产品和功能Products and Capabilities

FastTrack 支持的服务和方案Services and scenarios supported by FastTrack

本主题包括 FastTrack 支持的工作负载方案的详细信息,以及我们可以开始之前所需的源环境预期。This topic includes details on the workload scenarios supported by FastTrack and the source environment expectations necessary before we can begin. 根据您的当前设置,我们与您合作,创建一个补救计划,使源环境最大限度地满足成功的加入。Based on your current setup, we work with you to create a remediation plan that brings your source environment up to the minimum requirements for successful onboarding.

FastTrack 提供的指导可帮助您首先了解 (所有 Microsoft Online Services 通用的核心功能) 然后加入每个符合条件的服务:FastTrack provides guidance to help you first with core capabilities (common for all Microsoft Online Services) and then with onboarding each eligible service:

备注

若要了解 Office 365 US Government 的源环境预期,请参阅 Office 365 US Government 的源环境预期For information on source environment expectations for Office 365 US Government, see Source Environment Expectations for Office 365 US Government.

常规General

服务Service FastTrack 指南详细信息FastTrack guidance details 源环境预期Source environment expectations
核心入门Core onboarding 我们提供了有关核心载入的远程指导,其中涉及服务设置、租户和身份集成。We provide remote guidance on core onboarding, which involves service provisioning, tenant, and identity integration. 它还包括为 Exchange Online、SharePoint Online 和 Microsoft 团队提供提供服务的基础的步骤,包括 有关安全性、网络连接性和合规性的讨论It also includes steps for providing a foundation for onboarding services like Exchange Online, SharePoint Online, and Microsoft Teams, including a discussion on security, network connectivity, and compliance. 在核心载入完成后,便可以开始载入一个或多个符合条件的服务。Onboarding for one or more eligible services can begin once core onboarding is finished.

身份集成

Identity Integration

我们为以下内容提供了远程指导:We provide remote guidance for:

  • 准备本地 Active Directory 标识以同步到 Azure Active Directory (Azure AD) 包括安装和配置 Azure AD Connect (单个或多个林) 和许可 (包括基于组的许可) 。Preparing on-premises Active Directory Identities for synchronization to Azure Active Directory (Azure AD) including installing and configuring Azure AD Connect (single- or multi-forest) and licensing (including group-based licensing).
  • 创建包括批量导入和许可的云标识,包括使用基于组的许可。Creating cloud identities including bulk import and licensing including using group-based licensing.
  • 为你的云旅程选择和启用正确的身份验证方法、密码哈希同步、传递身份验证或 Active Directory 联合身份验证服务 (AD FS) 。Choosing and enabling the correct authentication method for your cloud journey, Password Hash Sync, Pass-through Authentication, or Active Directory Federation Services (AD FS).
  • 为具有单个 Active Directory 林且标识与 Azure AD Connect 工具同步的客户启用 AD FS。Enabling AD FS for customers with a single Active Directory forest and identities synchronized with the Azure AD Connect tool. 这需要 Windows Server 2012 R2 Active Directory 联合身份验证服务2.0 或更高版本。This requires Windows Server 2012 R2 Active Directory Federation Services 2.0 or greater.
  • 使用密码哈希同步或传递身份验证将身份验证从 AD FS 迁移到 Azure AD。Migrating authentication from AD FS to Azure AD using Password Hash Sync or Pass-through Authentication.
  • 迁移预先集成的应用程序 (如 Azure AD 画廊 (SaaS) 应用) 从 AD FS 迁移到 Azure AD for single sign-on (SSO) 。Migrating pre-integrated apps (like Azure AD gallery software-as-a-service (SaaS) apps) from AD FS to Azure AD for single sign-on (SSO).
  • 从 Azure AD 库启用 SaaS 应用集成和 SSO。Enabling SaaS app integrations with SSO from the Azure AD gallery.
  • 启用 " 应用集成" 教程列表 中列出的预集成 SaaS 应用程序的自动用户预配 (仅限于 Azure AD 库 SaaS 应用程序和出站设置) 。Enabling automatic user provisioning for pre-integrated SaaS apps as listed in the App integration tutorial list (limited to Azure AD gallery SaaS apps and outbound provisioning only).
网络启用 Network enablement
作为 FastTrack 权益的一部分,我们建议你作为连接云服务的最佳实践,以确保 Microsoft 365 的最高级别的性能。As part of the FastTrack benefit, we advise you as to best practices for connecting to cloud services to ensure the highest levels of performance of Microsoft 365. Active Directory 林 这些功能林级别将设置为 Windows Server 2003 前向,具有以下林配置:Active Directory forests These have the functional forest level set to Windows Server 2003 onward, with the following forest configuration:
  • 单个 Active Directory 林。A single Active Directory forest.
  • 单一 Active Directory 帐户林和资源林(Exchange 和/或 Lync 2010、Lync 2013 或 Skype for Business)拓扑。A single Active Directory account forest and resource forest (Exchange and/or Lync 2010, Lync 2013, or Skype for Business) topologies.
  • 多个 Active Directory 帐户林和资源林(Exchange 和/或 Lync 2010、Lync 2013 或 Skype for Business)拓扑。Multiple Active Directory account forests and resource forest (Exchange and/or Lync 2010, Lync 2013, or Skype for Business) topologies.
  • 多个 Active Directory 帐户林,其中的一个林是一个含有 Exchange 和/或 Lync 2010、Lync 2013 或 Skype for Business 的集中式 Active Directory 帐户林。Multiple Active Directory account forests with one of the forests being a centralized Active Directory account forest that includes Exchange and/or Lync 2010, Lync 2013, or Skype for Business.
  • 多个 Active Directory 帐户林,每一个都有自己的 Exchange 组织。Multiple Active Directory account forests, each with its own Exchange organization.
  • 必要时,租户配置和与 Azure Active Directory 集成所需的任务。Tasks required for tenant configuration and integration with Azure Active Directory, if needed.
重要 Important:
  • 对于多林 Active Directory 方案,如果已部署 Lync 2010、Lync 2013 或 Skype for Business,则必须将其部署在与 Exchange 相同的 Active Directory 林中。For multi-forest Active Directory scenarios, if Lync 2010, Lync 2013, or Skype for Business is deployed, it must be deployed in the same Active Directory forest as Exchange.
  • 在 Exchange 多混合配置中实施具有多个 Exchange 组织的多个 Active Directory 林时,共享用户主体名称 (UPN) 命名空间不支持源林之间的命名空间。When implementing multiple Active Directory forests with multiple Exchange organizations in an Exchange multi-hybrid configuration, shared user principal name (UPN) namespaces between source forests aren't supported. Exchange 组织之间的主要 SMTP 命名空间也应该进行分隔。Primary SMTP namespaces between Exchange organizations should also be separated. 有关详细信息,请参阅 具有多个 Active Directory 林的混合部署For more information, see Hybrid deployments with multiple Active Directory forests.
  • 对于所有的多林配置,Active Directory 联合身份验证服务 (AD FS) 部署超出范围。For all multiple forests configurations, Active Directory Federation Services (AD FS) deployment is out of scope. 有关此方面的帮助,请与 Microsoft 合作伙伴 联系。Contact a Microsoft Partner for assistance with this.
Microsoft 365 应用版Microsoft 365 Apps 我们为以下内容提供了远程部署指导:We provide remote deployment guidance for:
  • 解决部署问题。Addressing deployment issues.
  • 使用 Microsoft 365 管理中心和 Windows PowerShell 分配基于最终用户和设备的许可证。Assigning end-user and device-based licenses using the Microsoft 365 admin center and Windows PowerShell.
  • 使用即点即用从 Office 365 门户安装 Microsoft 365 应用版。Installing Microsoft 365 Apps from the Office 365 portal using Click-to-Run.
  • 在 iOS 或 Android 设备上安装 Office Mobile 应用(如 Outlook Mobile、Word Mobile、Excel Mobile 和 PowerPoint Mobile)。Installing Office Mobile apps (like Outlook Mobile, Word Mobile, Excel Mobile, and PowerPoint Mobile) on your iOS or Android devices.
  • 使用 Office 365 部署工具配置更新设置。Configuring update settings using the Office 365 Deployment Tool.
  • 本地或云安装的选择和设置。Selection and setup of a local or cloud installation.
  • 使用 Office 自定义工具或用于配置部署包的本地 XML 创建 Office 部署工具配置 XML。Creation of the Office Deployment Tool configuration XML with the Office Customization Tool or native XML to configure the deployment package.
  • 使用 Microsoft Endpoint Configuration Manager 的部署,包括帮助创建 Microsoft Endpoint Configuration Manager 打包。Deployment using Microsoft Endpoint Configuration Manager, including assistance with the creation of Microsoft Endpoint Configuration Manager packaging. 此外,如果您有一个宏或外接程序在以前版本的 Office 中运行,并且您遇到兼容性问题,我们通过应用程序确保计划来提供通过无需额外成本来修正兼容性问题的指导。Additionally, if you have a macro or add-in that worked with prior versions of Office and you experience compatibility issues, we provide guidance to remediate the compatibility issue at no additional cost through the App Assure program. 有关详细信息,请参阅 应用程序确保 Windows 10 的一部分。See the App Assure portion of Windows 10 for more details.
网络运行状况Network health 我们提供了有关从您的环境中获取和解释关键网络连接数据的远程指导,这些数据显示了贵组织的网站与 Microsoft 的 网络连接原则的协调方式。We provide remote guidance with obtaining and interpreting key network connectivity data from your environment showing how aligned your organization’s sites are to Microsoft’s principles of network connectivity. 这会突出显示你的网络分数,这会直接影响迁移速度、用户体验、服务性能和可靠性。This highlights your network score which directly impacts migration velocity, user experience, service performance, and reliability. 我们还将指导你完成此数据突出显示的任何补救步骤,以帮助你提高网络分数。We also guide you through any remediation steps highlighted by this data to help you improve your network score.

