Acquire trial accounts for Intune Enterprise Mobility + Security (EMS)

Objective

This lab is the first in a series of labs that explore the Enterprise Mobility Suite and the mobile device management and mobile application management capabilities of Microsoft Intune. In this lab, you will create the accounts that will enable you to perform subsequent labs in this series.

In this lab, you will:

1. Create a dedicated Microsoft account to create free trial accounts.
2. Sign up for a free Enterprise Mobility Suite (EMS) trial account.
3. Acquire an Azure subscription using either a free Azure trial account or an Azure Pass.
4. Sign up for a free Azure Active Directory Premium trial.
5. Sign up for a free Office 365 E3 trial account and associate it with the EMS trial account.
6. Add lab user accounts to Azure Active Directory, and assign Azure Active Directory Premium, EMS, and E3 licenses to them.

Scenario

The Enterprise Mobility labs require that you have access to an Enterprise Mobility Suite (EMS) account, an Office 365 E3 account, and an Azure Active Directory premium account.  

Requirements

In order sign up for the free accounts, you will need to have access to a cell phone that  can receive text messages. Additionally, to sign up for an Azure trial account, you will need to supply a valid credit card number. 

Virtual Machines

1. DC01
2. W10-ADMIN
3. W10-CLIENT1
4. W10-CLIENT2

Exercise 1 : Sign up for Microsoft account

The labs in the EMS IT Camp series require that you use an EMS trial account. This in turn requires a Microsoft account. As a best practice, you should create a new Microsoft account that is used specifically for these labs.

In this exercise, you will sign up for a new Microsoft account.

1. Sign in to W10-ADMIN
   If not already signed in to ADMIN, on the top menu, click Commands, and then click Ctrl+Alt+Delete. Sign in using Admin as the username and Passw0rd! as the password.
   NOTE: You can paste the password using the Commands menu. To paste the password, click Commands, click Paste, and then click Paste password.
   
2. Open Internet Explorer
   On the taskbar, click Internet Explorer.
   Please make sure you open Internet Explorer and not Microsoft Edge. A subsequent step to verify your cell phone number will not work in Microsoft Edge.
3. Open the sign-up page
   In Internet Explorer, on the Favorites bar, click Create MS Account.
4. Complete the form
   On the Create an account page, enter your first name, last name, unique username, password, country, birthdate, gender, phone country code, phone number, alternate email address, and verification characters. Clear the Send me promotional offers from Microsoft check box, and then click Create Account.
   Please make sure you enter a real phone number and alternate email address.
   
   NOTE: In this and subsequent lab steps, you will be prompted to enter your country. Please make sure that you enter the same country as your credit card billing address. In a subsequent lab exercise to create an Azure free trial account, you will be prompted for your credit card. You must enter accurate billing information on this page. You won't be able to enter your billing address if you specify a country other than the one used for your credit card billing address.
   
   Please note that your credit card will incur only a small, temporary charge when you sign up for this account.
   When you complete the form and click Create Account, your new Outlook mailbox is opened.
   
5. Proceed to inbox
   Close any welcome pop-ups or messages that may appear, and follow the prompts to open new inbox. Leave the Outlook Inbox open for subsequent steps.

You have just acquired a new Microsoft account. In the next lab exercise, you will sign up for an EMS trial account.

Exercise 2 : Sign up for an EMS trial account

In this lab exercise, you will sign up for a free EMS trial account using the Microsoft account you created in the previous exercise.

1. Open a new tab
   In Internet Explorer, open a new tab.
2. Open the sign-up page
   On the favorites bar, click Create EMS Trial.
3. Launch the sign-up page
   On the Try Enterprise Mobility Suite page, click Sign-up for your free trial.
   
4. Complete the Let's get to know you page
   On the Welcome, Let's get to know you page, select a country, such as United States, and enter your first and last name. In the business email address, enter the email address you created in the previous exercise. Enter your cell phone number and fictitious organization name. For the size of company, select  250-999 people. When finished, click Next.
   NOTE: If you are going to being using a credit card to sign up for a free Azure trial, please use the country that is associated with your credit card.
   
5. Complete the Create your user ID page
   On the Create your user ID page, in username, type Admin. For the organization, enter a unique name for your organization. Enter a complex password, and then click Next.
   Make sure you record your user name, organization, and password. To ensure consistency in subsequent steps, make sure you use Admin for the user name. In subsequent steps, your user name will be referred to asAdmin@[OrgName].onmicrosoft.com.
   
