载入和迁移阶段Onboarding and Migration Phases

使用符合 FastTrack 中心权益条件的服务和计划以使 Microsoft Azure Active Directory Premium 和 Microsoft Intune 可供使用时,流程中涉及几个阶段。When you use the FastTrack Center Benefit Eligible Services and Plans to get Microsoft Azure Active Directory Premium and Microsoft Intune ready for use, there are several phases involved in the process. 以下各部分描述了载入流程的每个阶段。The following sections describe each phase of the onboarding process.

载入包含四个主要阶段:Onboarding has four primary phases:

FastTrack 载入流程的四个阶段

启动阶段Initiate phase

购买适当数量的许可证后,请按照购买确认电子邮件中的指南将许可证与现有的租户或新租户相关联。After you purchase the appropriate number of licenses, follow the guidance from the purchase confirmation email to associate the licenses to your existing tenant or new tenant. Microsoft 会验证你的 FastTrack 中心权益资格,并尝试与你联系来提供载入协助。Microsoft then verifies your eligibility for the FastTrack Center Benefit and tries to contact you to offer onboarding assistance. 如果已准备好在组织中部署这些服务,还可以从 FastTrack 中心请求协助。You can also request assistance from the FastTrack Center if you're ready to deploy these services for your organization.

若要请求协助,请使用工作或学校帐户登录到 FastTrack 中心,转到仪表板,展开屏幕左侧的“需要帮助?”,然后按照提示完成请求。To request assistance, sign in to the FastTrack Center with your work or school account, go to the dashboard, expand the Need Help? at the left of the screen, and then follow the prompts to complete your request. 启动载入支持之后,我们将为联机会议设置一个日程安排。Once onboarding support starts, we set up a schedule of online meetings.

在此阶段,我们将讨论载入流程,验证数据并设置启动会议。During this phase, we discuss the onboarding process, verify data, and set up a kick-off meeting.

载入启动阶段

评估阶段Assess phase

载入流程开始之后,Microsoft 将与你一同评估源环境和要求。Once the onboarding process begins, Microsoft works with you to assess your source environment and the requirements. 将运行相关工具来评估你的环境,并且 Microsoft 会指导你评估本地 Active Directory、Internet 浏览器、客户端设备的操作系统、域名系统 (DNS)、网络、基础结构和标识系统,以确定是否需要针对载入进行任何更改。Tools are run to assess your environment, and Microsoft guides you through assessing your on-premises Active Directory, Internet browsers, client devices' operating systems, Domain Name System (DNS), network, infrastructure, and identity system to determine if any changes are required for onboarding.

Microsoft 还会与你联系,提供有关如何推动成功采用符合条件的服务的指导。Microsoft also connects you with guidance about how to drive successful adoption of the eligible services.

根据当前设置,我们会提供一个修正计划,将你的源环境调整至满足成功载入到 EMS 或其单独的云服务的最低要求。Based on your current setup, we provide a remediation plan that brings your source environment up to the minimum requirements for successful onboarding to EMS or its individual cloud services. 在修正阶段,我们还会设置相应的检查点调用。We also set up appropriate checkpoint calls for the remediation phase.

载入评估阶段

修正阶段Remediate phase

如果需要,你可以在源环境中执行修正计划中的相关任务,以便满足载入和采用每项服务的要求。You perform the tasks in the remediation plan on your source environment so that you meet the requirements for onboarding and adopting each service (as needed).

载入修正阶段

开始启用阶段之前,我们会共同验证修正活动的结果来确保你可以执行后续操作。Before you begin the Enable phase, we jointly verify the outcomes of the remediation activities to make sure you’re ready to proceed.

启用阶段Enable phase

完成所有修正活动后,项目会转而配置服务使用的核心基础结构并设置每个符合条件的 EMS 云服务。When all remediation activities are complete, the project shifts to configuring the core infrastructure for service consumption and to provisioning each eligible EMS cloud service.

启用阶段 - 核心功能Enable phase - Core capabilities

核心载入涉及服务设置以及租户和标识集成。Core onboarding involves service provisioning and tenant and identity integration. 它还包括为载入联机服务(如 Azure AD Premium 和 Intune)提供基础的步骤。It also includes steps for providing a foundation for onboarding online services such as Azure AD Premium and Intune.

载入启用阶段 - 核心功能

载入启用阶段 - 核心功能

启用阶段 - Azure AD PremiumEnable phase - Azure AD Premium

根据需要,可以使用 Azure Active Directory Connect 目录同步工具和 Active Directory 联合身份验证服务 (AD FS) 设置 Azure AD Premium 环境。The Azure AD Premium environment can be set up by using the Azure Active Directory Connect tool directory synchronization and Active Directory Federation Services (AD FS) (as needed).

对于包括将本地标识同步到云的 Azure AD Premium 方案,我们会帮助你向订阅添加 IT 管理员和用户,配置管理先决条件、设置 Azure AD Premium、使用 Azure AD Connect 工具设置目录同步和 AD FS、配置测试用户和验证此服务的核心用例。For Azure AD Premium scenarios that include synchronizing on-premises identities to the cloud, we help you by adding IT admins and users to your subscription, configuring management prerequisites, setting up Azure AD Premium, setting up directory synchronization and AD FS using the Azure AD Connect tool, configuring test users, and validating your core use cases for the service.

