Intro:
I just recently moved into a new house. Moving with four young kids meant some of my things had to take a back seat being unpacked. One of which was my home lab hardware. I forgot how much I used my home lab until it wasn’t available for a few days. That’s what sparked this post. I rely on my Intune lab almost on a daily basis. If you don’t have an Intune lab and you work with Microsoft Cloud solutions, or you want to get started learning about Microsoft Cloud solutions, you should read on and learn how easy it is to set up a home Intune lab.
If you’re like me, then learning by doing is the best way to gain new skills. When it comes to technology, things are changing rapidly. Having the ability to quickly test new features, try something new, or simply test different configurations will strengthen your skills, and make you more confident in your abilities. In addition, having a good lab provides you with a sandbox to perform demos, and also help your peers and clients with issues and questions. Depending on what you’re already working with, you can probably get started without spending any money. However, if you’re serious or want a versatile home lab, you’ll probably need to spend a little money to get some solid lab devices. There are three primary components to this post:
- Getting an Entra & Intune Tenant for free
- Hardware for Windows lab devices
- Non-windows lab devices
In my opinion, the three components are in order from most to least important. I say this because you can’t do much with lab devices unless you have an Intune tenant for device enrollment. Having access to a sandbox Entra and Intune tenant is great for gaining foundational knowledge, but ultimately you want to enroll devices and get your hands dirty with how everything works. You’ll want to have a good foundational understanding of Entra ID Joined, Hybrid Entra Joined, enrollment methods, enrollment restrictions, and the MDM user scope before you dive into other more advanced Intune and Entra features. Understanding the fundamentals is important. You’ll want to walk before you run. Once you have a good foundational understanding, you should start enrolling devices, testing configurations, and learning. That’s where having lab devices is important. I believe understanding Windows management in Intune is the easiest to learn, and best to understand before expanding your knowledge into other platforms. This is based on my personal experience, where the vast majority of environments I encounter and support are primarily Windows-based. However, if you are targeting a role that has a focus on non-windows devices, you can absolutely start elsewhere.
How to get your free Intune tenant set up
Step one to getting your lab up and running is to get a working tenant. Fortunately, Microsoft allows you to do this for free with the developer program. The details can be found here – Microsoft 365 Developer Program FAQ | Microsoft Learn. The Microsoft Developer program equips you with 25 E5 licenses that have a few features removed. The licensing includes everything you need (and more) to learn about Entra ID and Intune. It also contains licensing for other areas of M365 if you also want to learn about Exchange Online management, SharePoint, Retention & Sensitivity Labels, or just about anything else included with the E5 license.
To sign up for a dev tenant, go to Developer Program | Microsoft 365 Dev Center.
Complete the form shown below. The company field can be anything you’d like:
Select an option and click next
Make some selections at the next screen and click Save:
Next, you will be redirected to developer.microsoft.com. Click the link for “Setup E5 subscription”:
Choose the Instant Sandbox for the quickest access. Configurable sandbox will let you customize your domain name (domain.onmicrosoft.com) and can be a clean tenant with no preloaded data or users but takes longer to set up. The custom sandbox is what I suggest choosing if you plan to use this for long-term testing. You get a fresh tenant with no users or configuration, so it simulates a fresh production tenant experience.
Create an admin user and set a password. If using the instant sandbox, the pre-loaded users will be configured with the same password. You have the option to set a different password for them if you’d like.
Add your phone number for initial verification and enter the code when prompted and click Set Up.
Wait for the setup to complete. This will only take a minute or two if you chose an instant sandbox. If you hose configurable, it can take a day or two. When it’s complete, you can find your dev tenant domain name and administrator account here:
Open a new incognito or alternate browser tab and sign in with your new dev-tenant admin (https://admin.microsoft.com). Azure security defaults are on, so you will be prompted to register MFA or postpone for 14 days. But really, you should disable security defaults and use Conditional Access to enforce MFA and block legacy authentication 😊
Once logged in, if you navigate to Billing > Licensing, you’ll see 25 Microsoft 365 E5 licenses (without Windows and Audio-Conferencing licensing). Most importantly, it includes Intune Plan 1 and Entra ID Plan 2 licensing, which gives you more than enough features to learn Entra ID and Intune. Additionally, you get all the M365 E5 licensed features, such as DLP & Sensitivity labeling, Teams & SharePoint, Retention policies, etc.
