Set up a test environment for your app - Microsoft Entra (2023)

  • Article

Set up an Azure Active Directory (Azure AD) test environment to take your app through the development, test, and production lifecycle. You can use your Azure AD test environment in the early stages of app development and as a permanent test environment in the long term.

Dedicated test tenant or Azure AD production tenant?

Your first task is to decide whether you want to use an Azure AD tenant for testing or your production tenant as a test environment.

Using a production tenant can simplify some aspects of application testing, but requires the right level of isolation between test and production resources. Isolation is especially important for high privilege scenarios.

Don't use your production Azure AD tenant if:

  • Your application uses settings that require tenant-wide uniqueness. For example, your app may need to access tenant resources as itself and not on behalf of a user, using only app permissions. App-only access requires admin consent, which applies to the entire tenant. It is difficult to securely obtain such permissions within a tenant's confines.
  • You have a low risk tolerance for potential unauthorized access to test resources by tenant members.
  • Configuration changes can adversely affect the critical operation of your production environment.
  • You cannot create users or other test data in your production tenant.
  • Your production tenant has policies enabled that require user interaction during authentication. For example, if multi-factor authentication is required for all users, you cannot use automatic logins for integration testing.
  • Adding non-production resources and/or workload to your production tenant would do thisexceeds service or throttling limitsfor the tenant.

If any of these restrictions apply, set oneTest environment in a separate client.

If none of these restrictions apply, you can create oneTest environment in your production client. Please note that global administrators in your production tenant can access and change the configuration of the resources at any time. To prevent access to test resources or configurations, store this data in a separate client.

Set up a test environment in a separate tenant

If you can't safely constrain your test app in your production tenant, create a separate tenant for development and testing.

Apply for a test tenant

If you don't already have a dedicated trial tenant, you can create one for free with the Microsoft 365 Developer Program or create one yourself manually.

Join the Microsoft 365 Developer Program (recommended)

VonMicrosoft 365 Developer-Programmis free and test user accounts and sample data packs can be automatically added to the tenant.

  1. press theJoin nowbutton on the screen.
  2. Sign in with a new Microsoft account or use an existing (work) account you already have.
  3. On the sign-up page, select your region, enter a company name, and accept the program terms before clickingBelow.
  4. click onSet up subscription. Specify the region where you want to create your new tenant, create a username and domain, and enter a password. This creates a new tenant and the tenant's first admin.
  5. Enter the security details needed to protect your new tenant's administrator account. This will set up multi-factor authentication for the account.

Manually create a tenant

You canManually create a tenant, which is empty when created and must be configured with test data.

Populate your tenant with users

For convenience, you can invite yourself and other members of your development team as guest users in the tenant. This creates separate guest objects in the test tenant, but you only need to manage one set of credentials for your company account and your test account.

  1. Of theAzure-Portal, Click onAzure Active Directory.
  2. Go touser.
  3. click onNew guest userand upload your work account email address.
  4. Repeat this process for other members of the development and/or testing team for your application.

You can also create test users in your test tenant. If you used one of the Microsoft 365 sample packages, you might already have some test users in your tenant. If not, as a tenant admin, you should be able to create one yourself.

  1. Of theAzure-Portal, Click onAzure Active Directory.
  2. Go touser.
  3. ClickNew Userand create some new test users in your directory.

Purchase an Azure AD subscription (optional)

To fully test the premium features of Azure AD in your application, register your tenant for onePremium P1 or Premium P2 license.

If you're enrolled in the Microsoft 365 developer program, your trial tenant comes with Azure AD P2 licenses. If not, you can still activate one monthAzure AD Premium free trial.

Create and configure an app registration

You must create an app registration to use it in your test environment. This should be a separate registration from your final production app registration to maintain security isolation between your test environment and your production environment. How you configure your application depends on the type of app you are building. For more information, see the app registration steps for your app scenario in the left navigation pane, e.g. B. in this articleRegistration of web applications.

Fill your tenant with policies

If your app is primarily used by a single organization (commonly referred to as a single tenant) and you have access to that production tenant, you should attempt to replicate your production tenant's settings, which may affect your app's behavior. This reduces the risk of unexpected errors when working in production.

Conditional Access Policies

Replicating Conditional Access policies ensures that you don't encounter unexpected blocked access during the transition to production and that your application can properly handle the errors that are likely to occur.

A company administrator may need to review your production tenant's Conditional Access policies.