Office 365Office 365

服务Service FastTrack 指南详细信息FastTrack guidance details 源环境预期Source environment expectations
Exchange OnlineExchange Online 对于 Exchange Online,我们会全程指导你,直到你的组织可以使用电子邮件为止。For Exchange Online, we guide you through the process to get your organization ready to use email. 具体步骤取决于您的源环境和您的电子邮件迁移计划。The exact steps depend on your source environment and your email migration plans. 我们为以下内容提供了远程指导:We provide remote guidance for:
  • 为 Office 365 中验证的所有启用邮件的域设置 Exchange Online Protection (EOP) 功能。Setting up Exchange Online Protection (EOP) features for all mail-enabled domains validated in Office 365.
  • 将邮件交换 (MX) 记录指向 Office 365。Pointing your mail exchange (MX) records to Office 365.
  • 设置 Office 365 ATP 功能(如果它是订阅服务的一部分)。Setting up the Office 365 ATP feature if it’s a part of your subscription service. 有关详细信息,请参阅此表中的 Office 365 高级威胁防护 部分。For more information, see the Office 365 Advanced Threat Protection portion of this table.
  • 为在 Office 365 中验证的所有已启用邮件的域设置数据丢失防护 (DLP) 功能,将其作为订阅服务的一部分。这可在 MX 记录指向 Office 365 后完成。Setting up the data loss prevention (DLP) feature for all mail-enabled domains validated in Office 365 as part of your subscription service. This is done once your MX records point to Office 365.
  • 为在 Office 365 中验证的所有已启用邮件的域设置 Office 365 邮件加密 (OME) ,将其作为订阅服务的一部分。这可在 MX 记录指向 Office 365 后完成。Setting up Office 365 Message Encryption (OME) for all mail-enabled domains validated in Office 365 as part of your subscription service. This is done once your MX records point to Office 365.
注意: 邮箱复制服务 (MRS) 尝试将 (IRM) 电子邮件从本地邮箱迁移到相应的 Exchange Online 邮箱的信息。 Note: The Mailbox Replication service (MRS) attempts to migrate Information Rights Managed (IRM) emails from your on-premises mailbox to the corresponding Exchange Online mailbox. 可读取受保护内容迁移后的能力取决于客户映射和将 Active Directory Rights Managed Services (AD RMS) 模板复制到 Azure Rights Management Service (Azure RMS)。Ability to read the protected content post-migration depends on the customer mapping and copying Active Directory Rights Managed Services (AD RMS) templates to the Azure Rights Management Service (Azure RMS).
  • 配置防火墙端口。Configuring firewall ports.
  • 设置 DNS,包括所需的自动发现、发件人策略框架 (SPF) 、域密钥识别邮件 (DKIM) 、基于域的邮件身份验证、报告和一致性 (DMARC) 和 MX 记录 () 和 MX 记录。Setting up DNS, including the required Autodiscover, sender policy framework (SPF), DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC) and MX records (as needed).
  • 设置源邮件环境和 Exchange Online 之间的电子邮件流(根据需要)。Setting up email flow between your source messaging environment and Exchange Online (as needed).
  • 执行从源邮件环境到 Office 365 的邮件迁移。Undertaking mail migration from your source messaging environment to Office 365.
  • 配置邮箱客户端(Outlook for Windows、Outlook 网页版以及 Outlook for iOS 和 Outlook for Android)。Configuring mailbox clients (Outlook for Windows, Outlook on the web, and Outlook for iOS and Android).
数据迁移 Data migration
有关使用 FastTrack 的数据迁移到 Office 365 的好处的信息,请参阅 数据迁移For information on using the FastTrack benefit for data migration to Office 365, see Data Migration.
源环境必须具有以下最低级别之一:Your source environment must have one of the following minimum levels:
  • 具有 Exchange Server 2003 前向的单个或多个 Exchange 组织。Single or multiple Exchange organizations with Exchange Server 2003 onward.
  • 一个支持 Internet 邮件访问协议 (IMAP) 的电子邮件环境。A single Internet Message Access Protocol (IMAP)-capable email environment.
  • 单个 G 套件环境(仅限 Gmail、联系人和日历)。A single G Suite environment (Gmail, Contacts, and Calendar only).
  • 有关多地理位置功能的信息,请参阅 Exchange Online 中的多地理位置功能For information on Multi-Geo Capabilities, see Multi-Geo Capabilities in Exchange Online.
Online 客户端软件(如 Project for Office 365、Outlook for Windows、Outlook for iOS 和 Outlook for iOS、OneDrive for business 同步客户端、Power BI Desktop 和 Skype for Business)的最低级别必须为 Microsoft 365 Office 的系统要求中定义的最低级别。Online client software like Project for Office 365, Outlook for Windows, Outlook for iOS and Android, OneDrive for Business sync client, Power BI Desktop, and Skype for Business must be at a minimum level as defined in System requirements for Microsoft 365 Office.
Microsoft 信息管控Microsoft Information Governance 我们为以下内容提供了远程指导:We provide remote guidance for:
  • 信息管控。Information governance.
  • 保留标签和策略。Retention labels and policies.
  • 记录管理。Records management.
  • 删除策略。Deletion policies.
  • 通信合规性。Communication compliance.
  • 内部风险管理。Insider risk management.
  • 高级电子数据展示。Advanced eDiscovery.
除了 核心载入 部分 之外,没有最低的系统要求。Aside from the Core onboarding portion in General, there are no minimum system requirements.
Microsoft 信息保护Microsoft Information Protection 我们为以下内容提供了远程指导:We provide remote guidance for:
  • 数据分类。Data classification.
  • 敏感信息类型。Sensitive information types.
  • 创建敏感度标签。Creating sensitivity labels.
  • 应用敏感度标签。Applying Sensitivity labels.
  • 统一标记。Unified labeling.
  • 可训练的分类器。Trainable classifiers.
  • 通过内容浏览器和活动浏览器了解你的数据。Knowing your data with content explorer and activity explorer.
  • 使用策略来发布标签(手动和自动)。Publishing labels using policies (manual and automatic).
  • 创建针对 Microsoft Teams 聊天和频道的数据丢失防护 (DLP) 策略。Creating data loss prevention (DLP) policies for Microsoft Teams chats and channels.
  • 为由 Microsoft 终结点管理器管理的设备创建 DLP 策略。Creating DLP policies for devices managed by Microsoft Endpoint Manager.
除了 核心载入 部分 之外,没有最低的系统要求。Aside from the Core onboarding portion in General, there are no minimum system requirements.
Microsoft TeamsMicrosoft Teams 我们为以下内容提供了远程指导:We provide remote guidance for:
  • 确认 Exchange Online、SharePoint Online、Office 365 组和 Azure AD 中的最低要求以支持团队。Confirming minimum requirements in Exchange Online, SharePoint Online, Office 365 Groups, and Azure AD to support Teams.
  • 配置防火墙端口。Configuring firewall ports.
  • 设置 DNS。Setting up DNS.
  • 确认是否已在 Office 365 租户上启用 Teams。Confirming Teams is enabled on your Office 365 tenant.
  • 启用或禁用用户许可证。Enabling or disabling user licenses.
  • 针对团队的网络评估:Network assessment for Teams:
    • 端口和终结点检查。Port and endpoint checks.
    • 连接质量检查。Connection quality checks.
    • 带宽预估。Bandwidth estimates.
    • 配置团队应用程序策略 (团队 web app、团队桌面应用程序和适用于 iOS 和 Android 应用程序的团队) 。Configuring Teams app policy (Teams web app, Teams Desktop app, and Teams for iOS and Android app).
    如果适用,我们还为以下内容提供指导:If applicable, we also provide guidance for:
    • Microsoft 团队聊天室设备:Microsoft Teams Room Devices:
      • 创建 Teams 设备目录中所列支持的电话和会议室设备所需的在线帐户。Creation of online accounts needed for supported telephony and conference room devices listed in the Teams devices catalog.
      • 针对已认证的 Microsoft 团队聊天室设备的服务端配置的远程协助。Remote assistance with service-side configuration of certified Microsoft Teams Rooms devices.
      • 启用音频会议:Enabling Audio Conferencing:
      • 会议桥默认设置的组织设置。Organization setup for conference bridge default settings.
      • 向许可用户分配会议桥。Assignment of conference bridge to licensed users.
    • 电话系统:Phone System:
      • 组织设置云语音默认设置。Organization setup for Cloud Voice default settings.
      • (可用市场) 的通话套餐指南:Calling Plans guidance (available markets):
        • 向许可用户分配号码。Assignment of numbers to licensed users.
        • 通过用户界面 (UI) 进行本地号码端口定位的指南(最多到 999)。Local number porting guidance through user interface (UI) up to 999.
        • 超过 999 的本地号码端口定位服务请求 (SR) 支持。Local number porting service request (SR) support over 999.
      • 直接路由指南:Direct Routing guidance:
        • 合作伙伴托管方案的直接路由设计的组织设置指南,或最高10个网站的客户部署方案。Organization setup guidance for Direct Routing design of partner-hosted scenarios, or customer-deployed scenarios for up to 10 sites.
