Create a playground. Sandbox time!

If you are just starting your cloud learning journey, I highly recommend starting in the Microsoft ecosystem. It is really hard to avoid Microsoft completely in the business world and more than likely you are already familiar with some of their tools if you are interested in I.T. administration. You have to try to keep an inclusive view when looking into what technology vendor to choose. Microsoft’s influence extends beyond just cloud services. Sure, AWS is a way bigger player in the cloud space than GCP and Azure, but AWS doesn’t have a widely accepted office suite or operating system. Sure, you can go with Google Workspaces and run Linux, but I really can’t imagine letting your average user loose with a Linux machine and not expecting a billion support tickets. Not to mention that Google likes to kill off apps like Michael Myers is on the payroll. I hope to add plenty of content for all three major cloud providers in the future, but we’ll see. Small steps.

Now on to Microsoft 365 and Azure! My goal here is to show how I go about creating testing environments while keeping costs as low as possible. One thing to keep in mind is that I’ve been using this platform long enough that I don’t qualify for many trials or introductory offers anymore. I highly encourage you to search for them, but I’m going to try to show how to keep costs at a minimum even without those offers. There are even plenty of completely free services.

First things, First! Training! Head on over to Microsoft Learn and look at the fundamentals courses. There is both a Micorosft 365 side that leads to getting a certification with the MS-900 exam and an Azure side with the AZ-900 exam. Unlike the administrator and harder exams, these don’t expire and are an easy way to add some knowledge while building your resume. One of the great things about the Azure course is that you can demo services in azure with FREE temp subscriptions!!! They are limited in scope and only run for a limited time, but exposure to these services is well worth it. Just make sure to have a Microsoft account before you get started. You can use that Microsoft account to keep track of your learning and certification badges. It may be convenient to use a work account if you are already a Microsoft 365 customer, but I once left a job where I had a bunch of learning badges that I lost when my account was terminated. Not a big deal, but something to consider.

Once you have decided you have learned enough to be dangerous and want to play around, it is time to get started creating your test tenant and later an Azure subscription. At this point, you have to choose the domain you want your services to run under. Just going with the default onmicrosoft.com address that comes with your tenant is fine, but I highly recommend purchasing a domain for a minimal cost per year. Typically this will only be $10 - $20 annually. You can use any domain registrar and there are plenty of guides on how to do that so I won’t be going over that here. Get that figured out and then you are ready to decide how you want to do user management. Do you want to start with an Active Directory domain and sync it to Azure Active Directory or just do cloud only? This is another situation where you can save yourself some time by just doing cloud only. I highly suggest setting up the sync from the beginning just to have both object types in your tenant.

On-Prem AD Sync

Creating an AD environment to sync from is pretty easy. Head on over to Microsoft’s trial site and get a copy of either Server 2019 or 2022. The trial will be for 180 days and last I checked, you could re-arm the trial twice and extend the life of each trial install to up to 18 months. YMMV and be sure you are just using this in a lab/test environment so that you aren’t violating any terms of service. For any learning environment, this should be more than enough. After 180 days, moving services to new installs isn’t that bad of an idea either. I have some long-running lab environments, but most don’t last longer than a month or two. I recommend setting up at least two VMs for your local Active Directory domain. 1 server to be your domain controller and 1 to be your sync server. Just about any virtualization platform will do.

Once you have two VMs, Go through the documentation for Azure AD sync. It’s super easy to configure. I’m not going to dive into this here as I think this is a great learning opportunity. If you are having trouble, just search for the error message you are getting. There are plenty of guides out there. Once you have the sync configured, you can start creating users and groups in your local AD environment and they will sync to Azure AD. You can then use those users to create Azure AD groups and assign them to Azure AD roles. This is a great way to get started with Azure AD administration.

Next Steps

Now that you have the basic building blocks to start your test environment, you should be doing plenty of research, configuring, destroying, configuring again. It’s a pain, but getting some experience here will be worth its weight in gold. The next post is going to jump straight into configuring some Azure services. Don’t worry, I’ll be adding more content on Azure AD, server administration, and Active Directory in the future. Unfortunately, most of the content will be around automating these services with things like Terraform, Ansible, and Powershell. I hope you enjoyed this post and I will see you in the next one!