6. Prove you are not a robot
   On the Prove. You're. Not. A. Robot. page, enter a valid cell phone number, and then click Text me.
7. Create an account
   On the Prove. You're. Not. A. Robot. page, enter the verification code you received, and then click Create my account.
   
8. Save information and complete sign-up
   On the Save this info page, note the Office 365 sign-in page and your user ID, and then click You're ready to go.
   Once you complete this page, the Office 365 management portal opens. This portal is known as the Office 365 admin center.
   
9. Leave the Enterprise Mobility page open
   Leave the Enteprise Mobility page open for tasks in a subsequent exercise.
   

You have just created an EMS trial account. In the next exercise, you will sign up for an Azure trial account.

Exercise 3 : Sign up for a free Azure Pass

When you created your EMS trial subscription, you also received an Azure Active Directory to provide identity services. However, you need to be able to gain access to this directory in the Azure classic portal and upgrade it to Azure Active Directory Premium. This access requires that you have an Azure account.

If you have an Azure Pass promo code, you can use that to create an Azure account as an alternative to creating a free trial account. Please make sure that you create a subscription using either an Azure Pass (this exercise) or a free Azure trial (next exercise), but not both.

IMPORTANT: Perform the steps in this exercise only if you have been provided with an Azure Pass promotional code. If you do not have a promo code, please skip this exercise and proceed to the next exercise, Sign up for a free Azure trial.  To skip this exerice, click Done for each subsequent step.

1. Redeem an Azure promotional code
   In Internet Explorer, open a new tab. In the new tab, browse to http://microsoftazurepass.com.
   Please leave your browser open and signed in to the Office 365 admin center, and then open a new tab. The credentials you are signed in with will play a role in activating the Azure subscription.
   
   Perform the steps in this exercise only if you do not have an Azure Pass promotional code. If you have an Azure Pass promotional code, click Done for each step in this exercise to proceed to the next exercise.

   "c:\program files\Internet Explorer\iexplore.exe" http://microsoftazurepass.com

2. Redeem the Azure promotional code
   On the Microsoft Azure page, select your country, enter the promotional code you have been provided with, and then click Submit.
   
3. Sign in
   If prompted to sing in, click Sign in.
   
4. Sign in using your organizational account
   On the Fill out the remaining information page, then click submit page, confirm your name and organizational account (admin@[OrgName].onmicrosoft. com), and then click Submit. On the Azure Pass page, click Activate.
   Please ensure you are signed in as admin@[OrgName].onmicrosoft.com.
   
5. Verify information about you
   On the Sign up page, under About you, verify the information, and  click Next.
   
6. Verify contact phone number
   Under Contact phone number, verify the information, and click Next.
   
7. Complete the Azure sign up
   On the Sign up page, select I agree to the subscription agreement, offer details and privacy statement check box, and then click Sign up. A message appears indicating that your account is being prepared. Wait until you recieve a message indicating your subscription is ready.
   
8. Wait until subscription is ready and sign in
   Wait until the page displays the message, "Your subscription is ready for you!" Click Start managing my service.
   
9. Proceed to exercise 5
   Proceed to Exercise 5, Add an Azure Active Directory Premium Trial. To proceed to Exercise 5, click Done on all the steps in Exercise 4.
   NOTE: It is not necessary for you to complete the steps in Exercise 4. The steps in Exercise 4 are provided only for those who do not have access to an Azure promotional code and need to acquire a free Azure Trial.

You have just created an Azure subscription using an Azure Pass promotional code. Please skip Exercise 4, and  proceed directly to Exercise 5, Add an Azure Active Directory Premium trial.

Exercise 4 : Sign up for a free Azure trial

When you created your EMS trial subscription, you also received an Azure Active Directory to provide identity services. However, you need to be able to gain access to this directory in the Azure classic portal and upgrade it to Azure Active Directory Premium. This access requires that you have an Azure account. For this lab, you will use a free Azure trial subscription.

IMPORTANT: If you have not been provided with an Azure Pass promotional code, you will need to create an Azure trial account using the steps in this exercise.

NOTE: Signing up for an Azure trial requires that you provide a credit card to verify your identity. Your credit card will be charged $1.00 initially to prove it is valid. The charge will later be reversed. You may have only one trial account that uses the same billing information at one time. If you already have a valid Azure trial account, you must use that for the labs, or use a different credit card.If you have created an Azure subscription using an Azure promotional code in the previous exercise, please skip the steps in this exercise and proceed to Exercise 5: Add an Azure Active Directory Premium Trial.  To skip these steps, click Done for each step in this exercise.