        • (SBC) 配置评审的会话边界控制器。Session Border Controller (SBC) configuration review.
        • 具有拨号计划配置的远程协助。Remote assistance with dial plan configuration.
        • 语音路由配置。Voice route configuration.
        • 媒体旁路和本地媒体优化。Media bypass and local media optimization.
    • 启用 Teams 实时事件。Enabling Teams live events.
    • 组织设置和集成到 Microsoft Stream。Organization setup and integration into Microsoft Stream.
    • 适用于 Skype for business 的团队转换指南。Guidance for Skype for Business to Teams transition.
  • Azure AD for Office 365 中启用的标识。Identities enabled in Azure AD for Office 365.
  • 对 SharePoint Online 启用的用户。Users enabled for SharePoint Online.
  • Exchange 邮箱在 Exchange 混合配置) 中 (联机和本地提供。Exchange mailboxes are present (online and on-premises in an Exchange hybrid configuration).
  • 针对 Office 365 组启用。Enabled for Office 365 Groups.
注意: 如果没有为用户分配和启用 SharePoint Online 许可证,则在 Office 365 中不会有 OneDrive for business 存储。 Note: If users aren't assigned and enabled with SharePoint Online licenses, they won't have OneDrive for Business storage in Office 365. 文件共享在频道中继续工作,但用户无法在 Office 365 中共享无 OneDrive for business 存储的聊天文件。File sharing continues to work in Channels, but users can't share files in Chats without OneDrive for Business storage in Office 365. 团队不支持本地 SharePoint。Teams doesn't support SharePoint on-premises.
注意: 理想的状态是让所有用户将其邮箱驻留在 Exchange Online 上。 Note: The ideal state is for all users to have their mailboxes homed on Exchange Online. 邮箱驻留在本地的用户必须将其标识同步到通过 Azure AD Connect 的 Office 365 目录。Users with mailboxes homed on-premises must have their identities synchronized to the Office 365 directory through Azure AD Connect. 对于这些 Exchange 混合客户,如果用户的邮箱在本地,则用户无法添加或配置连接器。For these Exchange hybrid customers, if the user's mailbox is on-premises, the user cannot add or configure Connectors. 可以从 https://go.microsoft.com/fwlink/?linkid=839411 下载 Microsoft Teams Windows 和 Mac 桌面客户端的安装程序。The installers for the Microsoft Teams Windows and Mac desktop clients can be downloaded from https://go.microsoft.com/fwlink/?linkid=839411.
Office 365 高级威胁防护 (ATP)Office 365 Advanced Threat Protection (ATP) 我们为以下内容提供了远程指导:We provide remote guidance for:
  • 启用安全链接、安全附件和防钓鱼。Enabling Safe Links, Safe Attachments, and anti-phishing.
  • 配置自动化、调查和响应。Configuring automation, investigation, and response.
  • 使用攻击模拟器。Using Attack Simulator.
  • 报告和威胁分析。Reporting and threat analytics.
除了 核心载入 部分 之外,没有最低的系统要求。Aside from the Core onboarding portion in General, there are no minimum system requirements.
iOS 和 Android 版 OutlookOutlook for iOS and Android 我们为以下内容提供了远程指导:We provide remote guidance for:
  • Azure AD for Office 365 中启用的标识。Identities enabled in Azure AD for Office 365.
  • 配置了 Exchange Online 并分配了许可证。Exchange Online configured and licenses assigned.
Power BIPower BI 我们为以下内容提供了远程指导:We provide remote guidance for:
  • 分配 Power BI 许可证。Assigning Power BI licenses.
  • 部署 Power BI Desktop 应用。Deploying the Power BI Desktop app.
Online 客户端软件(如 Power BI Desktop)的最低级别必须为 Microsoft 365 和 Office 的系统要求中定义的最低级别。Online client software like Power BI Desktop must be at a minimum level as defined in the System requirements for Microsoft 365 and Office.
Project OnlineProject Online 我们为以下内容提供了远程指导:We provide remote guidance for:
  • 验证 Project Online 依赖的基本 SharePoint 功能。Verifying basic SharePoint functionality that Project Online relies on.
  • 向你的租户添加 Project Online 服务(包括向用户添加订阅)。Adding the Project Online service to your tenant (including adding subscriptions to users).
  • 设置企业资源池 (ERP)。Setting up the Enterprise Resource Pool (ERP).
  • 创建你的首个项目。Creating your first project.
Online 客户端软件(如 Project for Office 365)的最低级别必须为 Microsoft 365 和 Office 的系统要求中定义的最低级别。Online client software like Project for Office 365 must be at a minimum level as defined in the System requirements for Microsoft 365 and Office.
Project Online Professional 和 PremiumProject Online Professional and Premium 我们为以下内容提供了远程指导:We provide remote guidance for:
  • 解决部署问题。Addressing deployment issues.
  • 使用 Microsoft 365 管理中心和 Windows PowerShell 分配最终用户许可证。Assigning end-user licenses using the Microsoft 365 admin center and Windows PowerShell.
  • 使用即点即用从 Office 365 门户安装 Project Online 桌面客户端。Installing Project Online Desktop Client from the Office 365 portal using Click-to-Run.
  • 使用 Office 365 部署工具配置更新设置。Configuring update settings using the Office 365 Deployment Tool.
  • 为 Project Online 桌面客户端 设置一个现场分发服务器,包括帮助创建 configuration.xml 文件以与 Office 365 部署工具一起使用。Setting up a single on-site distribution server for Project Online Desktop Client, including assistance with the creation of a configuration.xml file for use with the Office 365 Deployment Tool.
  • 将 Project Online 桌面客户端 连接到 Project Online Professional 或 Project Online 高级版。Connecting Project Online Desktop Client to Project Online Professional or Project Online Premium.
Online 客户端软件(如 Project for Office 365)的最低级别必须为 Microsoft 365 和 Office 的系统要求中定义的最低级别。Online client software like Project for Office 365 must be at a minimum level as defined in the System requirements for Microsoft 365 and Office.
SharePoint Online 和 OneDrive for BusinessSharePoint Online and OneDrive for Business 我们为以下内容提供了远程指导:We provide remote guidance for:
  • 设置 DNS。Setting up DNS.
  • 配置防火墙端口。Configuring firewall ports.
  • 设置用户和许可证。Provisioning users and licenses.
  • 为你的 SharePoint Online 管理员启用站点创建。Enabling site creation for your SharePoint Online admin.
  • 规划网站集。Planning site collections.
  • 保护内容安全和管理权限。Securing content and managing permissions.
  • 配置 SharePoint Online 功能。Configuring SharePoint Online features.
  • 配置 SharePoint 混合功能,如混合搜索、混合网站、混合分类、内容类型、混合自助式网站创建(仅适用于 SharePoint Server 2013)、扩展的应用启动器、混合 OneDrive for Business 和 Extranet 网站。Configuring SharePoint hybrid features, like hybrid search, hybrid sites, hybrid taxonomy, content types, hybrid self-service site creation (SharePoint Server 2013 only), extended app launcher, hybrid OneDrive for Business, and extranet sites.
  • 您的迁移方法。Your migration approach.
为 OneDrive for business 提供了其他指南,具体取决于你的 SharePoint 版本,如下所示:Additional guidance is provided for OneDrive for Business depending on your SharePoint version, like:
  • 确定集成选项并查看内部部署和联机网络基础结构和带宽。Identifying integration options and reviewing on-premises and online network infrastructure and bandwidth.
  • 安装 SharePoint Online 2013 SP1 ((如果适用)) 、规划和实施同步和标识要求以及确定 OneDrive for Business 同步客户端。Installing SharePoint Online 2013 SP1 (if applicable), planning and implementing sync and identity requirements, and identifying your OneDrive for Business sync client.
  • 为所有用户规划和实现单个部署 (或分阶段部署) 。Planning and implementing a single rollout for all users (or a phased rollout).
  • 分配许可证、将 "我的网站" 和个人文档库重定向到 Office 365 (适用于 SharePoint Online 2013) ,设置访问群体,以控制对适用于 SharePoint Online 2013) 的 OneDrive (的访问权限。Assigning licenses, redirecting My Sites and personal document libraries to Office 365 (applicable to SharePoint Online 2013), setting up audiences to control access to OneDrive (applicable to SharePoint Online 2013).
  • 将已知文件夹重定向或移动到 OneDrive。Redirecting or moving known folders to OneDrive.
  • 部署 OneDrive for Business 客户端同步。Deploying the OneDrive for Business client sync.
数据迁移 Data migration
有关使用 FastTrack 的数据迁移到 Office 365 的好处的信息,请参阅 数据迁移For information on using the FastTrack benefit for data migration to Office 365, see Data Migration.

