产品和功能Products and Capabilities

FastTrack 支持的服务和方案Services and scenarios supported by FastTrack

本主题包含有关 FastTrack 支持的工作负荷方案的详细信息,以及开始之前所需的源环境预期。This topic includes details on the workload scenarios supported by FastTrack and the source environment expectations necessary before we can begin. 根据您的当前设置,我们一起制定修正计划,使源环境达到成功载入的最低要求。Based on your current setup, we work with you to create a remediation plan that brings your source environment up to the minimum requirements for successful onboarding.

FastTrack 提供指导,帮助你首先获得所有 (通用的核心Microsoft Online Services) ,然后载入每个符合条件的服务:FastTrack provides guidance to help you first with core capabilities (common for all Microsoft Online Services) and then with onboarding each eligible service:

备注

若要了解 Office 365 US Government 的源环境预期,请参阅 Office 365 US Government 的源环境预期For information on source environment expectations for Office 365 US Government, see Source Environment Expectations for Office 365 US Government.

常规General

服务Service FastTrack 指南详细信息FastTrack guidance details 源环境预期Source environment expectations
核心入门Core onboarding 我们提供有关核心载入的远程指导,其中包括服务预配、租户和标识集成。We provide remote guidance on core onboarding, which involves service provisioning, tenant, and identity integration. 它还包括为载入服务(如 Exchange Online、SharePoint Online 和 Microsoft Teams)提供基础的步骤,包括有关安全性、网络连接性和合规性 的讨论It also includes steps for providing a foundation for onboarding services like Exchange Online, SharePoint Online, and Microsoft Teams, including a discussion on security, network connectivity, and compliance. 在核心载入完成后,便可以开始载入一个或多个符合条件的服务。Onboarding for one or more eligible services can begin once core onboarding is finished.

标识集成

Identity Integration

我们提供针对:We provide remote guidance for:

  • 准备本地 Active Directory 标识以同步到 Azure Active Directory (Azure AD) 包括安装和配置 Azure AD Connect (单林或多林) 以及许可 (包括基于组的许可) 。Preparing on-premises Active Directory Identities for synchronization to Azure Active Directory (Azure AD) including installing and configuring Azure AD Connect (single- or multi-forest) and licensing (including group-based licensing).
  • 创建云标识,包括批量导入和许可,包括使用基于组的许可。Creating cloud identities including bulk import and licensing including using group-based licensing.
  • 为云旅程、密码哈希同步、传递身份验证或 Active Directory 联合身份验证服务选择和启用正确的身份验证方法 (AD FS) 。Choosing and enabling the correct authentication method for your cloud journey, Password Hash Sync, Pass-through Authentication, or Active Directory Federation Services (AD FS).
  • 为具有单个 Active Directory 林且标识与 Azure AD Connect 工具同步的客户启用 AD FS。Enabling AD FS for customers with a single Active Directory forest and identities synchronized with the Azure AD Connect tool. 这要求Windows Server 2012 R2 Active Directory 联合身份验证服务 2.0 或更大。This requires Windows Server 2012 R2 Active Directory Federation Services 2.0 or greater.
  • 使用密码哈希同步或传递身份验证将身份验证从 AD FS 迁移到 Azure AD。Migrating authentication from AD FS to Azure AD using Password Hash Sync or Pass-through Authentication.
  • 将预集成应用 (如 Azure AD 库软件即服务 (SaaS) 应用) 从 AD FS 迁移到 Azure AD,实现单一登录 (SSO) 。Migrating pre-integrated apps (like Azure AD gallery software-as-a-service (SaaS) apps) from AD FS to Azure AD for single sign-on (SSO).
  • 从 Azure AD 库启用 SaaS 应用与 SSO 的集成。Enabling SaaS app integrations with SSO from the Azure AD gallery.
  • 为预集成 SaaS 应用启用自动用户预配,如应用集成教程列表 (仅限 Azure AD 库 SaaS 应用和仅) 。Enabling automatic user provisioning for pre-integrated SaaS apps as listed in the App integration tutorial list (limited to Azure AD gallery SaaS apps and outbound provisioning only).
网络启用 Network enablement
作为 FastTrack 权益的一部分,我们建议你采用连接到云服务的最佳实践,以确保 Microsoft 365 的最高性能级别。As part of the FastTrack benefit, we advise you as to best practices for connecting to cloud services to ensure the highest levels of performance of Microsoft 365. Active Directory 林 这些功能林级别已设置为 Windows Server 2003 前向,具有以下林配置:Active Directory forests These have the functional forest level set to Windows Server 2003 onward, with the following forest configuration:
  • 单个 Active Directory 林。A single Active Directory forest.
  • 单一 Active Directory 帐户林和资源林(Exchange 和/或 Lync 2010、Lync 2013 或 Skype for Business)拓扑。A single Active Directory account forest and resource forest (Exchange and/or Lync 2010, Lync 2013, or Skype for Business) topologies.
  • 多个 Active Directory 帐户林和资源林(Exchange 和/或 Lync 2010、Lync 2013 或 Skype for Business)拓扑。Multiple Active Directory account forests and resource forest (Exchange and/or Lync 2010, Lync 2013, or Skype for Business) topologies.
  • 多个 Active Directory 帐户林,其中的一个林是一个含有 Exchange 和/或 Lync 2010、Lync 2013 或 Skype for Business 的集中式 Active Directory 帐户林。Multiple Active Directory account forests with one of the forests being a centralized Active Directory account forest that includes Exchange and/or Lync 2010, Lync 2013, or Skype for Business.
  • 多个 Active Directory 帐户林,每一个都有自己的 Exchange 组织。Multiple Active Directory account forests, each with its own Exchange organization.
  • 租户配置和与 Azure Active Directory 集成所需的任务(如果需要)。Tasks required for tenant configuration and integration with Azure Active Directory, if needed.
重要 Important
  • 对于多林 Active Directory 方案,如果部署了 Lync 2010、Lync 2013 或 Skype for Business,则必须将其部署在与 Exchange 相同的 Active Directory 林中。For multi-forest Active Directory scenarios, if Lync 2010, Lync 2013, or Skype for Business is deployed, it must be deployed in the same Active Directory forest as Exchange.
  • 在 Exchange 多混合配置中使用多个 Exchange 组织实现多个 Active Directory 林时,不支持在源林之间 (UPN) 命名空间的共享用户主体名称。When implementing multiple Active Directory forests with multiple Exchange organizations in an Exchange multi-hybrid configuration, shared user principal name (UPN) namespaces between source forests aren't supported. Exchange 组织之间的主要 SMTP 命名空间也应该进行分隔。Primary SMTP namespaces between Exchange organizations should also be separated. 有关详细信息,请参阅 具有多个 Active Directory 林的混合部署For more information, see Hybrid deployments with multiple Active Directory forests.
  • 对于所有多林配置,Active Directory 联合身份验证服务 (AD FS) 超出了范围。For all multiple forests configurations, Active Directory Federation Services (AD FS) deployment is out of scope. 请与 Microsoft 合作伙伴联系 ,以寻求帮助。Contact a Microsoft Partner for assistance with this.
Microsoft 365 应用版Microsoft 365 Apps 我们提供远程部署指南,用于:We provide remote deployment guidance for:
  • 解决部署问题。Addressing deployment issues.
  • 使用 Microsoft 365 管理中心和 Windows PowerShell 分配基于最终用户和设备的许可证。Assigning end-user and device-based licenses using the Microsoft 365 admin center and Windows PowerShell.
  • 使用即点即用从 Office 365 门户安装 Microsoft 365 应用版。Installing Microsoft 365 Apps from the Office 365 portal using Click-to-Run.
  • 在 iOS 或 Android 设备上安装 Office Mobile 应用(如 Outlook Mobile、Word Mobile、Excel Mobile 和 PowerPoint Mobile)。Installing Office Mobile apps (like Outlook Mobile, Word Mobile, Excel Mobile, and PowerPoint Mobile) on your iOS or Android devices.
  • 使用 Office 365 部署工具配置更新设置。Configuring update settings using the Office 365 Deployment Tool.
  • 本地或云安装的选择和设置。Selection and setup of a local or cloud installation.
  • 使用 Office 自定义工具或用于配置部署包的本地 XML 创建 Office 部署工具配置 XML。Creation of the Office Deployment Tool configuration XML with the Office Customization Tool or native XML to configure the deployment package.
  • 使用 Microsoft Endpoint Configuration Manager 的部署,包括帮助创建 Microsoft Endpoint Configuration Manager 打包。Deployment using Microsoft Endpoint Configuration Manager, including assistance with the creation of Microsoft Endpoint Configuration Manager packaging. 此外,如果你有使用 Office 早期版本的宏或外接程序,并且你遇到兼容性问题,我们会指导你通过应用保证计划免费修复兼容性问题。Additionally, if you have a macro or add-in that worked with prior versions of Office and you experience compatibility issues, we provide guidance to remediate the compatibility issue at no additional cost through the App Assure program. 有关详细信息, 请参阅 Windows 10 的应用保证部分。See the App Assure portion of Windows 10 for more details.
网络运行状况Network health 我们提供远程指导,以便从你的环境中获取和解释关键网络连接数据,表明组织的网站如何与 Microsoft 的网络连接 原则保持一致We provide remote guidance with obtaining and interpreting key network connectivity data from your environment showing how aligned your organization’s sites are to Microsoft’s principles of network connectivity. 这突出显示了直接影响迁移速度、用户体验、服务性能和可靠性的网络分数。This highlights your network score which directly impacts migration velocity, user experience, service performance, and reliability. 我们还指导你完成此数据突出显示的任何修正步骤,以帮助你提高网络分数。We also guide you through any remediation steps highlighted by this data to help you improve your network score.

安全性和合规性Security and Compliance

服务Service FastTrack 指南详细信息FastTrack guidance details 源环境预期Source environment expectations
Azure Active Directory (Azure AD) 和 Azure AD PremiumAzure Active Directory (Azure AD) and Azure AD Premium 我们针对以下方案提供用于保护云标识的远程指南。We provide remote guidance for securing your cloud identities for the following scenarios.


