Now that you have a plan, it’s time to start deploying

This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series, youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out our last blog First Things First: Envisioning Your Security Deployment.

In our previous blog post, we covered how FastTrack for Microsoft 365 can help you envision a successful Microsoft 365 security deployment. Now, well cover the next phase of our three-phase planning approach: Onboard. This is where you move from strategy and objectives to the practical details of your deployment planning.

The Onboard phase is a critical time to remove any blockers you have, clean up any issues that might prevent your preferred deployment approach, and then start setting up services and users that integrate with your environment. The FastTrack team can help coordinate the setup, configuration, and provisioning of many of your Microsoft 365 services.

We will cover how to Drive Value with FastTrack for Microsoft 365 in our next blog. But first

Your onboard checklist

The following checklist provides some of the items and actions that our FastTrack team can help you work through during the Onboard phase:

Network and Client

  • Identify and prepare DNS, network, and infrastructure needs
  • Configure DNS for eligible services
  • Configure TCP/IP protocols and firewall ports
  • Identify and prepare client needs (Internet browser, client operating system, and services’ needs)
  • Enable eligible services that have been purchased and defined as part of onboarding
  • Establish the timeline for remediation activities
  • Activate your Microsoft online service tenant or subscription
  • Validate connectivity to Microsoft online services


  • Provision user identity including licensing
  • Configure Azure AD Identity Protection
  • Configure Self Service Password Reset (SSPR)
  • Configure Azure Multi-Factor Authentication
  • Configure Privileged Identity Management
  • Set up Azure AD Conditional Access policies
  • Synchronize Azure AD Connect directory (with password writeback and password hash sync)

Access Management

  • Configure identities to be used by Intune, by either leveraging your on-premises Active Directory or cloud identities (Azure AD)
  • Add users to your Intune subscription, define IT admin roles (Helpdesk operator, admins, etc.), and create user and device groups
  • Configure and deploy Intune app protection policies for each supported platform and prepare line-of-business apps for app protection policies

Mobile Device Management (MDM)

  • Configure your MDM authority and policies and test to validate MDM management policies
  • Configure profiles on devices for supported platforms
  • Enroll devices of each supported platform to Intune or Configuration Manager with Microsoft Intune service

Ready for action? Start with a Success Plan

Our FastTrack Success Plan is an online tool that walks you through each step of Microsoft 365 Security planning process, from Envisioning to Onboarding to Driving Value and adoption with users.

The Success Plan can be launched by either you or your Microsoft Partner and provides all the guidance and resources you need to plan a successful Microsoft 365 Security deployment. Once completed, the plan also provides you with a clear path to help you get the most out of your FastTrack services. To get started, simply sign in to FastTrack.

FastTrack provides end to end guidance for planning, onboarding, and driving end user adoption for Microsoft 365 which is comprised of Enterprise Mobility + Security (EMS), Windows 10, and Office 365.

More blog posts from this series:

Article Link: