These pages include information about the labs I’ve created and use on a regular basis. The repository is free for you to use/borrow/fork as you see fit, but I make no promises or guarantees if you rely on these about updates, releases, etc.


There are two primary labs I use: MDELab and MDILab. Both labs can be deployed temporarily or deployed and used for a longer period of time.


MDE Lab is based on running VMs for about a year in Azure while I’ve experimented, tested, and learned capabilities in MDE. Over a year, or more, I’ve created and deleted VMS, enrolled and unenrolled them in MDE, added varying types of OS’s, and even experimented with various management platforms (Intune, Ansible, SaltStack, etc.). This environment is a collection of those artifacts so I can create and tear down these labs for various purposes.


MDI Lab based on the Defender for Identity Security Alert Lab as specified in the Lab Setup, and is intended to get the VMs configured as close as I’ve been able to get them automatically including naming, IP addresses, and even AD Users and Group/Group Memberships.