安全的基础基础结构

Secure foundation infrastructure

  • 为标识配置和启用强身份验证,包括使用 Azure 多重身份验证 (MFA) (云仅) 、Microsoft Authenticator 应用以及 Azure MFA 和自助服务密码重置联合注册 (SSPR) 进行保护。Configuring and enabling strong authentication for your identities, including protecting with Azure Multi-Factor Authentication (MFA) (cloud only), the Microsoft Authenticator app, and combined registration for Azure MFA and self-service password reset (SSPR).
  • 对于非 Azure AD Premium 客户,提供了使用安全默认值保护标识的指南。For non-Azure AD Premium customers, guidance is provided to secure your identities using security defaults.
  • 对于 Azure AD 高级客户,提供了使用条件访问保护标识的指南。For Azure AD premium customers, guidance is provided to secure your identities with Conditional Access.
  • 通过 Azure AD 密码保护检测和阻止使用弱密码。Detecting and blocking the use of weak passwords with Azure AD Password Protection.
  • 使用 Azure AD 应用程序代理保护对本地 Web 应用的远程访问。Securing remote access to on-premises web apps with Azure AD Application Proxy.
  • 使用 Azure Identity Protection 启用基于风险的检测和修正。Enabling risk-based detection and remediation with Azure Identity Protection.
  • 启用自定义登录屏幕,包括徽标、文本和具有自定义品牌的图像。Enabling a customized sign-in screen, including logo, text, and images with custom branding.
  • 使用 Azure AD B2B 安全地与来宾用户共享应用和服务。Securely sharing apps and services with guest users using Azure AD B2B.
  • 使用基于角色的访问控制 (RBAC) 内置管理角色管理 Office 365 管理员的访问权限,并减少特权管理员帐户的数量。Managing access for your Office 365 admins using role-based access control (RBAC) built-in administrative roles and to reduce the number of privileged admin accounts.
  • 配置混合 Azure AD 加入。Configuring hybrid Azure AD join.
  • 配置 Azure AD 加入。Configuring Azure AD join.
监视和报告 Monitor and reporting
  • 使用 Azure AD Connect Health 为 AD FS、Azure AD Connect 和域控制器启用远程监视。Enabling remote monitoring for AD FS, Azure AD Connect, and domain controllers with Azure AD Connect Health.
治理 Governance
  • 使用 Azure AD 权利管理大规模管理 Azure AD 标识和访问生命周期。Managing your Azure AD identity and access lifecycle at scale with Azure AD entitlement management.
  • 通过 Azure AD 访问评审管理 Azure AD 组成员身份、企业应用访问权限和角色分配。Managing Azure AD group memberships, enterprise app access, and role assignments with Azure AD access reviews.
  • 查看 Azure AD 使用条款。Reviewing Azure AD Terms of Use.
  • 使用 Azure AD Privileged Identity Management 管理和控制对特权管理员帐户的访问。Managing and controlling access to privileged admin accounts with Azure AD Privileged Identity Management.
自动化和效率 Automation and efficiencies
  • 启用 Azure AD SSPR。Enabling Azure AD SSPR.
  • 允许用户使用 Azure AD 自助服务组管理创建和管理自己的云安全或 Office 365 组。Allowing users to create and manage their own cloud security or Office 365 groups with Azure AD self-service group management.
  • 使用 Azure AD 委派组管理管理企业应用的委派访问权限。Managing delegated access to enterprise apps with Azure AD delegated group management.
  • 启用 Azure AD 动态组。Enabling Azure AD dynamic groups.
  • 使用集合在"我的应用程序"门户中组织应用。Organizing apps in the My Apps portal using collections.
本地 Active Directory 及其环境已针对 Azure AD Premium 做好准备,包括修复阻止与 Azure AD 和 Azure AD Premium 功能集成的已识别问题。The on-premises Active Directory and its environment have been prepared for Azure AD Premium, including remediation of identified issues that prevent integration with Azure AD and Azure AD Premium features.
Azure 信息保护 Azure Information Protection 我们提供针对:We provide remote guidance for:
  • 激活和配置租户。Activating and configuring your tenant.
  • 创建和设置标签和策略。Creating and setting up labels and policies.
  • 向文档应用信息保护。Applying information protection to documents.
  • 自动对在 Windows 上运行的 Office 应用(如Word、PowerPoint、Excel 和 Outlook)中的信息进行分类和标记,并使用 Azure 信息保护客户端。Automatically classifying and labeling information in Office apps (like Word, PowerPoint, Excel, and Outlook) running on Windows and using the Azure Information Protection client.
  • 使用 Azure 信息保护扫描程序发现并标记其余文件。Discovering and labeling files at rest using the Azure Information Protection scanner.
  • 使用 Exchange Online 邮件流规则监视传输中的电子邮件。Monitoring emails in transit using Exchange Online mail flow rules.
如果你希望使用 Microsoft Azure 权限管理服务 (Azure RMS) 、Office 365 邮件加密 (OME) 和数据丢失防护 (DLP) ,我们还会提供指导。We also provide guidance if you want to apply protection using Microsoft Azure Rights Management Services (Azure RMS), Office 365 Message Encryption (OME), and data loss prevention (DLP).
客户先决条件职责包括:Customer prerequisite responsibilities include:
  • 要扫描的文件共享位置的列表。A list of file share locations to be scanned.
  • 批准的分类分类。An approved classification taxonomy.
  • 了解有关密钥管理的任何监管限制或要求。Understanding of any regulatory restriction or requirements regarding key management.
  • 为本地 Active Directory 创建的已与 Azure AD 同步的服务帐户。A service account created for your on-premises Active Directory that has been synchronized with Azure AD.
  • 为分类和保护配置的标签。Labels configured for classification and protection.
  • Azure 信息保护扫描程序的所有先决条件都已到位。All prerequisites for the Azure Information Protection scanner are in place. 有关详细信息,请参阅安装和部署 Azure 信息保护 统一标签扫描程序的先决条件。For more information, see Prerequisites for installing and deploying the Azure Information Protection unified labeling scanner.
  • 确保用户设备正在运行受支持的操作系统,并且已安装必要的必备组件。Ensure user devices are running a supported operating system and have the necessary prerequisites installed. 有关详细信息,请参阅以下内容。See the following for more details.
  • 安装和配置 Azure RMS 连接器和服务器(包括 Active Directory RMS (AD RMS) 连接器,实现混合支持。Installation and configuration of the Azure RMS connector and servers including the Active Directory RMS (AD RMS) connector for hybrid support.
  • 设置和配置仅自带密钥 (BYOK) 、双密钥加密 (DKE) (统一标记客户端) 或仅保留您自己的密钥 (HYOK) (经典客户端) (如果部署需要这些选项之一)。Setup and configuration of Bring Your Own Key (BYOK), Double Key Encryption (DKE) (unified labeling client only), or Hold Your Own Key (HYOK) (classic client only) should you require one of these options for your deployment.
Microsoft 365 DefenderMicrosoft 365 Defender

Microsoft 365 Defender 是一个统一的入侵前和入侵后企业防御套件,可本机协调跨终结点、标识、电子邮件和应用进行检测、预防、调查和响应,以提供针对复杂攻击的集成保护。Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and apps to provide integrated protection against sophisticated attacks. 我们提供针对:We provide remote guidance for:

  • 提供 Microsoft 365 安全中心概述。Providing an overview of the Microsoft 365 security center.
  • 查看跨产品事件,包括通过确保完全攻击范围、受影响的资产和分组在一起的自动修正操作来重点关注关键事件。Reviewing cross-product incidents, including focusing on what's critical by ensuring the full attack scope, impacted assets, and automated remediation actions that are grouped together.
  • 演示 Microsoft 365 Defender 如何协调对资产、用户、设备和邮箱的调查,这些资产、用户、设备和邮箱可能通过自动自我修复而遭到入侵。Demonstrating how Microsoft 365 Defender can orchestrate the investigation of assets, users, devices, and mailboxes that might have been compromised through automated self-healing.
  • 解释并提供客户如何主动搜寻跨多个数据集影响电子邮件、数据、设备和帐户的入侵尝试和入侵活动的示例。Explaining and providing examples of how customers can proactively hunt for intrusion attempts and breach activity affecting your email, data, devices, and accounts across multiple data sets.
  • 显示客户如何使用 Microsoft 安全分数全面查看和改进其安全状况。Showing customers how they can review and improve their security posture holistically using Microsoft Secure Score.

以下内容超出范围The following is out of scope

  • 客户补救活动的项目管理。Project management of the customer's remediation activities.
  • 持续管理、威胁响应和修正。Ongoing management, threat response, and remediation.
  • 部署指南或教育::Deployment guidance or education on:
    • 如何修正或解释各种警报类型和受监视的活动。How to remediate or interpret the various alert types and monitored activities.
    • 如何调查用户、计算机、横向移动路径或实体。How to investigate a user, computer, lateral movement path, or entity.
    • 自定义威胁搜寻。Custom threat hunting.
  • SIEM 或 API 集成 (安全) 事件管理。Security information and event management (SIEM) or API integration.
Microsoft Cloud App SecurityMicrosoft Cloud App Security Microsoft Cloud App Security 是云访问安全代理 (CASB) ,可提供丰富的可见性、控制数据旅行和复杂的分析,以识别和防御所有 Microsoft 和第三方云服务中的网络威胁。Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across all your Microsoft and third-party cloud services. 我们提供针对:We provide remote guidance for:
  • 配置门户,包括:Configuring the portal, including:
    • 导入用户组。Importing user groups.
    • 管理管理员访问权限和设置。Managing admin access and settings.
    • 将部署范围确定为选择要监视或排除在监控范围中的特定用户组。Scoping your deployment to select certain user groups to monitor or exclude from monitoring.
    • 设置 IP 范围和标记。Setting IP ranges and tags.
    • 使用徽标和自定义消息个性化最终用户体验。Personalizing the end-user experience with your logo and custom messaging.
  • 设置云发现以使用:Setting up cloud discovery to provide shadow IT using:
    • 适用于终结点的 Microsoft Defender。Microsoft Defender for Endpoints.
    • Zscaler。Zscaler.
    • iboss。iboss.
  • 使用 应用连接器 连接特色应用。Connecting featured apps using app connectors.
  • 在条件访问和云应用安全门户中设置条件访问应用控件,以应用实时会话控件。Setting up Conditional Access App Control in the Conditional Access and Cloud App Security portals to apply real time session controls.
  • 部署 Cloud App Security 和 Cloud Discovery 仪表板。Deploying the Cloud App Security and Cloud Discovery dashboards.
  • 根据组织优先级自定义应用风险评分。Customizing app risk scores based on your organization’s priorities.
  • 创建应用标记和类别。Creating app tags and categories.
  • 批准和取消批准应用。Sanctioning and unsanctioning apps.
  • 使用活动和文件日志。Using the activity and file logs.
  • 管理 OAuth 应用。Managing OAuth apps.
  • 了解 Microsoft 365 Defender 门户中的事件相关性。Understanding incident correlation in the Microsoft 365 Defender portal.
  • CASB 的前 20 个用例提供配置帮助 (包括创建或更新多达 6 (6) 策略,) 除外:Providing configuration assistance with the top 20 use cases for CASBs (including the creation or updating of up to six (6) policies) except:
    • 审核 IaaS (18) 环境 (#18) 。Auditing the configuration of your internet as a service (IaaS) environments (#18).
    • 监视用户活动,防止 IaaS 环境中的威胁 (#19) 。Monitoring user activities to protect against threats in your IaaS environments (#19).

以下内容超出范围The following is out of scope

  • 客户补救活动的项目管理。Project management of the customer's remediation activities.
  • 持续管理、威胁响应和修正。Ongoing management, threat response, and remediation.
  • 使用 Docker 或日志收集器为连续报告设置自动日志上载的基础结构、安装或部署。Setting up the infrastructure, installation, or deployment of automatic log uploads for continuous reports using Docker or a log collector. 有关详细信息 ,请参阅 CASB 的前 20 个用例。See Top 20 use cases for CASBs for more details.
  • 创建云发现快照报告。Creating a Cloud Discovery snapshot report.
  • 使用阻止脚本阻止应用使用。Blocking app usage using block scripts.
  • 连接自定义应用。Connecting custom apps.
  • 与第三方标识提供程序 (DLP) 提供程序 (数据丢失防护) ISP。Integrating with third-party identity providers (IsPs) and data loss prevention (DLP) providers.
  • 有关高级搜寻的培训或指导。Training or guidance covering advanced hunting.
  • 自动调查和修正,包括 Microsoft Power Automate 手册。Automated investigation and remediation including Microsoft Power Automate playbooks.
  • SIEM (或 API 集成) 安全信息和事件 (包括 Azure Sentinel) 。Security information and event management (SIEM) or API integration (including Azure Sentinel).
  • 部署云应用发现作为概念证明。Deploying Cloud App Discovery as a proof of concept.
Microsoft Defender 高级威胁防护 (ATP)Microsoft Defender Advanced Threat Protection (ATP) Microsoft Defender 高级威胁防护 (ATP) 是旨在帮助企业网络预防、检测、调查和响应高级威胁的平台。Microsoft Defender Advanced Threat Protection (ATP) is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. 我们提供针对:We provide remote guidance for:
  • 部署技术以确保终结点安全。Deploying the technologies to secure your endpoints.
  • 配置终结点保护和设备限制配置文件。Configuring endpoint protection and device restriction profiles.
  • 评估操作系统版本和设备管理 (包括 Intune、Microsoft Endpoint Configuration Manager、组策略对象 (GPO) 和第三方配置) 以及 Windows Defender AV 服务或其他终结点安全软件的状态。Assessing the OS version and device management (including Intune, Microsoft Endpoint Configuration Manager, Group Policy Objects (GPOs), and third-party configurations) as well as the status of your Windows Defender AV services or other endpoint security software.
  • 评估 Windows AV 服务或其他终结点安全软件的状态。Assessing the status of your Windows AV services or other endpoint security software.
  • 评估限制网络流量的代理和防火墙。Assessing proxies and firewalls restricting network traffic.
  • 通过说明如何使用载入终结点部署 ATP 代理配置文件来启用 Microsoft Defender ATP 服务。Enabling the Microsoft Defender ATP service by explaining how to deploy an ATP agent profile using an onboard endpoint.
  • 部署指南、配置帮助和教育:Deployment guidance, configuration assistance, and education on:
    • 威胁和漏洞管理。Threat and vulnerability management.
    • 攻击面减少。Attack surface reduction.
    • 新一代保护。Next-generation protection.
    • 终结点检测和响应。Endpoint detection and response.
    • 自动调查和修复。Automated investigation and remediation.
    • 安全功能分数。Secure score.
  • 查看模拟和教程 (方案、假恶意软件和自动调查等) 。Reviewing simulations and tutorials (like practice scenarios, fake malware, and automated investigations).
  • 报告和威胁分析功能概述。Overview of reporting and threat analytics features.
  • 将 Office 365 ATP 与 Microsoft Defender ATP 集成。Integrating Office 365 ATP with Microsoft Defender ATP.
  • 在 Microsoft Defender 安全中心门户中执行演练。Conduct walkthroughs of the Microsoft Defender Security Center portal.
  • 以下操作系统:The following operating systems:
    • Windows 10。Windows 10.
    • Windows Server 2016。Windows Server 2016.
    • Windows Server 2019。Windows Server 2019.
    • Windows Server 2019 Core Edition。Windows Server 2019 Core Edition.
    • Windows Server Semi-Annual Channel (SAC) 版本 1803。Windows Server Semi-Annual Channel (SAC) version 1803.
    • macOS 版本 10.13、10.14 和 10.15。macOS versions 10.13, 10.14, and 10.15.
注意: 所有 Windows Server 版本都必须由最新版本的 System Center Configuration Manager 2012 (版本 1012 R2、1511 或 1602) 或 Microsoft Endpoint Configuration Manager (版本 2002 或) 管理。 Note: All Windows Server versions must be managed by the latest version of System Center Configuration Manager 2012 (versions 1012 R2, 1511, or 1602) or Microsoft Endpoint Configuration Manager (version 2002 or greater).

