Share via

Infrastructure prerequisites

  • Article

This article outlines the infrastructure requirements you must meet to assure success with Microsoft Managed Desktop.

Area Prerequisite details
Licensing Microsoft Managed Desktop requires the Microsoft 365 E3 license with Microsoft Defender for Endpoint (or equivalents) assigned to your users.
Connectivity All Microsoft Managed Desktop devices require connectivity to numerous Microsoft service endpoints from the corporate network.

For the full list of required IPs and URLs, see Network configuration.
Microsoft Entra ID Microsoft Entra ID must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Microsoft Entra Connect.
Authentication If Microsoft Entra ID isn't the source of primary authentication for user accounts, you must configure one of the following authentication methods in Microsoft Entra Connect:
  • Password hash synchronization.
  • Pass-through authentication.
  • An external identity provider (including Windows Server ADFS and non-Microsoft IDPs) configured to meet Microsoft Entra integration requirements. For more information, see the guidelines.

When setting authentication options with Microsoft Entra Connect, password writeback is also recommended. For more information, see Password writeback.

If an external identity provider is implemented, you must validate the solution:
  • Meets Microsoft Entra integration requirements.
  • Supports Microsoft Entra Conditional Access, which allows the Microsoft Managed Desktop device compliance policy to be configured.
  • Enables device enrollment, use of Microsoft 365 services, or features required as part of Microsoft Managed Desktop.

For more information on authentication options with Microsoft Entra ID, see Microsoft Entra Connect user sign in options.
Microsoft 365 OneDrive for Business must be enabled for Microsoft Managed Desktop users.

Though it isn't required to enroll with Microsoft Managed Desktop, we highly recommended that the following services be migrated to the cloud:
  • Email: Migrate to cloud-based mailboxes, Exchange online, or configure with Exchange Online Hybrid with Exchange 2013 or higher, on-premises.
  • Files and folders: Migrate to OneDrive for Business or SharePoint Online.
  • Online collaboration tools: Migrate to Teams.
Device management
  • Microsoft Managed Desktop devices require management using Microsoft Intune. Intune must be set as the Mobile Device Management authority. For more information, see Microsoft Intune
  • Microsoft Managed Desktop allows you to provision devices using Autopilot into co-management. This feature is optional for organizations that already have co-management turned on and want to combine Microsoft Intune for workload management except for client applications. For more information, see Autopilot into co-management for Microsoft Managed Desktop.
Data backup and recovery Microsoft Managed Desktop requires files to be synced to OneDrive for Business for protection. Any files not synced to OneDrive for Business aren't guaranteed by Microsoft Managed Desktop. The files might be lost during device exchanges or support calls requiring a device reset.

Though not required, Microsoft Managed Desktop strongly recommends migration from mapped network drives to the appropriate cloud solution. For more information, see Prepare mapped drives for Microsoft Managed Desktop

When you're ready to get started with Microsoft Managed Desktop, contact your Microsoft Account Manager.

More about licenses

Microsoft Managed Desktop requires certain license options in order to function. See Microsoft Managed Desktop technologies for information about how these licenses are used.

Tip

To assign these license options to specific users, we recommend that you take advantage of the group-based licensing feature of Microsoft Entra ID.

Tip

Your Microsoft Account Manager will help you review your current licenses, service plans, and find the most efficient path for you to get any additional licenses or service plans you might need, while avoiding duplication.