1. Open Azure AD from the Office 365 admin center
   Ensure you are signed in to the Office 365 admin center. In the left navigation bar, expand ADMIN, and then click Azure AD. When you click Azure AD, you will be taken to a page that informs you that you do not have a paid subscription. This is expected.
   Please leave your browser open and signed in to the Office 365 admin center, and then open a new tab. The credentials you are signed in with will play a role in activating the Azure subscription.
   
   If you have already acquired an Azure subscription by performing the steps in the previous exercise, skip this exercise and proceed directly to Exercise 5, Add an Azure Active Directory Premium Trial.  To skip this exercise, click Done on this step and each subsquent step in the exercise.
   Note that under ADMIN, you are able to manage INTUNE and Azure AD. When you add the Office 365 E3 account later in this lab, you will be able manage Office 365 products, such as Exchange and SharePoint online from here as well.
   
   Please leave the admin center open for subsequent steps.
   
2. Choose country and activate the Azure subscription
   On the Oops! Access to Azure Active Directory is not available page, select your country (the same country as your credit card billing address), and then click Azure subscription.
   IMPORTANT: Please make sure that you select the country associated with your credit card billing address. You must enter accurate credit card billing address information in subsequent lab steps. For example, if your credit card billing address is in the UK, and you leave United States as the default country, you will not be able to enter a UK address in subsequent steps.
   
   WARNING: If you proceed with the incorrect country selected and cannot enter a valid billing address, you will have to redo all of the previous steps in the lab and create a new Microsoft and EMS trial account.
   
3. Perform phone verification
   On the Microsoft Azure Free Trial sign-up page, in the WORK PHONE and the Verification by phone fields, enter your cell phone number, and then click Send text message. The Verify code field appears. When you receive the phone verification code, enter it in the Verify code field, and then click Verify code. After a few moments, the payment information section expands.
   IMPORTANT: Please make sure you change the country to the one used for your credit card billing address, if different from United States. If the country is not the same as the billing address on your credit card, you will not be able to enter the correct billing address.
   
4. Complete the free trial sign-up
   In the Verification by card section, enter your credit card details. In the Agreement section, clear the Microsoft may use my email and phone to provide special Microsoft Azure offers checkbox. Click Sign up. Wait for the Microsoft Signup status page to show that your subscription is ready.
   Do not proceed to the next exercise until you receive a notice that your subscription is ready.
   

You have just signed up for a free Azurre trial subscription. Please proceed directly to Exercise 5: Add an Azure Active Directory Premium trial.

Exercise 5 : Add an Azure Active Directory Premium trial

In this exercise, you will add an Azure Active Directory Premium trial to your subscription. Note that, because you already have an Enterprise Mobility Suite subscrition, which includes AAD Premium, you do not need to add an Azure Active Directory Premium trial to your subscription. These steps are provided here for completeness to show what you would need to to do if you did not have an Enterprise Mobility Suite subscription.

1. Sign in to Azure
   If you have not already done so, on the Welcome to Microsoft Azure page, click Start managing my service. If prompted to sign in to Azure, sign in as admin@[OrgName].onmicrosoft.com using the password you created and recorded in an earlier lab step. Click Portal. The Azure portal opens.
   As of December 2, 2015, the Azure portal, formerly known as the Azure preview portal, is the default portal. The older default portal is now called the Azure classic portal.
2. Open Azure Active Directory
   In the Azure portal, click Browse, and then click Active Directory. The Azure AD management experience opens.
   NOTE: As of this writing, the Azure AD Management experience is in preview. Consequently, you will use the Classic portal instead for the subsequent steps.
   
3. Open Classic portal
   On the Overview blade, click Classic portal.
   
   The Azure classic portal opens. If the Windows Azure Tour appears, click Cancel (X) to close it. Close any other menus or banners that open.
   
4. Close Windows Azure Tour
   When the Windows Azure Tour appears, click Cancel (X) to close it. Close any other menus or banners that open.
   
5. View the default domain
   In the Azure classic portal, click DOMAINS. You see a message indicating that your default domain corresponds to the domain you created in Exercise 2.
   Note that, because your default domain corresponds to the one you created earlier, there is no need to create a custom domain.
   