以下内容超出范围

The following is out of scope

  • 客户补救活动的项目管理。Project management of the customer's remediation activities.
  • 现场支持。On-site support.
  • 持续管理和威胁响应。Ongoing management and threat response.
  • 以下 Microsoft Defender ATP 代理的加入或配置:Onboarding or configuration for the following Microsoft Defender ATP agents:
    • Windows Server 2008。Windows Server 2008.
    • Windows Server 2012。Windows Server 2012.
    • Linux。Linux.
    • Android 和 iOS (移动设备) 。Mobile devices (Android and iOS).
  • 服务器载入和配置:Server onboarding and configuration:
    • 为脱机通信配置代理服务器。Configuring a proxy server for offline communications.
    • 在下层 Configuration Manager 实例和版本上配置 Configuration Manager 部署包。Configuring Configuration Manager deployment packages on down-level Configuration Manager instances and versions.
    • 将服务器载入 Azure 安全中心。Onboarding servers to Azure Security Center.
    • 不由 Configuration Manager 管理的服务器。Servers not managed by Configuration Manager.
  • macOS 载入和配置:macOS onboarding and configuration:
    • 基于 Intune 的手动部署。Manual Intune-based deployment.
    • 基于 JAMF 的部署。JAMF-based deployment.
    • MDM 的其他移动设备管理 () 基于产品的部署。Other mobile device management (MDM) product-based deployment.
    • 手动部署。Manual deployment.
  • 配置以下攻击面减少功能:Configuration of the following attack surface reduction capabilities:
    • 基于硬件的隔离。Hardware-based isolation.
    • 应用控件。App control.
    • Exploit Protection。Exploit protection.
    • 网络防火墙。Network firewall.
  • 注册或配置 Microsoft 威胁专家。Enrollment or configuration of Microsoft Threat Experts.
  • 在 SIEM 连接中查看 API 或安全信息 (或) 培训。Configuration or training reviewing API or security information and event management (SIEM) connections.
  • 注册或配置 Microsoft 威胁防护 (MTP)。Enrollment or configuration of Microsoft Threat Protection (MTP).
  • 有关高级搜寻的培训或指导。Training or guidance covering advanced hunting.
  • 有关使用或创建 Kusto 查询的培训或指南。Training or guidance covering the use of or creation of Kusto queries.
请与 Microsoft 合作伙伴联系 ,获得这些服务的帮助。Contact a Microsoft Partner for assistance with these services.
Microsoft Defender for Identity Microsoft Defender for Identity Microsoft Defender for Identity 是一种基于云的安全解决方案,可利用本地 Active Directory 信号来识别、检测和调查针对组织的高级威胁、已遭入侵标识和恶意内部行为。Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. 我们提供针对:We provide remote guidance for:
  • 创建 Defender for Identity 实例。Creating your instance of Defender for Identity.
  • 将 Defender for Identity 连接到 Active Directory。Connecting Defender for Identity to Active Directory.
  • 评估环境在域控制器上部署 Defender for Identity 传感器的准备情况,包括:Assessing the readiness of your environment to deploy the Defender for Identity sensor on your domain controllers, including:
    • 运行资源容量规划大小工具。Running the sizing tool for resource capacity planning.
    • 运行审核工具来评估域控制器与传感器的兼容性。Running the auditing tool to assess the compatibility of your domain controllers with the sensor.
  • 部署传感器以直接从域控制器捕获和分析网络流量和 Windows 事件,包括:Deploying the sensor to capture and parse network traffic and Windows events directly from your domain controllers, including:
    • 下载传感器包。Downloading the sensor package.
    • 配置传感器。Configuring the sensor.
    • 以静默方式在域控制器上安装传感器。Installing the sensor on your domain controller silently.
    • 将传感器部署到多林环境。Deploying the sensor to your multi-forest environment.
  • 无需将 Defender for Identity 与 Microsoft Cloud App Security (云应用安全许可) 。Integrating Defender for Identity with Microsoft Cloud App Security (Cloud App Security licensing isn't required).
  • 提供部署指南、配置帮助和教育::Providing deployment guidance, configuration assistance, and education on:
    • 调整环境以减少"噪音"。Tuning the environment to reduce “noise.”
    • 了解标识安全状态评估报告。Understanding the identity security posture assessment report.
    • 了解用户调查优先级分数和用户调查排名报告。Understanding the user Investigation priority score and user Investigation ranking report.
    • 了解非活动用户报告。Understanding the inactive user report.
    • 在遭到入侵的帐户上提供修正选项。Providing remediation options on a compromised account.
  • 推动从高级威胁分析 (ATA) Defender for Identity。Facilitating the migration from Advanced Threat Analytics (ATA) to Defender for Identity.

以下内容超出范围The following is out of scope

  • 客户补救活动的项目管理。Project management of the customer's remediation activities.
  • 持续管理、威胁响应和修正。Ongoing management, threat response, and remediation.
  • 部署 Defender for Identity 传感器,包括:Deploying the Defender for Identity sensor, including:
    • 手动容量规划。Manual capacity planning.
    • 以独立容量部署传感器。Deploying the sensor in a standalone capacity.
    • 使用网络接口卡和 NIC (适配器) 传感器。Deploying the sensor using a Network Interface Card (NIC) Teaming adaptor.
    • 通过第三方工具部署传感器。Deploying the sensor through a third-party tool.
    • 通过 Web 代理连接连接到 Defender for Identity 云服务。Connecting to the Defender for Identity cloud service through a web proxy connection.
  • 创建和管理 honeytokens。Creation and management of honeytokens.
  • 部署指南或教育::Deployment guidance or education on:
    • 修正或解释各种警报类型和监视的活动。Remediating or interpreting various alert types and monitored activities.
    • 调查用户、计算机、横向移动路径或实体。Investigating a user, computer, lateral movement path, or entity.
    • 威胁或高级搜寻。Threat or advanced hunting.
    • 事件响应。Incident response.
  • 为 Defender for Identity 提供安全警报实验室教程。Providing a security alert lab tutorial for Defender for Identity.
  • 当 Defender for Identity 检测到可疑活动时,通过指定的传感器向 syslog 服务器发送安全警报,从而提供通知。Providing notification when Defender for Identity detects suspicious activities by sending security alerts to your syslog server through a nominated sensor.
  • 将 Defender for Identity 配置为使用安全帐户管理器远程 (SAMR) 协议执行查询,以标识特定计算机上的本地管理员。Configuring Defender for Identity to perform queries using security account manager remote (SAMR) protocol to identify local admins on specific machines.
  • 配置 VPN 解决方案以将信息从 VPN 连接添加到用户配置文件页面。Configuring VPN solutions to add information from the VPN connection to a user’s profile page.
  • SIEM (或 API 集成) 安全信息和事件 (包括 Azure Sentinel) 。Security information and event management (SIEM) or API integration (including Azure Sentinel).
  • 部署 Defender for Identity 传感器作为概念证明。Deploying Defender for Identity sensors as a proof of concept.
  • 已部署 Active Directory。Active Directory deployed.
  • 打算安装 Defender for Identity 传感器的域控制器具有与 Defender for Identity 云服务的 Internet 连接。The domain controllers you intend to install Defender for Identity sensors on have internet connectivity to the Defender for Identity cloud service.
    • 防火墙和代理必须处于打开状态,以与 Defender for Identity 云服务通信 (\*.atp.azure.com 端口 443 必须) 。Your firewall and proxy must be open to communicate with the Defender for Identity cloud service (\*.atp.azure.com port 443 must be open).
  • 在下列其中一个上运行的域控制器:Domain controllers running on one of the following:
    • Windows Server 2008 R2 SP1。Windows Server 2008 R2 SP1.
    • Windows Server 2012。Windows Server 2012.
    • Windows Server 2012 R2。Windows Server 2012 R2.
    • Windows Server 2016。Windows Server 2016.
    • Windows Server 2019 KB4487044 (操作系统版本 17763.316) 。Windows Server 2019 with KB4487044 (OS Build 17763.316).
Microsoft 信息管控Microsoft Information Governance 我们提供针对:We provide remote guidance for:
  • 保留标签和策略。Retention labels and policies.
  • 记录管理。Records management.
  • 删除策略。Deletion policies.
  • 通信合规性。Communication compliance.
  • 内部风险管理。Insider risk management.
  • 高级电子数据展示。Advanced eDiscovery.

以下内容超出范围

The following is out of scope

  • 开发记录管理文件计划。Development of a records management file plan.
  • 数据连接器。Data connectors.
  • 信息屏障。Information barriers.
  • 特权访问管理。Privileged access management.
  • 在 SharePoint 中开发信息体系结构。Development of information architecture in SharePoint.
  • 自定义脚本和编码。Custom scripting and coding.
除" 常规"中的核心 载入 部分外,没有最低系统要求。Aside from the Core onboarding portion in General, there are no minimum system requirements.
Microsoft 信息保护Microsoft Information Protection 我们提供针对:We provide remote guidance for:
  • 数据分类。Data classification.
  • 敏感信息类型。Sensitive information types.
  • 创建敏感度标签。Creating sensitivity labels.
  • 应用敏感度标签。Applying sensitivity labels.
  • 统一标记。Unified labeling.
  • 可训练的分类器。Trainable classifiers.
  • 通过内容浏览器和活动浏览器了解你的数据。Knowing your data with content explorer and activity explorer.
  • 使用策略来发布标签(手动和自动)。Publishing labels using policies (manual and automatic).
  • 创建针对 Microsoft Teams 聊天和频道的数据丢失防护 (DLP) 策略。Creating data loss prevention (DLP) policies for Microsoft Teams chats and channels.
  • 为 Windows 10 设备创建终结点 DLP 策略。Creating Endpoint DLP policies for Windows 10 devices.

以下内容超出范围

The following is out of scope

  • 客户密钥。Customer key.
  • RegEx (正则表达式) 敏感信息类型的开发。Custom regular expressions (RegEx) development for sensitive information types.
  • 创建或修改关键字词典。Creation or modification of keyword dictionaries.
  • 自定义脚本和编码。Custom scripting and coding.
注意: 有关详细信息,请参阅企业移动性 + 安全性中的 Azure 信息保护 Note: For more information, see Azure Information Protection in Enterprise Mobility + Security.
除" 常规"中的核心 载入 部分外,没有最低系统要求。Aside from the Core onboarding portion in General, there are no minimum system requirements.
Microsoft IntuneMicrosoft Intune 我们提供有关准备好使用 Intune 作为基于云的移动设备管理 (MDM) 和移动应用管理 (MAM) 提供程序的远程指导。We provide remote guidance on getting ready to use Intune as the cloud-based mobile device management (MDM) and mobile app management (MAM) provider for your apps and devices. 具体步骤取决于你的源环境,并且基于你的移动设备和移动应用管理需求。The exact steps depend on your source environment and are based on your mobile device and mobile app management needs. 所包含的具体步骤如下:The steps can include:
  • 许可最终用户。Licensing your end users.
  • 通过利用本地 Active Directory 或 Azure AD (云标识配置由 Intune 使用的) 。Configuring identities to be used by Intune by leveraging either your on-premises Active Directory or cloud identities (Azure AD).
  • 将 Intune 订阅添加到用户,定义 IT 管理角色并创建用户和设备组。Adding users to your Intune subscription, defining IT admin roles, and creating user and device groups.
  • 根据管理需求配置 MDM 颁发机构,包括:Configuring your MDM authority, based on your management needs, including:
    • 如果 Intune 是唯一的 MDM 解决方案,将 Intune 设置为 MDM 颁发机构。Setting Intune as your MDM authority when Intune is your only MDM solution.
  • 为以下操作提供 MDM 指南:Providing MDM guidance for:
    • 配置用于验证 MDM 管理策略的测试组。Configuring tests groups to be used to validate MDM management policies.
    • 配置 MDM 管理策略和服务,如:Configuring MDM management policies and services like:
      • 通过 Web 链接或深层链接针对每个受支持的平台进行应用部署。App deployment for each supported platform through web links or deep links.
      • 条件访问策略。Conditional Access policies.
      • 如果组织中已有证书颁发机构、无线网络或 VPN 基础结构,则部署电子邮件、无线网络和 VPN 配置文件。Deployment of email, wireless networks, and VPN profiles if you have an existing certificate authority, wireless network, or VPN infrastructure in your organization.
      • 连接到 Intune 数据仓库。Connecting to the Intune Data Warehouse.
      • 将 Intune 与以下内容进行集成:Integrating Intune with:
        • 使用团队查看器订阅 (远程协助的团队查看器) 。Team Viewer for remote assistance (a Team Viewer subscription is required).
        • 移动威胁防护 (MTD) 需要 (MTD 订阅的合作伙伴解决方案) 。Mobile Threat Defense (MTD) partner solutions (an MTD subscription is required).
        • 需要电信费用管理解决方案 (电信费用管理解决方案订阅) 。A telecom expense management solution (a telecom expense management solution subscription is required).
        • 需要 Microsoft Defender ATP (Windows E5 或 Microsoft 365 E5 许可证才能) 。Microsoft Defender ATP (Windows E5 or Microsoft 365 E5 licenses are required).
      • 将每个受支持平台的设备注册到 Intune。Enrolling devices of each supported platform to Intune.
  • 提供应用保护指南,Providing app protection guidance on:
    • 为每个受支持的平台配置应用保护策略。Configuring app protection policies for each supported platform.
    • 为托管应用配置条件访问策略。Configuring Conditional Access policies for managed apps.
    • 使用前面提到的 MAM 策略面向相应的用户组。Targeting the appropriate user groups with the previously mentioned MAM policies.
    • 使用托管应用使用情况报告。Using managed-apps usage reports.
  • 提供从旧版电脑管理到 Intune MDM 的迁移指南。Providing migration guidance from legacy PC management to Intune MDM.
注意:自 2020 年 10 月 15 日起,不再支持旧版电脑管理。 Note: Legacy PC management is no longer supported from October 15, 2020 onward. 云附加 Cloud-attach

