In my early days as consultant within Microsoft technologies, I had complete lab environments running as virtual machines on heavy workstation laptops. Through the years as I have migrated to a cloud first philosophy, my lab environments have followed along. Working mainly with Microsoft 365 and Microsoft Endpoint Manager, my lab environments are now cloud based.
I still remember making a decision moving from high performance laptops hosting all my virtualized lab environments. Looking back to my first switch to a lightweight Surface, I don’t regret. The new light weighted devices powered by the cloud has been fantastic in my everyday work life. But – I still need environments to test and verify technologies and ideas before putting them to production. This blog post will cover some ways to build lab environments for the cloud based Microsoft solutions.
Table of Contents
At the heart of every cloud based Microsoft environment, we will find a tenant. A Microsoft tenant represents an organization. It’s a dedicated instance of Azure AD that an organization or app developer receives at the beginning of a relationship with Microsoft. Each Azure AD tenant is distinct and separate from other Azure AD tenants with its own identities.
Every company using Microsoft cloud services have their own tenant. To create a lab environment, you have to create your own tenantwhere you can play and test ideas before implementing the solution in production tenants.
The prerequisite for creating a tenant is an Azure account that has an active subscription. You can create an Azure account for free with access to free services and a start credit for Azure. Remember that you can have credits to use in your lab environment tenant from Microsoft developer subscriptions or other benefit programs. These credits can become handy if you are building a long term lab environment.
I often use https://demos.microsoft.com to have quick access to a short term tenant with provisioned content. This is a great base for testing concepts, scripts and ideas without interrupting other long-term lab environments. I can quickly get a 90 day environment or a 1 year environment which I find ok for running labs. These tenants include the latest services and content at time of provisioning. 1 year tenants can even be extended and can be an excellent choice if you want to test and learn things in hybrid environments. If you create a Quick Tenant, it will be immediately available with demo content to showcase and test the Microsoft 365 concepts.
You will get separate credentials for a Global Administrator account for each tenant you create.
With a focus on Microsoft Endpoint Manager, it is obvious to have access to several endpoints to run tests on. We can do a lot of tests on virtualized endpoints. This brings me back to running virtualization on my laptop. In some cases we need access to physical devices in the lab environment. This all depends on the operating system or the operation we want to test in the LAB.
I am using Hyper-V on my physical computers as environment for my virtual endpoints in my LAB environments. Hyper-V is Microsoft’s in-house virtualization solution, and it lets me create several virtual machines and run them on virtual hardware. This can give me several isolated test devices to use in my LAB’s.
Hyper-V is available as an optional feature on Windows 11 Pro, Enterprise and Education, and one prerequisite is to enable hardware virtualization in the BIOS. Once this is in place, Hyper-V can easily be turned on in the operating system without the need of installing third party tools like the alternative VirtualBox, VMware Workstation or likewise.
After enabling Hyper-V you need to reboot your host computer. Now you are ready to create new virtual machines inside Hyper-V Manager.
Please be aware that these machines will use resources from your physical hardware, and you need to fulfill the minimum requirements for your guest operating system. For instance if you plan to create a VM hosting Windows, you need to meet the hardware requirements described at aka.ms/WindowsSysReq. This can limit how many VM’s you can run at the same time.
You can now boot the machine and use it like a regular endpoint in your LAB tenants testing AutoPilot onboarding, application distribution, device configurations and so on.
Please remember to eject your ISO installation medium if you plan to pilot on Bitlocker since encryption will not start while you have removable media mounted. Lesson learned 😎
Even if we have virtual endpoints available, we might have a need for physical endpoints to test certain operations. This is typically a place where you can reuse your old devices laying around. The following list is example of situations where you might need a physical device:
- AutoPilot self-deploying mode is not supported in Hyper-V environments as stated in the documentation, meaning you need a physical device in you LAB for working with this technology.
- Foreign operating systems not supported by the Hyper-V hypervisor might force you to have physical devices.
This means that you need to have access to a descent amount of devices, power outputs and space on your desk to hold these devices. Maybe you need cabled network access as well to some devices?
Be sure you can work in an orderly and systematic way with your physical endpoints. Arrange your space as well as possible. Maybe you need a KVM solution, or maybe you can use your main monitor with several endpoints connected as described in my blog post on unboxing a Philips P-Line 499P9H 49″ DQHD SuperWide monitor. This monitor has both KVM and MultiView possibilities which comes handy when working on physical endpoints in LAB environments.
You will also need to work on the LAB environment directly from your own workstation, signing in to different portals etc. When doing this, it may be a good idea to work from isolated environments. This can be solved in different ways.
Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains “sandboxed” and runs separately from the host machine. A sandbox is temporary. When it’s closed, all the software and files and the state are deleted and you get a brand-new instance of the sandbox every time you open Windows Sandbox.
I find Windows Sandbox to be a great place to test scripts, powershell modules, installations and such before implementing it in my online LAB environments. Windows Sandbox is enabled as a Windows Feature at the same way as Hyper-V, and you will easily find it searching your start menu for Sandbox.
If you need to log in temporarily and administer multiple tenants or multiple user logins when working in the Office 365 portal, the Incognito/InPrivate mode is much used.
This will give an isolated browser session. This is a valid solution that works pretty ok, but sometimes browser issues can connect you to a different user or tenancy – especially if you already had used the incognito mode on another tenant without signing out. This can cause issues if you start administering the incorrect tenant.
If you are frequently administering a set of Tenants, the best solution is to set up a separate browser profile for each environment.
With profiles, you can keep all information like bookmarks, history, passwords, and other settings separated. By setting up a separate profile pr. tenant in your frequency, you will be more productive and secure. This way you can be signed in on several tenants at the same time unlike incognito which only deals with one environment at a time. The most popular browsers like Edge and Chrome has this feature easily available.
Why a LAB?
A LAB is your area where ideas, concepts, development, research and innovations are tested and validated before it reaches production. A detonation chamber for your experiments. This should be your second home, where you experiment and grow yourself.
The LAB will allow you to complete courses, certifications or learn new programs and features. The uses of technology for teaching have evolved, and so must the design and configuration of your lab – it must transform into flexible, technology-enhanced spaces for maximum effectiveness.
Start build your lab today and expand your horizons to new areas. Use docs.microsoft.com and the community for inspiration on where you want to go today.
[…] The feature is rolling out in these days, and I have tested the feature on one of the tenants in my demo environment. […]
[…] I will use OpenSSL to create my required certificates. There is a good description for the process of installing OpenSSL here: How To Install OpenSSL on Windows – TecAdmin. I often tend to do such stuff in Windows Sandbox as described in my previous blog post on creating a LAB environment: Simon does… Building a MEMpowered LAB environment (skotheimsvik.no) […]
[…] This can be seen in the following image captured on an AAD-joined device in one of my test environments: […]