WWL Tenants - Terms of use

If you are being provided with a tenant as a part of an instructor-led training delivery, please note that the tenant is made available for the purpose of supporting the hands-on labs in the instructor-led training.

Tenants should not be shared or used for purposes outside of hands-on labs. The tenant used in this course is a trial tenant and cannot be used or accessed after the class is over and are not eligible for extension.

Tenants must not be converted to a paid subscription. Tenants obtained as a part of this course remain the property of Microsoft Corporation and we reserve the right to obtain access and repossess at any time.

Lab setup - Prepare your environment for administration

In this lab, you’ll configure and prepare your environment for administration tasks. You’ll enable required features, configure permissions, and prepare core services for administration.

Tasks:

Enable Audit in the Microsoft Purview portal
Enable device onboarding
Enable insider risk analytics and data sharing
Set user passwords for lab exercises
Initialize Microsoft Defender XDR

Task 1 - Enable Audit in the Microsoft Purview portal

In this task, you’ll enable Audit in the Microsoft Purview portal to monitor portal activities.

Log into Client 1 VM (SC-401-CL1) as the SC-401-CL1\admin account and logged into Microsoft 365 with the MOD Administrator account.
In Microsoft Edge, navigate to the Microsoft Purview portal, https://purview.microsoft.com, and log in.
A message about the new Microsoft Purview portal will appear on the screen. Select Get started to access the new portal.
Select Solutions from the left sidebar, then select Audit.
On the Search page, select the Start recording user and admin activity bar to enable audit logging.
Once you select this option, the blue bar should disappear from this page.

You have successfully enabled auditing in Microsoft 365.

Task 2 – Enable device onboarding

In this task, you’ll enable device onboarding for your organization.

You should still be logged into Client 1 VM (SC-401-CL1) as the SC-401-CL1\admin account and logged in as the MOD Administrator in Microsoft 365.
In Microsoft Edge, navigate to https://purview.microsoft.com to log into Microsoft Purview, then select Settings from the left sidebar.
In the left sidebar, expand Device onboarding then select Devices.
On the Devices page, select Turn on device onboarding then select Ok to enable device onboarding.
When prompted, select OK to confirm that device monitoring is being turned on.

You have now enabled device onboarding and can start to onboard devices to be protected with Endpoint DLP policies. The process of enabling the feature might take up to 30 minutes.

In this task, you’ll enable analytics and data sharing for Insider Risk Management.

You should still be logged into Client 1 VM (SC-401-CL1) as the SC-401-CL1\admin account and logged in as the MOD Administrator in Microsoft Purview.
In Microsoft Purview, navigate to Settings > Insider Risk Management > Analytics.
Toggle these settings to On:
- Show insights at tenant level
- Show insights at user level
Select Save at the bottom of the page.
Select Data sharing on the left navigation pane.
In the Data sharing section, toggle Share user risk details with other security solutions to On.
Select Save at the bottom of the page.

You have enabled analytics and data sharing for Insider Risk Management.

Task 4 - Set user passwords for lab exercises

In this task, you’ll set passwords for the user accounts needed for the labs.

You should still be logged into Client 1 VM (SC-401-CL1) as the SC-401-CL1\admin account and logged in as the MOD Administrator in Microsoft 365.
Open Microsoft Edge and navigate to https://admin.microsoft.com to log into the Microsoft 365 admin center as the MOD Administrator, admin@WWLxZZZZZZ.onmicrosoft.com (where ZZZZZZ is your unique tenant ID provided by your lab hosting provider).

[!note] Note: In some tenants, you might see a Portal MFA Enforcement prompt when signing in. If this prompt appears:

Select Postpone MFA to temporarily delay MFA setup.

Select Confirm postponement.

Select Continue sign-in without MFA to access the admin center.

This postpones MFA enforcement for the tenant and allows you to proceed with the lab.

On the left navigation pane, expand Users then select Active users.
Select the checkbox to the left of Joni Sherman, Lynne Robbins, and Megan Bowen.

These accounts will be used throughout the lab exercises.
Select the Reset password button from the top navigation to reset all three passwords.
In the Reset Password flyout page on the right, ensure that both checkboxes are deselected.

This will ensure that you can select a password for the three users being used for exercises, and that these passwords won’t need to be reset when you first sign in.
In the Password field, enter a password you can remember to reset the user passwords to be used in future exercises.
At the bottom of the Reset password flyout page, select the Reset password button.
On the Passwords have been reset page, you should see the three user accounts that have been reset. At the bottom of this flyout page, select Close.

You have successfully reset passwords for lab exercises.

Task 5 – Initialize Microsoft Defender XDR

In this task, you’ll open Microsoft Defender and wait for Microsoft Defender XDR to finish initializing.

You should still be logged into Client 1 VM (SC-401-CL1) as the SC-401-CL1\admin account and logged in as the MOD Administrator in Microsoft Purview.
In Microsoft Edge, navigate to https://security.microsoft.com/ to open Microsoft Defender.
From the navigation pane, select Investigation & response > Incidents & alerts > Incidents.

[!note] Note: The Microsoft Defender XDR initialization screen might or might not appear depending on your lab tenant. If it appears, you can continue with other tasks while it completes in the background.

You’ll see a message stating that Microsoft Defender XDR is being prepared. This process runs automatically and might take a few minutes.