设置使用 Microsoft 365 实现混合工作的基础结构Set up your infrastructure for hybrid work with Microsoft 365

要保护并优化远程工作者的生产力和协作,你需要允许现场和远程工作者轻松、安全地访问组织内本地和基于云的信息、工具以及资源。To secure and optimize your worker’s productivity and collaboration, you need to allow on-site and remote workers to easily and securely access your organization's on-premises and cloud-based information, tools, and resources. 此解决方案会逐步完成基础设施关键层的部署,让工作者无论在哪里都能够高效工作。This solution steps through the deployment of key layers of infrastructure that empower your workers to do their best work, wherever they are.

混合工作者可在以多个位置中进行现场或远程工作。Hybrid workers can work on-site or remotely in a combination of locations. 对于许多组织而言,允许工作者在传统办公室外工作非常重要,这有助于:Allowing workers to work away from a traditional office is important for many organizations to:

  • 聘用和保留不愿意移动位置或需要灵活工作环境的工作者。Hire and retain workers who are unwilling to relocate or require a flexible work environment.
  • 减少工作者通勤,让他们有更多时间实现高效工作并在工作外参与减压活动。Reduce worker commuting, leaving workers with more time to be productive and for stress-reducing activities outside of work.
  • 节省办公空间。Save on office space.

Microsoft 365 具有助力混合工作者现场或远程工作的功能。Microsoft 365 has the capabilities to empower your hybrid workers to work either on-site or remotely.

使用 Microsoft 365 助力混合工作者

备注

如果你第一次使用 Microsoft 365,请参阅 If you are new to Microsoft 365, see these resources.

观看此视频以简要了解部署流程。Watch this video for an overview of the deployment process.

对于管理现场和基于云的基础结构以提高混合工作者的生产力的 IT 专业人员,此解决方案提供了以下关键功能:For IT professionals managing onsite and cloud-based infrastructure to enable hybrid worker productivity, this solution provides these key capabilities:

  • 已连接Connected

    工作者能够随时随地访问:From anywhere in the world and at any time, your workers are able to access:

    • Microsoft 365 订阅中基于云的服务和数据。Cloud-based services and data in your Microsoft 365 subscription.

    • 组织资源,例如由本地应用程序数据中心提供的资源。Organization resources, such those offered by on-premises application datacenters.

  • 安全Secure

    使用 Microsoft 365 和 Windows 10 的多重身份验证 (MFA) 和内置安全功能来保护登录,防止恶意软件、恶意攻击和数据丢失。Sign-ins are secured with multi-factor authentication (MFA) and built-in security features of Microsoft 365 and Windows 10 protect against malware, malicious attacks, and data loss.

  • 托管Managed

    可以使用安全设置和允许的应用从云中管理混合工作者的设备,并要求其符合系统运行状况。Your hybrid worker's devices can be managed from the cloud with security settings, allowed apps, and to require compliance with system health.

  • 协作高效Collaborative and productive

    混合工作者可以以高度协作的方式和本地一样高效工作,方式如下:Your hybrid workers can be as productive as on-premises in a highly collaborative way with:

    • 通过 Teams 进行的联机会议和聊天会话。Online meetings and chat sessions with Teams.

    • 基于云的文件存储的共享工作区,可通过 SharePoint 和 OneDrive 实现全球可访问性和实时协作。Shared workspaces for cloud-based file storage with global accessibility and real-time collaboration with SharePoint and OneDrive.

    • 用于划分工作并完成任务的共享任务和工作流。Shared tasks and workflows to divide up the work and get things done.

为获得无缝登录体验,应将本地 Active Directory 域服务 (AD DS) 用户帐户与 Azure Active Directory (Azure AD) 同步。For a seamless sign-in experience, your on-premises Active Directory Domain Services (AD DS) user accounts should be synchronized with Azure Active Directory (Azure AD). 若要保护 Windows 10 设备,应在 Intune 中对其进行注册。To protect your Windows 10 devices, they should be enrolled in Intune. 下面是基础结构的高级视图。Here is a high-level view of the infrastructure.

面向使用 Microsoft 365 的混合工作者的基本基础结构

要为混合工作者启用 Microsoft 365 的功能,请使用以下 Microsoft 365 功能。To enable the capabilities of Microsoft 365 for your hybrid workers, use these Microsoft 365 features.

