From Milan to Puget Sound, tens of thousands of Microsoft employees have begun working from home as a result of the COVID-19 outbreak. Many of our customers have asked us to share the details of how we enable collaboration and remote working for such a large workforce. Here are the nine most important factors from a compliance and security perspective:
1. User identity and access
It all starts with managing identities. We have a hybrid environment that helps us both retain and expand existing systems while using a cloud-based control plane to enable people to work productively and securely. Whether they are an employee, partner, or supplier, every user who needs to access the corporate network receives a primary account synced to Azure Active Directory (Azure AD). To learn more about our identity and access management practices, check out our IT Showcase covering user identities and secure access.
2. Multi-factor authentication (MFA)
MFA is required to access any corporate resource at Microsoft. When a user connects remotely to our domain using their Microsoft work credentials on a device that we manage, MFA is almost transparent. We offer three authentication methods: certificate-backed virtual and physical smart cards, Windows Hello for Business (with PIN or biometric sign-in), and Azure Multi-factor Authentication. To learn more about enabling Azure MFA, check out this tutorial.
3. Managing devices
At Microsoft, we manage a wide range of devices, including Windows, Mac, Linux, iOS, and Android. Like many organizations, we are making the transition to a fully cloud-based management environment. As we make that shift, we are using a co-management approach with Microsoft Endpoint Manager (MEM). MEM integrates Microsoft Intune and Configuration Manager into a single console where you can manage all your endpoints and apps and take action to ensure they are secure and reliable.
For guidance on deploying and using MEM, your teams can check out our MEM documentation and tutorials.
4. Productivity applications
With this foundation in place, we are driving our employees to work in the cloud. This is particularly important for our large population of information specialists working remotely. Microsoft 365 enables users to access resources and share files with Office apps across the web, mobile, and desktop, storing their content in the cloud by default. Outlook mobile, Microsoft Teams, and OneDrive are deployed on all of our corporate devices, so people can access their emails, calendars, and files within File Explorer on Windows, Finder on Mac, and Office Apps on mobile devices. We’ve made it easy for users to save their files to OneDrive the same way they traditionally saved files to their C: drive – this has been key to getting files to the cloud. Our users are also now able to do real-time co-authoring and commenting in documents in the cloud, which has proven extremely useful for a distributed workforce.
5. Meetings and collaboration
All of us at Microsoft use Teams daily for chat, meetings, calls, and collaboration. Now that we find ourselves working remotely, we’ve been able to stay productive because we are accustomed to a digital workspace. Every meeting is now a Teams meeting, often with video. As we rally to help our customers prepare for remote work, we’ve found the ability to record meetings has become essential. All attendees can access recordings of meetings they’ve missed and then listen in to the most relevant parts. We also rely on the Microsoft 365 environment to empower employees to collaborate through self-service creation of Office 365 Groups or teams within Teams while ensuring appropriate security, compliance, and manageability are in place. To learn more about our experience enabling remote work with Teams, check out our IT Showcase
6. Access to line of business (LOB) applications
Microsoft has migrated most of its legacy applications to the cloud. But even with most applications accessible in the cloud, some still require VPN. Additionally, we are in the process of rolling out Windows Virtual Desktop and are scaling up this offering to support the devices that our developers want to use (more on this later in the post). To get started with Windows Virtual Desktop, you can point your teams to this tutorial.
7. Service monitoring
With the increased load and usage from so many people working remotely, service monitoring has proven crucial to making sure everything is operating as it should. We carefully monitor application and network performance and we’ve built product telemetry monitoring into every solution so that we can check reporting for user satisfaction metrics and changes to service behavior.
8. Culture and change management
Remote work can create challenges to maintaining a healthy work culture and managing change. Modern social and engagement platforms can help make sure messages are heard, leadership is visible, and best practices are shared. Our team recently held an 18-hour global live event to drive employee connections, engagement and learning.
9. Designing for specific roles
A lot of the resources we’ve discussed benefit information workers most. It makes sense, we have a lot of those at Microsoft. But it’s important to enable other types of workers to work remotely as well.
Developers: Engineers need to be able to collaborate on code and build their workflows into Teams for remote collaboration. We have a number of developers who typically work exclusively on desktops. We are providing them with laptops with a WVD solution so they can remote into their dev environment.
Call center and help desk: At Microsoft, we have walk-up help desks as well as online technicians. They all have Microsoft-managed PCs, which enables those who typically work onsite to switch instantly over to a remote working model and remain productive.
Firstline Workers: It’s key to connect all workers so they are equipped with the knowledge to take appropriate steps for themselves, customers and the community. Teams serves as the single productivity hub for retail employees and managers across Microsoft Stores, connecting remote sites, digitizing workflows, and ensuring workers have real-time access to the right information at the right time.
Enable remote working with Zero Trust security
Bolstering security is crucial as your staff increasingly work from home. So it’s important to understand ‘Zero Trust’ security and what you can do to build your cloud security strategy around it.
With a Zero Trust model, instead of assuming everything behind your corporate firewall is safe, you assume breach and verify each request as though it originates from an open network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches you to ‘never trust, always verify.’
Click here to find out more about Zero Trust security.