To get the most out of this book
In order to get the most out of this book, the following items will be needed to follow along with the examples provided. Thanks to cloud technology, you will be able to quickly enable an environment to build the infrastructure and foundation needed to support your journey throughout this book.
It is recommended that you set up an Office 365 subscription (add your own custom domain), which will in turn create an Azure Active Directory (AAD) tenant. Once the AAD tenant has been set up, this will allow you to add an Azure subscription to begin consuming Azure resources tied to your Office 365 subscription and your custom domains.
Office 365 E5 30-day free trial: https://go.microsoft.com/fwlink/p/?LinkID=698279&culture=en-US&country=US
Azure account with $200 credit for 30 days: https://azure.microsoft.com/en-us/free/
Cloud subscriptions required
- An Azure subscription
- Microsoft Enterprise E5
- An Intune subscription and license
- Microsoft Defender ATP licensing (Windows 10 E5 or M365 E5)
- Enterprise Mobility + Security E3 or E5 (includes AAD Premium P2)
Permissions
- Global administrator rights to your Office 365 subscription
- Owner role or appropriate RBAC to your Azure subscription to deploy resources
- Domain admin rights on your domain controller or equivalent rights to modify Group Policy
Azure resources
- Azure VMs (Windows 10 and Windows Server 2019 Core and Desktop versions from Marketplace)
- A virtual network, subnet, network security group, and resource group
- AAD
- Azure Security Center Standard
- Azure Sentinel
- Azure Bastion
- Microsoft Cloud App Security
- A Log Analytics workspace
- An Azure Automation account
- Azure Update Management
- Azure Privileged Identity Management
Applications, tools, and services
- PowerShell (version 5.1 recommended) with the AAD module and the Azure PowerShell Az module
- Text viewer to edit and open JSON files
- Windows Assessment and Deployment Kit
- Windows Deployment Services (Windows Server roles and features)
- Microsoft Deployment Toolkit
- System Center (Configuration Manager) hierarchy
- Windows 2016 Active Directory and domain functional level
- Microsoft Security Compliance Toolkit
- WSUS
- Windows 10 Pro/Enterprise, Windows Server 2016+ Core/Datacenter
All licensing and pricing is subject to change by Microsoft. Additionally, many of the products that are mentioned are covered under a license bundle, or available à la carte if you only want to enable a small subset of features.
For information about licensing Microsoft 365, visit this link:
To compare the different products available in the Microsoft 365 plans, visit this link:
https://www.microsoft.com/en-us/microsoft-365/compare-microsoft-365-enterprise-plans
For AAD pricing and features, visit this link:
https://azure.microsoft.com/en-us/pricing/details/active-directory/
If you are using the digital version of this book, we advise you to type the code yourself. Doing so will help you avoid any potential errors related to the copying and pasting of code.