Secure Azure Infra – Lab Setup

All usernames and passwords for virtual machines are set to labuser / M1crosoft123

Perform the following steps to initialise the lab environment:

1) As we need an Azure subscription licensed for Office 365 and EM+S, the best process for this is to first create an Office 365 trial account by navigating here: http://go.microsoft.com/fwlink/p/?LinkID=698279&culture=en-GB&country=GB

2) Fill in the details, complete the sign-up process and create an “admin” user, as shown in figure 2. Please ensure the user is “admin” as shown below.

Office 365 Signup

Figure 2: Office 365 Signup

3) Once the sign-up process is complete, open to https://www.microsoftazurepass.com/ and claim the promo code to your new tenant (making sure you’re logged in as the admin user you just created)

4) Open http://portal.azure.com and click Azure Active Directory > Licenses > All Products > Try/buy > Free Trial under ENTERPRISE MOBILITY + SECURITY E5 > Activate

5) Open a Cloud Shell window using the “>_” on the top right hand side of the screen.

6) Make sure the Cloud Shell window is set to “Powershell” (not “Bash”) as shown in Figure 3.

Cloud Shell

Figure 3: Azure Cloud Shell – Powershell

7) To create the users, copy the code below and paste into the Powershell Cloud Shell window:

$script = Invoke-WebRequest https://raw.githubusercontent.com/Araffe/azure-security-lab/master/CreateUsers.ps1 -UseBasicParsing

Invoke-Expression $($script.Content)

8) To deploy the lab infrastructure, enter the following commands into the Powershell Cloud Shell window:

$script = Invoke-WebRequest https://raw.githubusercontent.com/Araffe/azure-security-lab/master/CreateLab.ps1 -UseBasicParsing

Invoke-Expression $($script.Content)

The lab environment will deploy using an Azure ARM template – this will take approximately 10 – 15 mins.

Finally, assign directory roles and licenses to the users that have been created.

9) In the Azure portal, navigate to Azure Active Directory > Users > All Users > Isaiah Langer > Directory Role > Global Administrator > Save.

Assign Role

Figure 4: Assign Global Admin Role

10) Navigate to Azure Active Directory > Licenses > All Products > Enterprise Mobility + Security E5 > select all of the users > Assign

11) Repeat the above process to assign Office 365 to the users Alex and Isaiah, your admin user should already be licensed as part of the trial sign up process.

About engsoon

Eng Soon is a 4-time Microsoft MVP and has nearly 5 years of experience building enterprise system in the cloud.He is also a Certified Microsoft Azure.Eng Soon also have strong technical skills and analytic skill. As a developer, Besides the development task, he also involved in Project Management, Consulting, and Marketing. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive. He also took part as speaker in many nationwide technical events, such as Conference, Meetup and Workshop. Currently, looking for opportunity in Cyber Security which include Cloud Security and Application Security.

View all posts by engsoon →

Leave a Reply

Your email address will not be published. Required fields are marked *