Lately I’ve discussed with many users who want to learn Intune but don’t know where to start from. While Microsoft has a big documentation for it, and many IT Pros are writing tons of article on the subject, the best way to learn a technology is to start playing with it.
In this article, i’m going to present a step by step guide to create a lab with Intune. At the end, we will have one virtual machine enrolled in AD and managed via Intune.
Prerequisites
Before we start with the actual implementation, let’s talk on what prerequisites are needed for this:
1. A supported Windows 10 Edition: Pro, Pro Education, Enterprise, Education
2. Azure Active Directory and MDM subscriptions:
- Azure Active Directory Premium P1 or P2 and Intune subscriptions (or an alternative MDM service)
- Microsoft 365 Business subscriptions
- Microsoft 365 F1 subscriptions
- Microsoft 365 Enterprise E3 or E5 subscriptions, which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune)
- Enterprise Mobility + Security E3 or E5 subscriptions, which include all needed Azure AD and Intune features
Don’t worry, you don’t have to pay anything upfront, Microsoft offers a ton of free subscriptions. For example, you have a 12 month free Azure subscription available, and also a free Intune subscription. If you want to keep your lab afterwards, you can go for the EMS E5 trial, which includes all of Azure AD, all of Intune, and 250 seats and at the moment it’s only 14.80$/month (which is actually not expensive at all if you consider all you get from it).
3. A virtual machine tool of your choice. I am using VMWare Workstation, but this can be achieved with Hyper-V, Oracle VM, and so on.
4. A virtual machine with Windows 10 already created
Configure Azure AD
Now that we know what is needed, let’s go through the steps which are needed to enroll your device into Intune.
First, open the Azure Portal (portal.azure.com) and login with your account (you must be a Global Administrator in order to perform the necessary changes)
Next, navigate to Azure Active Directory.
In here, click on Devices and then Device Settings.
The only thing we need to configure here is that the “Users may join devices to Azure AD” is set to ALL.
Get Virtual Machine Information
Remember I said we need an up and running virtual machine with Windows 10? Now it’s time to boot it up and get some information from it. In order to import devices into Azure, we need to find the serial numbers, Windows Product ID and hardware hashes.
In your virtual machine, open PowerShell as an Administrator and install the Get-WindowsAutoPilotInfo by using the following command line:
Install-Script -Name Get-WindowsAutoPilotInfo
For all the queries PowerShell asks us hit Y (for Yes). Once the module is installed we need to run the script which will output all the information we are going to import in Intune. For this, type the following command in PowerShell:
Get-WindowsAutoPilotInfo.ps1 -Outputfile C:\hardwareinfo.csv
Enroll device in Intune
Cool, now that we have all the virtual machine neccesary information, let’s get back to Azure portal (portal.azure.com) and select Intune. This will lead us to the new Microsoft Endpoint Manager admin center (endpoint.microsoft.com).
In the Microsoft Endpoint Manager admin center, select Devices, then Windows,
then Windows enrollment. Now in the Windows enrollment page, you will find in the right Devices. Click on it.
This will bring us to the Windows Autopilot devices page, and in here we need to click the Import button, and in the right pane that shows up, select the CSV we previously exported from the virtual machine and click Import. This operation might take a few minutes so make a coffee or something.
Ok, now that we have our virtual machine enrolled in Intune, let’s add it to a Group. To do this, go back to the Intune homepage and click Groups. In here, click on New group. Then, enter the name of the group, add your previously imported virtual machine as a member and click Create.
Create and assign Deployment Profiles
The last step we need to do in Intune is to create and assign the deployment profiles. To do this, navigate back to the Intune (Microsoft Endpoint Manager admin center) homepage and select Devices > Enroll Devices.
Next, click on Deployment Profiles:
In here, click on Create Profile > Windows PC. Give a desired name to the profile, and we are going to select Yes on “Convert all targeted devices to AutoPilot”.
The Deployment mode should be set to User-Driven, “Join to Azure AD as” we leave it as Azure AD Joined, and the rest we are going to leave as default.
In the Assignments tab, select the previously created group which contains your Virtual Machine. Click on Next to Review and Create, and hit Create.
Reset Virtual Machine
Everything in Azure and Intune is now configured, all that’s left to do is reset the virtual machine in order to configure it with Intune. To do this, open the Start Menu and search for Reset this PC or navigate to Settings > Update & Security > Recovery and click on Get Started:
Next, select Remove Everything:
Select to download from Cloud:
Once you click Reset, Windows will be reinstalled and multiple reboot will occur, so leave it and go take another coffee:
Configure Virtual Machine
After the OS is reinstalled, the first time your machine will boot you will notice that it asks you to login with your Azure account:
After you login, if you navigate to Settings > Accounts > Access work or school, you will see that you are connected to your Azure Active Directory:
If you see this, then your enrollment was succesfull, and now your virtual machine is administered via Azure/Intune.
Install Company Portal
The first app you need to install on your machine is the Company Portal. This can be found in the Microsoft Store:
Once you have it installed, open it and you will see all the apps deployed in your infrastructure. In my case, I only deployed VLC Media Player as an example. I will have an article in the future regarding win32 apps in Intune so stay tuned!