Defender Pilot

Microsoft 365 Defender Suite Pilot: Endpoint and Office 365 Protection

In Scope

The standard scope of this part of the engagement includes: • Establishing Mutual Understanding: Gain a mutual understanding of the organization's objectives and requirements. • Design Documentation: Document a set of agreed design decisions for the deployment of Microsoft Defender for Office 365 and Microsoft Defender for Endpoint. • Enablement of Microsoft 365 Defender: Enable the integration and functioning of the Microsoft 365 Defender Suite within the organization's environment. • Deployment of Security Products: Deploy the following Microsoft security products using a limited scope in the organization's production environment: • Microsoft Defender for Office 365: Onboard a maximum of 100 users to Microsoft Defender for Office 365 Safe Attachment and Safe Links policies. • Microsoft Defender for Endpoint: Onboard a maximum of 100 Windows 10/11 devices to Microsoft Defender for Endpoint. • Remediation of Technical Issues: Provide support for the remediation of potential technical issues that arise during the deployment process. • Operational Guidance: Offer guidance on how to operationalize the included security products through demonstrations and examples. • Security Analysis and Recommendations: Exploration of Microsoft Secure Score, the Email Configuration Analyzer, and Microsoft Defender Vulnerability Management to highlight vulnerabilities and security recommendations, providing a roadmap of suggested improvements on how to harden the surface area of the organization's Microsoft 365 workloads.

Out of Scope

The standard scope of this part of the engagement excludes anything that was not put in scope, in particular: • Additional Configuration: Configuration of Azure or Microsoft 365 Security tools beyond the guidance provided in this document. • Deep Threat Analysis: Deep analysis (investigation) of threats found during the engagement. • Incident Response: Responding to and managing security incidents. • Forensic Analysis: Conducting forensic analysis of security events or incidents. • SIEM Integration: Configuring Security Information and Event Management (SIEM) integration, including configuration of Microsoft Sentinel.