我们指导你准备好使用 Intune 云附加现有 Configuration Manager 环境。We guide you through getting ready to cloud-attach existing Configuration Manager environments with Intune. 具体步骤取决于源环境。The exact steps depend on your source environment. 这些步骤包括:These steps can include:

  • 许可最终用户。Licensing your end users.
  • 通过利用本地 Active Directory 和云标识,配置供 Intune 使用的标识。Configuring identities to be used by Intune by leveraging your on-premises Active Directory and cloud identities.
  • 将 Intune 订阅添加到用户,定义 IT 管理角色并创建用户和设备组。Adding users to your Intune subscription, defining IT admin roles, and creating user and device groups.
  • 提供设置混合 Azure AD 加入的指南。Providing guidance setting up hybrid Azure AD join.
  • 提供有关为 MDM 自动注册设置 Azure AD 的指南。Providing guidance on setting up Azure AD for MDM auto-enrollment.
  • 提供有关如何设置云管理网关的指南。Providing guidance on how to set up cloud management gateway.
  • 配置要切换到 Intune 的受支持工作负载。Configuring supported workloads that you want to switch to Intune.
  • 在 Intune 注册的设备中安装 Configuration Manager 客户端。Installing the Configuration Manager client on Intune-enrolled devices.

安全地部署适用于 iOS 和 Android 的 Outlook 移动版 我们可以提供指导,帮助你在组织中安全地部署适用于 iOS 和 Android 的 Outlook 移动版,以确保用户已安装所有必需的应用。Deploy Outlook mobile for iOS and Android securely We can provide guidance to help you deploy Outlook mobile for iOS and Android securely in your organization to ensure your users have all the required apps installed.
使用 Intune 安全部署适用于 iOS 和 Android 的 Outlook 移动版的步骤取决于源环境。The steps to securely deploy Outlook mobile for iOS and Android with Intune depends on your source environment. 它可以包括:It can include:

  • 通过 Apple App Store 或 Google Play 商店下载 Outlook for iOS 和 Outlook for Android、Microsoft Authenticator 和 Intune 公司门户应用。Downloading the Outlook for iOS and Android, Microsoft Authenticator, and Intune Company Portal apps through the Apple App Store or Google Play Store.
  • 提供有关设置的指导:Providing guidance on setting up:
    • 使用 Intune 部署 Outlook for iOS 和 Outlook for Android、Microsoft Authenticator 和 Intune 公司门户应用。The Outlook for iOS and Android, Microsoft Authenticator, and Intune Company Portal apps deployment with Intune.
    • 应用保护策略。App protection policies.
    • 条件访问策略。Conditional Access policies.
    • 应用配置策略。App configuration policies.
注意:FastTrack 不支持使用 Exchange 移动设备邮箱策略保护 Outlook for iOS 和 Outlook for Android。Note: FastTrack doesn’t support securing Outlook for iOS and Android with Exchange mobile device mailbox policies. 请与 Microsoft 合作伙伴联系 ,以寻求帮助。Contact a Microsoft Partner for assistance with this.
在规划使用 Intune 部署无线网络和 VPN 配置文件时,IT 管理员需要具有已在生产环境中工作的现有证书颁发机构、无线网络和 VPN 基础结构。IT admins need to have existing Certificate Authority, wireless network, and VPN infrastructures already working in their production environments when planning on deploying wireless network and VPN profiles with Intune. 注意:FastTrack 服务权益不包括有关为 Intune 设置或配置证书颁发机构、无线网络、VPN 基础结构或 Apple MDM 推送证书的帮助。Note: The FastTrack service benefit doesn't include assistance for setting up or configuring Certificate Authorities, wireless networks, VPN infrastructures, or Apple MDM push certificates for Intune. 注意:FastTrack 服务权益不包括有关将配置管理器站点服务器或配置管理器客户端设置或升级到支持云附加所需的最低要求的帮助。Note: The FastTrack service benefit doesn't include assistance for setting up or upgrading either the Configuration Manager site server or Configuration Manager client to the minimum requirements needed to support cloud-attach. 请与 Microsoft 合作伙伴联系 ,以寻求帮助。Contact a Microsoft Partner for assistance with this.

Intune 与 Microsoft Defender 高级威胁防护 (ATP) 集成Intune integrated with Microsoft Defender Advanced Threat Protection (ATP)

注意:我们提供有关将 Intune 与 Microsoft Defender ATP 集成以及基于其 Windows 10 风险级别评估创建设备合规性策略的帮助。Note: We provide assistance on integrating Intune with Microsoft Defender ATP and creating device compliance policies based on its Windows 10 risk level assessment. 我们不提供有关购买、许可或激活的帮助。We don't provide assistance on purchasing, licensing, or activation. 请与 Microsoft 合作伙伴联系 ,以寻求帮助。Contact a Microsoft Partner for assistance with this.

Windows AutopilotWindows Autopilot

IT 管理员负责通过让硬件供应商代表他们上载其硬件 ID 或自己将其上载到 Windows Autopilot 服务中来向其组织注册设备。IT admins are responsible for registering their devices to their organization by either having the hardware vendor upload their hardware IDs on their behalf or by uploading it themselves into the Windows Autopilot service.

Office 365 高级威胁防护 (ATP)Office 365 Advanced Threat Protection (ATP) 我们提供针对:We provide remote guidance for:
  • 启用安全链接、安全附件和防钓鱼。Enabling Safe Links, Safe Attachments, and anti-phishing.
  • 配置自动化、调查和响应。Configuring automation, investigation, and response.
  • 使用攻击模拟器。Using Attack Simulator.
  • 报告和威胁分析。Reporting and threat analytics.
除" 常规"中的核心 载入 部分外,没有最低系统要求。Aside from the Core onboarding portion in General, there are no minimum system requirements.

Office 365Office 365

<

服务Service FastTrack 指南详细信息FastTrack guidance details 源环境预期Source environment expectations
Exchange OnlineExchange Online 对于 Exchange Online,我们会全程指导你,直到你的组织可以使用电子邮件为止。For Exchange Online, we guide you through the process to get your organization ready to use email. 具体步骤取决于源环境和电子邮件迁移计划。The exact steps depend on your source environment and your email migration plans. 我们提供针对:We provide remote guidance for:
  • 为 Office 365 中验证的所有启用邮件的域设置 Exchange Online Protection (EOP) 功能。Setting up Exchange Online Protection (EOP) features for all mail-enabled domains validated in Office 365.
  • 将邮件交换 (MX) 指向 Office 365。Pointing your mail exchange (MX) records to Office 365.
  • 如果 Office 365 ATP 功能是订阅服务的一部分,则设置该功能。Setting up the Office 365 ATP feature if it’s a part of your subscription service. 有关详细信息,请参阅此表的 Office 365 高级威胁 防护部分。For more information, see the Office 365 Advanced Threat Protection portion of this table.
  • 为在 Office 365 中验证的所有已启用邮件的域设置数据丢失防护 (DLP) 功能,将其作为订阅服务的一部分。这可在 MX 记录指向 Office 365 后完成。Setting up the data loss prevention (DLP) feature for all mail-enabled domains validated in Office 365 as part of your subscription service. This is done once your MX records point to Office 365.
  • 为在 Office 365 中验证的所有已启用邮件的域设置 Office 365 邮件加密 (OME) ,将其作为订阅服务的一部分。这可在 MX 记录指向 Office 365 后完成。Setting up Office 365 Message Encryption (OME) for all mail-enabled domains validated in Office 365 as part of your subscription service. This is done once your MX records point to Office 365.
注意: MRS 邮箱复制服务 (MRS) 尝试将信息权限托管 (IRM) 电子邮件从本地邮箱迁移到相应的 Exchange Online 邮箱。 Note: The Mailbox Replication service (MRS) attempts to migrate Information Rights Managed (IRM) emails from your on-premises mailbox to the corresponding Exchange Online mailbox. 可读取受保护内容迁移后的能力取决于客户映射和将 Active Directory Rights Managed Services (AD RMS) 模板复制到 Azure Rights Management Service (Azure RMS)。Ability to read the protected content post-migration depends on the customer mapping and copying Active Directory Rights Managed Services (AD RMS) templates to the Azure Rights Management Service (Azure RMS).
  • 配置防火墙端口。Configuring firewall ports.
  • 根据需要设置 DNS,包括所需的自动发现、发件人策略框架 (SPF) 、域密钥识别邮件 (DKIM) 、基于域的邮件身份验证、报告和一致性 (DMARC) 和 MX 记录 () 。Setting up DNS, including the required Autodiscover, sender policy framework (SPF), DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC) and MX records (as needed).
  • 设置源邮件环境和 Exchange Online 之间的电子邮件流(根据需要)。Setting up email flow between your source messaging environment and Exchange Online (as needed).
  • 执行从源邮件环境到 Office 365 的邮件迁移。Undertaking mail migration from your source messaging environment to Office 365.
  • 配置邮箱客户端(Outlook for Windows、Outlook 网页版以及 Outlook for iOS 和 Outlook for Android)。Configuring mailbox clients (Outlook for Windows, Outlook on the web, and Outlook for iOS and Android).
数据迁移 Data migration
有关使用 FastTrack 权益将数据迁移到 Office 365 的信息,请参阅"数据迁移"。For information on using the FastTrack benefit for data migration to Office 365, see Data Migration.
源环境必须具有以下最低级别之一:Your source environment must have one of the following minimum levels:
  • 具有 Exchange Server 2003 前向的单个或多个 Exchange 组织。Single or multiple Exchange organizations with Exchange Server 2003 onward.
  • 一个支持 Internet 邮件访问协议 (IMAP) 的电子邮件环境。A single Internet Message Access Protocol (IMAP)-capable email environment.
  • 单个 G 套件环境(仅限 Gmail、联系人和日历)。A single G Suite environment (Gmail, Contacts, and Calendar only).
  • 有关多地理位置功能的信息,请参阅 Exchange Online 中的多 地理位置功能For information on Multi-Geo Capabilities, see Multi-Geo Capabilities in Exchange Online.
联机客户端软件(如 Project for Office 365、Outlook for Windows、Outlook for iOS 和 Outlook for Android、OneDrive for Business 同步客户端、Power BI Desktop 和 Skype for Business)必须处于最低级别,如 Microsoft 365 Office的系统要求所定义。Online client software like Project for Office 365, Outlook for Windows, Outlook for iOS and Android, OneDrive for Business sync client, Power BI Desktop, and Skype for Business must be at a minimum level as defined in System requirements for Microsoft 365 Office.
Microsoft 信息管控Microsoft Information Governance 我们提供针对:We provide remote guidance for:
  • 保留标签和策略。Retention labels and policies.
  • 记录管理。Records management.
  • 删除策略。Deletion policies.
  • 通信合规性。Communication compliance.
  • 内部风险管理。Insider risk management.
  • 高级电子数据展示。Advanced eDiscovery.

以下内容超出范围

The following is out of scope

  • 开发记录管理文件计划。Development of a records management file plan.
  • 数据连接器。Data connectors.
  • 信息屏障。Information barriers.
  • 特权访问管理。Privileged access management.
  • 在 SharePoint 中开发信息体系结构。Development of information architecture in SharePoint.
  • 自定义脚本和编码。Custom scripting and coding.
除" 常规"中的核心 载入 部分外,没有最低系统要求。Aside from the Core onboarding portion in General, there are no minimum system requirements.
Microsoft 信息保护Microsoft Information Protection 我们提供针对:We provide remote guidance for:
  • 数据分类。Data classification.
  • 敏感信息类型。Sensitive information types.
  • 创建敏感度标签。Creating sensitivity labels.
  • 应用敏感度标签。Applying sensitivity labels.
  • 统一标记。Unified labeling.
  • 可训练的分类器。Trainable classifiers.
  • 通过内容浏览器和活动浏览器了解你的数据。Knowing your data with content explorer and activity explorer.
  • 使用策略来发布标签(手动和自动)。Publishing labels using policies (manual and automatic).
  • 创建针对 Microsoft Teams 聊天和频道的数据丢失防护 (DLP) 策略。Creating data loss prevention (DLP) policies for Microsoft Teams chats and channels.
  • 为 Windows 10 设备创建终结点 DLP 策略。Creating Endpoint DLP policies for Windows 10 devices.