功能或特性Capability or feature 说明Description 许可Licensing
通过安全性默认设置强制执行 MFAMFA enforced with security defaults 通过请求第二种形式的登录身份验证,抵御遭到入侵的身份和设备的威胁。安全性默认设置要求对所有用户帐户进行 MFA。Protect against compromised identities and devices by requiring a second form of authentication for sign-ins. Security defaults requires MFA for all user accounts. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
通过条件访问强制执行 MFAMFA enforced with Conditional Access 要求基于使用条件访问策略的登录的属性进行 MFA。Require MFA based on the properties of the sign-in with Conditional Access policies. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
通过基于风险的条件访问强制执行 MFAMFA enforced with risk-based Conditional Access 需要基于使用 Microsoft Defender for Identity 的用户登录的风险进行 MFA。Require MFA based on the risk of the user sign-in with Microsoft Defender for Identity. Microsoft 365 E5 或 E3(含 Azure AD Premium P2 许可)Microsoft 365 E5 or E3 with Azure AD Premium P2 licenses
自助服务密码重置 (SSPR)Self-Service Password Reset (SSPR) 允许用户重置或解锁其密码或帐户。Allow your users to reset or unlock their passwords or accounts. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
Azure AD 应用程序代理Azure AD Application Proxy 为 Intranet 服务器上托管的基于 Web 的应用程序提供安全的远程访问权限。Provide secure remote access for web-based applications hosted on intranet servers. 需要单独的付费 Azure 订阅Requires separate paid Azure subscription
配置点到站点 VPNAzure Point-to-Site VPN 通过 Azure 虚拟网络创建从远程工作者的设备到 intranet 的安全连接。Create a secure connection from a remote worker’s device to your intranet through an Azure virtual network. 需要单独的付费 Azure 订阅Requires separate paid Azure subscription
Windows 虚拟桌面Windows Virtual Desktop 支持只能将其个人和非托管设备与在 Azure 中运行的虚拟桌面配合使用的远程工作者。Support remote workers who can only use their personal and unmanaged devices with virtual desktops running in Azure. 需要单独的付费 Azure 订阅Requires separate paid Azure subscription
远程桌面服务 (RDS)Remote Desktop Services (RDS) 允许员工通过 Intranet 连接到基于 Windows 的计算机。Allow employees to connect into Windows-based computers on your intranet. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
远程桌面服务网关Remote Desktop Services Gateway 加密通信,防止 RDS 主机直接向 Internet 公开。Encrypt communications and prevent the RDS hosts from being directly exposed to the Internet. 需要单独的 Windows Server 许可证Requires separate Windows Server licenses
Microsoft IntuneMicrosoft Intune 管理设备和应用程序。Manage devices and applications. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
内容和功能,Configuration Manager 管理设备上的软件安装、更新和设置Manage software installations, updates, and settings on your devices 需要单独的 Configuration Manager 许可证Requires separate Configuration Manager licenses
桌面分析Desktop Analytics 确定你的 Windows 客户端的更新准备情况。Determine the update readiness of your Windows clients. 需要单独的 Configuration Manager 许可证Requires separate Configuration Manager licenses
Windows AutopilotWindows Autopilot 设置和预配置新的 Windows 10 设备,以便高效使用。Set up and pre-configure new Windows 10 devices for productive use. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
Microsoft Teams、Exchange Online、SharePoint Online 和 OneDrive、Microsoft 365 应用版、Microsoft Power Platform、YammerMicrosoft Teams, Exchange Online, SharePoint Online and OneDrive, Microsoft 365 Apps, Microsoft Power Platform, and Yammer 创建、沟通和协作。Create, communicate, and collaborate. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5

有关安全和合规性条件,请参阅针对远程工作者的部署安全性与合规性For security and compliance criteria, see Deploy security and compliance for remote workers.

有关此解决方案的两页摘要,请参阅 “助力混合工作者”海报For a 2-page summary of this solution, see the Empower hybrid workers poster.

“助力混合工作者”海报Empower hybrid workers poster

你还可以以 PowerPoint 格式下载海报,并将其打印在信件、法律文件或小报(11 x 17)大小的纸张上。You can also download this poster in PowerPoint format and print it on letter, legal, or tabloid (11 x 17) size paper.

为所有工作者提供混合工作Provide hybrid working for all of your workers

使用以下设备,你可以使所有工作者随时随地保持生产力:You can enable all of your workers to stay productive from anywhere with these devices:

  • 一个新式设备,例如 Surface laptop 和 Windows 10,具备通过网页直接访问 Microsoft 365 云应用和服务的功能、安全性和性能。A modern device, such as a Surface laptop and Windows 10, which has the features, security, and performance to access Microsoft 365 cloud apps and services directly over the web.

  • 包括旧式家用笔记本电脑或台式机在内的任何设备,可通过快速部署的基于 Windows 10 的虚拟桌面间接访问 Microsoft 365 云应用和服务。Any device including older laptops or desktops used from home, which can access Microsoft 365 cloud apps and services indirectly through a quickly deployed Windows 10-based virtual desktop. 该选项能提高性能、增强安全性并简化 IT 管理。This option provides high performance, strong security, and simplified IT management.

后续步骤Next steps

按照以下步骤保护并优化对组织的服务器和云服务的访问权限,并最大化混合工作者的生产力。Use these steps to secure and optimize access to your organization's servers and cloud services and maximize your hybrid worker's productivity.

  1. 借助 MFA 提升登录安全性Increase sign-in security with MFA
  2. 提供对本地应用和服务的远程访问权限Provide remote access to on-premises apps and services
  3. 部署安全与合规服务Deploy security and compliance services
  4. 部署设备、电脑和其他终结点的终结点管理Deploy endpoint management for your devices, PCs, and other endpoints
  5. 部署混合工作者生产力应用和服务Deploy hybrid worker productivity apps and services
  6. 培训员工并处理使用情况反馈Train your workers and address usage feedback

设置使用 Microsoft 365 实现混合工作的基础结构的步骤The steps to set up your infrastructure for hybrid work with Microsoft 365

要了解虚构但具代表性的跨国组织如何为混合工作设置其基础设施,请参阅Contoso 的 COVID-19 响应措施及混合工作的基础设施To see how a fictional but representative multi-national organization set up its infrastructure for hybrid work, see Contoso's COVID-19 response and infrastructure for hybrid work.