6. Start the process to get an Azure AD Premium trial
   Click Back (left arrow). On the active directory page, click your directory name. If you see the Let's Talk about Azure AD page, close it. On the Quick Start page, scroll down, and then under Get Azure AD Premium, click Buy more. On the Purchase Licenses page, click Buy Azure Active Directory Premium direct. A new tab in Internet Explorer opens.
   Please note that these steps will lead to a free trial offering, even though it might appear as if you are getting ready to purchase Azure Active Directory premium.
   
7. Start a free trial of Azure Active Directory
   Switch to the new tab that was opened in the previous task. On the Purchase services page, scroll down to view the Azure Active Directory Premium Plan 2 tel, click the ellipses (. . .), and then click Start free trial. On the confirm your order page, click Try now, and then on the order receipt page, click Continue. The new Office 365 admin center page opens.
   NOTE: The steps for acquiring Azure Active Directory Premium are not strictly necessary for this lab. The Enterprise Mobility Suite already includes Azure Active Directory Premium;. however, if you do not purchase EMS, you will need to purchase Azure Active Directory Premium separately. These steps have consequently been provided for completeness.
   
8. Open the directory Quick Start page
   In Internet Explorer, switch to the tab containing the Azure classic portal. If the Purchases Licenses pop up is present, close it.  In the left navigation bar, click ALL ITEMS. On the all items page, click your directory name. The Quick Start page opens.
   
9. View assigned Azure AD licenses
   On the Quick Start page, click LICENSES. On the LICENSES page, click Enterprise Mobility Suite. Under Assign licenses to users, click Assign users. Note that the global admin account is assigned a license.
   NOTE: You do not need to do anything with the Microsoft Azure Active Directory Premium Plan 2. You created this as a demonstration only.
   
10. Review Azure AD Premium features
    Click Back (left arrow), and then click REPORTS. Note that a number of the reports you see listed here are available only with an Azure Active Directory Premium subscription.
    The following reports are available only with Azure Active Directory Premium:
    

    • Sign‑ins from IP addresses with suspicious activity
    • Sign‑ins from possibly infected devices
    • Irregular sign‑in activity
    • Users who have anomalous sign‑in activity
    • Password reset activity
    • Password reset registration activity
    • Groups activity
    • Application usage

    Most of these reports help to identify potential security threats. For a complete list of features that are available with Azure Active Directory Premium, please see https://msdn.microsoft.com/library/azure/dn532272.aspx and https://www.microsoft.com/en-us/server-cloud/products/azure-active-directory/features.aspx.
    

You just added an Azure Active Directory Premium trial to your subscription. In the next exercise, you will sign up for an Office 365 E3 trial.

Exercise 6 : Sign up for an Office 365 E3 trial

In this exercise, you will sign up for an Office 365 E3 trial account, and then associate it with the EMS trial account you created in the previous exercise.

1. Start InPrivateBrowsing
   In Internet Explorer, open a new tab. On the bottom of the page, click Start InPrivateBrowsing.
   Please ensure you start an InPrivate Browsing session.
   NOTE: You are using an InPrivate Browser session to mitigate a potential issue with the sign up to the Office 365 E3 Trial.
2. Open the E3 trial page
   In Internet Explorer, open a new tab. On the Favorites bar, click Create Office 365 E3 Trial.
   
3. Add to your existing subscription
   On the Office 365 Enterprise E3 Trail page, beside Want to add this an an exisiting subscription, click Sign in.
   NOTE: This option makes it easy for you to add to your existing EMS trial subscription. Note that you could also have done this in the reverse order: acquire an Office 365 E3 trial, and then add an EMS trial to that subscription.
   
4. Sign in with organizational account
   Sign in with the organizational account you created in Exercise 1, admin@[OrgName].onmicrosoft.com.
   Your organizational account will resemble this:
   admin@[uniquename].onmicrosoft.com.
   
5. Confirm order
   On the Check out page, click Try now.
   
6. Acknowledge receipt
   On the order receipt page, click continue. Upon clicking continue, you will be signed in to the admin center of the Office 365 portal.
   
7. Close Internet Explorer
   Close Internet Explorer.
   NOTE: You are closing Internet Explorer because you have many tabs open at this point. To simplify instructions and provide clarity for the next exercise, you should close your browser sessions, even though you will be connecting to some of the same portals.

Congratulations! You have configured the Office 365 E3, EMS, and Azure trial accounts that are required to perform the subsequent EMS labs in this series. Please ensure you record all the credentials you used in this lab. You will need them in subsequent labs. In the next exercise, you will create user accounts for use in subsequent EMS labs.

Exercise 7 : Add lab users and assign licenses

In this exercise, you will run a PowerShell script that will create users in your Azure Active Directory, and then assign Office 365 E3 and EMS licenses to the users.

1. Open Windows PowerShell
   On the taskbar, right-click Windows PowerShell, and then click Run as Administrator. In the User Account Control dialog box, click Yes.
2. Change to the LabFiles folder
   At the PowerShell prompt, type cd c:\LabFiles, and then press ENTER.
3. Start the script
   At the Windows PowerShell prompt, type .\CreateUsers.ps1 and then press ENTER.
4. Enter your credentials
   In the Windows PowerShell credential request dialog box, in User name, type admin@[OrgName].onmicrosoft.com, where [OrgName] is the name you chose for your organization when you signed up for the EMS trial account. In Password, type your password, and then click OK.
   You are storing your credentials in a variable that will subsequently be used to sign you in to Azure Active Directory to create users and perform other administrative tasks against Azure Active Directory.
   
   The script executes and creates users and assigns them licenses.
   
5. Verify user license assignment using PowerShell
   At the Windows PowerShell prompt, type Get-MsolUser | select displayname, licenses, and then press ENTER. Alternatively, click the Type Text icon to the right, and then press ENTER.
   The output of the script shows that users have not been assigned licenses; however, the script executed a subsequent command to assign licenses to the users. Note that each user you created is assigned both an EMS and an E3 (ENTERPRISEPACK license).
   

   Get-MsolUser | select displayname, licenses

6. Determine license usage
   At the Windows PowerShell prompt, type Get-MSolAccountSku, and then press ENTER.
   The output of the command shows the total number of licenses available in your subscriptions. Note that you have three SKUs: one for the EMS suite, one for Azure Active Directory Premium, and one for the Office 365 E3 trial. For information on the various Office 365 licenses and a list of licensing SKUs, please see http://blogs.technet.com/b/treycarlee/archive/2013/11/01/list-of-powershell-licensing-sku-s-for-office-365.aspx.
   

   Get-MSolAccountSku

7. Open Internet Explorer
   Close Windows PowerShell, and then open Internet Explorer.
8. Sign into Azure portal
   In Internet Explorer, on the Favorites bar, click Sign in to New Azure Portal. When prompted, log in using your admin@[OrgName].onmicrosoft.com credentials.
9. Open Azure Active Directory
   In the Azure portal, in the left navigation, click Azure Active Directory.
10. Verify users in the Azure portal
    In the Azure Active Directory blade, click the Users and groups tile. In the Users and groups blade, click All Users. You should see the users you added using the Windows PowerShell script.
    
11. Add a group
    Click All Groups, and then +Add. In the Add Group blade, in NAME, type Mobile Users. In Membership type, click Assigned.
    In this task, you are creating a security group for use in a later lab exercise.
    
12. Add members to a group
    On the Group blade, click Members. Click the mouse in the search field, add a space, and then press ENTER. This will cause all the users to appear. Select every user --except your admin user--, as shown in the attached screen shot, and click Select.
    Please ensure you do not select your admin user.
    
13. Create Group
    On the Group blade, click Create.
    
14. Verify group membership for mobile users
    On the groups blade, double-click Mobile-Users.  Double-click the Members tile. Ferify that the group contains the users Adam Barr through Wendy Vasse and does not include your administrative account.
    
15. Switch to the Office 365 admin center
    In Internet Explorer, on the Favorites bar, click Sign in to Office 365.
    
16. Verify users
    Click the Users tile. The users you created are displayed.
    
17. Verify license assignment
    In the details pane, double-click Adam Barr. On the properties page for Adam Barr, spend a few moments examining the license and other properties. When you are finished, close the page.
    You should see that Adam Barr has been assigned an Azure Active Directory Premium license, an E3 license, and an EMS license.
    
18. Add an E3 license to your tenant admin account
    On the Active Users page, in the User Name column, double-click admin@[OrgName].onmicrosoft.com. In the Product licenses row, click Edit. On the Product licenses page, enable Office 365 Enterprise E3. Click Save. Click Close.
    In this task, you are assigning an E3 license to your admin account so that the account will have a valid email address that you will configure in a subsequent step. This step is necessary to configure the Intune to Exchange service-to-service connector in Lab 2, among other things.
    
19. End lab
    Click Done to close and finalize the lab.
    Clicking Done will cause the lab to close. If you wish to remain in the lab envrionment to review exercises and tasks, please do not click Done. Note that you can exit the lab at anytime by clicking Exit on the toolbar.

Congratulations. You have now completed the lab.