Microsoft Defender XDR quick tour pop-up window. **Hint:** Later in this lab, you will need to wait until the Defender workspace is provisioned, you can take this time to navigate through the guided tours to learn more about Microsoft Defender XDR.
1. If shown, close the Microsoft Defender XDR quick tour pop-up window. **Hint:** Later in this lab, you'll need to wait until the Defender workspace is provisioned, you can take this time to navigate through the guided tours to learn more about Microsoft Defender XDR.

1. From the navigation menu, under *Email & Collaboration* area, select **Policies & rules**.

Expand All @@ -63,7 +63,7 @@ In this task, you will assign preset security policies for Exchange Online Prote

1. In the *Apply Exchange Online Protection* section, select **Specific recipients** and under **Domains** start writing your tenant's domain name, select it, and then select **Next**.

>**Hint:** Your tenant's domain name is the same that you have for you admin account, it might be something like *WWLx######.onmicrosoft.com*. Notice that this configuration applies policies for anti-spam, outbound spam filter, anti-malware, anti-phishing.
>**Hint:** Your tenant's domain name is the same name that you have for your admin account, it might be something like *WWLx######.onmicrosoft.com*. Notice that this configuration applies policies for anti-spam, outbound spam filter, anti-malware, anti-phishing.
1. In the *Apply Defender for Office 365 protection* section, apply the same configuration as the previous step and select **Next**. Notice that this configuration applies policies for anti-phishing, Safe Attachments, Safe Links.

Expand Down Expand Up @@ -99,10 +99,10 @@ In this task, you will assign preset security policies for Exchange Online Prote

1. Scroll down the menu items to **Assets** and select **Devices**.

1. The process to deploy the Defender XDR workspace should start and you should see messages saying *loading and Initializing* briefly displayed at the top of the page, and then you're going to see an image of a coffee mug and a message that reads: **Hang on! We're preparing new spaces for your data and connecting them.** It will take approximately 5 minutes to finish. *Leave the page open and make sure it finishes since it is required for the next Lab.*
1. The process to deploy the Defender XDR workspace should start and you should see messages saying *loading and Initializing* briefly displayed at the top of the page, and then you're going to see an image of a coffee mug and a message that reads: **Hang on! We're preparing new spaces for your data and connecting them.** It takes approximately 5 minutes to finish. *Leave the page open and make sure it finishes since it's required for the next Lab.*

>**Note:** If the message "Hang on! We're preparing new spaces for your data and connecting them" does not appear, or the "Settings > Microsoft Defender XDR > Account" page opens, but you see the message "Failed to load data storage location. Please try again later", select "Alert service settings" from the "General" menu, or go to the navigation menu, scroll down to the "Assets" section and select "Devices".
>**Note:** Disregard any pop-up error messages. If the message "Hang on! We're preparing new spaces for your data and connecting them" does not appear, or the "Settings > Microsoft Defender XDR > Account" page opens, but you see the message "Failed to load data storage location. Please try again later", select "Alert service settings" from the "General" menu, or go to the navigation menu, scroll down to the "Assets" section and select "Devices".
1. When the new space completes successfully, you are going to see the Microsoft Defender XDR General settings for Account, Email notifications, Alert service settings, Permissions and roles and Streaming API. You will also see **Preview Features** turned on.
1. When the new space completes successfully, you're going to see the Microsoft Defender XDR General settings for Account, Email notifications, Alert service settings, Permissions and roles and Streaming API. You'll also see **Preview Features** turned on.

## You have completed the lab
26 changes: 13 additions & 13 deletions Instructions/Labs/LAB_AK_02_Lab1_Ex1_Deploy_Defender_Endpoint.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ lab:

![Lab overview.](../Media/SC-200-Lab_Diagrams_Mod2_L1_Ex1.png)

You are a Security Operations Analyst working at a company that is implementing Microsoft Defender for Endpoint. Your manager plans to onboard a few devices to provide insight into required changes to the Security Operations (SecOps) team response procedures.
You're a Security Operations Analyst working at a company that is implementing Microsoft Defender for Endpoint. Your manager plans to onboard a few devices to provide insight into required changes to the Security Operations (SecOps) team response procedures.

You start by initializing the Defender for Endpoint environment. Next, you onboard the initial devices for your deployment by running the onboarding script on the devices. You configure security for the environment. Lastly, you create Device groups and assign the appropriate devices.

Expand All @@ -25,21 +25,21 @@ You start by initializing the Defender for Endpoint environment. Next, you onboa

In this task, you'll perform the initialization of the Microsoft Defender for Endpoint.

1. Log in to **WIN1** virtual machine as Admin with the password: **Pa55w.rd**.
1. Sign-in to **WIN1** virtual machine as Admin with the password: **Pa55w.rd**.