对于 SharePoint 混合: For SharePoint hybrid:
  • SharePoint 混合配置包括配置混合搜索、网站、分类、内容类型、OneDrive for Business、扩展的应用启动器、extranet 网站以及从本地到单个目标 SharePoint Online 环境的自助式网站创建。SharePoint hybrid configuration includes configuring hybrid search, sites, taxonomy, content types, OneDrive for Business, an extended app launcher, extranet sites, and self-service site creation connected from on-premises to a single target SharePoint Online environment.
注意: 自助式网站创建与运行 SharePoint 2013 的本地服务器不在作用域中。 Note: Self-service site creation is not in scope with on-premises servers running SharePoint 2013.
  • 若要启用 SharePoint 混合,您必须具有以下本地 SharePoint Server 环境之一:2013、2016或2019。To enable SharePoint hybrid, you must have one of the following on-premises SharePoint Server environments: 2013, 2016, or 2019.
注意: 将本地 SharePoint 环境升级到 SharePoint Server 不在作用域内。 Note: Upgrade of on-premises SharePoint environments to SharePoint Server is not in scope. 请与 Microsoft 合作伙伴 联系以获取帮助。Contact a Microsoft Partner for assistance. 有关详细信息,请参阅 SharePoint 混合功能的最小公共更新级别 For more information, see Minimum public update levels for SharePoint hybrid features.
注意: 有关多地理位置功能的信息,请参阅 Office 365 中的 OneDrive 和 SharePoint Online 中的多地理位置功能 Note: For information on Multi-Geo Capabilities, see Multi-Geo Capabilities in OneDrive and SharePoint Online in Office 365.
Yammer 企业版Yammer Enterprise
    我们提供了有关启用 Yammer Enterprise 服务的远程指南。We provide remote guidance for enabling the Yammer Enterprise service.
联机客户端软件必须至少是在 Microsoft 365 和 Office 的系统要求中定义的最低级别。Online client software must be at a minimum level as defined in the System requirements for Microsoft 365 and Office.

企业移动性 & 安全性Enterprise Mobility & Security

Azure Active Directory (Azure AD) 和 Azure AD PremiumAzure Active Directory (Azure AD) and Azure AD Premium 我们为以下方案提供了保护云身份的远程指导。We provide remote guidance for securing your cloud identities for the following scenarios.


