Today’s modern workforce is more distributed than ever. While remote access is a common need for most people, there’s a big difference between occasional after-hours access and working from home full time. Fortunately, Microsoft provides tools tailored for both kinds of users.
Traditional IT management
Employees that usually work in the office typically use a laptop joined to an Active Directory domain. The laptop is managed with group policy, which is Microsoft’s tool for maintaining a consistent configuration on all computers in an enterprise. With group policy, you can do things such as install software, set password policies, require idle computers to lock their screens, etc. Computers only receive updates to these policies when connected to the corporate network, but this is not a serious concern since employees are usually at the office.
Remote workers pose new challenges
What about employees that will never be at the office? Consider a salesperson whose only requirements are access to an online CRM application, email, collaboration, and basic file storage. The employee does not need direct access to office resources, but still needs to protect important data and maintain baseline security standards. We could manage this employee’s computer using group policy, but this requires VPN and for the employee to connect regularly to receive policy updates. Since most of the employee’s resources are online, this process is inefficient and unnecessarily complex. We can use more modern methods to achieve our goals…
Leveraging cloud services
Azure cloud services provide a simpler way to fully support this employee. Microsoft Intune and Autopilot allow us to install necessary software, enable disk encryption, redirect file storage to the cloud, set security policies, etc. In fact, we can ship a laptop to the employee directly from the manufacturer and have the machine configure itself automatically. All the user needs is their account details and a standard internet connection, making VPN and group policy unnecessary.
Furthermore, we can configure the online CRM application to authenticate against Azure so that one password gives them access to all of their applications. Combine this with OneDrive file storage, Microsoft Teams for collaboration, and Microsoft 365 email, and you’ve covered the user’s needs without ever touching the device, and without any need for traditional server infrastructure. Most importantly, if the device is lost or stolen, you can remotely wipe sensitive data and quickly disable all account access.
Enjoying the benefits
Cloud services provide decentralized device management that doesn’t sacrifice security. It allows you to approach management challenges in a flexible and cost-effective way, and best of all, hire new talent without giving any thought to where they live.
As always, if you have questions, please reach out and let us know how we can help!
— The Complete IT Team