Azure AD Premium 设置包括启用以下功能:Azure AD Premium setup includes enabling the following features:

  • 自助服务密码重置 (SSPR)。Self-Service Password Reset (SSPR).

  • Azure 多重身份验证 (Azure MFA)。Azure Multi-Factor Authentication (Azure MFA).

  • 服务型软件 (SaaS) 应用程序与来自 Azure Active Directory 应用商店的单一登录 (SSO) 集成。One Software as a Service (SaaS) application integration with single sign-on (SSO) from the Azure Active Directory Marketplace.

  • 自定义的登录屏幕(包括徽标、文本和图像)。Customized logon screen, including logo, text, and images.

  • 自助服务和动态组(组)。Self-Service and Dynamic Groups (Groups).

  • Azure Active Directory 应用程序代理。Azure Active Directory Application Proxy.

  • Azure Active Directory Connect Health。Azure Active Directory Connect Health.

  • 标识保护。Identity Protection.

  • 特权标识管理。Privileged Identity Management.

  • 发至管理员的使用情况和安全报告。Usage and security reports to administrators.

  • 管理性通知和警报。Administrative notification and alerts.

载入启用阶段 - Azure AD Premium

启用阶段 - IntuneEnable phase - Intune

对于 Intune,我们会提供相关指导,确保你已可使用 Microsoft Intune 来管理设备。For Intune, we guide you through getting ready to use Microsoft Intune to manage devices. 具体步骤取决于你的源环境,并根据你的移动设备和移动应用管理需求而定。The exact steps depend on your source environment and are based on your mobile device and mobile app management needs. 步骤可能包括:The steps can include:

  • 授权你的最终用户。Licensing your end users. 如果需要,我们还会提供有关如何为 Microsoft 云服务租户激活批量许可证的协助。We also provide assistance on how to activate volume licenses for your Microsoft cloud service tenant (as needed).

  • 通过利用本地 Active Directory 或云标识,配置将由 Intune 使用的标识。Configuring identities to be used by Intune by leveraging either your on-premises Active Directory or cloud identities.

  • 向 Intune 订阅添加用户时,定义 IT 管理员角色并创建用户组和设备组。Adding users to your Intune subscription, defining IT admin roles, and creating user and device groups.

  • 根据管理需要配置移动设备管理 (MDM) 机构,包括:Configuring your Mobile Device Management (MDM) authority, based on your management needs, including:

    • 当 Intune 是你唯一的 MDM 解决方案或其与 Office 365 的移动设备管理结合时,请将 Intune 设置为你的 MDM 机构。Setting Intune as your MDM authority when Intune is your only MDM solution or is in conjunction with Mobile Device Management for Office 365.

    • 如果已具有 Configuration Manager 的现有实施,并想使用 Intune 扩展其管理功能,请将 System Center Configuration Manager 设置为 MDM 机构。Setting System Center Configuration Manager as your MDM authority if you have an existing implementation of Configuration Manager and you want to expand its management capabilities with Intune.

      备注

      如果只希望对最终用户拥有的设备、共享设备或展台类型的设备使用 MDM,则不需要设置 MDM 机构。If you only want to leverage MDM over your end-users' owned devices, shared devices, or kiosk-type devices, setting up an MDM authority isn't required.

  • 提供相关 MDM 指导:Providing MDM guidance for:

    • 配置用于验证 MDM 管理策略的测试组。Configuring tests groups to be used to validate MDM management policies.

    • 配置 MDM 管理策略和服务,如:Configuring MDM management policies and services like:

      • 通过 Web 链接或深层链接为每个受支持平台进行的应用程序部署。Application deployment for each supported platform through web links or deep links.

      • 条件性访问策略。Conditional access policies.

      • 电子邮件、无线网络和虚拟专用网络 (VPN) 配置文件的部署(如果组织中有现有的证书颁发机构、Wi-Fi 或 VPN 基础结构)。Deployment of email, wireless networks, and virtual private network (VPN) profiles if you have an existing certificate authority, Wi-Fi or VPN infrastructure in your organization.

      • 设置 Microsoft Intune Exchange Connector(如果适用)。Setting up the Microsoft Intune Exchange Connector (when applicable).

    • 将每个受支持平台的设备注册到你的 Intune 或具有 Intune 服务的 Configuration Manager。Enrolling devices of each supported platform to your Intune or Configuration Manager with Intune service.

  • 提供相关移动应用程序管理 (MAM) 指导:Providing Mobile Application Management (MAM) guidance about:

    • 为每个支持平台配置 MAM 策略。Configuring MAM policies for each supported platform.

    • 为托管应用配置条件性访问策略。Configuring conditional access policies for managed apps.

    • 使用上述 MAM 策略定位适当的用户组。Targeting the appropriate user groups with the above MAM policies.

    • 使用托管应用程序使用情况报告。Using managed-applications usage reports.

  • 提供相关电脑管理指导:Providing PC management guidance about:

    • 安装 Intune 客户端软件(如果需要)。Installing the Intune client software (when needed).

    • 使用 Intune 中可用的软件和硬件报告。Using the software and hardware reports available in Intune.

Microsoft 还会与你联系,提供有关如何推动成功采用符合条件的服务的指导。Microsoft also connects you with guidance about how to drive successful adoption of the eligible services.

载入启用阶段 - Intune

载入启用阶段 - Intune

载入启用阶段 - Intune

想要了解更多信息?Want to learn more?

企业移动性 + 安全性Enterprise Mobility + Security