安全基础结构

Secure foundation infrastructure

  • 为你的身份配置和启用强身份验证,包括使用 Azure 多重身份验证 (MFA) (云仅) 、Microsoft 身份验证器应用,以及对 Azure MFA 和自助服务密码重置 (SSPR) 进行组合注册。Configuring and enabling strong authentication for your identities, including protecting with Azure Multi-Factor Authentication (MFA) (cloud only), the Microsoft Authenticator app, and combined registration for Azure MFA and self-service password reset (SSPR).
  • 对于非 Azure AD 高级客户,提供的指导旨在使用安全默认值保护你的身份。For non-Azure AD Premium customers, guidance is provided to secure your identities using security defaults.
  • 对于 Azure AD premium 客户,提供了指导以通过条件访问来保护你的身份。For Azure AD premium customers, guidance is provided to secure your identities with Conditional Access.
  • 检测并阻止使用具有 Azure AD 密码保护的弱密码。Detecting and blocking the use of weak passwords with Azure AD Password Protection.
  • 使用 Azure AD 应用程序代理保护对本地 web 应用的远程访问。Securing remote access to on-premises web apps with Azure AD Application Proxy.
  • 启用基于风险的检测和修正和 Azure 身份保护。Enabling risk-based detection and remediation with Azure Identity Protection.
  • 启用自定义的登录屏幕,包括徽标、文本和具有自定义品牌的图像。Enabling a customized sign-in screen, including logo, text, and images with custom branding.
  • 使用 Azure AD B2B 与来宾用户安全地共享应用程序和服务。Securely sharing apps and services with guest users using Azure AD B2B.
  • 使用基于角色的访问控制管理 Office 365 管理员的访问权限 (RBAC) 内置管理角色,并减少特权管理员帐户的数量。Managing access for your Office 365 admins using role-based access control (RBAC) built-in administrative roles and to reduce the number of privileged admin accounts.
  • 配置混合 Azure AD 加入。Configuring hybrid Azure AD join.
  • 配置 Azure AD 加入。Configuring Azure AD join.
监视和报告 Monitor and reporting
  • 为 AD FS、Azure AD Connect 和具有 Azure AD Connect Health 的域控制器启用远程监控。Enabling remote monitoring for AD FS, Azure AD Connect, and domain controllers with Azure AD Connect Health.
Governance
  • 使用 Azure AD 权限管理来管理 Azure AD 标识和访问生命周期(按规模扩展)。Managing your Azure AD identity and access lifecycle at scale with Azure AD entitlement management.
  • 使用 Azure AD access 审核管理 Azure AD 组成员身份、企业应用访问和角色分配。Managing Azure AD group memberships, enterprise app access, and role assignments with Azure AD access reviews.
  • 查看 Azure AD 使用条款。Reviewing Azure AD Terms of Use.
  • 使用 Azure AD 特权标识管理管理和控制对特权管理员帐户的访问。Managing and controlling access to privileged admin accounts with Azure AD Privileged Identity Management.
自动化和效率 Automation and efficiencies
  • 启用 Azure AD SSPR。Enabling Azure AD SSPR.
  • 允许用户使用 Azure AD 自助服务组管理创建和管理其自己的云安全性或 Office 365 组。Allowing users to create and manage their own cloud security or Office 365 groups with Azure AD self-service group management.
  • 管理对使用 Azure AD 委派组管理的企业应用程序的委派访问权限。Managing delegated access to enterprise apps with Azure AD delegated group management.
  • 启用 Azure AD 动态组。Enabling Azure AD dynamic groups.
  • 使用集合在我的应用程序门户中组织应用程序。Organizing apps in the My Apps portal using collections.
已为 Azure AD Premium 准备好了本地 Active Directory 及其环境,包括修正了阻止与 Azure AD 和 Azure AD 高级功能集成的已识别问题。The on-premises Active Directory and its environment have been prepared for Azure AD Premium, including remediation of identified issues that prevent integration with Azure AD and Azure AD Premium features.
Azure 信息保护(P2 或 EMS E5)Azure Information Protection (P2 or EMS E5) 我们提供有关如何执行以下操作的指导:We provide guidance on how to:
  • 激活并配置租户。Activate and configure your tenant.
  • 创建和设置标签和策略。Create and set up labels and policies.
  • 向文档应用信息保护。Apply information protection to documents.
  • 自动对在 Windows 上运行的 Office 应用(如Word、PowerPoint、Excel 和 Outlook)中的信息进行分类和标记,并使用 Azure 信息保护客户端。Automatically classify and label information in Office apps (like Word, PowerPoint, Excel, and Outlook) running on Windows and using the Azure Information Protection client.
  • 使用带有 Azure 信息保护扫描程序的静态文件。Use files at rest using the Azure Information Protection scanner.
  • 使用 Exchange Online 邮件流规则监视传输中的电子邮件。Monitor emails in transit using Exchange Online mail flow rules.
如果您想要使用 Microsoft Azure 权限管理服务 (Azure RMS) 、Office 365 邮件加密 (OME) 和数据丢失防护 (DLP) 来应用保护,则还提供指导。We also provide guidance if you want to apply protection using Microsoft Azure Rights Management Services (Azure RMS), Office 365 Message Encryption (OME), and data loss prevention (DLP).
您应该已经:You should already:
  • 使用 Azure AD。Use Azure AD.
  • 使用 Windows 或 iOS (其他操作系统不在作用域) 。Use either Windows or iOS (other operating systems are out of scope).
注意:计算机和移动设备必须在支持 Azure 信息保护的 操作系统 上运行。 Note: Computers and mobile devices must run on an operating system that supports Azure Information Protection.
  • 具有您的主文件共享位置。Have your main file share locations.
  • 注意:混合支持需要 AD RMS 连接器。 Note: Hybrid support requires the AD RMS connector.
  • 具有已批准的分类分类。Have an approved classification taxonomy.
  • 了解对受保护密钥管理的任何法规限制。Understand any regulatory restrictions for your protected key management.
  • Azure 信息保护扫描程序 Azure Information Protection scanner 您应该已经:You should already:
    • 使用 Windows Server 2012 R2 或 Windows Server 2016。Use Windows Server 2012 R2 or Windows Server 2016.
    • 具有 internet 连接。Have an internet connection.
    • 在本地或远程实例中安装 Microsoft SQL Server 2012。Have Microsoft SQL Server 2012 onward in a local or remote instance.
    • 拥有为本地 Active Directory 创建的服务帐户,并已与 Azure AD 同步。Have a service account created for your on-premises Active Directory and synchronized with Azure AD.
    • 已下载 AzInfoProtection.exe。Have downloaded AzInfoProtection.exe.
    • 将标签配置为自动分类/保护。Have labels configured for Automatic Classification/Protection.
    Microsoft IntuneMicrosoft Intune 我们提供有关准备将 Intune 用作基于云的移动设备管理 (MDM) 和移动应用管理 (MAM) 提供程序的指南,以供您的应用和设备使用。We provide guidance on getting ready to use Intune as the cloud-based mobile device management (MDM) and mobile app management (MAM) provider for your apps and devices. 具体步骤取决于你的源环境,并且基于你的移动设备和移动应用管理需求。The exact steps depend on your source environment and are based on your mobile device and mobile app management needs. 所包含的具体步骤如下:The steps can include:
    • 许可最终用户。Licensing your end users.
    • 通过利用本地 Active Directory 或云标识 (Azure AD) 配置要由 Intune 使用的标识。Configuring identities to be used by Intune by leveraging either your on-premises Active Directory or cloud identities (Azure AD).
    • 将 Intune 订阅添加到用户,定义 IT 管理角色并创建用户和设备组。Adding users to your Intune subscription, defining IT admin roles, and creating user and device groups.
    • 根据您的管理需求配置您的 MDM 颁发机构,包括:Configuring your MDM authority, based on your management needs, including:
      • 如果 Intune 是唯一的 MDM 解决方案,将 Intune 设置为 MDM 颁发机构。Setting Intune as your MDM authority when Intune is your only MDM solution.
    • 为以下操作提供 MDM 指南:Providing MDM guidance for:
      • 配置用于验证 MDM 管理策略的测试组。Configuring tests groups to be used to validate MDM management policies.
      • 配置 MDM 管理策略和服务,如:Configuring MDM management policies and services like:
        • 通过 web 链接或深层链接针对每个受支持的平台的应用程序部署。App deployment for each supported platform through web links or deep links.
        • 条件访问策略。Conditional Access policies.
        • 如果您的组织中有现有的证书颁发机构、无线网络或 VPN 基础结构,则将电子邮件、无线网络和 VPN 的部署) 配置文件。Deployment of email, wireless networks, and VPN)profiles if you have an existing certificate authority, wireless network, or VPN infrastructure in your organization.
        • 连接到 Intune 数据仓库。Connecting to the Intune Data Warehouse.
        • 将 Intune 与以下内容进行集成:Integrating Intune with:
          • 团队查看器获取远程协助 (需要) 团队查看器订阅。Team Viewer for remote assistance (a Team Viewer subscription is required).
          • 移动威胁防护 (MTD) 合作伙伴解决方案 (需要) 的 MTD 订阅。Mobile Threat Defense (MTD) partner solutions (an MTD subscription is required).
          • 需要) 电信费用管理解决方案 (电信费用管理解决方案订阅。A telecom expense management solution (a telecom expense management solution subscription is required).
          • Microsoft Defender ATP (Windows E5 或 Microsoft 365 E5 许可证是) 所必需的。Microsoft Defender ATP (Windows E5 or Microsoft 365 E5 licenses are required).
        • 将每个受支持平台的设备注册到 Intune。Enrolling devices of each supported platform to Intune.
    • 提供应用程序保护指导:Providing app protection guidance on:
      • 为每个受支持的平台配置应用保护策略。Configuring app protection policies for each supported platform.
      • 为托管应用程序配置条件访问策略。Configuring Conditional Access policies for managed apps.
      • 将相应的用户组设定为前面提到的 MAM 策略。Targeting the appropriate user groups with the previously mentioned MAM policies.
      • 使用托管-应用使用情况报告。Using managed-apps usage reports.
    • 提供从旧版 PC 管理到 Intune MDM 的迁移指南。Providing migration guidance from legacy PC management to Intune MDM.
    注意:旧电脑管理不再受支持,从2020年10月15日起。 Note: Legacy PC management is no longer supported from October 15, 2020 onward. 云附加 Cloud-attach

    我们将指导您完成使用 Intune 将现有的 Configuration Manager 环境附加到云的准备工作。We guide you through getting ready to cloud-attach existing Configuration Manager environments with Intune. 具体步骤取决于源环境。The exact steps depend on your source environment. 这些步骤包括:These steps can include:

    • 许可最终用户。Licensing your end users.
    • 通过利用本地 Active Directory 和云标识,配置供 Intune 使用的标识。Configuring identities to be used by Intune by leveraging your on-premises Active Directory and cloud identities.
    • 将 Intune 订阅添加到用户,定义 IT 管理角色并创建用户和设备组。Adding users to your Intune subscription, defining IT admin roles, and creating user and device groups.
    • 提供有关设置混合 Azure AD join 的指导。Providing guidance setting up hybrid Azure AD join.
    • 提供有关设置适用于 MDM 自动注册的 Azure AD 的指导。Providing guidance on setting up Azure AD for MDM auto-enrollment.
    • 提供有关如何设置云管理网关的指南。Providing guidance on how to set up cloud management gateway.
    • 配置要切换到 Intune 的受支持工作负载。Configuring supported workloads that you want to switch to Intune.
    • 在 Intune 注册的设备中安装 Configuration Manager 客户端。Installing the Configuration Manager client on Intune-enrolled devices.

