源环境预期Source Environment Expectations

使用企业移动性 + 安全性 (EMS) 的 FastTrack 中心权益让 Microsoft Azure Active Directory Premium 和 Microsoft Intune 可供使用时,你的环境需满足以下各节所述的期望。When you use the FastTrack Center Benefit for Enterprise Mobility + Security (EMS) to get Microsoft Azure Active Directory Premium and Microsoft Intune ready for use, your environment needs to meet the expectations described in the following sections.

可能你的组织中已存在本地 Active Directory,而你希望将其与 EMS 或其任何单独的服务集成,以便从单个控制台使用丰富的标识管理。You may already have on-premises Active Directory in your organization that you want to integrate with EMS or any of its individual services for leveraging rich identity management from a single console. EMS 的 FastTrack 中心权益包括帮助你将 Azure Active Directory 与现有的本地 Active Directory 环境进行集成。The FastTrack Center Benefit for EMS includes helping you integrate Azure Active Directory with your existing on-premises Active Directory environment.

下表显示了用于载入的现有源环境的预期内容。The following table shows expectations for your existing source environment for on-boarding.

活动Activity 源环境预期Source environment expectation
核心载入Core on boarding 功能林级别设置为 Windows Server 2008 或更高版本且进行了以下林配置的 Active Directory 林:Active Directory forests with the functional forest level set to Windows Server 2008 or above, with the following forest configuration:

- 单个 Active Directory 林- Single Active Directory forest
- 多个 Active Directory 林- Multiple Active Directory forests

注意:对于所有多林配置,Active Directory Federation Services (AD FS) 部署不在 FastTrack 中心权益的范围之内。Note: For all multiple forests configurations, Active Directory Federation Services (AD FS) deployment is out of scope for the FastTrack Center Benefit.
Azure AD Premium 载入Azure AD Premium on-boarding 本地 Active Directory 及环境已准备就绪,可用于 Azure AD Premium,包括修正了会阻止 Azure AD 与 Azure AD Premium 功能集成的标识问题。The on-premises Active Directory and its environment have been prepared for Azure AD Premium, which includes remediation of identified issues that prevent integration with Azure AD and Azure AD Premium features.
Intune、仅限云或与 System Center Configuration Manager 集成、载入Intune, cloud only or integrated with System Center Configuration Manager, on-boarding 对于使用与 Intune 相连接的 Configuration Manager 2012 R2 或更高版本进行的设备管理,IT 管理员需要遵循管理员清单:配置 Configuration Manager 以使用 Microsoft Intune 来管理移动设备For device management with Configuration Manager 2012 R2 or later, connected with Intune, IT admins need to follow the Administrator Checklist: Configuring Configuration Manager to Manage Mobile Devices by Using Microsoft Intune.
注意:服务权益不包括协助设置 Configuration Manager 或将其升级到满足 Microsoft Intune 与 Configuration Manager 集成所需的最低要求。Note: The service benefit doesn't include assistance for setting up or upgrading Configuration Manager to the minimum requirements needed for Microsoft Intune integration with Configuration Manager.

对于 WiFi 和 VPN 配置文件部署,IT 管理员需确保其生产环境中已存在现成可用且处于运行状态的证书颁发机构、WiFi 和 VPN 基础结构。For WiFi and VPN profile deployment, IT admins need to have existing Certificate Authority, WiFi, and VPN infrastructures already working in their production environments.

注意:服务权益不包括有关设置或配置证书颁发机构、WiFi 或 VPN 基础结构方面的帮助。Note: The service benefit doesn’t include assistance for setting up or configuring Certificate Authorities, WiFi, or VPN infrastructures.
共同管理Co-management 通过共同管理,IT 管理员负责准备本地环境,其中可能包括修正当前阻止使用 Configuration Manager 和 Intune 同时管理 Windows 10 设备的问题。With Co-management IT admins are responsible for preparing the on-premises environment, which might include remediation of issues that prevent you from concurrently manage Windows 10 devices using both Configuration Manager and Intune.
注意:FastTrack 服务权益不包括协助设置或升级 Configuration Manager 网站服务器和/或 Configuration Manager 客户端以满足支持使用 Windows 10 设备进行共同管理所需的最低要求。Note: The FastTrack service benefit doesn't include assistance for setting up or upgrading Configuration Manager site server and/or Configuration Manager client to the minimum requirements needed to support Co-management with Windows 10 devices.
Intune 与 Windows Defender 高级威胁防护 (Windows Defender ATP) 集成Intune integrated with Windows Defender Advanced Threat Protection (Windows Defender ATP) 你的 Windows Defender ATP 订阅已根据贵公司的安全要求进行激活和配置。Your Windows Defender ATP subscription has been activated and configured based on your company security requirements.

注意:FastTrack 服务权益可帮助将 Intune 与 Windows Defender ATP 集成,并根据其 Windows 10 风险级别评估创建设备符合性策略。Note: The FastTrack service benefit provides assistance on integrating Intune with Windows Defender ATP, and creating device compliance policies based on its Windows 10 risk level assessment. FastTrack 服务优势不提供有关购买、授权、激活或使用 Windows Defender ATP 及其安全中心控制台的帮助。The FastTrack service benefit does not provide assistance on purchasing, licensing, activating or using Windows Defender ATP and its Security Center console.

备注

想要了解更多? 企业移动性 + 安全性Want to learn more? Enterprise Mobility + Security

后续步骤Next steps

EMS 载入和迁移阶段的 FastTrack 中心权益FastTrack Center benefit for EMS Onboarding and migration phases