Microsoft 受管理電腦的先決條件Prerequisites for Microsoft Managed Desktop

本主題概述您必須符合,以確保 Microsoft Managed Desktop 成功的基礎結構需求。This topic outlines the infrastructure requirements you must meet to assure success with Microsoft Managed Desktop.

範圍Area 必要條件詳細資料Prerequisite details
授權Licensing Microsoft 受管理的桌面需要 Microsoft 365 E3 授權搭配 Microsoft Defender for Endpoint (或) 指派給您的使用者。Microsoft Managed Desktop requires the Microsoft 365 E3 license with Microsoft Defender for Endpoint (or equivalents) assigned to your users. 您必須在租使用者中使用 Azure Active Directory Premium 2 的兩個授權,但使用者不需要此授權。Two licenses for Azure Active Directory Premium 2 must be available in the tenant but users do not need this license.
如需特定服務方案的詳細資訊,請參閱本主題中 有關授權的詳細 資訊。For details about the specific service plans, see More about licenses in this topic.
如需可用授權的詳細資訊,請參閱 Microsoft 365 授權For more information on available licenses, see Microsoft 365 licensing.
連線能力Connectivity 所有 Microsoft 受管理的桌面裝置都需要從公司網路連接至眾多的 Microsoft 服務端點。All Microsoft Managed Desktop devices require connectivity to numerous Microsoft service endpoints from the corporate network.

如需必要 IPs 和 URLs 的完整清單,請參閱 Network configurationFor the full list of required IPs and URLs, see Network configuration.
Azure Active DirectoryAzure Active Directory Azure Active Directory (Azure AD) 必須是所有使用者帳戶的授權來源,或是必須使用最新版的 Azure AD Connect 從內部部署 Active Directory 同步處理使用者帳戶。Azure Active Directory (Azure AD) must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure AD Connect.

必須對 Microsoft 受管理的桌面使用者啟用企業狀態漫遊Enterprise State Roaming must be enabled for Microsoft Managed Desktop users.

如需詳細資訊,請參閱 AZURE AD ConnectFor more information, see Azure AD Connect.

如需支援的 Azure AD Connect 版本的詳細資訊,請參閱 AZURE Ad connect:版本發行歷程記錄For more information on supported Azure AD Connect versions, see Azure AD Connect:Version release history.
驗證Authentication 如果 Azure AD 不是使用者帳戶的主要驗證來源,您必須在 Azure AD Connect 中設定下列其中一項:If Azure AD is not the source of primary authentication for user accounts, you must configure one of these in Azure AD Connect:
-密碼雜湊同步處理- Password hash synchronization
傳遞驗證- Pass-through authentication
-外部身分識別提供者 (,包括 Windows Server ADFS 和非 Microsoft IDPs) 設定為符合 Azure AD 整合需求。- An external identity provider (including Windows Server ADFS and non-Microsoft IDPs) configured to meet Azure AD integration requirements. 如需詳細資訊,請參閱 指導方針See the guidelines for more information.

使用 Azure AD Connect 設定驗證選項時,也建議使用密碼回寫。When setting authentication options with Azure AD Connect, password writeback is also recommended. 如需詳細資訊,請參閱 密碼回寫For more information, see Password writeback.

如果已執行外部身分識別提供者,則必須驗證解決方案:If an external identity provider is implemented, you must validate the solution:
-符合 Azure AD 整合需求- Meets Azure AD integration requirements
-支援 Azure AD 條件式存取,允許設定 Microsoft 受管理的桌面裝置合規性原則- Supports Azure AD Conditional Access, which allows the Microsoft Managed Desktop device compliance policy to be configured
-啟用裝置註冊,並使用 microsoft 365 服務或 Microsoft 受管理桌面的一部分所需功能- Enables device enrollment and use of Microsoft 365 services or features required as part of Microsoft Managed Desktop

如需 Azure AD 驗證選項的詳細資訊,請參閱 AZURE Ad Connect 使用者登入選項For more information on authentication options with Azure AD, see Azure AD Connect user sign-in options.
Microsoft 365Microsoft 365 必須為 Microsoft 受管理的桌面使用者啟用商務 OneDrive。OneDrive for Business must be enabled for Microsoft Managed Desktop users.

雖然不需要向 Microsoft 受管理的桌上型電腦註冊,我們強烈建議您將下列服務遷移至雲端:Though it is not required to enroll with Microsoft Managed Desktop, we highly recommended that the following services be migrated to the cloud:
-電子郵件:以 exchange Online 混合方式遷移至雲端架構信箱、Exchange online,或使用 exchange 2013 或更高版本(內部部署)進行設定。- Email: Migrate to cloud-based mailboxes, Exchange online, or configure with Exchange Online Hybrid with Exchange 2013 or higher, on-premises.
-檔案和資料夾:針對商務或 SharePoint 線上,遷移至 OneDrive。- Files and folders: Migrate to OneDrive for Business or SharePoint Online.
-線上共同作業工具:向小組遷移。- Online collaboration tools: Migrate to Teams.
裝置管理Device management Microsoft 受管理的桌面裝置需要使用 Microsoft Intune 進行管理。Microsoft Managed Desktop devices require management using Microsoft Intune. 必須將 Intune 設定為行動裝置管理授權。Intune must be set as the Mobile Device Management authority.

如需詳細資訊,請參閱 Microsoft IntuneFor more information, see Microsoft Intune.
資料備份和修復Data backup and recovery Microsoft 受管理的桌面需要將檔案同步處理至 OneDrive 以供商務用以進行保護。Microsoft Managed Desktop requires files to be synced to OneDrive for Business for protection. Microsoft 受管理的桌面不會保證任何未同步處理至商務 OneDrive 的檔案,也可能會在更換裝置時或支援裝置重設的呼叫期間遺失。Any files not synced to OneDrive for Business are not guaranteed by Microsoft Managed Desktop and might be lost during device exchanges or support calls requiring a device reset.

Microsoft 受管理的電腦強烈建議您從對應的網路磁碟機遷移至適當的雲端解決方案,但這不是必要的。Though not required, Microsoft Managed Desktop strongly recommends migration from mapped network drives to the appropriate cloud solution. 如需詳細資訊,請參閱為 Microsoft Managed Desktop 準備對應的磁片磁碟機For more information, see Prepare mapped drives for Microsoft Managed Desktop

當您準備好開始使用 Microsoft Managed Desktop 時,請與您的 Microsoft 帳戶管理員聯繫。When you're ready to get started with Microsoft Managed Desktop, contact your Microsoft Account Manager.

有關授權的詳細資訊More about licenses

Microsoft 受管理的桌面需要某些授權選項才能正常運作。Microsoft Managed Desktop requires certain license options in order to function. 如需如何使用這些授權的相關資訊,請參閱 Microsoft Managed Desktop 技術See Microsoft Managed Desktop technologies for information about how these licenses are used.

提示

若要將這些授權選項指派給特定使用者,建議您利用 Azure Active Directory 的 群組型授權功能To assign these license options to specific users, we recommend that you take advantage of the group-based licensing feature of Azure Active Directory.

提示

您的 Microsoft 帳戶管理員會協助您檢查目前的授權和服務方案,並尋找最有效率的路徑,讓您能取得任何其他可能需要的授權或服務方案,同時避免重複。Your Microsoft Account Manager will help you review your current licenses and service plans and find the most efficient path for you to get any additional licenses or service plans you might need, while avoiding duplication.