TechReady Are you ready to implement IT solutions?

EMS Subscription Guide

Mobile Device Management with Enterprise Mobility Suite

Created for:

TechReady

24 mai 2016

Version 0.2

Created by:

Adrian Stoian

IT Consultant

MVP Enterprise Mobility

Page 2 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

Change Records

Date Author Version Change description

Dec 23, 2014 Adrian Stoian 0.1 Initial document for review/discussion

Feb 23, 2015 Adrian Stoian 0.2 Added screen captures

May 24, 2016 Adrian Stoian 0.3 Changed the EMS trial subscription procedure

© 2014-2016 TechReady. All rights reserved.

TechReady and TechReady.TV are registered trademarks of TECHREADY S.R.L. in Romania and

European Community.

Distribution Adrian Stoian TechReady astoian@techready.ro

Document published as volunteer contribution for the community. The document is provided AS IS, without any warranties. Use at your own risk. TechReady and Adrian Stoian do not assume any liability regarding the information contained in this document.

Page 3 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

Contents Change Records ...................................................................................................................................... 2

Configuration Procedures ....................................................................................................................... 4

To Sign-Up for an Enterprise Mobility Suite trial subscription ........................................................... 4

To access the Microsoft Intune portals .............................................................................................. 8

To manage Azure Active Directory in the Microsoft Azure portal .................................................... 10

To enable Azure Rights Management Services ................................................................................. 29

Page 4 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

Configuration Procedures

To Sign-Up for an Enterprise Mobility Suite trial subscription Enterprise Mobility Suite includes the following online services:

Microsoft Intune

Microsoft Azure Active Directory Premium

Microsoft Azure Rights Management http://www.microsoft.com/en-us/server-cloud/enterprise-mobility/

To be able to manage all these services in a unified way, you have to ensure that the services are

bound to the same Azure Active Directory instance. For that reason, the process to configure the

trial subscription includes the following steps:

Create an Enterprise Mobility Suite trial which will include an Office 365 trial. Office 365 is required for several Microsoft Intune features.

Add Microsoft Intune trial to the existing Office 365 subscription. If you follow the procedure described below, this step is performed automatically.

With Azure Management portal enable Azure Active Directory Premium and Azure RMS.

1. Open Internet Explorer and navigate to https://www.microsoft.com/en-us/server-

cloud/enterprise-mobility/ems-trial.aspx and click Try it now.

Page 5 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

2. On the Sign up page, fill in your name and organization details. Click Next.

3. On the page Create your User ID, enter an user name then enter a domain unique name

(which can be by example your company name) and a password. If the domain name is

available, a green checkmark will appear, click Next.

Page 6 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

4. On the Prove that you are not a robot page, select Text me option, enter your mobile phone

number and click Text me.

5. On the Prove that you are not a robot page, enter the code received by SMS, and then click

Next.

Page 7 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

6. On the Save this info page, note the portal URL and the account that you created, and then

click You’re ready to go.

7. On the https://portal.office.com/ page you can configure your Office 365 subscription.

Note: A Microsoft Intune trial subscription was created automatically, using the same user account

and Azure Active Directory instance as the Office 365 subscription. Do not close the browser.

Page 8 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

To access the Microsoft Intune portals 1. You can “still” access the Microsoft Intune Account Portal (Azure Active Directory) at:

https://account.manage.microsoft.com/

Account Portal

You can use the Microsoft Intune Account Portal to manage users, groups, and domains for your

Microsoft Online services, including Microsoft Intune and Office 365.

This portal will be phased out, its functionality is being integrated in the Office 365 portal. Both

portals are using the same Azure Active Directory instance. By example, you can manage the user

accounts in the Office 365 portal:

Page 9 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

And you can also manage the user accounts in the Intune Account Portal:

2. Click the Admin Console link, at the top of the page to access the Admin Portal at:

https://admin.manage.microsoft.com/

Admin Portal

You can use the Microsoft Intune Admin Portal to configure your Microsoft Intune environment,

add computers, users and mobile devices, deploy updates, configure Endpoint Protection on the

managed computers, deploy software, manage licenses and generate reports. This would be your

main administration interface if you plan to use Microsoft Intune as a mobile device management

solution.

Page 10 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

To manage Azure Active Directory in the Microsoft Azure portal To be able to configure the Azure Active Directory Premium and Azure Rights Management Services,

you need to manage your Azure Active Directory instance in the Microsoft Azure portal.

To access the Microsoft Azure portal you will need a Microsoft Azure subscription. You can either

create a trial subscription, or use an existing Microsoft Azure subscription.

1. The Enterprise Mobility Suite trial wizard will request you to create a Microsoft Azure trial.

Click the Start button.

Note: Even if Enterprise Mobility Suite trial includes an Azure Active Directory instance, it does not

include the Microsoft Azure trial. This needs to be requested separately.

2. You will prompted to create a Microsoft Azure subscription. In the drop-down list, select

your country, then click Next.

Page 11 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

3. On the Sign up page, at About you fill your company details. At Verification by phone, fill

your mobile phone number and click Send text message. After receiving the SMS, enter the

code and click Verify code.

4. At the Verification by card section, enter your card details. This is solely used to verify

identity. The card will not be charged, unless you remove the limits set in the subscription.

You can also create a subscription by using a promo code obtained from Microsoft.

In this procedure we will use an existing Microsoft Azure subscription.

Close all browser windows, and if needed clear also the browser cache. This is necessary to loose all

cached identities stored in the browser.

Page 12 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

5. Open Internet Explorer and navigate to http://azure.microsoft.com/. Click the Portal link

at the top right of the page.