    安全部署适用于 iOS 和 Android 的 Outlook mobile 我们可以提供指导来帮助您在组织中安全地部署适用于 iOS 和 Android 的 Outlook mobile,以确保您的用户安装了所有必需的应用程序。Deploy Outlook mobile for iOS and Android securely We can provide guidance to help you deploy Outlook mobile for iOS and Android securely in your organization to ensure your users have all the required apps installed.
    使用 Intune 安全部署 Outlook mobile for iOS 和 Outlook Android 的步骤取决于您的源环境。The steps to securely deploy Outlook mobile for iOS and Android with Intune depends on your source environment. 它可以包括:It can include:

    • 通过 Apple App Store 或 Google Play 商店下载 Outlook for iOS 和 Android、Microsoft 身份验证者和 Intune 公司门户应用。Downloading the Outlook for iOS and Android, Microsoft Authenticator, and Intune Company Portal apps through the Apple App Store or Google Play Store.
    • 提供有关设置的指导:Providing guidance on setting up:
      • 使用 Intune 的 Outlook for iOS 和 Android、Microsoft 身份验证者和 Intune 公司门户应用部署。The Outlook for iOS and Android, Microsoft Authenticator, and Intune Company Portal apps deployment with Intune.
      • 应用保护策略。App protection policies.
      • 条件访问策略。Conditional Access policies.
      • 应用配置策略。App configuration policies.
    注意: FastTrack 不支持使用 Exchange 移动设备邮箱策略保护适用于 IOS 和 Android 的 Outlook。Note: FastTrack doesn’t support securing Outlook for iOS and Android with Exchange mobile device mailbox policies. 有关此方面的帮助,请与 Microsoft 合作伙伴 联系。Contact a Microsoft Partner for assistance with this.
    在计划使用 Intune 部署无线网络和 VPN 配置文件时,IT 管理员需要具有已在其生产环境中工作的现有证书颁发机构、无线网络和 VPN 基础结构。IT admins need to have existing Certificate Authority, wireless network, and VPN infrastructures already working in their production environments when planning on deploying wireless network and VPN profiles with Intune. 注意: FastTrack 服务权益不包括为 Intune 设置或配置证书颁发机构、无线网络、VPN 基础结构或 Apple MDM 推送证书的帮助。Note: The FastTrack service benefit doesn't include assistance for setting up or configuring Certificate Authorities, wireless networks, VPN infrastructures, or Apple MDM push certificates for Intune. 注意:FastTrack 服务权益不包括有关将配置管理器站点服务器或配置管理器客户端设置或升级到支持云附加所需的最低要求的帮助。Note: The FastTrack service benefit doesn't include assistance for setting up or upgrading either the Configuration Manager site server or Configuration Manager client to the minimum requirements needed to support cloud-attach. 有关此方面的帮助,请与 Microsoft 合作伙伴 联系。Contact a Microsoft Partner for assistance with this.

    Intune 与 Microsoft Defender 高级威胁防护 (ATP) 集成Intune integrated with Microsoft Defender Advanced Threat Protection (ATP)

    注意:我们提供了有关将 Intune 与 MICROSOFT Defender ATP 集成以及根据其 Windows 10 风险级别评估创建设备合规性策略的帮助。Note: We provide assistance on integrating Intune with Microsoft Defender ATP and creating device compliance policies based on its Windows 10 risk level assessment. 我们不提供有关购买、许可或激活的帮助。We don't provide assistance on purchasing, licensing, or activation. 有关此方面的帮助,请与 Microsoft 合作伙伴 联系。Contact a Microsoft Partner for assistance with this.

    Windows AutopilotWindows Autopilot

    IT 管理员负责通过让硬件供应商代表他们上载其硬件 ID 或自己将其上载到 Windows Autopilot 服务中来向其组织注册设备。IT admins are responsible for registering their devices to their organization by either having the hardware vendor upload their hardware IDs on their behalf or by uploading it themselves into the Windows Autopilot service.

    使用 Intune 安全地部署 Outlook for iOS 和 Android Deploy Outlook for iOS and Android securely with Intune

    • 在 Azure AD for Office 365 中启用的用户标识。User identities enabled in Azure AD for Office 365.
    • 使用分配了用户许可证的 Exchange Online 或混合 Exchange 配置。Exchange Online or hybrid Exchange configured with user licenses assigned.

    Windows 10Windows 10

    服务Service FastTrack 指南详细信息FastTrack guidance details 源环境预期Source environment expectations
    Windows 10Windows 10 我们提供了从 Windows 7 Professional 和 Windows 8.1 专业版升级到 Windows 10 企业版的指南。We provide guidance for upgrading from Windows 7 Professional and Windows 8.1 Professional to Windows 10 Enterprise. 我们为以下内容提供了远程指导:We provide remote guidance for:
    • 了解你的 Windows 10 意图。Understanding your Windows 10 intention.
    • 评估源环境和要求 (确保 Microsoft 终结点配置管理器升级到所需的级别,以支持 Windows 10 部署) 。Assessing your source environment and the requirements (ensure that Microsoft Endpoint Configuration Manager is upgraded to the required level to support the Windows 10 deployment).
    • 使用 Microsoft 终结点配置管理器或 Microsoft 365 部署 Windows 10 企业版和 Microsoft 365 应用。Deploying Windows 10 Enterprise and Microsoft 365 Apps using Microsoft Endpoint Configuration Manager or Microsoft 365.
    • 推荐用于评估 Windows 10 应用程序的选项。Recommending options for you to assess your Windows 10 apps.
    • 启用桌面分析和指南创建桌面分析部署计划的使用。Enabling use of Desktop Analytics and guidance through creation of a Desktop Analytics deployment plan.
    • Microsoft 365 应用兼容性评估,具体方法是利用配置管理器中的 Office 365 准备情况仪表板,或使用独立准备工具包 for Office 以及部署 Microsoft 365 应用程序的相关帮助。Microsoft 365 Apps compatibility assessment by leveraging the Office 365 readiness dashboard in Configuration Manager or with the stand-alone Readiness Toolkit for Office plus assistance deploying Microsoft 365 Apps.
    • 根据您需要执行的操作来创建修补程序清单,以使源环境达到成功部署的最低要求。Creating a remediation checklist on what you need to do to bring your source environment up to the minimum requirements for a successful deployment.
    • 将现有设备的升级指南提供给 Windows 10 企业版,如果它们满足所需的设备硬件要求。Providing upgrade guidance for your existing devices to Windows 10 Enterprise if they meet the needed device hardware requirements.
    • 提供用于支持现有部署活动的升级指南。Providing upgrade guidance to support your existing deployment motion. FastTrack 推荐并提供有关就地升级到 Windows 10 的指南。FastTrack recommends and provides guidance for an in-place upgrade to Windows 10. 指南还可用于 Windows 干净图片安装和 Windows Autopilot 部署方案。Guidance is also available for Windows clean image installation and Windows Autopilot deployment scenarios.
    • 在 Windows 10 部署中使用 Configuration Manager 部署 Microsoft 365 应用。Deploying Microsoft 365 Apps using Configuration Manager as part of the Windows 10 deployment.
    • 提供指导,帮助您的组织使用现有的配置管理器环境或 Microsoft 365 保持最新的 Windows 10 企业版和 Microsoft 365 应用。Providing guidance to help your organization stay up to date with Windows 10 Enterprise and Microsoft 365 Apps using your existing Configuration Manager environment or Microsoft 365.
    以下项超出范围 The following is out of scope
    • 将 Configuration Manager 升级到当前分支。Upgrading Configuration Manager to Current Branch.
    • 创建适用于 Windows 10 部署的自定义映像。Creating custom images for Windows 10 deployment.
    • 创建和支持 Windows 10 部署的部署脚本。Creating and supporting deployment scripts for Windows 10 deployment.
    • 将 Windows 10 系统从 BIOS 转换为统一可扩展固件接口 (UEFI)。Converting a Windows 10 system from BIOS to Unified Extensible Firmware Interface (UEFI).
    • 启用 Windows 10 安全功能。Enabling Windows 10 security features.
    • 配置用于启动前执行环境 (PXE) 启动的 Windows 部署服务 (WDS)。Configuring Windows Deployment Services (WDS) for Preboot Execution Environment (PXE) booting.
    • 使用 Microsoft 部署工具包 (MDT) 捕获和部署 Windows 10 映像。Using the Microsoft Deployment Toolkit (MDT) to capture and deploy Windows 10 images.
    • 使用用户状态迁移工具 (USMT)。Using the User State Migration Tool (USMT).
    联系 Microsoft 合作伙伴 以获取有关这些服务的帮助。Contact a Microsoft Partner for assistance with these services.
    要升级电脑,必须满足以下要求:For PC upgrade, you must meet these requirements:
    • 源 OS: Windows 7 企业版或专业版、Windows 8.1 企业版或专业版。Source OS: Windows 7 Enterprise or Professional, Windows 8.1 Enterprise or Professional.
    • 设备:桌面、笔记本或平板电脑外形规格。Devices: Desktop, notebook, or tablet form factor.
    • 目标 OS: Window 10 企业版。Target OS: Window 10 Enterprise.
    若要升级基础结构,必须满足以下要求:For infrastructure upgrade, you must meet these requirements:
    • Microsoft 终结点配置管理器。Microsoft Endpoint Configuration Manager.
    • Configuration Manager 版本必须受 Windows 10 目标版本支持。The Configuration Manager version must be supported by the Windows 10 target version. 有关详细信息,请参阅 Configuration Manager 中的 Windows 10 支持中的 Configuration Manager 支持表格。For more information, see the Configuration Manager support table at Support for Windows 10 in Configuration Manager.
    Microsoft Defender 高级威胁防护 (ATP)Microsoft Defender Advanced Threat Protection (ATP) Microsoft Defender 高级威胁防护 (ATP) 是旨在帮助企业网络预防、检测、调查和响应高级威胁的平台。Microsoft Defender Advanced Threat Protection (ATP) is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. 我们为以下内容提供了远程指导:We provide remote guidance for:
    • 部署用于保护终结点的技术。Deploying the technologies to secure your endpoints.
    • 配置 endpoint protection 和设备限制配置文件。Configuring endpoint protection and device restriction profiles.
    • 评估 OS 版本和设备管理 (包括 Intune、Microsoft 终结点配置管理器、组策略对象 (Gpo) 和第三方配置) 以及 Windows Defender AV 服务或其他终结点安全软件的状态。Assessing the OS version and device management (including Intune, Microsoft Endpoint Configuration Manager, Group Policy Objects (GPOs), and third-party configurations) as well as the status of your Windows Defender AV services or other endpoint security software.
    • 评估 Windows AV 服务或其他 endpoint security 软件的状态。Assessing the status of your Windows AV services or other endpoint security software.
    • 评估代理和防火墙限制网络流量。Assessing proxies and firewalls restricting network traffic.
    • 通过说明如何使用板载终结点部署 ATP 代理配置文件来启用 Microsoft Defender ATP 服务。Enabling the Microsoft Defender ATP service by explaining how to deploy an ATP agent profile using an onboard endpoint.
    • 部署指南、配置帮助和教育:Deployment guidance, configuration assistance, and education on:
      • 威胁和漏洞管理。Threat and vulnerability management.
      • 攻击面减少。Attack surface reduction.
      • 新一代保护。Next-generation protection.
      • 终结点检测和响应。Endpoint detection and response.
      • 自动调查和修复。Automated investigation and remediation.
      • 安全功能分数。Secure score.
    • 查看模拟和教程 (如实践方案、假恶意软件和自动调查) 。Reviewing simulations and tutorials (like practice scenarios, fake malware, and automated investigations).
    • 报告和威胁分析功能概述。Overview of reporting and threat analytics features.
    • 将 Office 365 ATP 与 Microsoft Defender ATP 集成。Integrating Office 365 ATP with Microsoft Defender ATP.
    • 在 Microsoft Defender 安全中心门户中执行演练。Conduct walkthroughs of the Microsoft Defender Security Center portal.
    • 以下操作系统:The following operating systems:
      • Windows 10。Windows 10.
      • Windows Server 2016。Windows Server 2016.
      • Windows Server 2019。Windows Server 2019.
      • Windows Server 2019 Core Edition。Windows Server 2019 Core Edition.
      • Windows Server Semi-Annual 通道 (SAC) 版本1803。Windows Server Semi-Annual Channel (SAC) version 1803.
      • macOS 版本10.13、10.14 和10.15。macOS versions 10.13, 10.14, and 10.15.
    注意: 所有 Windows Server 版本必须由 System Center Configuration Manager 2012 (版本 1012 R2、1511或 1602) 或 Microsoft 终结点配置管理器 (版本2002或更高版本的) 进行管理。 Note: All Windows Server versions must be managed by the latest version of System Center Configuration Manager 2012 (versions 1012 R2, 1511, or 1602) or Microsoft Endpoint Configuration Manager (version 2002 or greater).