以下内容超出范围

The following is out of scope

  • 客户密钥。Customer key.
  • RegEx (正则表达式) 敏感信息类型的开发。Custom regular expressions (RegEx) development for sensitive information types.
  • 创建或修改关键字词典。Creation or modification of keyword dictionaries.
  • 自定义脚本和编码。Custom scripting and coding.
注意: 有关详细信息,请参阅企业移动性 + 安全性中的 Azure 信息保护 Note: For more information, see Azure Information Protection in Enterprise Mobility + Security.
除" 常规"中的核心 载入 部分外,没有最低系统要求。Aside from the Core onboarding portion in General, there are no minimum system requirements.
Microsoft TeamsMicrosoft Teams 我们提供针对:We provide remote guidance for:
  • 确认 Exchange Online、SharePoint Online、Office 365 组和 Azure AD 中支持 Teams 的最低要求。Confirming minimum requirements in Exchange Online, SharePoint Online, Office 365 Groups, and Azure AD to support Teams.
  • 配置防火墙端口。Configuring firewall ports.
  • 设置 DNS。Setting up DNS.
  • 确认是否已在 Office 365 租户上启用 Teams。Confirming Teams is enabled on your Office 365 tenant.
  • 启用或禁用用户许可证。Enabling or disabling user licenses.
  • Teams 的网络评估:Network assessment for Teams:
    • 端口和终结点检查。Port and endpoint checks.
    • 连接质量检查。Connection quality checks.
    • 带宽预估。Bandwidth estimates.
    • 配置 Teams 应用策略 (Teams Web 应用、Teams 桌面应用和适用于 iOS 和 Android 应用的 Teams) 。Configuring Teams app policy (Teams web app, Teams Desktop app, and Teams for iOS and Android app).
    如果适用,我们还提供有关:If applicable, we also provide guidance for:
    • Microsoft Teams 会议室设备:Microsoft Teams Room Devices:
      • 创建 Teams 设备目录中所列支持的电话和会议室设备所需的在线帐户。Creation of online accounts needed for supported telephony and conference room devices listed in the Teams devices catalog.
      • 远程协助认证的 Microsoft Teams 会议室设备的服务器端配置。Remote assistance with service-side configuration of certified Microsoft Teams Rooms devices.
      • 启用音频会议:Enabling Audio Conferencing:
      • 会议桥默认设置的组织设置。Organization setup for conference bridge default settings.
      • 向许可用户分配会议桥。Assignment of conference bridge to licensed users.
    • 电话系统:Phone System:
      • 组织设置云语音默认设置。Organization setup for Cloud Voice default settings.
      • 通话套餐指南 (市场) :Calling Plans guidance (available markets):
        • 向许可用户分配号码。Assignment of numbers to licensed users.
        • 通过用户界面 (UI) 进行本地号码端口定位的指南(最多到 999)。Local number porting guidance through user interface (UI) up to 999.
        • 超过 999 的本地号码端口定位服务请求 (SR) 支持。Local number porting service request (SR) support over 999.
      • 直接路由指南:Direct Routing guidance:
        • 针对合作伙伴托管方案的直接路由设计或客户部署方案(最多 10 个站点)的组织设置指南。Organization setup guidance for Direct Routing design of partner-hosted scenarios, or customer-deployed scenarios for up to 10 sites.
        • 会话边界控制器 (SBC) 配置评审。Session Border Controller (SBC) configuration review.
        • 拨号计划配置的远程协助。Remote assistance with dial plan configuration.
        • 语音路由配置。Voice route configuration.
        • 媒体旁路和本地媒体优化。Media bypass and local media optimization.
    • 启用 Teams 实时事件。Enabling Teams live events.
    • 组织设置和集成到 Microsoft Stream。Organization setup and integration into Microsoft Stream.
    • Skype for Business 到 Teams 转换的指南。Guidance for Skype for Business to Teams transition.
  • 在适用于 Office 365 的 Azure AD 中启用的标识。Identities enabled in Azure AD for Office 365.
  • 对 SharePoint Online 启用的用户。Users enabled for SharePoint Online.
  • Exchange 邮箱 (Exchange 混合配置策略中的联机和本地) 。Exchange mailboxes are present (online and on-premises in an Exchange hybrid configuration).
  • 针对 Office 365 组启用。Enabled for Office 365 Groups.
注意: 如果未为用户分配和启用 SharePoint Online 许可证,他们将不会在 Office 365 中拥有 OneDrive for Business 存储。 Note: If users aren't assigned and enabled with SharePoint Online licenses, they won't have OneDrive for Business storage in Office 365. 文件共享继续在频道中工作,但用户在没有 Office 365 中的 OneDrive for Business 存储的情况下无法共享聊天中的文件。File sharing continues to work in Channels, but users can't share files in Chats without OneDrive for Business storage in Office 365. Teams 不支持本地 SharePoint。Teams doesn't support SharePoint on-premises.
注意: 理想的状态是所有用户的邮箱都位于 Exchange Online 上。 Note: The ideal state is for all users to have their mailboxes homed on Exchange Online. 具有本地托管邮箱的用户必须通过 Azure AD Connect 将其标识同步到 Office 365 目录。Users with mailboxes homed on-premises must have their identities synchronized to the Office 365 directory through Azure AD Connect. 对于这些 Exchange 混合客户,如果用户的邮箱在本地,则用户无法添加或配置连接器。For these Exchange hybrid customers, if the user's mailbox is on-premises, the user cannot add or configure Connectors. 可以从 https://go.microsoft.com/fwlink/?linkid=839411 下载 Microsoft Teams Windows 和 Mac 桌面客户端的安装程序。The installers for the Microsoft Teams Windows and Mac desktop clients can be downloaded from https://go.microsoft.com/fwlink/?linkid=839411.
Office 365 高级威胁防护 (ATP)Office 365 Advanced Threat Protection (ATP) 我们提供针对:We provide remote guidance for:
  • 启用安全链接、安全附件和防钓鱼。Enabling Safe Links, Safe Attachments, and anti-phishing.
  • 配置自动化、调查和响应。Configuring automation, investigation, and response.
  • 使用攻击模拟器。Using Attack Simulator.
  • 报告和威胁分析。Reporting and threat analytics.
除" 常规"中的核心 载入 部分外,没有最低系统要求。Aside from the Core onboarding portion in General, there are no minimum system requirements.
iOS 和 Android 版 OutlookOutlook for iOS and Android 我们提供针对:We provide remote guidance for:
  • 从 Apple App Store 和 Google Play 下载 Outlook for iOS 和 Outlook for Android。Downloading Outlook for iOS and Android from the Apple App Store and Google Play.
  • 配置帐户和访问 Exchange Online 邮箱。Configuring accounts and accessing the Exchange Online mailbox.
  • 保护 Outlook 移动 (请参阅保护 Exchange Online 中的 Outlook for iOS 和 Outlook for Android,) 。Securing Outlook mobile (see Securing Outlook for iOS and Android in Exchange Online for more information).
  • 在适用于 Office 365 的 Azure AD 中启用的标识。Identities enabled in Azure AD for Office 365.
  • 配置了 Exchange Online 并分配了许可证。Exchange Online configured and licenses assigned.
Power BIPower BI 我们提供针对:We provide remote guidance for:
  • 分配 Power BI 许可证。Assigning Power BI licenses.
  • 部署 Power BI Desktop 应用。Deploying the Power BI Desktop app.
Power BI Desktop 等联机客户端软件必须处于最低级别,如 Microsoft 365和 Office 的系统要求所定义。Online client software like Power BI Desktop must be at a minimum level as defined in the System requirements for Microsoft 365 and Office.
Project OnlineProject Online 我们提供针对:We provide remote guidance for:
  • 验证 Project Online 依赖的基本 SharePoint 功能。Verifying basic SharePoint functionality that Project Online relies on.
  • 向你的租户添加 Project Online 服务(包括向用户添加订阅)。Adding the Project Online service to your tenant (including adding subscriptions to users).
  • 设置企业资源池 (ERP)。Setting up the Enterprise Resource Pool (ERP).
  • 创建你的首个项目。Creating your first project.
Project for Office 365 等联机客户端软件必须处于最低级别,如 Microsoft 365和 Office 的系统要求所定义。Online client software like Project for Office 365 must be at a minimum level as defined in the System requirements for Microsoft 365 and Office.
Project Online Professional 和 PremiumProject Online Professional and Premium 我们提供针对:We provide remote guidance for:
  • 解决部署问题。Addressing deployment issues.
  • 使用 Microsoft 365 管理中心和 Windows PowerShell 分配最终用户许可证。Assigning end-user licenses using the Microsoft 365 admin center and Windows PowerShell.
  • 使用即点即用从 Office 365 门户安装 Project Online 桌面客户端。Installing Project Online Desktop Client from the Office 365 portal using Click-to-Run.
  • 使用 Office 365 部署工具配置更新设置。Configuring update settings using the Office 365 Deployment Tool.
  • 为 Project Online 桌面客户端 设置一个现场分发服务器,包括帮助创建 configuration.xml 文件以与 Office 365 部署工具一起使用。Setting up a single on-site distribution server for Project Online Desktop Client, including assistance with the creation of a configuration.xml file for use with the Office 365 Deployment Tool.
  • 将 Project Online 桌面客户端 连接到 Project Online Professional 或 Project Online 高级版。Connecting Project Online Desktop Client to Project Online Professional or Project Online Premium.
Project for Office 365 等联机客户端软件必须处于最低级别,如 Microsoft 365和 Office 的系统要求所定义。Online client software like Project for Office 365 must be at a minimum level as defined in the System requirements for Microsoft 365 and Office.
SharePoint Online 和 OneDrive for BusinessSharePoint Online and OneDrive for Business 我们提供针对:We provide remote guidance for:
  • 设置 DNS。Setting up DNS.
  • 配置防火墙端口。Configuring firewall ports.
  • 设置用户和许可证。Provisioning users and licenses.
  • 为你的 SharePoint Online 管理员启用站点创建。Enabling site creation for your SharePoint Online admin.
  • 规划网站集。Planning site collections.
  • 保护内容安全和管理权限。Securing content and managing permissions.
  • 配置 SharePoint Online 功能。Configuring SharePoint Online features.
  • 配置 SharePoint 混合功能,如混合搜索、混合网站、混合分类、内容类型、混合自助式网站创建(仅适用于 SharePoint Server 2013)、扩展的应用启动器、混合 OneDrive for Business 和 Extranet 网站。Configuring SharePoint hybrid features, like hybrid search, hybrid sites, hybrid taxonomy, content types, hybrid self-service site creation (SharePoint Server 2013 only), extended app launcher, hybrid OneDrive for Business, and extranet sites.
  • 迁移方法。Your migration approach.
根据 SharePoint 版本,为 OneDrive for Business 提供了其他指南,例如:Additional guidance is provided for OneDrive for Business depending on your SharePoint version, like:
  • 确定集成选项并查看本地和联机网络基础结构和带宽。Identifying integration options and reviewing on-premises and online network infrastructure and bandwidth.
  • 安装 SharePoint Online 2013 SP1 ((如果适用) 、规划和实现同步和标识要求,以及确定 OneDrive for Business 同步客户端)。Installing SharePoint Online 2013 SP1 (if applicable), planning and implementing sync and identity requirements, and identifying your OneDrive for Business sync client.
  • 规划和实现针对所有用户的单个推出 (分阶段推出) 。Planning and implementing a single rollout for all users (or a phased rollout).
  • 分配许可证、将"我的网站"和个人文档库重定向到适用于 SharePoint Online 2013) 的 Office 365 (,设置访问群体以控制对适用于 SharePoint Online 2013 (的 OneDrive) 的访问。Assigning licenses, redirecting My Sites and personal document libraries to Office 365 (applicable to SharePoint Online 2013), setting up audiences to control access to OneDrive (applicable to SharePoint Online 2013).
  • 将已知文件夹重定向或移动到 OneDrive。Redirecting or moving known folders to OneDrive.
  • 部署 OneDrive for Business 客户端同步。Deploying the OneDrive for Business client sync.
数据迁移 Data migration
有关使用 FastTrack 权益将数据迁移到 Office 365 的信息,请参阅"数据迁移"。For information on using the FastTrack benefit for data migration to Office 365, see Data Migration.

