Update: this integration is now generally available as of June 2020.
Microsoft Defender ATP has partnered with breach and attack simulation solutions, AttackIQ and SafeBreach, to give you convenient access to attack simulators right from the within the portal! These capabilities, now in public preview, are built into our evaluation lab, have no prerequisites, and we encourage you to check them out.
Running threat simulations using third-party platforms is a good way to evaluate and experience Microsoft Defender ATP capabilities within the confines of a lab environment. It’s also a great way to verify that your environment is well configured and protected against advanced threats.
When you enable the integration, every lab machine you create will have the chosen agent(s) installed, allowing you to run a wide variety of cool simulations.
Running a simulation on a lab device just takes a couple of clicks– and you’ll be able to see results right away – all presented to you in the evaluation lab console as you can see in the image below.
AttackIQ and SafeBreach simulations are easily accessible from within the simulationscatalogin the simulations & tutorials section of evaluation lab.Each simulation comes with an in-depth description of the attack scenario, references to MITRE ATT&CK techniques and attack groups part of the simulation, as well as sample advanced hunting queries you can run.
If you have preview features turned on in Microsoft Defender ATP, you can try out the new attack simulators in the evaluation lab today.
Already have a lab? Make sure to enable the new breach and attack simulators and have active machines.
Need more machines in your lab? Submit a support ticket to have your request reviewed by the Microsoft Defender ATP team.