I’ve been thinking about doing something more educational for a while now and I think this will be a great start to that. Writing a guide on how to setup your own Microsoft Intune lab. We will take shortcuts and do dirty tricks, just to get going. So please don’t use this as an implementation guide in a real environment. We will also skip all fancy steps as getting a real domain name and having an on-premises AD. But if you already have those in your lab, that’s great!
What do I need?
There are a few things you will need in order to get started:
- An Azure AD tenant
- Microsoft 365 or EMS licenses (E3 or E5)
- Hyper-V or some other virtualization platform
- A Windows image
- A mobile device or two
- A Google account
- An Apple ID
There are more things, but this is a good start.
Getting a tenant
This can sound like the most cumbersome and expensive part, but it doesn’t have to be. Depending on your level of commitment, there are different ways to go at this. The Azure AD itself is free of charge, but you will need licenses to run Microsoft Intune. You could either buy these or get a test tenant for free from Microsoft. You can either get a one-month free trial from the Microsoft 365 info page which isn’t persistent if you don’t buy the license once it has expired. You can also sign up for a free trial of Microsoft Intune from Microsoft Docs, then enable a 90-day free trial of Enterprise Mobility + Security E5 if you go to Devices > Enroll Devices > Windows Enrollment > Automatic Enrollment. This will include everything you need to test Intune, but no Microsoft 365 services.
The best option is to sign up for the Microsoft 365 Developer program and get a tenant and licenses which will be renewed every 90 days if you sign in at least once.
My recommendation for your lab is to get the later one. You will want something that sticks around for more than 30 or 90 days.
By using the Microsoft 365 Developer program, you can also get sample data (users, generated emails, SharePoint sites) to make the environment more realistic with minimal effort.
The setup process is simple, you will need to register with Microsoft and then you will be able to create your tenant. Microsoft has a good step by step guide which you can find here!
Give your tenant a cool name (or just something you remember) and you are ready to go!
Once you have your tenant setup, use your admin account to sign in to endpoint.microsoft.com and BAAAM, you are now in the Intune portal!
Hyper-V or another virtualization platform
The reason we want a virtualization platform is to spin up some virtual test clients. There are numerous ways of doing this, but for small scale this is the simplest way.
If you are using a Windows based machine, you can enable in different ways. Easiest way is to simply run the PowerShell console as admin and run the following command (something I learned by writing this post):
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
When the command is successful, reboot the machine.
If you are not comfortable with PowerShell, you can simply enable it in the “Turn Windows Features on or off” section of Programs and Features in the Settings app.
We will come back to how to use Hyper-V in a later section were we setup Windows management.
Getting a Windows image
There are a lot of different ways of getting a Windows image for testing purposes. If you have an MSDN/Visual Studio subscription, you can download this from your subscription repository of download. But if you don’t have that, the easiest way of getting a Windows image is to simply download it from Microsoft using the Media Creation Tool found here.
Once you have downloaded and started the tool, you can follow the on-screen wizard to obtain the image.
First, accept the terms and conditions page, then make sure to select “Create installation media”.
Select the language you require and make sure you get the 64-bit version (you don’t need 32 bit).
Select that you want this as an ISO-file
When you press next, it will ask you where you want to save the file and the download will start.
Depending on what you want to do with your lab, I suggest you get at least one mobile phone. This could be any phone which is fairly up to date (iOS 12 and higher or Android 6.0 or higher).
For my lab, I’m using a cheap Samsung Galaxy A20 that I got on a sale which is running Android 10 and an iPhone X (which is my primary personal device). However, if possible, I strongly recommend using secondary devices for your lab, at least if you want the wipe features.
Why do we need a Google account in the Microsoft world? It’s simply to activate and be able to use the Managed Google Play store and activate enterprise features. This can be a regular Google account; I’m using one that I’ve had for ages (in the real world make sure to use a dedicated which is NOT personal). If you already have a Gmail account, that will do just fine!
If you plan on sharing this environment with more people, use a dedicated account.
To enroll Apple devices in Microsoft Intune, we need to obtain a certificate from Apple. For that, we need an Apple ID.
Same goes here, for your personal lab you can use an already existing Apple ID which is not dedicated for the purpose (for real world use, setup a dedicated account). We will use this account later when we configure iOS/iPadOS management!
And that’s about it for pre-reqs to setup your own Microsoft Intune lab!
In the next step, we will do some basic configuration of your brand-new Microsoft Intune tenant!