Source Environment Expectations

When you use the FastTrack Center Benefit for Enterprise Mobility + Security (EMS) to get Microsoft Azure Active Directory Premium, Microsoft Intune, and Azure Information Protection ready for use, your environment needs to meet the expectations described in the following sections.

You may already have on-premises Active Directory in your organization that you want to integrate with Enterprise Mobility + Security (EMS) or any of its individual services that uses rich identity management from a single console. The FastTrack Center Benefit for Enterprise Mobility + Security (EMS) includes helping you integrate Azure Active Directory with your existing on-premises Active Directory environment.

The following table shows expectations for your existing source environment for on-boarding.

Activity Source environment expectation
Core on-boarding Active Directory forests with the functional forest level set to Windows Server 2008 or above, with the following forest configuration:

- Single Active Directory forest
- Multiple Active Directory forests

Note: For all multiple forests configurations, Active Directory Federation Services (AD FS) deployment is out of scope for the FastTrack Center Benefit.
Azure AD Premium on-boarding The on-premises Active Directory and its environment have been prepared for Azure AD Premium, which includes remediation of identified issues that prevent integration with Azure AD and Azure AD Premium features.
Intune on-boarding IT admins need to have existing Certificate Authority, WiFi, and VPN infrastructures already working in their production environments when planning on deploying WiFi and VPN profiles with Intune.

Note: The service benefit doesn’t include assistance for setting up or configuring Certificate Authorities, WiFi, VPN infrastructures, or Apple MDM push certificates for
Comanagement With Comanagement IT admins are responsible for preparing the on-premises environment, which might include remediation of issues that prevent you from concurrently manage Windows 10 devices using both Configuration Manager and Intune.

Note: The FastTrack service benefit doesn't include assistance for setting up or upgrading Configuration Manager site server and/or Configuration Manager client to the minimum requirements needed to support Comanagement with Windows 10 devices.
Intune integrated with Windows Defender Advanced Threat Protection (Windows Defender ATP) Your Windows Defender ATP subscription has been activated and configured based on your company security requirements.

Note: The FastTrack service benefit provides assistance on integrating Intune with Windows Defender ATP, and creating device compliance policies based on its Windows 10 risk level assessment. The FastTrack service benefit does not provide assistance on purchasing, licensing, activating, or using Windows Defender ATP and its Security Center console.
Windows Autopilot IT admins are responsible for registering their devices to their organization by either having the hardware vendor upload their hardware IDs on their behalf or by uploading it themselves into the Windows Autopilot service.
Deploy Outlook for iOS and Android securely with Intune

- User identities enabled in Azure AD for Office 365.
- Exchange Online or Hybrid Exchange configured with user licenses assigned.
Azure Information Protection (P2 or EMS E5)

Customers should already:
- Use Azure AD.
- Use either Windows or iOS (other OSs are out of scope).
- Use Office clients newer than Office 2010 SP2 that don't rely on Office Online as the main client.
- Have their main file share locations.
- Have upgraded from Active Directory Rights Management Services (AD RMS).
- Have an approved classification taxonomy.
- Understand any regulatory restrictions for their protected key management.
Azure Information Protection scanner

Customers should already:
- Use Windows Server 2012 R2 or Windows Server 2016.
- Have an internet connection.
- Have Microsoft SQL Server 2012 onward in a local or remote instance.
- Have a service account created for their on-premises Active Directory and synchronized with Azure AD.
- Have downloaded AzInfoProtection.exe.
- Have labels configured for Automatic Classification/Protection.


Want to learn more? Enterprise Mobility + Security

Next steps

FastTrack Center Benefit for EMS onboarding phases