    以下项超出范围

    The following is out of scope

    • 客户补救活动的项目管理。Project management of the customer's remediation activities.
    • 现场支持。On-site support.
    • 持续管理和威胁响应。Ongoing management and threat response.
    • 以下 Microsoft Defender ATP 代理的加入或配置:Onboarding or configuration for the following Microsoft Defender ATP agents:
      • Windows Server 2008。Windows Server 2008.
      • Windows Server 2012。Windows Server 2012.
      • Linux.Linux.
      • (Android 和 iOS) 的移动设备。Mobile devices (Android and iOS).
    • 服务器的载入和配置:Server onboarding and configuration:
      • 配置用于脱机通信的代理服务器。Configuring a proxy server for offline communications.
      • 在下层配置管理器实例和版本上配置 Configuration Manager 部署包。Configuring Configuration Manager deployment packages on down-level Configuration Manager instances and versions.
      • 将服务器载入 Azure 安全中心。Onboarding servers to Azure Security Center.
      • 不受 Configuration Manager 管理的服务器。Servers not managed by Configuration Manager.
    • macOS 载入和配置:macOS onboarding and configuration:
      • 手动基于 Intune 的部署。Manual Intune-based deployment.
      • 基于 JAMF 的部署。JAMF-based deployment.
      • 其他移动设备管理 (MDM) 基于产品的部署。Other mobile device management (MDM) product-based deployment.
      • 手动部署。Manual deployment.
    • 配置以下攻击面减少功能:Configuration of the following attack surface reduction capabilities:
      • 基于硬件的隔离。Hardware-based isolation.
      • 应用程序控制。App control.
      • Exploit Protection。Exploit protection.
      • 网络防火墙。Network firewall.
    • 注册或配置 Microsoft 威胁专家。Enrollment or configuration of Microsoft Threat Experts.
    • 配置或培训检查 API 或安全信息和事件管理 (SIEM) 连接。Configuration or training reviewing API or security information and event management (SIEM) connections.
    • 注册或配置 Microsoft 威胁防护 (MTP)。Enrollment or configuration of Microsoft Threat Protection (MTP).
    • 有关高级搜寻的培训或指导。Training or guidance covering advanced hunting.
    • 涉及使用或创建 Kusto 查询的培训或指导。Training or guidance covering the use of or creation of Kusto queries.
    联系 Microsoft 合作伙伴 以获取有关这些服务的帮助。Contact a Microsoft Partner for assistance with these services.

    Windows 虚拟桌面Windows Virtual Desktop

    服务Service FastTrack 指南详细信息FastTrack guidance details 源环境预期Source environment expectations
    Windows 虚拟桌面Windows Virtual Desktop

    我们提供了用于将 Windows 虚拟桌面 (到桌面和应用程序虚拟化服务) 的部署指南。We provide deployment guidance for onboarding to Windows Virtual Desktop (a desktop and app virtualization service). Windows 虚拟桌面利用 Windows 10 多会话体验,并针对 microsoft 365 的集成安全性和管理,针对适用于企业的 Microsoft 365 应用程序进行了优化。Windows Virtual Desktop takes advantage of Windows 10 multi-session experience and is optimized for Microsoft 365 Apps for Enterprise with integrated security and management for Microsoft 365.

    我们为以下内容提供了远程指导:We provide remote guidance for:

    • 使用以下各项为企业版部署 windows 虚拟桌面环境: Windows 10 企业版多会话和 Microsoft 365 应用程序:Deploying your Windows Virtual Desktop environment with Windows 10 Enterprise multi-session and Microsoft 365 Apps for Enterprise using the following:
      • Azure Marketplace 图像。Azure Marketplace Image.
      • 共享图像。Shared image.
      • Office 部署工具包 (ODT) 。Office Deployment Toolkit (ODT).
    • 配置 FSLogix:Configuring FSLogix:
      • 使用配置文件容器部署 FSLogix 代理。Deploying FSLogix Agent with Profile Container.
      • 使用 Office 容器部署 FSLogix 代理。Deploying FSLogix Agent with Office Container.
      • 配置包含内容排除的 FSLogix 文件夹。Configuring FSLogix folder with content exclusions.
    • 部署 Microsoft Edge。Deploying Microsoft Edge.
    • 部署 Microsoft 团队。Deploying Microsoft Teams.
    • 使用 Windows 虚拟桌面客户端进行连接。Connecting using Windows Virtual Desktop clients.

    以下项超出范围

    The following is out of scope

    • 客户的 Windows 虚拟桌面部署的项目管理。Project management of the customer's Windows Virtual Desktop deployment.
    • 现场支持。On-site support.
    • 第三方应用虚拟化和部署。Third-party app virtualization and deployment.
    • 自定义图像。Custom images.
    • 涉及 VMware 和 Citrix 的迁移和方案。Migrations and scenarios involving VMware and Citrix.
    • Linux 应用场景。Linux scenarios.
    • 用户配置文件的转换或迁移。Conversion or migrations of user profiles.
    联系 Microsoft 合作伙伴 以获取有关这些服务的帮助。Contact a Microsoft Partner for assistance with these services.
    您应该已经具备以下各项:You should already have the following:
    • Azure AD 常规安装程序:Azure AD general setup:
      • 标识策略 (只能使用以下三个选项之一) : Identity strategy (you can use only one of the following three options):
        • Azure 中具有 Azure AD Connect 的 Active Directory。Active Directory with Azure AD Connect in Azure.
        • Azure AD 上的 Active Directory 与 VPN 或 ExpressRoute 上的本地连接。Active Directory with Azure AD Connect on-premises over VPN or ExpressRoute.
        • Active Directory 域服务 (AD DS) 。Active Directory Domain Services (AD DS).

