Yes, having a separate test tenant can be useful for testing changes and new features before deploying them to production. To create a test tenant that is similar to your production tenant, you will need to set up a separate Azure AD tenant and configure it to match your production tenant as closely as possible. Here are some recommended steps to create a test tenant:
Create a separate Azure AD tenant: To create a separate Azure AD tenant, go to the Azure Portal and select the "Azure Active Directory" section. From there, you can create a new tenant by selecting "Create a tenant" and following the prompts to create a new tenant.
Configure the test tenant to match the production tenant: To make the test tenant similar to your production tenant, you will need to configure it with the same settings, policies, and permissions. This includes creating the same users and groups and configuring the same Azure AD Connect settings to sync the same users from your on-premises Active Directory. You can use Azure AD PowerShell or Azure AD Graph API to automate the creation of users, groups, and policies in the test tenant.
Here are some recommended steps to configure the test tenant:
Create the same users and groups: You can use Azure AD PowerShell or Azure AD Graph API to create the same users and groups in the test tenant as you have in your production tenant. This will ensure that the test tenant has the same user base as the production tenant.
Configure the same Azure AD Connect settings: You will need to configure Azure AD Connect to sync the same users from your on-premises Active Directory to the test tenant. This will ensure that the test tenant has the same user data as the production tenant. You can use the Azure AD Connect Configuration Wizard to configure the same settings in the test tenant.
Configure the same policies: You will need to configure the same policies in the test tenant as you have in your production tenant. This includes policies for password settings, device management, and access control. You can use Azure AD PowerShell or Azure AD Graph API to automate the creation of policies in the test tenant.
Test changes and new features in the test tenant: Once you have set up the test tenant, you can test changes and new features in the test tenant before deploying them to production. You can use the test tenant to perform functional testing, security testing, and load testing to ensure that the changes and new features work as expected.
Deploy changes and new features to production: After testing changes and new features in the test tenant, you can deploy them to production. It's important to note that any changes or new features that are deployed to production will not be reflected in the test tenant unless you manually configure them.
Keep the test tenant up-to-date: To ensure that the test tenant remains a reliable representation of the production tenant, you will need to keep it up-to-date with any changes or new features that are deployed to production. You can automate this process using Azure AD PowerShell or Azure AD Graph API to sync the changes from production to the test tenant.
Keep in mind that having a separate test tenant will incur additional costs, so you should plan and budget accordingly. Additionally, you should follow best practices for managing your test tenant, such as keeping it secure and up-to-date, to ensure that it remains an effective tool for testing changes and new features.