Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Microsoft Defender ATP evaluation lab is now available in public preview
Published Jul 23 2019 11:38 AM 40K Views
Microsoft

Conducting a thorough product evaluation is an integral step when considering any product or solution. Proof-of-concepts (POCs) are done to demonstrate the capabilities of a product and see how it performs under certain scenarios. However, running an evaluation can be a challenging task and typically require: having a lab of devices, ensuring that the right configuration settings are in place, using effective simulations, and then drilling down into the relevant results.

 

Imagine if you can skip all those complexities and just be able to jump right into running attack simulations? With the Microsoft Defender ATP evaluation lab, you can do just that! Designed to eliminate the challenges of machine and environment configuration, the lab enables you to focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.

 

It provides the perfect environment to verify the practical potential of the platform and learn about new features, allowing security experts to really take the product out for a spin.

 

Use the provisioned machines

 

The evaluation lab allows you to create up to three machines with a click of a button. Each machine is provisioned for you by Microsoft Defender ATP and is available for all your testing needs for three days.

 

You won’t need to worry about setting it up – they’ll come with the latest and greatest Windows 10 installed, they’ll be onboarded to your environment, and configured with all the Microsoft security baseline settings in place in audit mode.

 

Connect to the machines

 

You’ll be able to connect to the machines via RDP, allowing you to run any simulation you’d like to conduct.

 

Machines come pre-installed with useful tools such as Office, Sysinternals, Java and more, to quickly get you up and running.

 

Another key feature of the environment is that the provisioned machines are contained in their own virtual network, allowing you to run advanced simulations such as lateral movement activities with no worries on the safety of your environment.

 

post1.png

 

Conduct simulations

 

Not sure where to start? Fret not! You can use the Do-it-yourself scenarios available from right within the portal. They provide thorough guidance on how to conduct scenario-based simulations.

 

View results

 

Evaluation results are presented all in one place. The lab provides a dashboard with real-time overview of the evaluation results, along with a full report to help you determine how the capabilities performed against your simulations.

 

post2.png

 

For more information, see the Microsoft Defender ATP evaluation lab documentation.

14 Comments
Copper Contributor

Unable to connect to the machines via RDP with the provided credentials.

Microsoft

@Rakeshillam - interesting, we don't experience any bugs around connectivity. is it possibly related to your firewall settings for RDP ports?

Microsoft

@Rakeshillam If that's not the problem,, we'll appreciate your help with better investigating the case. Please submit lab feedback with mail address so we can contact you privately. thanks!

Copper Contributor

@Hadar Feldman  Feedback is submitted through portal

 

Thank you !

Copper Contributor

Is there a way to use the "Live Response" feature in these labs without having to enable that feature across our environment?  

Copper Contributor

@Vinay Varma 

 

I can see that the evaluation machines are running Windows 10 x64 Version 1903 Build 18362 and I was able to use Live response feature on one of the evaluation machines.

Copper Contributor

@Rakeshillam right, but do you have Live Response enabled on your environments tenant?

Copper Contributor
@Vinay Varma Yes, But from my understanding the feature can be only used if your tenant machines have minimum windows build: 18323 I think what you looking for is not enabling the live response feature on portal, but just test it with the evaluation machines.
Copper Contributor

@Rakeshillam Right, which is what I stated in my first comment/question.  

Copper Contributor

This is great.  Testing it out now!

Copper Contributor

Dear All,

 

Can you please share the Evaluation Lab Link...I am trying using https://securitycenter.windows.com/machines  where i could not see any machines nor i can add any.

 

Please advice for evaluation lab with 3 machines.

Microsoft

@Consultant9540 the URL you're looking for is https://securitycenter.windows.com/evaluation

You can also get to the lab through the MDATP navigation bar as mentioned in the documentation - Microsoft Defender ATP evaluation lab documentation.

note that this is a preview feature - preview features should be enabled in your tenant in order to see it (in addition to your permission setting of course)

I hope it helps :)

Copper Contributor
Thanks.It means like i need to Subscribe ATP portal and then follow the documentation right?
Microsoft

@Consultant9540 yes, the lab is a part of MDATP portal, so you need to have a tenant in order to use it :)

Version history
Last update:
‎Aug 26 2019 04:17 PM
Updated by: