Onboarding and Migration Phases

When you use the FastTrack Center Benefit Eligible Services and Plans to get Microsoft Azure Active Directory Premium and Microsoft Intune ready for use, there are several phases involved in the process. The following sections describe each phase of the onboarding process.

Onboarding has four primary phases:

The four phases of the FastTrack onboarding process

Initiate phase

After you purchase the appropriate number of licenses, follow the guidance from the purchase confirmation email to associate the licenses to your existing tenant or new tenant. Microsoft then verifies your eligibility for the FastTrack Center Benefit and tries to contact you to offer onboarding assistance. You can also request assistance from the FastTrack Center if you're ready to deploy these services for your organization.

To request assistance, sign in to the FastTrack Center with your work or school account, go to the dashboard, expand the Need Help? at the left of the screen, and then follow the prompts to complete your request. Once onboarding support starts, we set up a schedule of online meetings.

During this phase, we discuss the onboarding process, verify data, and set up a kick-off meeting.

Onboarding initiate phase

Assess phase

Once the onboarding process begins, Microsoft works with you to assess your source environment and the requirements. Tools are run to assess your environment, and Microsoft guides you through assessing your on-premises Active Directory, Internet browsers, client devices' operating systems, Domain Name System (DNS), network, infrastructure, and identity system to determine if any changes are required for onboarding.

Microsoft also connects you with guidance about how to drive successful adoption of the eligible services.

Based on your current setup, we provide a remediation plan that brings your source environment up to the minimum requirements for successful onboarding to EMS or its individual cloud services. We also set up appropriate checkpoint calls for the remediation phase.

Onboarding assess phase

Remediate phase

You perform the tasks in the remediation plan on your source environment so that you meet the requirements for onboarding and adopting each service (as needed).

Onboarding remediate phase

Before you begin the Enable phase, we jointly verify the outcomes of the remediation activities to make sure you’re ready to proceed.

Enable phase

When all remediation activities are complete, the project shifts to configuring the core infrastructure for service consumption and to provisioning each eligible EMS cloud service.

Enable phase - Core capabilities

Core onboarding involves service provisioning and tenant and identity integration. It also includes steps for providing a foundation for onboarding online services such as Azure AD Premium and Intune.

Onboarding enable phase - Core capabilities

Onboarding enable phase - Core capabilities

Enable phase - Azure AD Premium

The Azure AD Premium environment can be set up by using the Azure Active Directory Connect tool directory synchronization and Active Directory Federation Services (AD FS) (as needed).

For Azure AD Premium scenarios that include synchronizing on-premises identities to the cloud, we help you by adding IT admins and users to your subscription, configuring management prerequisites, setting up Azure AD Premium, setting up directory synchronization and AD FS using the Azure AD Connect tool, configuring test users, and validating your core use cases for the service.

Azure AD Premium setup includes enabling the following features:

  • Self-Service Password Reset (SSPR).

  • Azure Multi-Factor Authentication (Azure MFA).

  • One Software as a Service (SaaS) application integration with single sign-on (SSO) from the Azure Active Directory Marketplace.

  • Customized logon screen, including logo, text, and images.

  • Self-Service and Dynamic Groups (Groups).

  • Azure Active Directory Application Proxy.

  • Azure Active Directory Connect Health.

  • Identity Protection.

  • Privileged Identity Management.

  • Usage and security reports to administrators.

  • Administrative notification and alerts.

Onboarding enable phase - Azure AD Premium

Enable phase - Intune

For Intune, we guide you through getting ready to use Microsoft Intune to manage devices. The exact steps depend on your source environment and are based on your mobile device and mobile app management needs. The steps can include:

  • Licensing your end users. We also provide assistance on how to activate volume licenses for your Microsoft cloud service tenant (as needed).

  • Configuring identities to be used by Intune by leveraging either your on-premises Active Directory or cloud identities.

  • Adding users to your Intune subscription, defining IT admin roles, and creating user and device groups.

  • Configuring your Mobile Device Management (MDM) authority, based on your management needs, including:

    • Setting Intune as your MDM authority when Intune is your only MDM solution or is in conjunction with Mobile Device Management for Office 365.

    • Setting System Center Configuration Manager as your MDM authority if you have an existing implementation of Configuration Manager and you want to expand its management capabilities with Intune.


      If you only want to leverage MDM over your end-users' owned devices, shared devices, or kiosk-type devices, setting up an MDM authority isn't required.

  • Providing MDM guidance for:

    • Configuring tests groups to be used to validate MDM management policies.

    • Configuring MDM management policies and services like:

      • Application deployment for each supported platform through web links or deep links.

      • Conditional access policies.

      • Deployment of email, wireless networks, and virtual private network (VPN) profiles if you have an existing certificate authority, Wi-Fi or VPN infrastructure in your organization.

      • Setting up the Microsoft Intune Exchange Connector (when applicable).

    • Enrolling devices of each supported platform to your Intune or Configuration Manager with Intune service.

  • Providing Mobile Application Management (MAM) guidance about:

    • Configuring MAM policies for each supported platform.

    • Configuring conditional access policies for managed apps.

    • Targeting the appropriate user groups with the above MAM policies.

    • Using managed-applications usage reports.

  • Providing PC management guidance about:

    • Installing the Intune client software (when needed).

    • Using the software and hardware reports available in Intune.

Microsoft also connects you with guidance about how to drive successful adoption of the eligible services.

Onboarding enable phase - Intune

Onboarding enable phase - Intune

Onboarding enable phase - Intune

Want to learn more?

Enterprise Mobility + Security