对于 SharePoint 混合: For SharePoint hybrid:
  • SharePoint 混合配置包括配置混合搜索、网站、分类、内容类型、OneDrive for Business、扩展的应用启动器、Extranet 网站以及从本地连接到单个目标 SharePoint Online 环境的自助式网站创建。SharePoint hybrid configuration includes configuring hybrid search, sites, taxonomy, content types, OneDrive for Business, an extended app launcher, extranet sites, and self-service site creation connected from on-premises to a single target SharePoint Online environment.
注意: 自助式网站创建不在运行 SharePoint 2013 的本地服务器范围内。 Note: Self-service site creation is not in scope with on-premises servers running SharePoint 2013.
  • 若要启用 SharePoint 混合,您必须具有以下本地 SharePoint Server 环境之一:2013、2016 或 2019。To enable SharePoint hybrid, you must have one of the following on-premises SharePoint Server environments: 2013, 2016, or 2019.
注意: 未将本地 SharePoint 环境升级到 SharePoint Server。 Note: Upgrade of on-premises SharePoint environments to SharePoint Server is not in scope. 请联系 Microsoft 合作伙伴寻求帮助Contact a Microsoft Partner for assistance. 有关详细信息,请参阅 SharePoint 混合功能的最低公共更新级别 For more information, see Minimum public update levels for SharePoint hybrid features.
注意: 有关多地理位置功能的信息,请参阅 Office 365 中的 OneDrive 和 SharePoint Online 中的多地理位置功能 Note: For information on Multi-Geo Capabilities, see Multi-Geo Capabilities in OneDrive and SharePoint Online in Office 365.
Yammer 企业版Yammer Enterprise
    我们提供启用 Yammer Enterprise 服务的远程指南。We provide remote guidance for enabling the Yammer Enterprise service.
联机客户端软件必须处于 Microsoft 365和 Office 的系统要求中定义的最低级别。Online client software must be at a minimum level as defined in the System requirements for Microsoft 365 and Office.

企业移动性 + 安全性Enterprise Mobility + Security

服务Service FastTrack 指南详细信息FastTrack guidance details 源环境预期Source environment expectations
Azure Active Directory (Azure AD) 和 Azure AD PremiumAzure Active Directory (Azure AD) and Azure AD Premium 我们针对以下方案提供用于保护云标识的远程指南。We provide remote guidance for securing your cloud identities for the following scenarios.


安全的基础基础结构

Secure foundation infrastructure

  • 为标识配置和启用强身份验证,包括使用 Azure 多重身份验证 (MFA) (云仅) 、Microsoft Authenticator 应用以及 Azure MFA 和自助服务密码重置联合注册 (SSPR) 进行保护。Configuring and enabling strong authentication for your identities, including protecting with Azure Multi-Factor Authentication (MFA) (cloud only), the Microsoft Authenticator app, and combined registration for Azure MFA and self-service password reset (SSPR).
  • 对于非 Azure AD Premium 客户,提供了使用安全默认值保护标识的指南。For non-Azure AD Premium customers, guidance is provided to secure your identities using security defaults.
  • 对于 Azure AD 高级客户,提供了使用条件访问保护标识的指南。For Azure AD premium customers, guidance is provided to secure your identities with Conditional Access.
  • 通过 Azure AD 密码保护检测和阻止使用弱密码。Detecting and blocking the use of weak passwords with Azure AD Password Protection.
  • 使用 Azure AD 应用程序代理保护对本地 Web 应用的远程访问。Securing remote access to on-premises web apps with Azure AD Application Proxy.
  • 使用 Azure Identity Protection 启用基于风险的检测和修正。Enabling risk-based detection and remediation with Azure Identity Protection.
  • 启用自定义登录屏幕,包括徽标、文本和具有自定义品牌的图像。Enabling a customized sign-in screen, including logo, text, and images with custom branding.
  • 使用 Azure AD B2B 安全地与来宾用户共享应用和服务。Securely sharing apps and services with guest users using Azure AD B2B.
  • 使用基于角色的访问控制 (RBAC) 内置管理角色管理 Office 365 管理员的访问权限,并减少特权管理员帐户的数量。Managing access for your Office 365 admins using role-based access control (RBAC) built-in administrative roles and to reduce the number of privileged admin accounts.
  • 配置混合 Azure AD 加入。Configuring hybrid Azure AD join.
  • 配置 Azure AD 加入。Configuring Azure AD join.
监视和报告 Monitor and reporting
  • 使用 Azure AD Connect Health 为 AD FS、Azure AD Connect 和域控制器启用远程监视。Enabling remote monitoring for AD FS, Azure AD Connect, and domain controllers with Azure AD Connect Health.
治理 Governance
  • 使用 Azure AD 权利管理大规模管理 Azure AD 标识和访问生命周期。Managing your Azure AD identity and access lifecycle at scale with Azure AD entitlement management.
  • 通过 Azure AD 访问评审管理 Azure AD 组成员身份、企业应用访问权限和角色分配。Managing Azure AD group memberships, enterprise app access, and role assignments with Azure AD access reviews.
  • 查看 Azure AD 使用条款。Reviewing Azure AD Terms of Use.
  • 使用 Azure AD Privileged Identity Management 管理和控制对特权管理员帐户的访问。Managing and controlling access to privileged admin accounts with Azure AD Privileged Identity Management.
自动化和效率 Automation and efficiencies
  • 启用 Azure AD SSPR。Enabling Azure AD SSPR.
  • 允许用户使用 Azure AD 自助服务组管理创建和管理自己的云安全或 Office 365 组。Allowing users to create and manage their own cloud security or Office 365 groups with Azure AD self-service group management.
  • 使用 Azure AD 委派组管理管理企业应用的委派访问权限。Managing delegated access to enterprise apps with Azure AD delegated group management.
  • 启用 Azure AD 动态组。Enabling Azure AD dynamic groups.
  • 使用集合在"我的应用程序"门户中组织应用。Organizing apps in the My Apps portal using collections.
本地 Active Directory 及其环境已针对 Azure AD Premium 做好准备,包括修复阻止与 Azure AD 和 Azure AD Premium 功能集成的已识别问题。The on-premises Active Directory and its environment have been prepared for Azure AD Premium, including remediation of identified issues that prevent integration with Azure AD and Azure AD Premium features.
Azure 信息保护 Azure Information Protection 我们提供针对:We provide remote guidance for:
  • 激活和配置租户。Activating and configuring your tenant.
  • 创建和设置标签和策略。Creating and setting up labels and policies.
  • 向文档应用信息保护。Applying information protection to documents.
  • 自动对在 Windows 上运行的 Office 应用(如Word、PowerPoint、Excel 和 Outlook)中的信息进行分类和标记,并使用 Azure 信息保护客户端。Automatically classifying and labeling information in Office apps (like Word, PowerPoint, Excel, and Outlook) running on Windows and using the Azure Information Protection client.
  • 使用 Azure 信息保护扫描程序发现并标记其余文件。Discovering and labeling files at rest using the Azure Information Protection scanner.
  • 使用 Exchange Online 邮件流规则监视传输中的电子邮件。Monitoring emails in transit using Exchange Online mail flow rules.
如果你希望使用 Microsoft Azure 权限管理服务 (Azure RMS) 、Office 365 邮件加密 (OME) 和数据丢失防护 (DLP) ,我们还会提供指导。We also provide guidance if you want to apply protection using Microsoft Azure Rights Management Services (Azure RMS), Office 365 Message Encryption (OME), and data loss prevention (DLP).
客户先决条件职责包括:Customer prerequisite responsibilities include:
  • 要扫描的文件共享位置的列表。A list of file share locations to be scanned.
  • 批准的分类分类。An approved classification taxonomy.
  • 了解有关密钥管理的任何监管限制或要求。Understanding of any regulatory restriction or requirements regarding key management.
  • 为本地 Active Directory 创建的已与 Azure AD 同步的服务帐户。A service account created for your on-premises Active Directory that has been synchronized with Azure AD.
  • 为分类和保护配置的标签。Labels configured for classification and protection.
  • Azure 信息保护扫描程序的所有先决条件都已到位。All prerequisites for the Azure Information Protection scanner are in place. 有关详细信息,请参阅安装和部署 Azure 信息保护 统一标签扫描程序的先决条件。For more information, see Prerequisites for installing and deploying the Azure Information Protection unified labeling scanner.
  • 确保用户设备正在运行受支持的操作系统,并且已安装必要的必备组件。Ensure user devices are running a supported operating system and have the necessary prerequisites installed. 有关详细信息,请参阅以下内容。See the following for more details.
  • 安装和配置 Azure RMS 连接器和服务器(包括 Active Directory RMS (AD RMS) 连接器,实现混合支持。Installation and configuration of the Azure RMS connector and servers including the Active Directory RMS (AD RMS) connector for hybrid support.
  • 设置和配置仅自带密钥 (BYOK) 、双密钥加密 (DKE) (统一标记客户端) 或仅保留您自己的密钥 (HYOK) (经典客户端) (如果部署需要这些选项之一)。Setup and configuration of Bring Your Own Key (BYOK), Double Key Encryption (DKE) (unified labeling client only), or Hold Your Own Key (HYOK) (classic client only) should you require one of these options for your deployment.
Microsoft IntuneMicrosoft Intune 我们提供有关准备好使用 Intune 作为基于云的移动设备管理 (MDM) 和移动应用管理 (MAM) 提供程序的远程指导。We provide remote guidance on getting ready to use Intune as the cloud-based mobile device management (MDM) and mobile app management (MAM) provider for your apps and devices. 具体步骤取决于你的源环境,并且基于你的移动设备和移动应用管理需求。The exact steps depend on your source environment and are based on your mobile device and mobile app management needs. 所包含的具体步骤如下:The steps can include:
  • 许可最终用户。Licensing your end users.
  • 通过利用本地 Active Directory 或 Azure AD (云标识配置由 Intune 使用的) 。Configuring identities to be used by Intune by leveraging either your on-premises Active Directory or cloud identities (Azure AD).
  • 将 Intune 订阅添加到用户,定义 IT 管理角色并创建用户和设备组。Adding users to your Intune subscription, defining IT admin roles, and creating user and device groups.
  • 根据管理需求配置 MDM 颁发机构,包括:Configuring your MDM authority, based on your management needs, including:
    • 如果 Intune 是唯一的 MDM 解决方案,将 Intune 设置为 MDM 颁发机构。Setting Intune as your MDM authority when Intune is your only MDM solution.
  • 为以下操作提供 MDM 指南:Providing MDM guidance for:
    • 配置用于验证 MDM 管理策略的测试组。Configuring tests groups to be used to validate MDM management policies.
    • 配置 MDM 管理策略和服务,如:Configuring MDM management policies and services like:
      • 通过 Web 链接或深层链接针对每个受支持的平台进行应用部署。App deployment for each supported platform through web links or deep links.
      • 条件访问策略。Conditional Access policies.
      • 如果组织中已有证书颁发机构、无线网络或 VPN 基础结构,则部署电子邮件、无线网络和 VPN 配置文件。Deployment of email, wireless networks, and VPN profiles if you have an existing certificate authority, wireless network, or VPN infrastructure in your organization.
      • 连接到 Intune 数据仓库。Connecting to the Intune Data Warehouse.
      • 将 Intune 与以下内容进行集成:Integrating Intune with:
        • 使用团队查看器订阅 (远程协助的团队查看器) 。Team Viewer for remote assistance (a Team Viewer subscription is required).
        • 移动威胁防护 (MTD) 需要 (MTD 订阅的合作伙伴解决方案) 。Mobile Threat Defense (MTD) partner solutions (an MTD subscription is required).
        • 需要电信费用管理解决方案 (电信费用管理解决方案订阅) 。A telecom expense management solution (a telecom expense management solution subscription is required).
        • 需要 Microsoft Defender ATP (Windows E5 或 Microsoft 365 E5 许可证才能) 。Microsoft Defender ATP (Windows E5 or Microsoft 365 E5 licenses are required).
      • 将每个受支持平台的设备注册到 Intune。Enrolling devices of each supported platform to Intune.
  • 提供应用保护指南,Providing app protection guidance on:
    • 为每个受支持的平台配置应用保护策略。Configuring app protection policies for each supported platform.
    • 为托管应用配置条件访问策略。Configuring Conditional Access policies for managed apps.
    • 使用前面提到的 MAM 策略面向相应的用户组。Targeting the appropriate user groups with the previously mentioned MAM policies.
    • 使用托管应用使用情况报告。Using managed-apps usage reports.
  • 提供从旧版电脑管理到 Intune MDM 的迁移指南。Providing migration guidance from legacy PC management to Intune MDM.
注意:自 2020 年 10 月 15 日起,不再支持旧版电脑管理。 Note: Legacy PC management is no longer supported from October 15, 2020 onward. 云附加 Cloud-attach

我们指导你准备好使用 Intune 云附加现有 Configuration Manager 环境。We guide you through getting ready to cloud-attach existing Configuration Manager environments with Intune. 具体步骤取决于源环境。The exact steps depend on your source environment. 这些步骤包括:These steps can include:

  • 许可最终用户。Licensing your end users.
  • 通过利用本地 Active Directory 和云标识,配置供 Intune 使用的标识。Configuring identities to be used by Intune by leveraging your on-premises Active Directory and cloud identities.
  • 将 Intune 订阅添加到用户,定义 IT 管理角色并创建用户和设备组。Adding users to your Intune subscription, defining IT admin roles, and creating user and device groups.
  • 提供设置混合 Azure AD 加入的指南。Providing guidance setting up hybrid Azure AD join.
  • 提供有关为 MDM 自动注册设置 Azure AD 的指南。Providing guidance on setting up Azure AD for MDM auto-enrollment.
  • 提供有关如何设置云管理网关的指南。Providing guidance on how to set up cloud management gateway.
  • 配置要切换到 Intune 的受支持工作负载。Configuring supported workloads that you want to switch to Intune.
  • 在 Intune 注册的设备中安装 Configuration Manager 客户端。Installing the Configuration Manager client on Intune-enrolled devices.

