Professional Documents
Culture Documents
Implementation For Azure AD-Intune
Implementation For Azure AD-Intune
3,000 users
Current Infrastructure
- Currently there are approximately 3000 employees who are using their personal laptops
which are in workgroup and not part of any Active Directory domain to deliver the
required services on behalf of <CLIENT>.
- The users are telemarketing agents.
Requirement
- <CLIENT> wants to ensure 3000 end user’s system are compliant in terms of OS, anti-
virus, Windows system updates and DLP agent being deployed on their registered
systems with <CLIENT>.
2 Technology stack
Product name OEM Description
Azure EMS E3 Microsoft Azure AD premium 1, Intune (MDM) and conditional access.
RDP Microsoft For taking remote desktop control only by privileged users
3 Software BOM
Product Quantity
Azure EMS E3 3000
4 Scope of Work:
Based on the assessment share and discuss all the observation with <CLIENT>’s IT team
and fine tune the rollout plan for pilot and production users
1
C Enable phase
1 Activating your Microsoft online service tenant or subscription.
2 Sync 3000 users onto Azure AD DS
3 Enforce policies and test if they are working as expected
4 Configuring TCP/IP protocols and firewall ports.
5 Configuring DNS for eligible services.
6 Validating connectivity to Microsoft online services.
7 Configuring managed authentication with the Azure Active Directory Connect tool.
D Enable phase - Microsoft Azure Active Directory Premium
1 Activating your Azure AD Premium tenant.
2 Validating connectivity to Azure AD Premium services.
Configuring an authentication method (Password Hash Sync or Pass-Through
3 Authentication) with the Azure AD Connect tool.
4 Configuring Azure Active Directory Pass-through Authentication, if required.
5 Configuring Azure Active Directory Seamless Single Sign-On (SSO), if required.
E Enable phase - Azure AD Premium with Azure AD Connect
1 User provisioning, including licensing.
2 Azure AD Connect directory synchronization
3 Self Service Password Reset (SSPR), if required.
4 Azure Multi-Factor Authentication, if required.
5 Customized logon screen, including logo, text, and images.
7 Azure Active Directory Conditional Access.
F Enable phase – Intune
Configuring identities to be used by Intune, by leveraging cloud identities (Azure Active
1 Directory).
2 Licensing the end users.
Adding users to Intune subscription, defining IT admin roles, and creating user and
3 device groups.
Configuring Mobile Device Management (MDM) authority, based on your management
4 needs, including:
7 Assumptions
• The activity will be carried out from remote location.
• If an untrusted or 3rd party email platform is used the data leak protection cannot be
guaranteed.
• Required bandwidth, media, licenses, access, permissions, staging area and information
needed to deliver the project will be provided by <CLIENT>
• <CLIENT> will provide a SPOC during the entirety of the implementation project who will
help project team with any required information related to project activity.
• All the systems will be new and will be domain join using Azure Intune Auto-pilot service
or manual approach.
• Any data migration from end system post domain enrollment will not be in our
responsibility.