Building my EMS Lab – Part 3: Setting up the cloud-part

It has been some time since my last post, I’ve been on holidays and found a graveyard in my mailbox upon return. For those who have been waiting for the last part, apologies. For those who have not been waiting and tried this for themselves, I hope you have had an inspirational experience.

This post is the last part of a series on how I set up my EMS lab. If you are looking for part 1, click here. If you are looking for part 2, click here.

In this part we’ll set up the cloud stuff needed for the lab.

Adding Office 365

• Head over to www.office365.com and find all plans (https://office.microsoft.com/en-us/business/compare-all-office-365-for-business-plans-FX104051403.aspx)
• Choose the O365 E3 Free Trial
• Click the "Sign In" link
• Sign in with your Azure AD admin credentials

That’s it! You’ve added O365 to your tenant. That was easy :)

Now, let’s set it up a bit:

• Click the link it shows to add the users
• Select all users and click edit (to the right)
• You're now in "Bulk Edit Users", click Next until you hit "3. Licenses"
• Click "Add Existing License asignments"
• Click Azure Active Directory Premium and the E3 plan.
• Click Submit, you're users are now activated with E3. Close the tab, and click Continue in the other tab.
• You're now in the O365 admin center (https://portal.office.com/Admin/Default.aspx#ActiveUsersPage)

• Click "Setup" in the right pane
• Under Quick Start, click Start
• Click Use your own domain, select emdemo.be
• Configure the DNS for email
• Follow the instructions on screen

Set up AD Premium

• In the Azure console
  • Select your Azure Active Directory directory
    • Select Liceses
      • Click the “Activate your AD Premium trial” link
      • For more info on doing this: https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Enabling-Azure-Active-Directory-Premium-trial

That’s it!

Setting up Intune and integrating with SCCM

• Head over to https://account.manage.microsoft.com/
  • Log in using your Azure AD Admin credentials
  • Head over to “Buy” and start your trial
    • NOTE: Microsoft people, once you have done so, you can extend it here
• In your SCCM VM
  • In the SCCM Console
    • Administration > Cloud Services > Windows Intune Subcriptions > Right Click > Add Windows Intune Subscription
      • Click Next
      • Click Sign In
      • Log in using your Azure AD Admin credentials
      • In General:
        • Choose the “All Users” collection
        • Choose an URL to link to a privacy policy (or to any other website, for demo purposes)
        • Choose your primary site (I chose my only primiary site PRI)
      • Choose the platforms you want to manage
        • (I chose Windows and Android as they have no requirements, I will add WP and iOS later)
      • Enter some corporate information
      • Choose a company logo (I drew something in Paint)
      • Click Next until the wizard completes
    • We still need to add the “Windows Intune Connector” site system role. Head over to Administration > Overview > Site Configuration > Sites
      • Right click your primary site
      • Click “Add Site Systems Roles”
      • In the wizard, in the “System Role Selection”, select “Windows Intune connector”
      • Click OK
    • NOTE: you can now test this by enrolling a Win8.1 device:
      • On the endpoint device, hit Search > “Workplace Settings”
      • Enter a valid user id (from your AD)
      • As a server address: (as we still have to set up the appropriate DNS record): enterpriseenrollment-s.manage.microsoft.com

Adding Azure RMS

I’ve saved the best for last.

• In the Azure console
  • Head over to the Active Directory overview page (don’t drill down in your directory)
    • Click Rights Management
      • Select your Directory
        • Click “Activate”

To test it: download the Azure RMS client from https://portal.aadrm.com/home/download, install it and log in with a valid AD account. You should see the two pre-populated templates to protect files with.