1. If you aren't already at the Microsoft Defender XDR portal, start the Microsoft Edge browser.

1. In the Edge browser, go to the Defender XDR portal at (https://security.microsoft.com).
1. In the Microsoft Edge browser, go to the Defender XDR portal at (https://security.microsoft.com).

1. In the **Sign in** dialog box, copy, and paste in the tenant Email account for the admin username provided by your lab hosting provider and then select **Next**.

1. In the **Enter password** dialog box, copy, and paste in the admin's tenant password provided by your lab hosting provider and then select **Sign in**.

>**Tip:** The admin's tenant email account and password can be found on the Resources tab.
1. On the **Defender XDR** portal, from the navigation menu, select **Settings** from the left.
1. On the **Defender XDR** portal, from the navigation menu on the left, scroll down and expand the **System** section and select **Settings**.

1. On the Settings page, select **Device discovery**.
1. On the Settings page, select **Device discovery**.

>**Note:** If you do not see the **Device discovery** option under **Settings**, logout by selecting the top-right circle with your account initials and select **Sign out**. Other options that you might want to try is to refresh the page with Ctrl+F5 or open the page InPrivate. Login again with the **Tenant Email** credentials.
Expand All @@ -48,11 +48,11 @@ In this task, you'll perform the initialization of the Microsoft Defender for En
>**Hint:** If you do not see the option, refresh the page.

### Task 2: Onboard a Device.
### Task 2: Onboard a Device

In this task, you'll onboard a device to Microsoft Defender for Endpoint using an onboarding script.

1. Select **Settings** from the left menu bar, then from the Settings page select **Endpoints**.
1. In the **Defender XDR** portal, from the navigation menu on the left, scroll down and expand the **System** section and select **Settings**, then from the Settings page select **Endpoints**.

1. Select **Onboarding** in the Device management section.

Expand All @@ -70,8 +70,8 @@ In this task, you'll onboard a device to Microsoft Defender for Endpoint using a

1. Right-click on the extracted file "WindowsDefenderATPLocalOnboardingScript.cmd" and select **Properties**. Select the **Unblock** checkbox in the bottom right of the Properties windows and select **OK**.

1. Right-click on the extracted file "WindowsDefenderATPLocalOnboardingScript.cmd" again and choose **Run as Administrator**. **Hint:** If you encounter the Windows SmartScreen window, select on **More info**, and choose **Run anyway**.
1. Right-click on the extracted file "WindowsDefenderATPLocalOnboardingScript.cmd" again and choose **Run as Administrator**. **Hint:** If you encounter the Windows SmartScreen window, select on **More info**, and choose **Run anyway**.

1. When the "User Account Control" window is shown, select **Yes** to allow the script to run and answer **Y** to the question presented by the script and press **Enter**. When complete you should see a message in the command screen that says *Successfully onboarded machine to Microsoft Defender for Endpoint*.

1. Press any key to continue. This closes the Command Prompt window.
Expand All @@ -81,7 +81,7 @@ In this task, you'll onboard a device to Microsoft Defender for Endpoint using a

In this task, you'll configure roles for use with device groups.

1. In the Microsoft Defender XDR portal select **Settings** from the left menu bar, then select **Endpoints**.
1. In the Microsoft Defender XDR portal left menu bar, expand the **System** section and select **Settings**, then select **Endpoints**.

1. Select **Roles** under the permissions area.

Expand All @@ -108,7 +108,7 @@ In this task, you'll configure roles for use with device groups.

In this task, you'll configure device groups that allow for access control and automation configuration.

1. In the Microsoft Defender XDR portal select **Settings** from the left menu bar, then select **Endpoints**.
1. In the Microsoft Defender XDR portal left menu bar, expand the **System** section and select **Settings**, then select **Endpoints**.

1. Select **Device groups** under the permissions area.

Expand All @@ -124,7 +124,7 @@ In this task, you'll configure device groups that allow for access control and a
1. Select **Next**.

1. On the Devices tab, for the OS condition select **Windows 10** and select **Next**.

>**Note:** Some lab hosting providers may have configured *Windows 11* images for WIN1. You can select either or both.
1. On the Preview devices tab, the *Show preview* button could show the WIN1 virtual machine, but most likely the data isn't populated yet. Select **Next** to continue.
Expand All @@ -135,6 +135,6 @@ In this task, you'll configure device groups that allow for access control and a

1. Device group configuration has changed. Select **Apply changes** to check matches and recalculate groupings.

1. You're going to have two device groups now; the "Regular" you just created and the "Ungrouped devices (default)" with the same remediation level.
1. You're going to have two device groups now; the "Regular" you created and the "Ungrouped devices (default)" with the same remediation level.

## Proceed to Exercise 2

0 comments on commit 6e79844

Please sign in to comment.