载入阶段Onboarding phases

使用符合 FastTrack 中心权益条件的服务和计划以使 Microsoft Azure Active Directory Premium 和 Microsoft Intune 可供使用时,流程中涉及几个阶段。When you use the FastTrack Center Benefit Eligible Services and Plans to get Microsoft Azure Active Directory Premium and Microsoft Intune ready for use, there are several phases involved in the process. 以下各部分描述了载入流程的每个阶段。The following sections describe each phase of the onboarding process.

载入包含四个主要阶段:Onboarding has four primary phases:

FastTrack 载入流程的四个阶段

启动阶段Initiate phase

购买适当数量的许可证后,请按照购买确认电子邮件中的指南将许可证与现有的租户或新租户相关联。After you purchase the appropriate number of licenses, follow the guidance from the purchase confirmation email to associate the licenses to your existing tenant or new tenant. Microsoft 会验证你的 FastTrack 中心权益资格,并尝试与你联系来提供载入协助。Microsoft then verifies your eligibility for the FastTrack Center Benefit and tries to contact you to offer onboarding assistance.

备注

如果已准备好在组织中部署这些服务,还可以从 FastTrack 中心请求协助。You can also request assistance from the FastTrack Center if you're ready to deploy these services for your organization.

请求协助To request assistance

  1. 转到 FastTrack 中心,使用你的工作或学校帐户登录。Go to FastTrack Center and sign in with your work or school account.

  2. 在客户仪表板中,选择页面右下侧的“转到 FastTrack”。On the Customer Dashboard, choose Go to FastTrack at the bottom right of the page.

  3. 在 FastTrack 仪表板上,在页面右下侧展开“需要帮助?”,然后按照提示完成请求。On the FastTrack Dasboard, expand the Need Help at the bottom right of the page, and then follow the prompts to complete your request.

载入支持启动后,FastTrack 会设置你的联机会议日程,讨论载入流程、验证数据,并设置启动会议。Once the onboarding support starts, FastTrack sets up a schedule of online meetings with you to discuss the onboarding process, verify data, and set up a kick-off meeting.

载入启动阶段

评估阶段Assess phase

载入流程开始之后,FastTrack 中心将与你一同评估源环境和要求。Once the onboarding process begins, the FastTrack Center works with you to assess your source environment and the requirements. 将运行相关工具来评估你的环境,并且 FastTrack 专家会指导你评估本地 Active Directory、Internet 浏览器、客户端设备的操作系统、域名系统 (DNS)、网络、基础结构和标识系统,以确定是否需要针对载入进行任何更改。Tools are run to assess your environment, and FastTrack Specialists guide you through assessing your on-premises Active Directory, Internet browsers, client devices' operating systems, Domain Name System (DNS), network, infrastructure, and identity system to determine if any changes are required for onboarding.

FastTrack 中心还会与你联系,提供有关如何推动成功采用符合条件的服务的指导。The FastTrack Center also connects you with guidance about how to drive successful adoption of the eligible services.

根据当前设置,我们会提供一个修正计划,将你的源环境调整至满足成功载入到 EMS 或其单独的云服务的最低要求。Based on your current setup, we provide a remediation plan that brings your source environment up to the minimum requirements for successful onboarding to EMS or its individual cloud services. 在修正阶段,我们还会设置相应的检查点调用。We also set up appropriate checkpoint calls for the remediation phase.

载入评估阶段

修正阶段Remediate phase

如果需要,你可以在源环境中执行修正计划中的相关任务,以便满足载入和采用每项服务的要求。You perform the tasks in the remediation plan on your source environment so that you meet the requirements for onboarding and adopting each service (as needed).

载入修正阶段

开始启用阶段之前,我们会共同验证修正活动的结果来确保你可以执行后续操作。Before you begin the Enable phase, we jointly verify the outcomes of the remediation activities to make sure you’re ready to proceed.

启用阶段Enable phase

完成所有修正活动后,项目会转而配置服务使用的核心基础结构并设置每个符合条件的 EMS 云服务。When all remediation activities are complete, the project shifts to configuring the core infrastructure for service consumption and to provisioning each eligible EMS cloud service.

启用阶段 - 核心功能Enable phase - Core capabilities

核心载入涉及服务设置以及租户和标识集成。Core onboarding involves service provisioning and tenant and identity integration. 它还包括为载入联机服务(如 Azure AD Premium 和 Intune)提供基础的步骤。It also includes steps for providing a foundation for onboarding online services such as Azure AD Premium and Intune.

载入启用阶段 - 核心功能

载入启用阶段 - 核心功能

备注

Web 代表 Web 应用程序代理。WAP stands for Web Application Proxy. SSL 代表安全套接字层。SSL stands for Secure Sockets Layer. SDS 代表学校数据同步。有关 SDS 的详细信息,请参阅欢迎使用 Microsoft School Data SyncSDS stands for School Data Sync. For more information on SDS, see Welcome to Microsoft School Data Sync.

备注

托管身份验证方法包括但不限于密码哈希同步。A managed authentication method includes, but is not limited to password hash synchronization. 标识集成是一次性活动,不包括对现有身份验证方法(如托管或联合)的迁移或解除授权。Identity integration is a one time activity and does not include migrating or decommissioning of existing authentication methods, such as managed or federated.

启用阶段 - Azure AD PremiumEnable phase - Azure AD Premium

根据需要,可以使用 Azure Active Directory Connect 目录同步工具和 Active Directory 联合身份验证服务 (AD FS) 设置 Azure AD Premium 环境。The Azure AD Premium environment can be set up by using the Azure Active Directory Connect tool directory synchronization and Active Directory Federation Services (AD FS) (as needed).

对于包括将本地标识同步到云的 Azure AD Premium 方案,我们会帮助你向订阅添加 IT 管理员和用户,配置管理先决条件、设置 Azure AD Premium、使用 Azure AD Connect 工具通过托管身份验证和 AD FS 设置目录同步和 AD FS、配置测试用户以及验证服务的核心用例。For Azure AD Premium scenarios that include synchronizing on-premises identities to the cloud, we help you by adding IT admins and users to your subscription, configuring management prerequisites, setting up Azure AD Premium, setting up directory synchronization with managed authentication and AD FS using the Azure AD Connect tool, configuring test users, and validating your core use cases for the service.

Azure AD Premium 设置包括启用以下功能:Azure AD Premium setup includes enabling the following features:

  • 自助服务密码重置 (SSPR)。Self-Service Password Reset (SSPR).

  • Azure 多重身份验证 (Azure MFA)。Azure Multi-Factor Authentication (Azure MFA).

  • 多达三 (3) 个及以上服务型软件 (SaaS) 应用程序与来自 Azure Active Directory Marketplace 的单一登录 (SSO) 集成。Up to three (3) or more Software as a Service (SaaS) application integrations with single sign-on (SSO) from the Azure Active Directory Marketplace.

  • 自定义的登录屏幕(包括徽标、文本和图像)。Customized logon screen, including logo, text, and images.

  • 自助服务和动态组(组)。Self-Service and Dynamic Groups (Groups).

  • Azure Active Directory 应用程序代理。Azure Active Directory Application Proxy.

  • Azure Active Directory Connect Health。Azure Active Directory Connect Health.

  • 标识保护。Identity Protection.

  • 特权标识管理。Privileged Identity Management.

  • Azure Active Directory 条件访问。Azure Active Directory Conditional Access.

载入启用阶段 - Azure AD Premium

启用阶段 - IntuneEnable phase - Intune

对于 Intune,我们会提供相关指导,确保你已可使用 Microsoft Intune 来管理设备。For Intune, we guide you through getting ready to use Microsoft Intune to manage devices. 具体步骤取决于你的源环境,并根据你的移动设备和移动应用管理需求而定。The exact steps depend on your source environment and are based on your mobile device and mobile app management needs. 步骤可能包括:The steps can include:

  • 授权你的最终用户。Licensing your end users. 如果需要,我们还会提供有关如何为 Microsoft 云服务租户激活批量许可证的协助。We also provide assistance on how to activate volume licenses for your Microsoft cloud service tenant (as needed).

  • 通过利用本地 Active Directory 或云标识,配置将由 Intune 使用的标识。Configuring identities to be used by Intune by leveraging either your on-premises Active Directory or cloud identities.

  • 向 Intune 订阅添加用户时,定义 IT 管理员角色并创建用户组和设备组。Adding users to your Intune subscription, defining IT admin roles, and creating user and device groups.

  • 根据管理需要配置移动设备管理 (MDM) 机构,包括:Configuring your Mobile Device Management (MDM) authority, based on your management needs, including:

    • 当 Intune 是你唯一的 MDM 解决方案或其与 Office 365 的移动设备管理结合时,请将 Intune 设置为你的 MDM 机构。Setting Intune as your MDM authority when Intune is your only MDM solution or is in conjunction with Mobile Device Management for Office 365.

    • 如果已具有 Configuration Manager 的现有实施,并想使用 Intune 扩展其管理功能,请将 System Center Configuration Manager 设置为 MDM 机构。Setting System Center Configuration Manager as your MDM authority if you have an existing implementation of Configuration Manager and you want to expand its management capabilities with Intune.

  • 提供相关 MDM 指导:Providing MDM guidance for:

    • 配置用于验证 MDM 管理策略的测试组。Configuring tests groups to be used to validate MDM management policies.

    • 配置 MDM 管理策略和服务,如:Configuring MDM management policies and services like:

      • 通过 Web 链接或深层链接为每个受支持平台进行的应用程序部署。Application deployment for each supported platform through web links or deep links.

      • 条件性访问策略。Conditional access policies.

      • 电子邮件、无线网络和虚拟专用网络 (VPN) 配置文件的部署(如果组织中有现有的证书颁发机构、Wi-Fi 或 VPN 基础结构)。Deployment of email, wireless networks, and virtual private network (VPN) profiles if you have an existing certificate authority, Wi-Fi or VPN infrastructure in your organization.

      • 设置 Microsoft Intune Exchange Connector(如果适用)。Setting up the Microsoft Intune Exchange Connector (when applicable).

      • 连接到 Intune 数据仓库Connecting to Intune Data Warehouse

      • 将 Intune 与以下产品集成:Integrating Intune with:

        • Team Viewer,获取远程协助(Team Viewer 订阅是必需的)。Team Viewer for remote assistance (Team viewer subscription is required).

        • 移动威胁防御 (MTD) 合作伙伴解决方案(移动威胁防御订阅是必需的)。Mobile Threat Defense (MTD) partner solutions (Mobile Threat Defense subcription is required).

        • 电信费用管理解决方案(电信费用管理解决方案订阅是必需的)。Telecom expense management solution (Telecom expense management solution subscription is required).

        • Windows Defender 高级威胁防护(Windows E5 或 Microsoft 365 E5 许可证是必需的)。Windows Defender Advanced Threat Protection (Windows E5 or Microsoft 365 E5 licenses are required).

    • 将每个受支持平台的设备注册到你的 Intune 或具有 Intune 服务的 Configuration Manager。Enrolling devices of each supported platform to your Intune or Configuration Manager with Intune service.

  • 提供有关以下内容的 Intune 应用保护(应用管理)指导:Providing Intune App Protection (app-management) guidance about:

    • 为每个支持平台配置应用保护策略。Configuring app protection policies for each supported platform.

    • 为托管应用配置条件性访问策略。Configuring conditional access policies for managed apps.

    • 使用上述 MAM 策略定位适当的用户组。Targeting the appropriate user groups with the above MAM policies.

    • 使用托管应用程序使用情况报告。Using managed-applications usage reports.

  • 提供相关电脑管理指导:Providing PC management guidance about:

    • 安装 Intune 客户端软件(如果需要)。Installing the Intune client software (when needed).

    • 使用 Intune 中可用的软件和硬件报告。Using the software and hardware reports available in Intune.

    重要

    FastTrack 不支持使用 Intune 进行 Windows 10 经典电脑管理。FastTrack does not support Windows 10 classic PC management with Intune. FastTrack 仅支持通过 Intune 移动设备管理 (MDM) 进行 Windows 10 设备管理。FastTrack only supports Windows 10 device management through Intune mobile device management (MDM).

共同管理Co-management

FastTrack 可指导你做好准备来使用 Configuration Manager 和 Intune 同时管理 Windows 10 设备。FastTrack guides you through getting ready to concurrently manage Windows 10 devices with both Configuration Manager and Intune. 具体步骤将根据源环境而定,步骤可能包括:The exact steps depend on your source environment, the steps can include:

  • 介绍共同管理的好处。Explain the benefits of Co-management.

  • 授权许可你的最终用户。License your end users. 根据需要,FastTrack 还会提供有关如何为 Microsoft 云服务租户激活批量许可证的协助。FastTrack also provides assistance on how to activate volume licenses for your Microsoft cloud service tenant (as needed).

  • 通过利用本地 Active Directory 和/或云标识,配置将由 Intune 使用的标识。Configure identities to be used by Intune by leveraging either your on-premises Active Directory and/or cloud identities.

  • 向 Intune 订阅添加用户时,定义 IT 管理员角色并创建用户组和设备组。Adding users to your Intune subscription, defining IT admin roles, and creating user and device groups.

  • 提供有关如何从与 System Center Configuration Manager(混合)集成的 Intune 移动到 Intune Standalone 的指南。Provide guidance on how to move from Intune integrated with System Center Configuration Manager (Hybrid) to Intune Standalone.

  • 提供有关如何设置 Azure Active Directory 进行 MDM 自动注册的指南。Provide guidance on setting up Azure Active Directory for MDM auto-enrollment.

  • 提供有关如何设置混合 Azure Active Directory 加入的指南。Provide guidance setting up hybrid Azure Active Directory Join.

  • 提供有关如何设置云管理网关的指南。Provide guidance on how to set up Cloud Management Gateway

  • 在 Configuration Manager 控制台中启用共同管理。Enable Co-management in Configuration Manager console.

  • 配置想要切换到 Intune 的受支持的工作负载。Configure supported workloads that you want to switch to Intune.

  • 将 Configuration Manager 客户端安装到在 Intune 中注册的设备。Install Configuration Manger client in Intune enrolled devices.

  • 提供有关如何监视环境中共同管理活动的指导。Provide guidance on how to monitor the Co-management activity in your environment.

此外,FastTrack 还提供有关如何推动成功采用符合条件的服务的指导。FastTrack also provides you guidance on how to drive successful adoption of the eligible services.

载入启用阶段 - Intune

载入启用阶段 - Intune

载入启用阶段 - 共同管理

载入启用阶段 - Intune

备注

想要了解更多? 请参阅企业移动性 + 安全性Want to learn more? see Enterprise Mobility + Security.

后续步骤Next steps

EMS 的 FastTrack 权益 - Microsoft 职责FastTrack benefit for EMS - Microsoft responsibilities