安全地部署适用于 iOS 和 Android 的 Outlook 移动版 我们可以提供指导,帮助你在组织中安全地部署适用于 iOS 和 Android 的 Outlook 移动版,以确保用户已安装所有必需的应用。Deploy Outlook mobile for iOS and Android securely We can provide guidance to help you deploy Outlook mobile for iOS and Android securely in your organization to ensure your users have all the required apps installed.
使用 Intune 安全部署适用于 iOS 和 Android 的 Outlook 移动版的步骤取决于源环境。The steps to securely deploy Outlook mobile for iOS and Android with Intune depends on your source environment. 它可以包括:It can include:

  • 通过 Apple App Store 或 Google Play 商店下载 Outlook for iOS 和 Outlook for Android、Microsoft Authenticator 和 Intune 公司门户应用。Downloading the Outlook for iOS and Android, Microsoft Authenticator, and Intune Company Portal apps through the Apple App Store or Google Play Store.
  • 提供有关设置的指导:Providing guidance on setting up:
    • 使用 Intune 部署 Outlook for iOS 和 Outlook for Android、Microsoft Authenticator 和 Intune 公司门户应用。The Outlook for iOS and Android, Microsoft Authenticator, and Intune Company Portal apps deployment with Intune.
    • 应用保护策略。App protection policies.
    • 条件访问策略。Conditional Access policies.
    • 应用配置策略。App configuration policies.
注意:FastTrack 不支持使用 Exchange 移动设备邮箱策略保护 Outlook for iOS 和 Outlook for Android。Note: FastTrack doesn’t support securing Outlook for iOS and Android with Exchange mobile device mailbox policies. 请与 Microsoft 合作伙伴联系 ,以寻求帮助。Contact a Microsoft Partner for assistance with this.
在规划使用 Intune 部署无线网络和 VPN 配置文件时,IT 管理员需要具有已在生产环境中工作的现有证书颁发机构、无线网络和 VPN 基础结构。IT admins need to have existing Certificate Authority, wireless network, and VPN infrastructures already working in their production environments when planning on deploying wireless network and VPN profiles with Intune. 注意:FastTrack 服务权益不包括有关为 Intune 设置或配置证书颁发机构、无线网络、VPN 基础结构或 Apple MDM 推送证书的帮助。Note: The FastTrack service benefit doesn't include assistance for setting up or configuring Certificate Authorities, wireless networks, VPN infrastructures, or Apple MDM push certificates for Intune. 注意:FastTrack 服务权益不包括有关将配置管理器站点服务器或配置管理器客户端设置或升级到支持云附加所需的最低要求的帮助。Note: The FastTrack service benefit doesn't include assistance for setting up or upgrading either the Configuration Manager site server or Configuration Manager client to the minimum requirements needed to support cloud-attach. 请与 Microsoft 合作伙伴联系 ,以寻求帮助。Contact a Microsoft Partner for assistance with this.

Intune 与 Microsoft Defender 高级威胁防护 (ATP) 集成Intune integrated with Microsoft Defender Advanced Threat Protection (ATP)

注意:我们提供有关将 Intune 与 Microsoft Defender ATP 集成以及基于其 Windows 10 风险级别评估创建设备合规性策略的帮助。Note: We provide assistance on integrating Intune with Microsoft Defender ATP and creating device compliance policies based on its Windows 10 risk level assessment. 我们不提供有关购买、许可或激活的帮助。We don't provide assistance on purchasing, licensing, or activation. 请与 Microsoft 合作伙伴联系 ,以寻求帮助。Contact a Microsoft Partner for assistance with this.

Windows AutopilotWindows Autopilot

IT 管理员负责通过让硬件供应商代表他们上载其硬件 ID 或自己将其上载到 Windows Autopilot 服务中来向其组织注册设备。IT admins are responsible for registering their devices to their organization by either having the hardware vendor upload their hardware IDs on their behalf or by uploading it themselves into the Windows Autopilot service.

Windows 10Windows 10

服务Service FastTrack 指南详细信息FastTrack guidance details 源环境预期Source environment expectations
Windows 10Windows 10 我们提供从 Windows 7 专业版 和 Windows 8.1 专业版升级到 Windows 10 企业版的指导。We provide guidance for upgrading from Windows 7 Professional and Windows 8.1 Professional to Windows 10 Enterprise. 我们提供针对:We provide remote guidance for:
  • 了解你的 Windows 10 意图。Understanding your Windows 10 intention.
  • 评估源环境和要求 (确保 Microsoft Endpoint Configuration Manager 已升级到所需级别,以支持 Windows 10 部署) 。Assessing your source environment and the requirements (ensure that Microsoft Endpoint Configuration Manager is upgraded to the required level to support the Windows 10 deployment).
  • 使用 Microsoft Endpoint Configuration Manager 或 Microsoft 365 部署 Windows 10 企业版和 Microsoft 365 应用版。Deploying Windows 10 Enterprise and Microsoft 365 Apps using Microsoft Endpoint Configuration Manager or Microsoft 365.
  • 推荐用于评估 Windows 10 应用的选项。Recommending options for you to assess your Windows 10 apps.
  • 通过创建桌面分析部署计划,支持使用桌面分析和指导。Enabling use of Desktop Analytics and guidance through creation of a Desktop Analytics deployment plan.
  • Microsoft 365 应用版兼容性评估,通过利用 Configuration Manager 中的 Office 365 准备情况仪表板或独立就绪情况 Toolkit for Office,以及 Microsoft 365 应用版部署帮助。Microsoft 365 Apps compatibility assessment by leveraging the Office 365 readiness dashboard in Configuration Manager or with the stand-alone Readiness Toolkit for Office plus assistance deploying Microsoft 365 Apps.
  • 创建一个修正清单,以规定需要执行哪些操作,使源环境达到成功部署的最低要求。Creating a remediation checklist on what you need to do to bring your source environment up to the minimum requirements for a successful deployment.
  • 为 Windows 10 企业版的现有设备提供升级指南(如果它们满足所需的设备硬件要求)。Providing upgrade guidance for your existing devices to Windows 10 Enterprise if they meet the needed device hardware requirements.
  • 提供升级指南以支持现有部署运动。Providing upgrade guidance to support your existing deployment motion. FastTrack 推荐并提供有关就地升级到 Windows 10 的指南。FastTrack recommends and provides guidance for an in-place upgrade to Windows 10. 指南还可用于 Windows 干净图片安装和 Windows Autopilot 部署方案。Guidance is also available for Windows clean image installation and Windows Autopilot deployment scenarios.
  • 使用 Configuration Manager 部署 Microsoft 365 应用作为 Windows 10 部署的一部分。Deploying Microsoft 365 Apps using Configuration Manager as part of the Windows 10 deployment.
  • 提供指南,帮助你的组织使用现有的 Configuration Manager 环境或 Microsoft 365 使用 Windows 10 企业版和 Microsoft 365 应用版保持最新状态。Providing guidance to help your organization stay up to date with Windows 10 Enterprise and Microsoft 365 Apps using your existing Configuration Manager environment or Microsoft 365.
以下内容超出范围 The following is out of scope
  • 将 Configuration Manager 升级到当前分支。Upgrading Configuration Manager to Current Branch.
  • 创建适用于 Windows 10 部署的自定义映像。Creating custom images for Windows 10 deployment.
  • 创建和支持 Windows 10 部署的部署脚本。Creating and supporting deployment scripts for Windows 10 deployment.
  • 将 Windows 10 系统从 BIOS 转换为统一可扩展固件接口 (UEFI)。Converting a Windows 10 system from BIOS to Unified Extensible Firmware Interface (UEFI).
  • 启用 Windows 10 安全功能。Enabling Windows 10 security features.
  • 配置用于启动前执行环境 (PXE) 启动的 Windows 部署服务 (WDS)。Configuring Windows Deployment Services (WDS) for Preboot Execution Environment (PXE) booting.
  • 使用 Microsoft 部署工具包 (MDT) 捕获和部署 Windows 10 映像。Using the Microsoft Deployment Toolkit (MDT) to capture and deploy Windows 10 images.
  • 使用用户状态迁移工具 (USMT)。Using the User State Migration Tool (USMT).
请与 Microsoft 合作伙伴联系 ,获得这些服务的帮助。Contact a Microsoft Partner for assistance with these services.
要升级电脑,必须满足以下要求:For PC upgrade, you must meet these requirements:
  • 源操作系统:Windows 7 企业版专业版、Windows 8.1 企业版或专业版。Source OS: Windows 7 Enterprise or Professional, Windows 8.1 Enterprise or Professional.
  • 设备:台式机、笔记本或平板电脑外形型号。Devices: Desktop, notebook, or tablet form factor.
  • 目标操作系统:窗口 10 企业版。Target OS: Window 10 Enterprise.
若要升级基础结构,必须满足以下要求:For infrastructure upgrade, you must meet these requirements:
  • Microsoft Endpoint Configuration Manager。Microsoft Endpoint Configuration Manager.
  • Configuration Manager 版本必须受 Windows 10 目标版本支持。The Configuration Manager version must be supported by the Windows 10 target version. 有关详细信息,请参阅 Configuration Manager 中的 Windows 10 支持中的 Configuration Manager 支持表格。For more information, see the Configuration Manager support table at Support for Windows 10 in Configuration Manager.
Microsoft Defender 高级威胁防护 (ATP)Microsoft Defender Advanced Threat Protection (ATP) Microsoft Defender 高级威胁防护 (ATP) 是旨在帮助企业网络预防、检测、调查和响应高级威胁的平台。Microsoft Defender Advanced Threat Protection (ATP) is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. 我们提供针对:We provide remote guidance for:
  • 部署技术以确保终结点安全。Deploying the technologies to secure your endpoints.
  • 配置终结点保护和设备限制配置文件。Configuring endpoint protection and device restriction profiles.
  • 评估操作系统版本和设备管理 (包括 Intune、Microsoft Endpoint Configuration Manager、组策略对象 (GPO) 和第三方配置) 以及 Windows Defender AV 服务或其他终结点安全软件的状态。Assessing the OS version and device management (including Intune, Microsoft Endpoint Configuration Manager, Group Policy Objects (GPOs), and third-party configurations) as well as the status of your Windows Defender AV services or other endpoint security software.
  • 评估 Windows AV 服务或其他终结点安全软件的状态。Assessing the status of your Windows AV services or other endpoint security software.
  • 评估限制网络流量的代理和防火墙。Assessing proxies and firewalls restricting network traffic.
  • 通过说明如何使用载入终结点部署 ATP 代理配置文件来启用 Microsoft Defender ATP 服务。Enabling the Microsoft Defender ATP service by explaining how to deploy an ATP agent profile using an onboard endpoint.
  • 部署指南、配置帮助和教育:Deployment guidance, configuration assistance, and education on:
    • 威胁和漏洞管理。Threat and vulnerability management.
    • 攻击面减少。Attack surface reduction.
    • 新一代保护。Next-generation protection.
    • 终结点检测和响应。Endpoint detection and response.
    • 自动调查和修复。Automated investigation and remediation.
    • 安全功能分数。Secure score.
  • 查看模拟和教程 (方案、假恶意软件和自动调查等) 。Reviewing simulations and tutorials (like practice scenarios, fake malware, and automated investigations).
  • 报告和威胁分析功能概述。Overview of reporting and threat analytics features.
  • 将 Office 365 ATP 与 Microsoft Defender ATP 集成。Integrating Office 365 ATP with Microsoft Defender ATP.
  • 在 Microsoft Defender 安全中心门户中执行演练。Conduct walkthroughs of the Microsoft Defender Security Center portal.
  • 以下操作系统:The following operating systems:
    • Windows 10。Windows 10.
    • Windows Server 2016。Windows Server 2016.
    • Windows Server 2019。Windows Server 2019.
    • Windows Server 2019 Core Edition。Windows Server 2019 Core Edition.
    • Windows Server Semi-Annual Channel (SAC) 版本 1803。Windows Server Semi-Annual Channel (SAC) version 1803.
    • macOS 版本 10.13、10.14 和 10.15。macOS versions 10.13, 10.14, and 10.15.
注意: 所有 Windows Server 版本都必须由最新版本的 System Center Configuration Manager 2012 (版本 1012 R2、1511 或 1602) 或 Microsoft Endpoint Configuration Manager (版本 2002 或) 管理。 Note: All Windows Server versions must be managed by the latest version of System Center Configuration Manager 2012 (versions 1012 R2, 1511, or 1602) or Microsoft Endpoint Configuration Manager (version 2002 or greater).