    应用保证App Assure

    服务Service FastTrack 指南详细信息FastTrack guidance details 支持的产品Supported products
    应用保证App Assure 应用程序确保服务旨在解决 Windows 10 和 Microsoft 365 应用程序兼容性方面的问题。App Assure is a service designed to address issues with Windows 10 and Microsoft 365 Apps app compatibility. 当您请求应用程序确保服务时,我们将与您合作,以使用符合条件的订阅解决有效的应用问题,而无需额外付费。When you request the App Assure service, we work with you to address valid app issues at no additional cost to you with an eligible subscription. 我们还为在部署 Windows 虚拟桌面和新 Microsoft Edge 时面临兼容性问题的客户提供指导,并尽一切努力解决兼容性问题。We also provide guidance to customers who face compatibility issues when deploying Windows Virtual Desktop and the new Microsoft Edge and make every reasonable effort to resolve compatibility issues. 我们为以下 Microsoft 产品上部署的应用程序提供了修正帮助:We provide remediation assistance for apps deployed on the following Microsoft products:

    以下项超出范围

    The following is out of scope

    • 用于确定在 Windows 10 和 Microsoft 365 应用版上是否正常运作的应用清单和测试。App inventory and testing to determine what does and doesn't work on Windows 10 and Microsoft 365 Apps. 有关此过程的更多指导,请访问桌面部署中心For more guidance on this process, visit the Desktop Deployment Center. 如果对深入升级就绪性评估感兴趣,请填写新式桌面评估的客户请求表单。If you're interested in an in-depth upgrade readiness assessment, complete the Customer Request for Modern Desktop Assessment form.
    • 研究 Windows 10 兼容性和支持语句的第三方 ISV 应用。Researching third-party ISV apps for Windows 10 compatibility and support statements. 有关详细信息,请参阅桌面分析For more information, see Desktop Analytics.
    • 仅限应用打包的服务。App packaging-only services. 但是,应用保证团队会打包我们已为 Windows 10 修正的应用,以确保可以在客户环境中部署。However, the App Assure team packages apps that we have remediated for Windows 10 to ensure they can be deployed in the customer's environment.

    客户职责包括

    Customer responsibilities include

    • 创建应用清单。Creating an app inventory.
    • 验证 Windows 10 和 Microsoft 365 应用版上的应用。Validating those apps on Windows 10 and Microsoft 365 Apps.
    注意: Microsoft 无法对您的源代码进行更改。 Note: Microsoft can't make changes to your source code. 但是,如果可提供应用的源代码,则应用保证团队可向应用开发人员提供指导。However, the App Assure team can provide guidance to app developers if the source code is available for your apps.

    联系 Microsoft 合作伙伴 以获取有关这些服务的帮助。Contact a Microsoft Partner for assistance with these services.

    Windows 10 和 Microsoft 365 应用程序 Windows 10 and Microsoft 365 Apps
    • 在 Windows 7、Windows 8.1、Office 2010 和 Office 2013 上运行的应用也可在 Windows 10 和 Microsoft 365 应用版上运行。Apps that worked on Windows 7, Windows 8.1, Office 2010, and Office 2013 also work on Windows 10 and Microsoft 365 Apps.
    ARM 上的 Windows 10 Windows 10 on ARM
    • 在 Windows 7、Office 2010 或更高版本上运行的应用程序可在 ARM64 设备上的 Windows 10 和 Microsoft 365 应用中运行。Apps that worked on Windows 7, Office 2010, or later versions work on Windows 10 and Microsoft 365 Apps on ARM64 devices.
    注意: ARM 排除和限制中的 Windows 10 包括: Note: Windows 10 on ARM exclusions and limitations include:
    • 依赖于 ARM 中不兼容的软件驱动程序的应用程序。Apps that rely on software drivers that aren’t compatible in ARM.
    • 使用 OpenGL 或 OpenCL 的应用程序。Apps that use OpenGL or OpenCL.
    • 仅在64位 (x64) 中提供应用程序。Apps only available in 64-bit (x64).
    新的 Microsoft Edge The new Microsoft Edge
    • 如果你的 Web 应用或网站适用于 Internet Explorer 11、受支持的 Google Chrome 版本或任何 Microsoft Edge 版本,则它们也将适用于新版 Microsoft Edge。If your web apps or sites work on Internet Explorer 11, supported versions of Google Chrome, or any version of Microsoft Edge, they'll also work with the new Microsoft Edge.
    • 当 web 不断发展时,请务必查看此已发布的已知 网站兼容性列表。 Microsoft Edge 影响的更改As the web is constantly evolving, be sure to review this published list of known site compatibility-impacting changes for Microsoft Edge.
    Windows 虚拟桌面 Windows Virtual Desktop
    • 在 Windows Server 远程桌面会话主机 (RDSH) 上运行的虚拟化应用也可作为 Windows 虚拟桌面的一部分在 Windows 10 企业版多会话中运行。Virtualized apps that run on Windows Server Remote Desktop Session Host (RDSH) also run on Windows 10 Enterprise multi-session as part of Windows Virtual Desktop.
    • 在任何 Windows 7 或 Windows 10 虚拟桌面基础结构上运行的应用程序 (VDI) 环境也在 windows 7 企业版和 Windows 10 企业版上作为 Windows 虚拟桌面的一部分运行。Apps running on any Windows 7 or Windows 10 virtual desktop infrastructure (VDI) environment also run on Windows 7 Enterprise and Windows 10 Enterprise as part of Windows Virtual Desktop.
    • 在 Windows 7 或 Windows 10 客户端设备中运行的应用也可作为 Windows 虚拟桌面的一部分在 Windows 7 企业版和 Windows 10 企业版上运行。Apps running on Windows 7 or Windows 10 client devices also run on Windows 7 Enterprise and Windows 10 Enterprise as part of Windows Virtual Desktop.
    注意: Windows 10 企业版多会话兼容性排除和限制包括: Note: Windows 10 Enterprise multi-session compatibility exclusions and limitations include:
    • 硬件重定向受到限制。Limited redirection of hardware.
    • A/V 密集型应用可能功能受限。A/V-intensive apps may perform in a diminished capacity.
    • 64 位 Windows 虚拟桌面不支持 16 位应用。16-bit apps aren't supported for 64-bit Windows Virtual Desktop.

    新版 Microsoft EdgeThe new Microsoft Edge

    服务Service FastTrack 指南详细信息FastTrack guidance details 源环境预期Source environment expectations
    适用于 Windows 10 企业版客户的Microsoft Edge () Microsoft Edge (for Windows 10 Enterprise customers)
    • 我们为以下内容提供了远程部署指导和兼容性协助:将 Windows 10 企业版中的新 Microsoft Edge 部署到 microsoft 终结点配置管理器或 Intune) (microsoft 终结点管理器。We provide remote deployment guidance and compatibility assistance for: Deploying the new Microsoft Edge on Windows 10 Enterprise with Microsoft Endpoint Manager (Microsoft Endpoint Configuration Manager or Intune).
    • Microsoft Edge 配置 (使用组策略或 Intune 应用配置和应用程序策略) 。Microsoft Edge configuration (using group policies or Intune app configuration and app policies).
    • 清点可能需要在 Internet Explorer 模式中使用的网站列表。Inventory the list of sites that may require use in Internet Explorer mode.
    • 使用现有企业网站列表启用 Internet Explorer 模式。Enabling Internet Explorer mode with the existing Enterprise Site List. 此外,如果您有一个可与 Internet Explorer 或 Google Chrome 配合使用的 web 应用或网站,并且您遇到兼容性问题,我们提供的指导可以无需额外付费即可解决问题。Additionally, if you have a web app or site that works with Internet Explorer or Google Chrome and you experience compatibility issues, we provide guidance to resolve the issue at no additional cost. 有关详细信息,请参阅 应用程序的确保See App Assure for more details.

    以下项超出范围

    The following is out of scope

    • 客户的 Microsoft Edge 部署的项目管理。Project management of the customer's Microsoft Edge deployment.
    • 现场支持。On-site support.