FAQ: SUPPORTING REMOTE WORK TO COMBAT COVID-19 USING MICROSOFT 365
Increased volume of remote work introduces new business challenges, impacts employee productivity and increases cybersecurity risk to organizations.
Fortunately, key steps can be taken to minimize this impact.
We will update this FAQ with information to help IT and Security teams assess and respond to these challenges.
How do we ensure our users have access to all the applications, data and productivity tools they need?
The starting point is to define who needs access to what and assess whether there are any gaps in the current identity and access infrastructure. Syncing your corporate network accounts with Azure Active Directory for cloud-based access will position you to grant access to both legacy and modern applications.
How can we secure remote access?
The best way to secure remote access is Multi-factor Authentication which helps to ensure the individuals accessing your system are who they say are. Conditional Access can help you take this a step further and this may be especially important for access to any systems that contain sensitive information.
It is worth noting that deploying these security measures requires consideration of the registration, log-in and self-service user experiences to ensure a smooth process and minimize the burden on the helpdesk.
How do we enable users to use their corporate devices remotely or bring their own device?
Using a unified approach with Microsoft End Point Manager (InTune and Configuration Manager) will allow you to ensure that devices are being used in accordance with the appropriate policies for your IT systems.
You can also enable users to self-enroll their own device with their Azure Active Directory account to ensure that they have access to the tools that they need and that appropriate security controls can be applied to access.
How do we facilitate online meetings and collaboration?
Microsoft Teams can assist greatly to allow your users to create their own meetings, share files and use instant messaging. Meetings can be recorded for access by individuals who may not be able to attend at the scheduled time.
To get your teams rolled out, it is possible to enable self-service creation of Teams using Office 365 groups or teams within Teams. It is important to ensure the appropriate security, compliance and manageability configurations are in place.
How do we grant remote access to legacy line of business applications?
There are several ways to accomplish granting access to legacy line of business applications including migrating them to the cloud or using Windows Virtual Desktop. Applications may still require VPN to be accessible. Alternately Azure App Proxy could be utilized to publish on-premise web applications.
Will increased remote usage of our network cause load-related problems?
Typically, remote access services such as VPN’s and Remote Desktops are only designed to scale to support 10-20% of an organization’s user base. They are rarely adequately provisioned to address scenarios where 90% of workers are remote. Scaling, load balancing and fail-over technology can be used to deal with an increased load. Similarly, different architectural approaches such as accelerating the adoption of cloud technology can reduce impact on traditional on-premise technology bottlenecks.
How can we manage change as our users change the way they work?
Managing change may be of increased importance for users not familiar with using systems from home and at the same time IT teams may not be best served by handling requests individually. Consider developing a one to many communication approach for areas where they may need further guidance.
For example, Microsoft uses Yammer internally to communicate on a one to many basis with their employees to let them know to save individual documents and drafts to OneDrive, save shared documents in SharePoint or Teams and to use links rather than attaching files to e-mail when sharing.
How do we keep sensitive corporate data safe outside of the network?
If sensitive files must be used outside of the network it is best to store them and provide links in OneDrive, SharePoint or Teams rather than send attachments. For additional security consider encrypting files with Microsoft Information Protection so that they cannot be accessed by anyone without the appropriate identity assurance controls such as Multi-factor authentication and Conditional access.
Will remote work pose any new or unforeseen security risk?
At this time, it is difficult to say how attackers may try to capitalize on the increase in remote work around the world and to what extent they will be successful, but caution is advised. Microsoft Threat Protection may be able to assist in identifying risky events as early as possible.
Hackers subscribe to the adage of “Never let a good crisis go to waste!” – organizations should anticipate and expect COVID related attacks via phishing, malware, and ransomware. Similarly, home workers and home offices will increasingly be an attack vector.
How do we invite users from our partners, suppliers, vendors or clients to use our IT systems so that we can continue working effectively together?
Microsoft Azure AD B2B allows you to invite guest users to access content and collaboration tools so that you can work together remotely. Once invited, guest users can self-register with their own existing identity. This approach positions you to apply the appropriate access security controls.
How will we know whether we have implemented the appropriate safeguards to protect our cloud assets?
In order to get an overall sense of how well cloud assets are being protected you can use Microsoft Secure Score and Microsoft Compliance Score to assess your overall security and compliance posture and how it may have changed as a result of the increase in remote work activity.
How do we ensure that our users are utilizing cloud based applications in accordance with our corporate policies?
It may be worthwhile to use Microsoft Cloud App Security to monitor the activity of your users as they interact with cloud based applications to ensure that these applications are being used in accordance with your corporate policies.