Use the following steps to setup and configure the pilot for Microsoft Defender for identity. Note that the recommendations don’t include setting up a pilot group. The best practice is to go ahead and install the sensor on all of your servers running Active Directory Domain Services (AD DS) and Active Directory Federated Services (AD FS).
The following table describes the steps in the illustration.
- Step 1: Configure benchmark recommendations for your identity environment
- Step 2: Try out capabilities — Walk through tutorials for identifying and remediating different attack types
Step 1. Configure benchmark recommendations for your identity environment
Microsoft provides security benchmark recommendations for customers using Microsoft Cloud services. The Azure Security Benchmark (ASB) provides prescriptive best practices and recommendations to help improve the security of workloads, data, and services on Azure.
These benchmark recommendations include Azure security baseline for Microsoft Defender for Identity. Implementing these recommendations can take some time to plan and implement. While these will greatly increase the security of your identity environment, they shouldn’t prevent you from continuing to evaluate and implement Microsoft Defender for Identity. These are provided here for your awareness.
Step 2. Try out capabilities — Walk through tutorials for identifying and remediating different attack types
The Microsoft Defender for Identity documentation includes a series of tutorials that walk through the process of identifying and remediating various attack types.
Try out Defender for Identity tutorials:
- Reconnaissance alerts
- Compromised credential alerts
- Lateral movement alerts
- Domain dominance alerts
- Exfiltration alerts
- Investigate a user
- Investigate a computer
- Investigate lateral movement paths
- Investigate entities