Use of the d3d test environment

Tutorial overview: Lab for Microsoft Defender for Identity Security Alerts

  • 2 minutes to read

The Microsoft Defender for Identity Security Alert Environment tutorial is intended to explore the capabilities of the Microsoft Defender for Identity Illustrate how to identify and spot suspicious activity and potential attacks on your network. This four-part tutorial explains how to install and configure a work environment to discreet Test Microsoft Defender for Identity detections. The test environment focuses on signature-based Microsoft Defender for Identity features. The test environment does not include advanced machine learning, user, or entity-based behavioral detections as these detections require a learning phase with real network traffic of up to 30 days.

Setup of the practice environment

This first tutorial in this four-part series will walk you through creating a test bed for Discrete Detections by Microsoft Defender for Identity. The tutorial provides information about computers, users, and tools needed to set up the test environment and complete the playbooks. The instructions assume that you can safely set up a domain controller and workstations for use in the test environment and other administrative tasks. The closer your test environment matches the suggested test environment setup, the easier it will be for you to follow the Microsoft Defender for Identity test procedures. With your test lab set up, use the Microsoft Defender for Identity Security Alert Playbooks to test it.

Reconnaissance playbook

The second tutorial in this four-part series is a Reconnaissance Playbook. With reconnaissance activities, attackers can gain deep knowledge and a complete mapping of your environment for later use. Using examples of common publicly available hacking and attack tools, the playbook shows you some of the ways Microsoft Defender for Identity can identify and detect suspicious activity from potential attacks.

Lateral Movement Playbook

The Lateral Movement Playbook is the third tutorial in the four-part series. Lateral shifts are performed by attackers to maintain domain dominance. As you run this playbook, you will see threat detections for the Lateral Movement Path and Microsoft Defender for Identity security warnings from the simulated lateral shifts that you run in your test environment.

Domain Dominance Playbook

The final tutorial in the four-part series is the tutorial for the Domain Dominance Playbook. During the domain dominance phase, an attacker has already obtained legitimate credentials to access your domain controller and is trying to achieve permanent domain dominance. You will simulate some common domain dominance methods to demonstrate domain dominance threat detection and security alert services from Microsoft Defender for Identity.

Join the community

Do you have any further questions or would you like to discuss Microsoft Defender for Identity and related security issues with others? Join the Microsoft Defender for Identity community today.