1. Setup of trial – creating tenant
Nagivate to https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-trial and sign up for your free trial.
Fill in the details (admin@) and choose your tenant name.
Click on ‘Create my account’.
Fill in your phone number & click on ‘Text me’.
Fill in the code that is sent to your phone & click on ‘Next’.
Save the info for later & click on ‘You’re ready to go…’.
Navigate to https://admin.microsoft.com/AdminPortal/Home.
2. Setup of custom domain
Navigate to Setup – Domains.
Click on ‘Add domain’ and enter the domain you own. Click on ‘Next’.
You’ll see the following screen:
The next part is dependent on the domain hosting company you choose. You’ll have to navigate to the point where you can configure your DNS records and add a new record with these settings:
TXT – Value see on your ‘Verify domain’ screen – TTL: 1 hour
Update your DNS settings and go back to your domain setup in the O365 Admin dashboard.
Click on ‘Verify’ – beware it can take a couple of minutes before your DNS records are OK.
Keep ‘Set up my online services for me. (Recommended)” and click on ‘Next’.
Click on ‘Next’ again.
We don’t have a website linked to our domain name, so we can just click on ‘Next’. If you have a website linked to your domain name, import your DNS records or add them manually.
You’ll see the following screen in your Admin Center:
Now change your DNS settings in your hosting’s company website and change the nameserver settings to the Microsoft nameservers.
Verify in your hosting’s company website that the nameservers point to the Microsoft one’s.
Go back to the Admin Portal and click on ‘Verify’. Afterwards verify that your domain is the ‘Default’ one.
3. Creation of 4 users
Go back to https://portal.azure.com.
Find Azure Active Directory (and pin it on top of your left blade).
Go to ‘All Services’, find ‘Intune’ and add it to your favorites (you can also pin this one on top of your left blade).
Navigate to Azure Active Directory, click on Users
Create 4 users, choose the names yourself.
Click on ‘Users’, ‘All Users’ and click on ‘New User’
Fill in details like you want (First name – Last name – Job title – …).
You can’t choose any groups yet, as we haven’t created them, we’ll do that later on in the guide. As for ‘Directory Role’ choose ‘User’.
Click on ‘Show Password’ and copy it somewhere, you’ll need it later.
Create the user.
Repeat this 3 times, till you have your 4 users. We’ll make more users when progressing in the guide.
4. Creation of an automatic licensing group
Navigate to Groups – All Groups, click on ‘New Group’.
Choose ‘Security’ as group type, choose a name for your group (it is recommended that you decide on a naming convention for your groups here). Fill in the group description (Automatic licensing group for enabled users) and choose as membership ‘Dynamic user’.
Click on ‘Add dynamic query’, and fill in this simple query: accountEnabled equals true. This will target all enabled accounts in your Azure Active Directory tenant. The advantage of this is that when new users start, they’ll automatically get added in this group and when users get deleted or retired, they’ll be removed automatically also.
Click on ‘Add query’ and afterwards on ‘Create’.
You can see that the group is created in the group view:
Open the newly made group by clicking on it. In the overview you can see how far the group is with populating it.
The following status messages can be shown for Membership processing status:
- Evaluating: The group change has been received and the updates are being evaluated.
- Processing: Updates are being processed.
- Update complete: Processing has completed and all applicable updates have been made.
- Processing error: Processing couldn’t be completed because of an error evaluating the membership rule.
- Update paused: Dynamic membership rule updates have been paused by the administrator. MembershipRuleProcessingState is set to “Paused”.
The following status messages can be shown for Membership last updated status:
- <Date and time>: The last time the membership was updated.
- In Progress: Updates are currently in progress.
- Unknown: The last update time can’t be retrieved. The group might be new.
It can take from 5 mins till up to 30 mins before your group gets populated. Be aware of this.
Dedicated membership evaluation is done periodically in an asynchronous background process. How long the process takes is determined by the number of users in your directory and the size of the group created as a result of the rule. Typically, directories with small numbers of users will see the group membership changes in less than a few minutes. Directories with a large number of users can take 30 minutes or longer to populate.
Once the group is populated you’ll see the following:
When we click on ‘Members’, you can see all enabled users are in there:
Now we can assign licenses to this group, so all members get their licenses automatically.
Click on ‘Licenses’, click on ‘Assign’, choose the ‘EMS E5’ license and click on ‘Select’.
Now after a bit, you can check on your users if they got their licenses correctly through the automatic licensing group:
You’ll also see that ‘Assignment path’ says Inherited (SC_EnabledUsers_L365). This means that licensing goes through a automatic licensing group.
This was it for part 1. In the next part we’ll configure Password Reset, we’ll enable Enterprise State Roaming, we’ll go over the User Settings, Group Settings, Device settings, configure Company Branding, configure Mobility Options and at last choose Intune as standalone MDM authority.
Till next week!