6. In the Microsoft Azure login page, enter your Microsoft ID (formerly Live ID) associated with

the Microsoft Azure subscription, and then click Sign in.

Page 13 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

7. On the new Microsoft Azure portal, click Browse, then select Active Directory.

8. You will be redirected to the old Microsoft Azure portal. Azure Active Directory is still

managed in the old portal. Sign-in again, if necessary.

Page 14 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

9. On the Microsoft Azure page, on the left pane click Active Directory, to view the Azure

Active Directory instances managed with your Microsoft Azure subscription.

10. On the Microsoft Azure page, click New, Directory, Custom Create.

Page 15 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

11. On the Add directory dialog, under Directory select Use existing directory, select I am ready

to be signed out now, and then click the check button.

12. On the Microsoft Azure login page, select Use another account.

Page 16 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

13. Sign in with the administrator account for your Office 365/EMS subscription.

14. On the Use the ‘TECHREADY SRL’ directory with Microsoft Azure page, click Continue.

Page 17 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

15. On the Use the ‘TECHREADY SRL’ directory with Microsoft Azure page, click Sign out now.

16. On the Microsoft Azure login page, select your Microsoft ID (formerly Live ID).

Page 18 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

17. Sign in with the Microsoft ID used by your Microsoft Azure subscription.

18. On the Microsoft Azure page, on the left pane click Active Directory, to view the new Azure

Active Directory instance added in the list. Click the new instance to access its properties.

Page 19 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

19. On the Get Started page, under step 3 - Get Azure AD Premium, you can see that Azure

Active Directory Premium was already enabled when you created the EMS trial.

20. On the ‘TECHREADY SRL’ Licenses page, you should see the Enterprise Mobility Suite trial

licenses.

Page 20 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

21. To create a user in Azure Active Directory, click the Users tab, then click Add User.

22. In the Tell us about this user window, type the User Name, then click the arrow.

Page 21 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

23. In the User Profile window, fill the user details, check Enable Multi-Factor Authentication,

then click the right arrow.

24. In the Get temporary password window, click Create.

Page 22 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

25. In the Get temporary password window, note the temporary password, then click the check

button.

26. You can observe the newly created account in the list of users.

Note: Your Microsoft ID account was configured as an administrator for the Azure Active Directory

instance.

Page 23 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

27. To enable users for Azure Active Directory Premium, click the Licenses tab, then click on

Enterprise Mobility Suite.

28. On the Enterprise Mobility Suite page, click Assign users.

Page 24 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

29. Next to Show, select All Users, then click the check sign. Select a user from the list, then click

Assign.

30. The user will show a status of Enabled.

Page 25 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

31. On the ‘TECHREADY SRL’ Configure page, you can change the settings for your Azure Active

Directory instance.

32. On the ‘TECHREADY SRL’ Applications page, you can see the applications that are using the

Azure Active Directory instance for identity management. To add a new application, click

the Add button.

Page 26 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

33. On the What do you want to do? dialog, click Add an application from the gallery.

34. On the Application Gallery page you can browse the gallery. To date there are 2624

applications available that can be configured with integrated single sign-on with Azure

Active Directory Premium.

Page 27 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

35. Microsoft worked with 3rd party SaaS vendors to provide integrated authentication with

Azure Active Directory Premium.

36. Azure Active Directory Premium also provides reports which allow you to identify

authentication anomalies. To view a report, click the report name in the list.

Page 28 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

37. If a report contains private user data, you will get a notification.

38. The report will be generated.

Page 29 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

To enable Azure Rights Management Services To configure the Azure Rights Management Services you will also use the Microsoft Azure portal.

1. In the left pane, click Active Directory, to view the list of Azure Active Directory instances.

Click the Rights Management tab.

2. On the Active Directory Rights Management page, select your Active Directory instance in

the list, and then click the Activate button.

Page 30 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

3. On the Are you sure to activate Rights Management dialog, click Yes.

4. On the Active Directory Rights Management page, verify the status is Active, then click the

instance to configure its properties.

Page 31 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

5. On the Templates page, under Manage, click Create a new rights policy templates.

6. On the Add a new rights policy template dialog, enter a name and a description, and then

click the Complete button.

Page 32 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

7. On the Templates page, wait for the template to be added, then click the Templates tab.

8. On the Templates page, click the newly created template.

Page 33 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

9. On the template properties page, under Configure rights for users and groups, click Get

started.

10. On the Rights page, click Get started now.

Page 34 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

11. On the Select users and groups page, next to Show, select Users, then click the right check

button.

12. On the Select users and groups page, click to select the users for which you want to give

permissions to use the new template, then click bottom right arrow.

Page 35 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

13. On the Assign rights to selected users and groups page, select Viewer, and then click the

check button.

14. After creating the template, you will see a summary screen. Click the left blue arrow to go to

the list of templates.

Page 36 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

15. On the Templates page, select the template form the list, and then click the Publish button.

16. On the Are you sure you want to publish the template dialog, click Yes.

Page 37 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

17. On the Templates page, observe that the template has a status of Published.

18. Log in to your Office 365 subscription using your administrative user account. On the Home

page, in the right menu, select Settings, Apps.

Page 38 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

19. On the Home > Apps page, click Microsoft Azure Rights Management.

20. On the Microsoft Azure Rights Management page, click Manage Microsoft Azure Rights

Management settings.

Page 39 MDM_TRDY_EMS_SubscriptionGuide_v03.doc Version 0.3 Rev. 49 May 24, 2016

21. On the Rights Management page, verify Rights Management is activated.

This ends the initial configuration of your Enterprise Mobility Suite trial subscription.