"We have just bought 100 new laptops. Can you get them ready for next week?"
"How can I get to the Finance file share from my home computer?"
"Can you reset my password?"
Sound familiar? These are the types of questions plaguing IT teams around the world as COVID-19 has sent entire workforces home. Suddenly everyone wants access to company data from outside the office, on their own devices, right now.
This can be a nightmare for smaller IT teams who are already fighting to keep on top of operational and project work, let alone trying to get everyone working remotely in a safe way.
Fortunately, Microsoft 365 contains not only access to the Office 365 suite which many organisations have already adopted, but also Windows 10, endpoint management tools and advanced security products. This creates what Microsoft calls the modern workplace – ideal for remote working.
In this blog I will go into what I believe are the top three benefits of moving to a modern workplace using Microsoft 365.
3 Benefits of Moving Beyond Your Office 365 Suite1. Modern desktop
2. Rethinking security
3. Cost Savings
1. Modern desktop
One of the big advantages of Microsoft 365 is you gain access to InTune and AutoPilot which allows you to enrol, deploy and manage all your Windows 10 devices over the web.
The first time I saw a demo of Windows AutoPilot, it blew my mind. I watched a new laptop being taken out of the box, powered on and the user putting in their credentials. Half an hour later their full Windows 10 desktop image was available including all business applications, BitLocker secured drives and up to date endpoint security.
No sweat you might say, we can do that from our build room, but this demo was of a user at home with a basic internet connection and not on the corporate network.
I was initially very sceptical, thinking this is all well and good in a pre-canned demo environment, but what about the real world? To my surprise the results were actually very similar.
There is no requirement to run a separate deployment process on premise whether that be mirroring disks or using System Centre Configuration Manager (SCCM) and InTune enrolled devices can just as easily be managed, revoked, or wiped remotely.
InTune supports a number of models including hybrid AD. However, we have found going pure Azure Active Directory (AAD) and moving away from the traditional domain world of local file servers and GPOs is actually achievable in most organisations when you start exploring moving data to SharePoint Online and leveraging device configuration profiles.
2. Rethinking security
The modern approach to security is to adopt a zero-trust model where users and devices are at the centre. This is especially important when you intend for your users to access company data from outside the office or on non-company devices.
At the heart of the zero-trust model is the concept of a common identity provider, a device register and then policies to determine whether a user or device should be granted access to corporate applications or data.
All of this can be achieved with Microsoft 365 using features such as Azure Active Directory (AAD), InTune, Conditional Access and security compliance policies.
Managed devices (Windows, Mac, IOS, Android) are checked against your InTune compliance policies and Conditional Access can then be used to block access if non-compliant. This way potentially vulnerable devices e.g. without encryption or up to date antivirus, cannot reach company data until they are remediated.
This can be taken to the next level with Defender ATP and Identity Protection which each provide a risk score for devices or users and then using Conditional Access determine whether to require allow, require MFA or block. An example would be a user which has suspicious sign in behaviour, arising from logins from multiple locations in short succession.
For endpoint security, the thought of using Microsoft Defender stills makes some people smirk but it was ranked as a leader in the Gartner Magic Quadrant for endpoint protection in 2019.
One of the keys reasons for this is that it provides Endpoint Detection Response (EDR) capabilities which continually gather kernel, network and other low level metrics from the endpoint and use this to detect security threats in near real time. Data is stored in a private area of Microsoft cloud for sixmonths meaning threats can be retrospectively analysed.
So, you have now got visibility over corporate managed devices and endpoints are secured, but what about BYOD? Within InTune we can set up what is called mobile application management (MAM). This is suitable for when you may not need to fully manage devices, but still want to control access to business applications and data being consumed on them.
Using InTune app protection policies, you can define how managed applications function on mobile devices such as enforcing PINs for managed apps or blocking copy paste between applications.
App protection policy can also be integrated with Conditional Access if, for example, you wanted to enforce users to only access data through approved applications, such as the Outlook app, which requires modern authentication and can be centrally managed.
3. Cost Savings
You might have read all the above, got excited and then rushed to get pricing for Microsoft 365 licensing, only to have a dilemma about how you will afford it.
One significant benefit of moving to a single Microsoft 365 license is that you can potentially recoup some costs by turning off services which are being replaced, for example:
- Email archiving
- Email URL protection
- File servers
- Data loss prevention
- Video/audio conferencing
- Online forms/surveys
- Online collaboration tools
Not to mention any IaaS costs you may be able to tune down if you are moving away from an existing Citrix/remote desktop-based solution. Some other indirect cost savings comes in the form of operational and productivity improvements. A few highlights from the 2018 Forrester report on Microsoft 365 E5 ROI were:
- Between 100 and 140 minutes a week saved for Information and Firstline workers.
- IT device provisioning time reduced by 75%.
- Self-help tools reduced the amount of service desk requests for things like password resets by 75%.
- 15 hours of downtime saved for each user per year.
Now really is the time to start thinking about the move to a modern workplace. Microsoft 365 provides some fantastic management and security features that will enable your IT team to give users the experience they need in a world in which working in the office is a thing of the past.