To get the most out of this book
We will primarily focus on the most current versions of Windows available today, including Windows Server 2022, Windows 11, and the resources available within Microsoft Azure. We understand migrating to the latest Windows OS and shifting workloads from on-premises to the cloud is not an overnight task and may take years. In general, the concepts we provide throughout this book can be used within most configurations of Windows but could vary slightly depending on the build or version. Upgrading to the latest supported versions of Windows is critical to provide for the effective hardening of your systems and should be a driving factor to push your migrations forward. It is strongly encouraged to upgrade as soon as possible as Microsoft will no longer release security patches or offer support for deprecated versions.
To get the most out of this book, the following items will be needed to follow along with any provided examples. Thanks to cloud technology, you will be able to quickly enable an environment to build the infrastructure and foundation needed to support your journey throughout this book.
It is recommended that you set up an Office 365 subscription (add your own custom domain), which will in turn create an Azure Active Directory (AAD) tenant. Once the AAD tenant has been set up, this will allow you to add an Azure subscription to begin consuming Azure resources tied to your Office 365 subscription and your custom domains.
Office 365 E5 30-day free trial: https://go.microsoft.com/fwlink/p/?LinkID=698279&culture=en-US&country=US
Azure Account with $200 credit for 30 days: https://azure.microsoft.com/en-us/free/
Cloud subscriptions required:
- An Azure subscription
- Microsoft Enterprise E5 (M365 E5 includes Intune licensing, Microsoft Defender for Endpoint, and Windows Enterprise)
- An Intune subscription and license
- Windows 10 E3 or E5
- Enterprise Mobility + Security E3 or E5 (includes Azure AD Premium P2)
Permissions:
- Global administrator rights to your Office 365 subscription
- Owner role or appropriate RBAC to your Azure subscription to deploy resources
- Domain admin rights on your domain controller or equivalent rights to modify Group Policy
Azure resources:
- Azure VMs (Windows 11 and Windows Server 2022 Core and Desktop versions from Marketplace)
- A virtual network, subnet, network security group, and resource group
- AAD
- Defender for Cloud
- Microsoft Sentinel
- Azure Bastion
- Microsoft Defender for Cloud Apps
- Azure Log Analytics workspace
- Azure Automation account
- Azure Update Management
- Azure Privileged Identity Management
Applications, tools, and services:
- PowerShell (version 5.1 recommended) with the AAD module and the Azure PowerShell Az module
- Text viewer to edit and open JSON files
- Windows Assessment and Deployment Kit
- Windows Deployment Services (Windows Server roles and features)
- Microsoft Deployment Toolkit
- Microsoft Endpoint Manager (Configuration Manager) hierarchy
- Windows 2016 Active Directory and domain functional level
- Microsoft Security Compliance Toolkit
- Windows Server Update Services (WSUS)
- Windows 10+ Pro/Enterprise, Windows Server 2016+ Core/Datacenter
All licensing and pricing is subject to change by Microsoft. Additionally, many of the products that are mentioned are covered under a license bundle, or available à la carte if you only want to enable a small subset of features.
For information about licensing Microsoft 365, visit this link:
https://www.microsoft.com/en-us/microsoft-365/compare-microsoft-365-enterprise-plans
To compare the different products available in the Microsoft 365 plans, visit this link:
https://www.microsoft.com/en-us/microsoft-365/compare-microsoft-365-enterprise-plans
For AAD pricing and features, visit this link:
https://azure.microsoft.com/en-us/pricing/details/active-directory/
If you are using the digital version of this book, we advise you to type the code yourself. Doing so will help you avoid any potential errors related to the copying and pasting of code.