There is plenty of information out there how to secure a “Home Office” environment in these days and I do not want this to be another one. However, I tried to compile a few resources, which might help you overcome some of the current challenges:
Quite some customers initially decided to route their Office 365 and Teams traffic from our data centers through their own on-prem infrastructure and then to the remote user by VPN. Obviously with this fast move to home office, this infrastructure reached its limit very fast. I know of customers who are unable to offer home office due to the VPN restrictions.
There is a good blog post helping you to change this if needed now: How to quickly optimize Office 365 traffic for remote staff & reduce the load on your infrastructure.
There is another one which is somehow related: Managing remote machines with cloud management gateway in Microsoft Endpoint Configuration Manager.
Some customers did not equip their people with managed notebook, which is a huge challenge now, obviously. Windows Virtual Desktop might help (if bandwidth is available). What is Windows Virtual Desktop?
Some additional points which might help – this is from a mail where we reached out to customers::
As employees shift to remote work, organizations urgently need to look at new scenarios and new threat vectors as they become a distributed organization overnight, with less time to make detailed plans or run pilots.
For organizations using Azure Active Directory (which includes everyone using Office 365), you have a number of capabilities that can be used to keep users secure while working remotely.
Whilst security is a priority, some organisations are facing a new challenge; connectivity. This article outlines the quick steps you can take to optimise Office 365 traffic for remote workers.
Secure access – Steps to consider
Start with checking your Secure Score
Monitor and improve the security for your Microsoft 365 identities, data, apps, devices, and infrastructure with Secure Score. You are given points for configuring recommended security features, performing security-related tasks, or addressing recommendations with a third-party application or software.
Enable single sign-on (SSO) for your cloud apps
If your organization have tools from for example Cisco, Slack, Zoom, Facebook, in addition to Office 365, you can enable Azure AD federated SSO with automated user provisioning, allowing you to swiftly deploy to all your users and give them a smooth access to all their cloud apps. Go here to start integrating apps with Azure AD.
Enable Multi-Factor Authentication (MFA)
This is the single best thing you can do to improve security for remote work. Enable MFA with this tutorial, and use Conditional Access to make MFA less intrusive to the user. If you’re not able to distribute hardware security devices, use Windows Hello biometrics or smartphone authentication apps like Microsoft Authenticator as the second factor.
Enable device management capabilities
While many employees have work laptops they use at home, it’s likely your organization will see an increase in the use of personal devices accessing company data. Azure AD Conditional Access and Microsoft Intune app protection policies together helps to manage and secure corporate data in approved apps on these personal devices.
Provide secure access to your on-premises apps
Most organizations are running lots of business-critical apps that may not be accessible from outside the corporate network. Azure AD Application Proxy is a lightweight agent that enables inter access to your on-premises apps, without opening up broad access to your network. You can combine this with existing Azure AD authentication and Conditional Access policies to help keep users and data secured.
Additional guidance on secure remote working
Work remotely, stay secure – guidance for CISOs
Take a look at Ann Johnson’s (CVP cyber security at Microsoft) newest blog post, where she goes into detail on security measures that should be taken by an organisation for employees working remotely.
Top tips for working more securely from home
Many companies are now asking their workers to work remotely. Working remotely might introduce new security concerns, here are some end user tips on how to work from home more securely.
Microsoft Teams Controls for Security and Compliance
Learn about the controls in Microsoft 365 to help drive security and compliance as your users work in Microsoft Teams.
Security deployment resource hub
Explore and download resources and templates to help managing adoption of Microsoft 365 within your organization.