在過去的 15 年中，新的德威學(xué)校逐漸在不同的城市建立起來，并獨(dú)立啟動了自己的 IT 系統(tǒng)，既有內(nèi)部部署的，也有云計(jì)算的。隨著組織規(guī)模的擴(kuò)大，學(xué)校之間的交流與合作越來越頻繁，導(dǎo)致學(xué)生和教職員工需要訪問其他學(xué)校的 IT 資源。創(chuàng)建訪客賬戶可以暫時(shí)緩解這種情況，但會增加系統(tǒng)管理成本，而且從長遠(yuǎn)來看，對網(wǎng)絡(luò)安全和品牌凝聚力也不利。組織迫切需要統(tǒng)一信息化基礎(chǔ)架構(gòu)。

將所有 Dulwich 學(xué)校整合在一起的目標(biāo)是為組織建立統(tǒng)一的 IT 系統(tǒng)，這將從活動目錄架構(gòu)的規(guī)劃開始，隨后是服務(wù)部署、賬戶/數(shù)據(jù)遷移、桌面遷移和租戶切換。

為了方便賬戶權(quán)限的分配和管理，對原有多個(gè)獨(dú)立域進(jìn)行了整合和合并，這樣學(xué)校的 IT 管理員就有足夠的權(quán)限管理學(xué)生和教職員工的賬戶，同時(shí)仍處于全球辦公室的全面覆蓋之下。

在遷移過程中，為了減少對體驗(yàn)的影響，需要提前準(zhǔn)備和清理數(shù)據(jù)，并創(chuàng)建一對一遷移的賬戶映射。設(shè)備也需要切換到新域，從而在本地創(chuàng)建新的用戶配置文件。為了改善桌面用戶的使用體驗(yàn)，還需要將數(shù)據(jù)遷移到新的配置文件中。所有這些工作只有通過適當(dāng)?shù)墓ぞ吆徒鉀Q方案才能高效完成。

經(jīng)過精心策劃和部署，所有 Dulwich 學(xué)校現(xiàn)已合并為一個(gè)統(tǒng)一的IT基礎(chǔ)結(jié)構(gòu)，節(jié)省了 IT 管理員管理賬戶權(quán)限的繁瑣工作，增強(qiáng)了組織網(wǎng)絡(luò)的溝通凝聚力，并大幅降低了成本。在整個(gè)過程中，郵箱、OneDrive 和 SharePoint 中的所有必要數(shù)據(jù)都得到了順利遷移，為師生員工帶來了無縫體驗(yàn)。

整個(gè)項(xiàng)目的成功實(shí)施，實(shí)現(xiàn)了 IT 系統(tǒng)的集中管理和可訪問性，實(shí)現(xiàn)了 “One Dulwich “理念的目標(biāo)。

隨著組織和業(yè)務(wù)的發(fā)展，越來越多的設(shè)備（如筆記本電腦、平板電腦和顯示面板）不可避免地用于日常工作和課堂。如此大量的設(shè)備給 IT 部門帶來了沉重的維護(hù)負(fù)擔(dān)。此外，自 2020 年以來，由于遠(yuǎn)程工作的需求不斷增加，從內(nèi)網(wǎng)向設(shè)備分發(fā)更新的傳統(tǒng)方式已變得效率低下。企業(yè)需要一種更有效的方式來確保設(shè)備的安全性和功能的及時(shí)更新。

Microsoft Intune 是微軟推出的基于云的統(tǒng)一端點(diǎn)管理服務(wù)，其中包括管理端點(diǎn)設(shè)備的 MDM 服務(wù)。作為 Microsoft 365 許可證功能的一部分，Intune 完全符合 EiM 管理組織設(shè)備的要求。

