Azure Active Directory is a cloud service that provides Identity as a Service (IDaaS), authentication, authorization, and identity management functions for the company's cloud and enterprise systems.
Azure AD is based on flexible access control capabilities that help
ensure security and reduce operating costs.
Azure AD can empower today's productive workforce.
Azure AD upgrades access management and secure identity. The global presence of Microsoft and extensive consumer experience are combined with powerful user behavioral analysis and advanced machine learning technologies to create the Microsoft Security Intelligent Graph, which means Azure AD stops credential compromise before it begins. The goal of this service is to help your organization continue the digital transformation process and migrate identity management from on-premises AD to cloud-based Azure AD, avoiding the problems that appear during the migration process.
It will allow you to increase the security and management of your users and IT assets while lowering support and operating costs.
IT Partner responsibilities #
- Perform a gap analysis of an existing on-premises AD environment and determine the necessity of additional Office 365/Azure licenses
- Prepare the existing On-Prem Active Directory and Azure AD for the migration
- Configure Azure AD policy
- Plan the transition from using GPO to Intune. (Not all GPO capabilities are currently supported by Intune. A review of computer management practices and additional work may be required.)
- Configure user profiles and devices
- Perform a pilot migration from on-premises AD to Azure AD for a small group of users. Gather feedback and do required troubleshooting. Prepare documentation for users, as needed.
- Migrate all the users from on-premises AD to Azure AD
- Assist with reconfiguring end-user devices
- On-Prem domain controller demotion
- Prepare a detailed report of all support activities and time spent
- Project closure and acceptance
Client responsibilities #
- Coordinate Client resources and staff schedules
- Provide a dedicated point of contact responsible for working with IT Partner
- Coordinate any outside vendor resources and schedules
- Configure all network equipment, such as load balancers, routers, firewalls, and switches
- Review and approve engagement deliverables in a timely manner
- Request and approve all change management tickets (if applicable) in the Client environment
- Make sure all users have proper licenses assigned in Office 365 tenant
- Provide access to physical and virtual servers, as needed
- Provide necessary remote and/or physical access to facility and systems needed in order to complete the work
- Provide virtual or physical servers necessary to achieve the project goals
- Perform changes to internal and external DNS as required
- All the necessary Office 365 and/or Azure subscriptions must be purchased before user migration can be started
- Resolution of basic tickets, which may be resolved by following end-user adoption instructions provided by Microsoft
Additional cost items not provided by this project #
- Support for any workstations with OS other than Microsoft Windows
- Windows 7/8.1 devices must be upgraded to Windows 10
- Firmware or operating system installation on servers, desktops, network hardware, or mobile devices
- Support for third-party business applications
- Training of end-user teams
- Additional purchase of items not specifically mentioned in scope of work (SOW)
- When connected to Azure AD, a new user profile will be created on the PC. Data transfer from current user profiles -- My Documents, Desktop, Favorites, etc. to OneDrive for Business or SharePoint Online. (Optional add-on to this project, if desired.)
Upon completion of the project, we will provide a project closeout
report. This document will indicate the final project status, including
evidence of matching acceptance criteria, outstanding issues, if any, and the
final budget. If you require more extensive documentation, it can be
provided for an additional fee.
Downtime status: users need to restart their PCs and log on to the newly created accounts. Profile settings and documents are not migrated.
- Azure subscription
- Microsoft 365 Business subscription
- Microsoft Windows 10 Pro at all workstations
- Your organization does not use On-Prem file storage, such as Windows Server, NAS, or others. These documents must be transferred to Sharepoint Online.
- Check all business applications; they should not use Active Directory authentication
- If your organization uses On-Prem Microsoft Exchange, it must be transferred to Microsoft Exchange Online
The plan may vary depending on your needs.
- Kickoff meeting
- Analysis of the existing infrastructure
- Preparation of the architecture and migration plan
- Azure AD setup
- Test migration
- Feedback gathering and required troubleshooting
- Migration of all users
- Verification and fixing of issues
- On-Prem domain controller demotion
Success Criteria #
- A gap analysis of an existing on-prem AD environment and Azure AD has been performed
- The necessity of an additional Office 365/Azure licenses has been determined and licenses purchased (license cost is not included in this SOW cost)
- The existing Azure AD has been prepared for the migration
- Pilot migration from on-premises AD to Azure AD has been performed for a small group of users. The feedback gathering and required troubleshooting has been performed.
- Documentation for end-users has been prepared, as needed
- All users are migrated from on-premises AD to Azure AD
- Users can log on to workstations with their authentication data and work with corporate resources
- Assistance with reconfiguring the end-user devices has been provided
Our certified engineers will analyze how well you are leveraging existing and optional security controls and settings of your Office 365 environment and develop a prioritized plan according to Microsoft best-practices to increase security and reduce risks.