问题描述
您好,
我们一直在将大部分应用程序迁移到O365 / Azure。 我们目前已将文件存储从内部SP迁移到SPO,Exchange部署到Exchange在线等等。 现在,我们现在拥有一个主要位于云中的环境,并且需要花费
才能继续朝这个方向发展。 现在,我们正在寻找管理设备/用户的最佳位置。 我们是否可以对Azure AD中的设备/用户进行更改并将它们同步到我们的onprem环境中? 我们应该从
Azure或本地DC管理这些内容? 我们如何才能从混合转换为Azure? 既然所有用户邮箱都已在线迁移到Exchange,我们可以登录我们的On Prem Exchange服务器吗?
We have been migrating most of our applications to O365/Azure. We currently have moved our file storage from on prem SP to SPO, Exchange on prem to Exchange online and thus forth. Now we now have an environment that mostly in the cloud and looking to keep going that direction. Now we are finding where the best place to manage our devices/users. Can we make changes to devices / users in Azure AD and have them sync down to our onprem environment? Where should we be managing these from Azure or local DC? How can we transition from a hybrid to Azure only? Can we sunset our On Prem Exchange server now that all users mailboxes have been migrated to Exchange online?
注意:我们仍有几台服务器在运行SQL,Dynamics和SP(适用于报告)和Exchange(只是因为如果我们可以解决这个问题,我一直在努力)但是我希望通过
Azure AD和Intune
Note: we still have a couple servers on prem running SQL, Dynamics, and SP (for reports), and Exchange (only because I keep getting the run around if we can sunset it) but looking to manage and go cloud first for our management of users / devices through Azure AD and Intune
推荐答案
为了配合完整的云计算只有设置,您需要确保您使用的所有客户端计算机都是Windows 10,因为它具有开箱即用的所有功能,可以无缝地使用所有Windows客户端版本。您甚至可以使用Mac机器
,但是他们可能无法使用Windows提供的不同管理和配置工具为您提供完全相同级别的组织控制。 Windows 10框可以直接连接到Azure AD而没有问题,它支持
现代身份验证,用于通过azure AD帐户登录。
In order to go with a complete cloud only setup , you would need to make sure all the client machines that you use are Windows 10 as it has all the capabilities out of box to work with Azure AD seamlessly out of all windows client editions. You can even use Mac machines as well but they may not give you exactly same level of organisation control on them using different management and configuration tool as windows can give you . A windows 10 box can be joined to Azure AD directly without an issue and it supports modern authentication for logon by azure AD accounts.
在您的情况下,为了要真正实现仅限云的组织,您需要使用Azure AD域服务将不支持现代身份验证的旧应用程序迁移到云。您提到了Intune,这正是您管理设备的方式。
In your case , in order to go truly cloud only organisation , you would need to move your legacy applications which don't support modern auth to the cloud by using Azure AD domain services. You mentioned Intune which is exactly how you can manage the devices.
您应该始终在一个地方管理设备。如果您有混合环境,我们建议您在本地管理它。如果您拥有所有移动用户,并且他们的设备已使用Azure AD加入加入azure AD租户,那么您应该在云中管理
他们。
You should always manage the devices in one place . If you have a hybrid environment , we would recommend to manage it on-premise. If you have all mobile users and their devices are joined to the azure AD tenant using Azure AD join , then you should manage them in the cloud.
有几个您的查询中的问题及其优点需要经过长时间的讨论才能更好地了解该方案。我建议聘请Azure AD / Office365顾问以获得更好的评估和指导。
There are several questions within your query and its merits a long discussion to understand more about the scenario . I would suggest to engage a Azure AD/Office365 consultant for better evaluation and guidance.
我根据我对查询的理解回复了这个问题。希望这能为您解释一些问题,如果不是全部的话。让我们知道您的进一步查询,我们将继续对话。如果这对您有帮助,请随时将其标记为答案,以便
可以帮助其他社区成员。
I have replied this as per my understanding of the queries. Hope this clarifies some points for your if not all . Let us know your further queries and we will continue the conversation. Should this help you , feel free to mark this as answer so that it can help other community members.
谢谢。
这篇关于Azure AD和On Prem AD的混合环境的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!