以下内容超出范围

The following is out of scope

  • 客户补救活动的项目管理。Project management of the customer's remediation activities.
  • 现场支持。On-site support.
  • 持续管理和威胁响应。Ongoing management and threat response.
  • 以下 Microsoft Defender ATP 代理的加入或配置:Onboarding or configuration for the following Microsoft Defender ATP agents:
    • Windows Server 2008。Windows Server 2008.
    • Windows Server 2012。Windows Server 2012.
    • Linux。Linux.
    • Android 和 iOS (移动设备) 。Mobile devices (Android and iOS).
  • 服务器载入和配置:Server onboarding and configuration:
    • 为脱机通信配置代理服务器。Configuring a proxy server for offline communications.
    • 在下层 Configuration Manager 实例和版本上配置 Configuration Manager 部署包。Configuring Configuration Manager deployment packages on down-level Configuration Manager instances and versions.
    • 将服务器载入 Azure 安全中心。Onboarding servers to Azure Security Center.
    • 不由 Configuration Manager 管理的服务器。Servers not managed by Configuration Manager.
  • macOS 载入和配置:macOS onboarding and configuration:
    • 基于 Intune 的手动部署。Manual Intune-based deployment.
    • 基于 JAMF 的部署。JAMF-based deployment.
    • MDM 的其他移动设备管理 () 基于产品的部署。Other mobile device management (MDM) product-based deployment.
    • 手动部署。Manual deployment.
  • 配置以下攻击面减少功能:Configuration of the following attack surface reduction capabilities:
    • 基于硬件的隔离。Hardware-based isolation.
    • 应用控件。App control.
    • Exploit Protection。Exploit protection.
    • 网络防火墙。Network firewall.
  • 注册或配置 Microsoft 威胁专家。Enrollment or configuration of Microsoft Threat Experts.
  • 在 SIEM 连接中查看 API 或安全信息 (或) 培训。Configuration or training reviewing API or security information and event management (SIEM) connections.
  • 注册或配置 Microsoft 威胁防护 (MTP)。Enrollment or configuration of Microsoft Threat Protection (MTP).
  • 有关高级搜寻的培训或指导。Training or guidance covering advanced hunting.
  • 有关使用或创建 Kusto 查询的培训或指南。Training or guidance covering the use of or creation of Kusto queries.
请与 Microsoft 合作伙伴联系 ,获得这些服务的帮助。Contact a Microsoft Partner for assistance with these services.

Windows 虚拟桌面Windows Virtual Desktop

服务Service FastTrack 指南详细信息FastTrack guidance details 源环境预期Source environment expectations
Windows 虚拟桌面Windows Virtual Desktop

我们提供载入 Windows 虚拟桌面的部署指南 (桌面应用虚拟化服务) 。We provide deployment guidance for onboarding to Windows Virtual Desktop (a desktop and app virtualization service). Windows 虚拟桌面利用 Windows 10 多会话体验,并针对 Microsoft 365 企业应用版进行了优化,并集成了 Microsoft 365 的安全性和管理。Windows Virtual Desktop takes advantage of Windows 10 multi-session experience and is optimized for Microsoft 365 Apps for Enterprise with integrated security and management for Microsoft 365.

我们提供针对:We provide remote guidance for:

  • 使用 Windows 10 企业版多会话和 Microsoft 365 企业应用版部署 Windows 虚拟桌面环境,方法如下:Deploying your Windows Virtual Desktop environment with Windows 10 Enterprise multi-session and Microsoft 365 Apps for Enterprise using the following:
    • Azure Marketplace 映像。Azure Marketplace Image.
    • 共享图像。Shared image.
    • Office 部署Toolkit (ODT) 。Office Deployment Toolkit (ODT).
  • 配置 FSLogix:Configuring FSLogix:
    • 使用配置文件容器部署 FSLogix 代理。Deploying FSLogix Agent with Profile Container.
    • 使用 Office 容器部署 FSLogix 代理。Deploying FSLogix Agent with Office Container.
    • 使用内容排除项配置 FSLogix 文件夹。Configuring FSLogix folder with content exclusions.
  • 部署 Microsoft Edge。Deploying Microsoft Edge.
  • 部署 Microsoft Teams。Deploying Microsoft Teams.
  • 使用 Windows 虚拟桌面客户端进行连接。Connecting using Windows Virtual Desktop clients.

以下内容超出范围

The following is out of scope

  • 客户的 Windows 虚拟桌面部署的项目管理。Project management of the customer's Windows Virtual Desktop deployment.
  • 第三方应用虚拟化和部署。Third-party app virtualization and deployment.
  • 自定义图像。Custom images.
  • 涉及 VMware 和 Citrix 的迁移和方案。Migrations and scenarios involving VMware and Citrix.
  • Linux 方案。Linux scenarios.
  • 用户配置文件的转换或迁移。Conversion or migrations of user profiles.
请与 Microsoft 合作伙伴联系 ,获得这些服务的帮助。Contact a Microsoft Partner for assistance with these services.
你应该已经拥有以下内容:You should already have the following:
  • Azure AD 常规设置:Azure AD general setup:
    • 标识 策略 (只能使用以下三个选项之一) : Identity strategy (you can use only one of the following three options):
      • Azure 中具有 Azure AD Connect 的 Active Directory。Active Directory with Azure AD Connect in Azure.
      • 通过 VPN 或 ExpressRoute 在本地使用 Azure AD Connect 的 Active Directory。Active Directory with Azure AD Connect on-premises over VPN or ExpressRoute.
      • Active Directory 域服务 (AD DS) 。Active Directory Domain Services (AD DS).

应用保证App Assure

服务Service FastTrack 指南详细信息FastTrack guidance details 源环境预期Source environment expectations
应用保证App Assure 应用保证是一项旨在解决 Windows 10 和 Microsoft 365 应用应用兼容性问题的服务。App Assure is a service designed to address issues with Windows 10 and Microsoft 365 Apps app compatibility. 当你请求应用保证服务时,我们将与你在一起,通过符合条件的订阅免费解决有效的应用问题。When you request the App Assure service, we work with you to address valid app issues at no additional cost to you with an eligible subscription. 我们还为在部署 Windows 虚拟桌面和新 Microsoft Edge 时面临兼容性问题的客户提供指导,并尽一切努力解决兼容性问题。We also provide guidance to customers who face compatibility issues when deploying Windows Virtual Desktop and the new Microsoft Edge and make every reasonable effort to resolve compatibility issues. 我们为以下 Microsoft 产品上部署的应用提供修正帮助:We provide remediation assistance for apps deployed on the following Microsoft products:

以下内容超出范围

The following is out of scope

  • 用于确定在 Windows 10 和 Microsoft 365 应用版上是否正常运作的应用清单和测试。App inventory and testing to determine what does and doesn't work on Windows 10 and Microsoft 365 Apps. 有关此过程的更多指导,请访问桌面部署中心For more guidance on this process, visit the Desktop Deployment Center. 如果对深入升级就绪性评估感兴趣,请填写新式桌面评估的客户请求表单。If you're interested in an in-depth upgrade readiness assessment, complete the Customer Request for Modern Desktop Assessment form.
  • 研究 Windows 10 兼容性和支持语句的第三方 ISV 应用。Researching third-party ISV apps for Windows 10 compatibility and support statements. 有关详细信息,请参阅桌面分析For more information, see Desktop Analytics.
  • 仅限应用打包的服务。App packaging-only services. 但是,应用保证团队会打包我们已为 Windows 10 修正的应用,以确保可以在客户环境中部署。However, the App Assure team packages apps that we have remediated for Windows 10 to ensure they can be deployed in the customer's environment.

客户责任包括

Customer responsibilities include

  • 创建应用清单。Creating an app inventory.
  • 验证 Windows 10 和 Microsoft 365 应用版上的应用。Validating those apps on Windows 10 and Microsoft 365 Apps.
注意: Microsoft 无法更改源代码。 Note: Microsoft can't make changes to your source code. 但是,如果可提供应用的源代码,则应用保证团队可向应用开发人员提供指导。However, the App Assure team can provide guidance to app developers if the source code is available for your apps.

请与 Microsoft 合作伙伴联系 ,获得这些服务的帮助。Contact a Microsoft Partner for assistance with these services.

Windows 10 和 Microsoft 365 应用版 Windows 10 and Microsoft 365 Apps
  • 在 Windows 7、Windows 8.1、Office 2010 和 Office 2013 上运行的应用也可在 Windows 10 和 Microsoft 365 应用版上运行。Apps that worked on Windows 7, Windows 8.1, Office 2010, and Office 2013 also work on Windows 10 and Microsoft 365 Apps.
Windows 10 on ARM Windows 10 on ARM
  • 在 Windows 7、Office 2010 或更高版本上运行的应用也可在 ARM64 设备上在 Windows 10 和 Microsoft 365 应用版上运行。Apps that worked on Windows 7, Office 2010, or later versions also work on Windows 10 and Microsoft 365 Apps on ARM64 devices.
注意: Note:
  • x64 (64 位) 模拟适用于参与 Windows 预览体验 计划的客户预览版x64 (64-bit) emulation is available in preview for customers participating in the Windows Insider Program.
  • 对于使用 Windows 10 版本 2004 (或更高版本) 的非 Windows 预览体验成员客户,ARM64 Photoshop 支持使用 OpenCL 和 OpenGL 兼容包For non-Windows Insider customers on Windows 10 version 2004 (or later), ARM64 Photoshop is supported using the OpenCL and OpenGL Compatibility Pack.
  • Windows 预览体验计划的客户可以下载预览体验成员版本的 OpenCL 和 OpenGL 兼容性包,以与其他应用一同使用。Customers in the Windows Insider Program can download an Insider version of the OpenCL and OpenGL Compatibility Pack for use with additional apps.
新的 Microsoft Edge The new Microsoft Edge
  • 如果你的 Web 应用或网站适用于 Internet Explorer 11、受支持的 Google Chrome 版本或任何 Microsoft Edge 版本,则它们也将适用于新版 Microsoft Edge。If your web apps or sites work on Internet Explorer 11, supported versions of Google Chrome, or any version of Microsoft Edge, they'll also work with the new Microsoft Edge.
  • 随着 Web 的不断发展,请务必查看 Microsoft Edge 的已知站点兼容性影响更改的 已发布列表As the web is constantly evolving, be sure to review this published list of known site compatibility-impacting changes for Microsoft Edge.
Windows 虚拟桌面 Windows Virtual Desktop
  • 在 Windows Server 远程桌面会话主机 (RDSH) 上运行的虚拟化应用也可作为 Windows 虚拟桌面的一部分在 Windows 10 企业版多会话中运行。Virtualized apps that run on Windows Server Remote Desktop Session Host (RDSH) also run on Windows 10 Enterprise multi-session as part of Windows Virtual Desktop.
  • 在任何 Windows 7 或 Windows 10 虚拟桌面基础结构 (VDI) 环境中运行的应用也会作为 Windows 虚拟桌面的一部分在 Windows 7 企业版 和 Windows 10 企业版上运行。Apps running on any Windows 7 or Windows 10 virtual desktop infrastructure (VDI) environment also run on Windows 7 Enterprise and Windows 10 Enterprise as part of Windows Virtual Desktop.
  • 在 Windows 7 或 Windows 10 客户端设备中运行的应用也可作为 Windows 虚拟桌面的一部分在 Windows 7 企业版和 Windows 10 企业版上运行。Apps running on Windows 7 or Windows 10 client devices also run on Windows 7 Enterprise and Windows 10 Enterprise as part of Windows Virtual Desktop.
注意: Windows 10 企业版多会话兼容性排除和限制包括: Note: Windows 10 Enterprise multi-session compatibility exclusions and limitations include:
  • 硬件重定向受到限制。Limited redirection of hardware.
  • A/V 密集型应用可能功能受限。A/V-intensive apps may perform in a diminished capacity.
  • 64 位 Windows 虚拟桌面不支持 16 位应用。16-bit apps aren't supported for 64-bit Windows Virtual Desktop.

新版 Microsoft EdgeThe new Microsoft Edge

服务Service FastTrack 指南详细信息FastTrack guidance details 源环境预期Source environment expectations
适用于 Windows 10 企业 (的 Microsoft Edge) Microsoft Edge (for Windows 10 Enterprise customers)
  • 我们提供远程部署指南和兼容性帮助:使用 Microsoft Endpoint Manager (Microsoft Endpoint Configuration Manager 或 Intune) 在 Windows 10 企业版上部署新的 Microsoft Edge。We provide remote deployment guidance and compatibility assistance for: Deploying the new Microsoft Edge on Windows 10 Enterprise with Microsoft Endpoint Manager (Microsoft Endpoint Configuration Manager or Intune).
  • Microsoft Edge 配置 (组策略或 Intune 应用配置以及应用策略) 。Microsoft Edge configuration (using group policies or Intune app configuration and app policies).
  • 清点可能需要在活动模式下使用Internet Explorer列表。Inventory the list of sites that may require use in Internet Explorer mode.
  • 使用Internet Explorer站点列表启用启用模式。Enabling Internet Explorer mode with the existing Enterprise Site List. 此外,如果你有一个使用 Internet Explorer Google Chrome 的 Web 应用或网站,并且你遇到兼容性问题,我们将指导你无需额外付费地解决问题。Additionally, if you have a web app or site that works with Internet Explorer or Google Chrome and you experience compatibility issues, we provide guidance to resolve the issue at no additional cost. 有关 更多详细信息, 请参阅应用保证。See App Assure for more details.

以下内容超出范围

The following is out of scope

  • 客户的 Microsoft Edge 部署的项目管理。Project management of the customer's Microsoft Edge deployment.
  • 现场支持。On-site support.