Blog Post

Microsoft Defender for Endpoint Blog
2 MIN READ

Evaluation lab updates: device renewal and new simulations

Yaniv_Carmel's avatar
Yaniv_Carmel
Brass Contributor
Jul 06, 2021

Microsoft Defender for Endpoint’s https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/evaluation-lab?view=o365-worldwide is growing with a new feature for device renewal, as well as two new simulations! 

 

The evaluation lab is a playground for you to test Microsoft Defender for Endpoint’s defense against test scenarios of your own, as well as various simulations provided by our partners SafeBreach & AttackIQ, without the hassle of setting up a testing environment. 

 

Until now, the evaluation lab provided customers with a limited number of devices. Now, you can renew your lab resources once a month, allowing you to continuously use the evaluation lab for your testing needs. To do this, simply click on the “request for more devices” button, choose your configuration, and submit the request. 

 

 

When the request is submitted successfully, you will see a green confirmation banner and the date of the last submission. 

 

 

You can find the status of your request in the “User Actions” tab. Expect the request to be approved shortly. 

 

Now that you have added your new devices, it’s a great time to check out our https://security.microsoft.com/tutorials/simulations for Carbanak and FIN7, as well as Solorigate, provided by SafeBreach! 

 

These simulations allow you to evaluate Microsoft Defender for Endpoint’s detection and protection capabilities against a few of the most prominent threat actors these days. 

 

Carbanak and FIN7 are financially-motivated threat groups, considered to be two of the most successful criminal hacking groups in the world, so much that they were chosen to be the subject of the recent https://www.microsoft.com/security/blog/2021/04/21/mitre-engenuity-attck-evaluation-proves-microsoft-defender-for-endpoint-stops-advanced-attacks-across-platforms/ evaluation. 

 

Solorigate is a supply chain attack utilizing SolarWinds’ popular network management software - SolarWinds® Orion®. This campaign, dubbed “the largest and most sophisticated attack the world has ever seen”, left tens of thousands of organizations vulnerable. 

 

To run these simulations, navigate to the “Tutorials & simulations” section, choose a simulation, and click “run”. Then, in the “Create simulation” side panel, select a device and click on the “Create simulation” button. 

 

 

To learn more about the simulations, read the simulation documentation: 

  • https://aka.ms/Evaluation_CarbanakandFin7 
  • https://aka.ms/Evaluation_SolarwindsSimulation
Updated Jul 11, 2021
Version 4.0
Evaluation lab

3 Comments

  • Kapildev_C's avatar
    Kapildev_C
    Copper Contributor
    Feb 21, 2023

    Hi,
    In my case we have used maximum number of devices for our tenant but this was tested on June 2022 after that we didn't create any evolution lab. Still can I renew my lab resources once in a month? Will Microsoft charge for that?

  • ItzikTzadaka's avatar
    ItzikTzadaka
    Icon for Microsoft rankMicrosoft
    Jul 20, 2021

    mailmonster You can add 30 days trial Full E5 subscription for 25 Users from the admin portal: 

    Browse to portal.office.com with your dev tenant credentials > Billing > Searching and selecting M365 E5 and select "Start Trial". 
    There is no need for a credit card or any renewal commitment, just your mobile number for identity verification. 
    alternatively, you can ask your partner or account manager for a "Demo Tenant" for 30 days. 

     

  • mailmonster's avatar
    mailmonster
    Copper Contributor
    Jul 10, 2021

    Here in techcommunity I read about a dev tenant that contains e5 licenses which makes it ideal for testing new Features.  However it only contains defender not defender for endpoint. Could someone add this to the dev tenants e5 licenses? This would be great