Completely migrating to Azure AD and using Office 365 and Intune for productivity and mobility – Intro

Azure AD
Azure AD, Office 365 and Intune for your environment

Series of migration guides written by me on Azure AD, Intune and Office 365. We will be going through Design phase, Migrating E-mail and configuring Intune Standalone. Let’s start

Azure AD Standalone

Quite recently I was called to help a company move 11 sub-companies into the same tenant. They want to move away from On-Premise, and move to the cloud with Azure AD, Intune and Office 365.

At the same time, it was time to create a blog.

Let’s go to our customer with needs.

Details about the client:

  • Multi-national company that owns several separate entities in several countries
  • Parent company will not be a part of the project

What are the needs?

  • One tenant for all separate companies
  • No local infrastructure if possible
  • A basic need for Office and security (Antivirus)
  • Sharepoint is intended to be a vital part for sharing documents and information to users
  • Reduce management of clients to a minimum (Automate as much as possible)
  • Cloud-based telephony is desired
  • Move companies one by one by country
  • Companies need to be separated while in the same tenant

Infrastructure

  • All companies have a separate IT environment
  • There are offices for each company in each country
  • Some companies have migrated to Office 365 previously (Hybrid)
  • Most use remote solutions for CRM/ERP/etc – This is not part of the project
  • All client computers will be upgraded to Windows 10

Proposed Solution

Now, let’s look at the possibilities regarding the needs of the company vs the infrastructure. I will go in depth in the next parts regarding migrations, configuration of Azure AD, Office 365, Intune and Azure Rights Management

One  tenant: Immediately, there is no problem consolidating all these companies into the same tenant. By registering each company as a separate accepted domain, we can distinguish them in the tenant. For example, user1@contoso.com and user2@adatum.com.

No local infrastructure: That’s great. With Azure AD join on Windows 10, Intune automation and SSO experience, the user will experience a fluent setup and access without you, as the IT admin, having to even touch the computer/phone. The immediate problem is “What about printing”. To be honest, that’s always a problem anyways.Azure AD

A basic need for Office and Antivirus: Intune provides Endpoint Protection, it’s a good antivirus program that saves lives computers. We can also set up Intune to automatically register the client PC and drop Office in their laps. All through the internet, with you not having to touch the PC. Just create the deployments!

Sharepoint: I will not dive deep here, Sharepoint can be huge if the customer wants, or it can be setup in a couplpe simple steps for a basic experience. There will be a need to segregate the different companies, as they should not be able to see each others files/information.

Reduce management: In this guide, we will intend to automate as much as possible. The only requirements for the user should be:

  1. Username/Password
  2. Internet access

When the user gets his or her computer (brand new, not touched by IT personell) they should only need to log on with their work account, and Intune/Office 365 will handle the rest. All policies, all accepted updates, all applications will drop in their lap. Regarding printing, I’m thinking of creating a basic script that adds the printers in their offices. I will look at this problem at a later stage.

Cloud based telephony: Well, Office 365 E5 to the rescue.

Companies need to keep being separated even though they’re in the same tenant: This one’s tricky. Why do I say that? Because Microsoft hasn’t really added good functionality for this bit.

If you’re an administrator in Office 365, you’re an administrator for the whole tenant. We can’t separate one company-admin, from another one. You can either give all the access, or nothing at all. Of course you can limit the access by services (Exchange Online, Skype, Sharepoint) but that’s not really the point. There should have been capability to give limited access on different criterias. Management by groups would be the best in our scenario.

For the users, though, there will not be much confusion. We’ll still be able to separate them fairly well. More on this in later posts

 

Leave a Reply

1 Comment on "Completely migrating to Azure AD and using Office 365 and Intune for productivity and mobility – Intro"

Notify of
avatar

Sort by:   newest | oldest | most voted
trackback

[…] Part 1, we saw that companies are going to use the same tenant, and they all have their own IT […]

wpDiscuz