That’s it – You now have a fully functional M365/Entra ID/Intune tenant where you can start playing. You can access Entra with the URL https://entra.microsoft.com and Intune by using https://intune.microsoft.com. Next, we will look at lab devices.
Hardware Lab – Windows
One thing that I want to emphasize is not to go overboard with buying lab devices. I almost fell into this trap years ago when I was studying for Cisco exams. There’s something about possessing hardware related to learning (or an exam) that makes you feel like you’re putting yourself in a better position to succeed. However, a lab virtual machine with 2 vCPU and 4 GB of RAM is going to have Intune configurations and apps deployed to it the same way an i7 workstation with 32 GB of RAM does. Having more power and more devices is great, but it’s usually not worth spending tons of money on, especially when starting out. Be frugal at first when you get started. When you feel like your lab setup is hamstringing you, or it’s at capacity, then look at upgrading.
As mentioned earlier, you’ll need some devices to test with. Unless you have a bunch of old hardware laying around, you may need to spend a little money in this department. With how cheap you can get mini-PCs right now with quad+ core CPUs and 32GB of RAM, it’s money well spent if it helps advance your career. The whole point of the lab is so you can learn how to use autopilot, Intune, and Entra ID. I suggest you get a PC that can run at least 3-4 virtual machines at the same time. I don’t need to post links for you. Simply searching “mini-pc” on Amazon or other retailers will provide a bunch of good results. Keep an eye out for small form factor business PCs that are a few generations old, also. Sometimes these go up with 8th gen i5/i7 with 32 GB and a 500+GB SSD for between $200-$300.
If you’re strapped for cash and you have a device with 16GB of RAM, you can still run 1-2 VM’s to get started. When you’re just starting out, one test device is all you really need. That’s how I started out years ago, but I’ve since moved on to a dedicated hypervisor that I use solely for my lab. I use Hyper-V on Windows 11, and have sysprepped template Windows 10 and 11 VMs available to quickly deploy. You can find the script and process from one of my previous posts here – Use Hyper-V and PowerShell to quickly spin up Windows test machines – SMBtotheCloud.
You can also use physical devices if you have spare PCs laying around. They’re just not as efficient as using virtual machines when you need to reset a device or make a new machine. The ability to take VM snapshots/checkpoints is a huge time saver. But, It’s nice to have at least one physical device for testing that contains TPM 2.0 hardware. This is a requirement for self-deploying autopilot and virtual hyper-v TPMs are not compatible. It’s nice to have, but definitely not a necessity.
Other platforms and devices:
If you’re reading this, then you probably know that Intune can manage Windows, MacOS, Linux, Android, iOS, and ChromeOS. That’s a lot of platforms, some of which are expensive and may not be worth acquiring for your lab. In the US and in most other countries, Windows is still the dominant primary platform for corporate-owned devices. Learning how Intune manages Windows is, in my opinion, the most important first step. However, managing Android and iOS is a close second place. I’ve noticed a trend where many organizations are shifting from other iOS/Android MDMs over to Intune. Especially if they’re already using Intune for their Windows devices. If you have an old Android device laying around, it’s perfect to use for learning Android Intune management. Otherwise, you can get used Android devices for dirt cheap. Just remember that certain new features are only available on the newer OS versions, so I try to keep a lab device that can at least run the current or second newest release of Android. If you can shell out even more for a lab iPad or iPhone, that’s also great, but these are more expensive, and it’s not feasible for everyone. Personally, I have a few Android devices I use in my lab, but I don’t have any iOS devices since I have not been able to justify the cost.
Obviously, the more platforms you have to test and learn in your lab, the better, but this is a personal preference. Linux is free and can easily be installed on a spare device or VM. But even used MacOS devices are expensive and may not be worth the price depending on your role or what you’re trying to learn. Admittedly, I have almost no clientele that use MacOS with Intune, and I rarely get asked about it. Therefore, I don’t have a Mac for testing. This all goes back to what you’re trying to learn and what your role (or the future role you’re trying to get) requires. Hopefully, this post helps you get started with Intune and other Microsoft 365 solutions!