要將該解決方案付諸實(shí)踐，需要考慮幾個(gè)條件，包括但不限于：

• 管理員和資源的角色和范圍分配，因?yàn)槊總€(gè)學(xué)校擁有不同級別的權(quán)限來管理目錄中的對象。
• 針對不同操作系統(tǒng)和情況的設(shè)備的注冊方式。在部署前應(yīng)考慮各種條件，如是否由本地目錄管理、設(shè)備是否允許出廠重置、由員工還是學(xué)生使用等。
• 可能阻礙注冊進(jìn)度的因素，如加入域的設(shè)備不在辦公室、由其他系統(tǒng)管理的設(shè)備造成沖突等。

此外，為員工和管理員提供通知和指導(dǎo)也是使系統(tǒng)在足夠負(fù)荷的情況下正常使用的關(guān)鍵部分。

Intune 的啟用成功減輕了 IT 部門重復(fù)性工作的負(fù)擔(dān)，使他們能夠把時(shí)間花在更高級的功能上。設(shè)備用戶也可以更及時(shí)地獲得應(yīng)用程序和更新，所有這些都是自動或自助服務(wù)。此外，作為一個(gè)先決條件，這也為將來加入其他最新安全功能鋪平了道路。

With the growth of the organization and business, it becomes inevitable that more and more devices like laptops, tablets and display panels have been used in daily work and classes. Such a large scale number of devices has made the maintenance for IT department a heavy burden. Besides, due to the increasing need for remote work since 2020, the traditional way of distribute update to devices from intranet has become less efficient. The organization will need a more effective way to ensure the security of devices and features being up-to-date.

Microsoft Intune is a cloud-based unified endpoint management service brought out by Microsoft, which including MDM service for managing endpoint devices. Being included as part of the Microsoft 365 licenses features, Intune fits EiM’s requirement of managing organization devices perfectly.

To bring the solution into practice, several conditions need to be take into consideration, including but not limited to:

• The role and scope assignment for administrators and resources as each school holds different levels of permissions for managing the objects in directory.
• The way of enrollment for devices with different OSs and situation. Conditions, like being managed by local directory or not, devices allowed to be factory reset, used by a staff or students, should all be considered before deployment.
• Factors that may block the progress of enrollment, like domain joined devices being absent from office, conflict caused by devices being managed by other system.

In addition, notification and tutorial for staff and administrators is also the key part to make the system being used properly with adequate load.

The on boarding of Intune has successfully downgrade the load of repetitive works for IT department and allows them to spend time on more advanced features. Devices users can also get applications and updates more timely, all automatic or self-serviced. Besides, working as a prerequisite, this has pave the road for on boarding other latest security feature from Microsoft in the future.

In the last 15 years, new Dulwich schools was established gradually in different cities, together with their own IT system, both on-premises and cloud, initiated independently. With the growth of organization’s size, communication and cooperation between schools become more and more frequent, lead to the requirement of students and staffs accessing IT resources from other schools. Creating guest accounts could be a temporary mitigation for such cases, yet this could increase the cost of system management, and not promising for cyber security and brand cohesion in long term. Dulwich urgently need a reunification.

The target of bringing all Dulwich schools together is to built unified IT system for the organization, which would starting from the planning of Active Directory architecture, with service deployment, account/data migration, desktop migration and tenant switch come after.

For the convenience of account permission assignment and management, the Active Directory was deployed in the structure of parent-child domains, which gives the school IT admins enough permission to manage student and staff accounts while still under the full coverage of the global office.

For the migration, to cut down the influence on experience, data need to be prepared and cleansed in advance, and create the account mapping for one-to-one migration. Devices would need to be switched to the new domain as well, causing new user profile being created locally. To improve the desktop user’s experience, data would also need to be migrated to the new profiles. All these works can only be accomplished efficiently with proper tools and solutions.

With delicate planning and deployment, all Dulwich schools have now been merged into one unified Active Directory and Microsoft 365 tenant, saving IT admins tedious tasks of managing permissions for accounts, enhancing the communication for the cohesive network of the organization, and significantly reduce the cost. During the whole process, all necessary data in mailboxes, OneDrive and SharePoint were migrated smoothly, bringing staff, teachers and staff seamless experience.

Success of the whole project centralized the management and accessibility of IT system, and achieved the goal of “One Dulwich” concept.