  1. Log inAzure-Portalvia your production tenant account.
  2. Go toAzure Active Directory>Business Applications>Conditional Access.
  3. Look at the list of policies in your tenant. Click on the first.
  4. Navigate toCloud Apps or Actions.
  5. If the policy only applies to a select group of apps, continue to the next policy. If not, then your app will likely do the same when you go into production. You must copy the policy to your test tenant.

In a new tab or browser session, navigate toAzure-Portaland log in to your test client.

  1. Go toAzure Active Directory>Business Applications>Conditional Access.
  2. click onNew guidelines
  3. Copy the production tenant policy settings identified in the previous steps.

Permission Grant Policy

Replication of permission grant policies ensures that you don't face unexpected prompts for administrator approval when going into production.

  1. Log inAzure-Portalvia your production tenant account.
  2. click onAzure Active Directory.
  3. Go toBusiness Applications.
  4. From your production tenant, go toAzure Active Directory>Business Applications>Consent and Permissions>User Consentinstitutions. Copy the settings there to your test client.

Token lifetime policy

Replication of token lifetime policies ensures that tokens issued to your application do not unexpectedly expire during production.

Token lifetime policies can currently only be managed via PowerShell. read aboutconfigurable token lifetimeLearn more about identifying token lifetime policies that apply to your entire production organization. Copy this policy to your test tenant.

Set up a test environment in your production tenant

If you can safely confine your test app in your production tenant, you can set up your tenant for testing purposes.

Create and configure an app registration

You must create an app registration to use it in your test environment. This should be a separate registration from your final production app registration to maintain security isolation between your test environment and your production environment. How you configure your application depends on the type of app you are building. For more information, seeApp registration steps for your app scenarioin the left navigation area.

Create some test users

You need to create some test users with associated test data to use when testing your scenarios. This step may need to be performed by an administrator.

  1. Of theAzure-Portal, Click onAzure Active Directory.
  2. Go touser.
  3. ClickNew Userand create some new test users in your directory.

Add the test users to a group (optional)

For convenience, you can assign all of these users to a group, making other assignment operations easier.

  1. Of theAzure-Portal, Click onAzure Active Directory.
  2. Go toThe group.
  3. ClickNew group.
  4. Choose oneSecurityvonMicrosoft 365for group type.
  5. Give your group a name.
  6. Add the test users created in the previous step.

Restrict your test application to specific users

You can limit the users in your tenant who are allowed to use your test application to specific users or groups through user assignment. If youan app created through app registrationsa rendering of your app was createdBusiness ApplicationsAlso. Use thoseBusiness ApplicationsSettings to restrict who can use the application in your tenant.


If your app has oneMultitenant-App, this operation will not result in users in other tenants signing in to and using your app. It only restricts users in the tenant where user assignment is configured.

For detailed instructions on restricting an app to specific users in a tenant, seeRestrict your app to a group of users.

Next Steps

LearnThrottling and Service Limitsyou might come across when setting up a test environment.

More information about test environments can be found hereSecuring Azure environments with Azure Active Directory.


How do I set up Microsoft Entra? ›

Set up Microsoft Entra Verified ID on your Azure AD tenant. Gather credentials and environment details to set up your sample application, and update the sample application with your verified credential expert card details. Run the sample application and initiate a verifiable credential issuance process.

How do I create a test tenant? ›

  1. Join the Microsoft 365 Developer Program, if you don't have a test tenant.
  2. Set up a Microsoft 365 Developer Subscription.
  3. Use sample data packs with your Microsoft 365 developer subscription to install the Users content pack.
  4. Install the Teams PowerShell module.
  5. Install the Azure AD PowerShell module.
Jan 11, 2023

How do I test my Microsoft MFA? ›

Open a separate, private instance of your browser, go to the Microsoft 365 admin center (, and then sign in with your global administrator account. In the left navigation, select Users > Active users. In the Active users pane, select Multi-factor authentication.

What is an example of a test environment in a test plan? ›

A test environment is the configuration of environment types for a particular test. For example, a test environment that uses Firefox, Windows XP, and WAS is a configuration of these environment types: browser, operating system, and application server.

What are the examples of test environment? ›

What Are the Different Types of Testing Environments?
  • Performance Testing Environment. ...
  • System Integration Testing (SIT) ...
  • User Acceptance Testing (UAT) ...
  • Quality Assurance (QA) ...
  • Security Testing. ...
  • Chaos Testing. ...
  • Alpha Testing. ...
  • Beta Testing.

How do I create a free Microsoft tenant? ›

In this article
  1. Navigate to the Office 365 Education Plans page.
  2. Click the green Get Started for Free button.
  3. Click Create a New Account.
  4. Enter all Info requested in the wizard. ...
  5. Click Next.
  6. Create your Global Admin account. ...
  7. Record the username and password for your Admin account, and then click Create my account.
Aug 29, 2021

How do I get a free Microsoft tenant? ›

Create an Azure AD tenant for development
  1. On the Join the free Microsoft 365 Developer Program page, select Join now.
  2. Sign in with a new Microsoft account or use an existing (work) account.
  3. On the sign-up page, select your region, enter a company name, and accept the terms and conditions of the program.
  4. Select Next.
Jan 26, 2023

What is entra Microsoft? ›

Microsoft Entra is the vision for identity and access that expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.

How do I test my Authentication app? ›

The authenticator app asks for a verification code as a test. From the Microsoft Authenticator app, scroll down to your work or school account, copy and paste the 6-digit code from the app into the Step 2: Enter the verification code from the mobile app box on your computer, and then select Verify.

How to setup MFA in Office 365? ›

  1. Step 1 - sign into Office 365 on your computer or laptop. ...
  2. Step 2 - installing the authenticator app on your mobile phone. ...
  3. Step 3 - return to your personal or.
  4. Step 4 - using your mobile.
  5. Step 5 - testing the authentication is working on your computer.

How do I use Microsoft MFA app? ›

Sign in to your account security dashboard. Select Add a new way to sign in or verify and choose Use an app. If you've already installed the app, select Next to display a QR code appear on the screen. In the authenticator app, select [three dots] then + Add account.

Is Microsoft Entra free? ›

Try Microsoft Entra Permissions Management today

We're offering a free 90-day trial to Permissions Management so that you can run a comprehensive risk assessment and identify the top permission risks across your multicloud infrastructure.

How to configure Microsoft Identity Platform? ›

Configure platform settings
  1. In the Azure portal, in App registrations, select your application.
  2. Under Manage, select Authentication.
  3. Under Platform configurations, select Add a platform.
  4. Select Configure to complete the platform configuration.
Nov 13, 2022

What is Microsoft Entra verified ID? ›

Microsoft Entra Verified ID is a decentralized identity solution that helps you safeguard your organization. The service allows you to issue and verify credentials. Issuers can use the Verified ID service to issue their own customized verifiable credentials.

What are the 4 phases of testing environment? ›

There are four main stages of testing that need to be completed before a program can be cleared for use: unit testing, integration testing, system testing, and acceptance testing.

What is the best testing environment? ›

Test environments best practices snapshot

Build communication into the environment. Configure bug tracing and solution life cycles into test environments. Leverage feature flags to test in production.

What is a good testing environment? ›

A good test environment has the following characteristics. It's a copy of, or very closely resembles, the live environment. This means it includes the same code, data, configuration, operating system, and functionality.

What are four examples of the environment? ›

The environment includes the sun, soil, water, and air, which are essential for human life. It sustains life by providing genetic and biodiversity.

Do you need a test environment? ›

Test environments represent an efficient and a safe space to conduct all your essential and most basic tests. They are a necessary tool in the tester's kit. A reliable, scalable test environment aligned to the needs of the application under test is imperative to the success of software development.

What is the difference between UAT and test environment? ›

Is UAT and test environment same? The fundamental difference between a UAT and Test server is that UAT is configured to run as a production build. But the database is separate where it usually doesn't include caching and other configurations to handle scale.

How do I create a free trial tenant in Office 365? ›

Try a free trial subscription
  1. Go to the Microsoft 365 Products site.
  2. Select the plan that you want to sign up for, such as Microsoft 365 Business Standard, scroll down the page, and select Try free for 1 month.
  3. On the next page, follow the steps to set up your account.
Mar 15, 2023

Is Microsoft 365 tenant free? ›

Fortunately, we can set up a Microsoft 365 tenant for free to try out. You only need a free email address, such as,, or, and a phone number. 3. Enter your email address.

How do I create a test account in Office 365? ›

To sign up for a test tenant, go to Microsoft's Office 365 plan comparison page (Figure 1) and select the Try for free link for either E3 or E5. A test Office 365 tenant is a good choice for organizations who want to kick the tires and see how the latest Office 365 functionality works.

Can you have multiple Microsoft tenants? ›

Multi-tenant management offers a unified form of management that allows Microsoft 365 partner admins the ability to administer all the tenants they manage from a single location. If you're a partner who has a delegated admin role and manages multiple tenants, you can: Move quickly between tenants you manage.

How do I become a Microsoft tenant? ›

Sign in to Partner Center as a Global admin and select the Settings (gear) icon. Select Account settings, and then select Tenants. Select Associate Azure AD, and then indicate the tenant you want to associate. Sign in at the prompt as Global admin to the tenant you want to associate and then select Confirm.

Are Azure tenants free? ›

Paid or trial subscriptions of Microsoft 365 or Dynamics 365 include a free Azure AD tenant. This Azure AD tenant does not include other Azure services and is not the same as an Azure trial or paid subscription.

What is Microsoft Entra replacing? ›

I guess we all knew it was coming (after all, Microsoft published message center notification MC477013 in December 2022), but the news that the Microsoft Entra admin center (Figure 1) will replace the Azure AD admin center from April 1, 2023 is yet another example of the ongoing and constant changes in Microsoft 365.

When did Microsoft Entra start? ›

Microsoft introduces Microsoft Entra to help customers secure access in a connected world. Asia Pacific, 2 June 2022 – Microsoft today announced a new product family, Microsoft Entra, which encompasses all of Microsoft's identity and access capabilities.

When was Microsoft Entra released? ›

Microsoft Entra Permissions Management will be a standalone offering generally available worldwide this July 2022 and will be also integrated within the Microsoft Defender for Cloud dashboard, extending Defender for Cloud's protection with CIEM.

What is the 6 digit code authentication app? ›

Google Authenticator is a software-based authentication token developed by Google. The token provides an authenticator, which is a six digit number users must enter as the second factor of authentication. You need to install the Google Authenticator app on your smart phone or tablet devices.

How do I get a 6 digit code from Microsoft Authenticator app? ›

Add account to Microsoft Authenticator
  1. Open the Microsoft Authenticator app on your phone.
  2. Tap the + > Work or school account.
  3. Use your phone to scan the QR square that is on your computer screen. Notes: ...
  4. Your account will be added automatically to the app and will display a six-digit code.

How do I get the six digit code authentication app? ›

Set up Authenticator
  1. On your Android device, go to your Google Account.
  2. At the top, tap the Security tab. If at first you don't get the Security tab, swipe through all tabs until you find it.
  3. Under "You can add more sign-in options," tap Authenticator. ...
  4. Tap Set up authenticator. ...
  5. Follow the on-screen steps.

Is Office 365 requiring MFA? ›

Admins will always be prompted for MFA on login. Users will be prompted for MFA "when necessary" (this is not strictly defined by Microsoft but includes when users show up on a new device or app, and for critical roles and tasks). Access to Azure portal, Azure CLI or Azure PowerShell by anyone will always require MFA.

Does Office 365 have built in MFA? ›

By setting up MFA, you add an extra layer of security to your Microsoft 365 account sign-in. For example, you first enter your password and, when prompted, you also type a dynamically generated verification code provided by an authenticator app or sent to your phone.

Does Microsoft 365 require MFA? ›

For all users, including hybrid workers and especially admins, Microsoft strongly recommends MFA. There are three ways to require your users to use MFA based on your Microsoft 365 plan. Enable Security defaults in Azure AD. Security defaults in Azure AD include MFA for users and administrators.

How do I authenticate with Microsoft Authenticator? ›

Sign in with the Microsoft Authenticator app
  1. Sign in to an application or service such as Microsoft 365 using your username and password.
  2. Microsoft sends a notification to the Microsoft Authenticator app on your device.
  3. Open the notification on your phone and select the Verify key.

What is the difference between app password and MFA? ›

Multi-factor authentication and Office 365 app passwords are additional security options for authentication. Multi-factor authentication improves security but takes additional steps to authenticate. Use MFA when you are not sure that using a username/password pair is enough for you in terms of security.

How to get 6 digit code from Authenticator app instead of 8? ›

Settings>Passwords>App Ask for 6 digit code. It'll be in there updating over and over like the actual Authenticator apps do.

