This blog post will describe how to build your own MEMCM lab environment.
This will be the start of a long series, in which we will build a full lab environment of Microsoft Endpoint Manager Configuration Manager (Co-Management and Tenant Attach), but also a full cloud Intune environment.
To start we will create a full lab environment in Azure, with no need to run something locally in Hyper-V or on prem. But we will simulate our on-prem environment in Azure.
The benefit of this is that we can do this very cheap, while spinning everything up and stopping our VM’s when we don’t need them.
What will we create in this first part? (and yeah, it’s gonna be real easy, hang on!)
- A new Domain Controller (DC) in Azure
- A new standalone primary site with SQL Server
- A remote site system server with Management Point and Distribution Point
- Three clients (Windows 10)
What can you expect of the following parts? We will configure our DC and harden it with a Security Baseline, we will enable Co-Management in MEMCM and activate Cloud Attach (previously Tenant Attach) to leverage all cloud functions that we can. But we won’t stop there. I’ll try to cover everything and if you have suggestions for taking something into this guide, just let me know.
MEMCM – Microsoft Endpoint Manager Configuration Manager (formerly known as SCCM)
Now what is MEMCM?
Microsoft Endpoint Manager is an integrated solution for managing all of your devices. Microsoft brings together Configuration Manager and Intune with simplified licensing. You can continue to use your existing Configuration Manager investments, while taking advantage of the power of the Microsoft cloud at your own pace.
The following Microsoft management solutions are all now part of the Microsoft Endpoint Manager brand:
- Configuration Manager
- Desktop Analytics
- Other features in the Microsoft Endpoint Manager admin console
Introduction to MEMCM
Use Configuration Manager to help you with the following systems management activities:
- Increase IT productivity and efficiency by reducing manual tasks and letting you focus on high-value projects.
- Maximize hardware and software investments.
- Empower user productivity by providing the right software at the right time.
Configuration Manager helps you deliver more effective IT services by enabling:
- Secure and scalable deployment of applications, software updates, and operating systems.
- Real-time actions on managed devices.
- Cloud-powered analytics and management for on-premises and internet-based devices.
- Compliance settings management.
- Comprehensive management of servers, desktops, and laptops.
Configuration Manager extends and works alongside many Microsoft technologies and solutions. For example, Configuration Manager integrates with:
- Microsoft Intune to co-manage a wide variety of mobile device platforms
- Microsoft Azure to host cloud services to extend your management services
- Windows Server Update Services (WSUS) to manage software updates
- Certificate Services
- Exchange Server and Exchange Online
- Group Policy
- Windows Automated Deployment Kit (Windows ADK) and the User State Migration Tool (USMT)
- Windows Deployment Services (WDS)
- Remote Desktop and Remote Assistance
Configuration Manager also uses:
- Active Directory Domain Services and Azure Active Directory for security, service location, configuration, and to discover the users and devices that you want to manage.
- Microsoft SQL Server as a distributed change management database—and integrates with SQL Server Reporting Services (SSRS) to produce reports to monitor and track management activities.
- Site system roles that extend management functionality and use the web services of Internet Information Services (IIS).
- Delivery Optimization, Windows Low Extra Delay Background Transport (LEDBAT), Background Intelligent Transfer Service (BITS), BranchCache, and other peer caching technologies to help manage content on your networks and between devices.
MEMCM Technical Preview
For starters we will do this with MEMCM Technical Preview. This gives us a 90 day license and if we update this every 90 days to the new MEMCM build, we can keep on using this Technical Preview for free, ain’t that awesome?
The technical preview introduces new functionality that Microsoft is working on. It introduces new features that aren’t yet included in the current branch of Configuration Manager. These features might eventually be included in an update to the current branch.
How to build your MEMCM lab environment in under 5 minutes?
We will leverage an ARM template for this, and this is something that Microsoft provides for us:
Make sure you have an active Azure Subscription though, this is the only requirement you need. Don’t worry about the cost of the lab environment. If you shut all VM’s properly down after your testing, the cost really is minimal.
Process of building our MEMCM lab environment:
- Go the the site I mentioned just above, and click on ‘Deploy to Azure’.
- Complete the Azure quickstart template with the following information:
- Subscription: The name of the subscription in which to create the VMs
- Resource group: Select (or create) a resource group to use for these VMs
- Location: Select an Azure data center (choose on in your own region) to host this lab environment
- Prefix: The prefix name of the machines.
- Admin Username: The name of a user on the VMs with administrative rights. You use this user to sign in to the VMs.
- Admin Password: The password must meet the Azure complexity requirements. For more information, see adminPassword.
The following settings are required by Azure. Use the default values. Don’t change these values.
- _artifacts Location: The location of the scripts for this template
- _artifacts Location Sas Token: The sasToken is required to access the artifacts location
- Location: The location for all resources
The process can take 2-4 hours. Even when the Azure portal shows successful deployment, configuration scripts continue to run. Don’t restart the VMs during the process.
So even though it only takes 5 minutes to deploy it, make sure to give it some time before you do the real work, but we will cover that in Part 2 of this guide.
So to start, click on ‘Deploy to Azure’.
Fill in all necessary variables like we already explained above and click on ‘Review + Create’.
After final validation, confirm by clicking ‘Create’.
This will initialize your deployment. And for now on, it’s the waiting game, and just following up on your deployment.
Don’t forget it will take 2-4 hours for all configurations and script running after deployment to be completed. So deploy it, follow up your ARM deployment went well and come back the day after to start with configuring some things. Don’t break it!
In our next part we will start to create some users, groups and harden our Active Directory (DC).
So stay tuned for more!
PS. Keep in mind that my old site will stay online, I’m still in the process of migrating my old content here, but until that’s done, you can always find it here: Https://www.cloud-boy.be