Does Active Directory have a test environment? ›

The Active Directory test forest has been designed to provide a safe testing and learning environment for Active Directory related activities.

How do I create a test Azure AD? ›

Set up a test environment in a separate tenant
  1. Get a test tenant. ...
  2. Populate your tenant with users. ...
  3. Get an Azure AD subscription (optional) ...
  4. Create and configure an app registration. ...
  5. Populate your tenant with policies. ...
  6. Create and configure an app registration. ...
  7. Create some test users. ...
  8. Add the test users to a group (optional)
May 2, 2023

How do I set up a Facebook ad test? ›

How to A/B Test Facebook Ads
  1. Go to Facebook Ads Manager.
  2. Select the campaign you'd like to A/B test.
  3. On the toolbar, click 'A/B Test. '
  4. In the A/B test workflow, tap 'Get Started. '
  5. Choose a variable to test.
  6. Name your test and determine the winning criteria.
  7. Edit and publish the alternate version of your ad.
Feb 23, 2023

Does Microsoft use Active Directory? ›

Active Directory (AD) is Microsoft's proprietary directory service. It runs on Windows Server and enables administrators to manage permissions and access to network resources. Active Directory stores data as objects.

Do I need a license for Active Directory? ›

A basic version of Azure AD is available as a free feature to those who are subscribed to any Microsoft Online business service, with more premium versions requiring licenses.

Does Windows 10 Enterprise have Active Directory? ›

Active Directory does not come with Windows 10 by default so you'll have to download it from Microsoft. If you're not using Windows 10 Professional or Enterprise, the installation will not work.

How can I practice Active Directory? ›

The best way to practice Active Directory would be to set up a test environment on your own computer or on a cloud-based platform such as Microsoft Azure. Azure offers a free trial that allows you to set up virtual machines (VMs) running Windows Server, which would be suitable for practicing Active Directory.

What is an Active Directory environment? ›

Active Directory (AD) is a database and set of services that connect users with the network resources they need to get their work done. The database (or directory) contains critical information about your environment, including what users and computers there are and who's allowed to do what.

How do I manage Microsoft Active Directory? ›

Use one of the following options to open Active Directory Users and Computers:
  1. Right-click the Start menu, select Run, enter dsa. msc, and click OK.
  2. Use the Windows search function by clicking on Start and entering dsa. msc.
  3. Click on Server Manager -> Tools and select Active Directory Users and Computers from the menu.
Jun 12, 2020

How do I set up Azure AD for free? ›

Create an Azure AD tenant for development
  1. On the Join the free Microsoft 365 Developer Program page, select Join now.
  2. Sign in with a new Microsoft account or use an existing (work) account.
  3. On the sign-up page, select your region, enter a company name, and accept the terms and conditions of the program.
  4. Select Next.
Jan 26, 2023

Can we use Azure AD for free? ›

Azure Active Directory comes in four editions—Free, Office 365 apps, Premium P1, and Premium P2. The Free edition is included with a subscription of a commercial online service, e.g. Azure, Dynamics 365, Intune and Power Platform.

How much does it cost to test Facebook ads? ›

Many businesses think they can't be successful with Facebook and Instagram ads on a small budget. But with this testing method, you can typically get a really good ad with a budget of about $250-$500 for testing. And you should be able to complete all of your testing in a 7- to 10-day period.

How much money do you need to test Facebook ads? ›

Decide How Much To Spend

So in that scenario a daily budget of $25 would be a good place to start. However, you could go higher or lower than that and still get results. There really is no hard and fast rule on what sort of daily budget works best because every market and product is different.

Can I do a test post on Facebook? ›

Post testing in Meta Creator Studio lets you test up to 4 variants of a post against each other to see which one your audience likes most. During the test, the posts are circulated to a subset of your audience, but not posted to your Page.


Top Articles
Latest Posts
Article information

Author: Edwin Metz

Last Updated: 09/15/2023

Views: 5661

Rating: 4.8 / 5 (58 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Edwin Metz

Birthday: 1997-04-16

Address: 51593 Leanne Light, Kuphalmouth, DE 50012-5183

Phone: +639107620957

Job: Corporate Banking Technician

Hobby: Reading, scrapbook, role-playing games, Fishing, Fishing, Scuba diving, Beekeeping

Introduction: My name is Edwin Metz, I am a fair, energetic, helpful, brave, outstanding, nice, helpful person who loves writing and wants to share my knowledge and understanding with you.