plenty of information out there how to secure a “Home Office” environment in
these days and I do not want this to be another one. However, I tried to compile
a few resources, which might help you overcome some of the current challenges:
customers initially decided to route their Office 365 and Teams traffic from our
data centers through their own on-prem infrastructure and then to the remote user
by VPN. Obviously with this fast move to home office, this infrastructure reached
its limit very fast. I know of customers who are unable to offer home office
due to the VPN restrictions.
There is a good blog post helping you to change this if needed now: How to quickly optimize Office 365 traffic for remote staff & reduce the load on your infrastructure.
There is another one which is somehow related: Managing remote machines with cloud management gateway in Microsoft Endpoint Configuration Manager.
Some customers did not equip their people with managed notebook, which is a huge challenge now, obviously. Windows Virtual Desktop might help (if bandwidth is available). What is Windows Virtual Desktop?
Some additional points which might help – this is from a mail where we reached out to customers::
employees shift to remote work, organizations urgently need to look at new
scenarios and new threat vectors as they become a distributed organization
overnight, with less time to make detailed plans or run pilots.
For organizations using Azure Active Directory (which includes everyone
using Office 365), you have a number of capabilities that can be used to keep users
secure while working remotely.
Whilst security is a priority, some
organisations are facing a new challenge; connectivity. This
article outlines the quick steps you can take to
optimise Office 365 traffic for remote workers.
Secure access – Steps to
Start with checking
your Secure Score
Monitor and improve the
security for your Microsoft 365 identities, data, apps, devices, and
infrastructure with Secure Score. You
are given points for configuring recommended security features, performing
security-related tasks, or addressing recommendations with a third-party
application or software.
Enable single sign-on
(SSO) for your cloud apps
If your organization have
tools from for example Cisco, Slack, Zoom, Facebook, in addition to Office 365,
you can enable Azure AD federated SSO with automated user provisioning,
allowing you to swiftly deploy to all your users and give them a smooth access
to all their cloud apps. Go here to start
integrating apps with Azure AD.
This is the single best thing
you can do to improve security for remote work. Enable MFA with this tutorial, and
use Conditional Access to make MFA less intrusive to the user. If you’re not
able to distribute hardware security devices, use Windows Hello biometrics or
smartphone authentication apps like Microsoft
Authenticator as the second factor.
Enable device management
While many employees have work
laptops they use at home, it’s likely your organization will see an increase in
the use of personal devices accessing company data. Azure AD Conditional
Access and Microsoft Intune app
protection policies together helps to manage and secure
corporate data in approved apps on these personal devices.
Provide secure access
to your on-premises apps
Most organizations are running lots of
business-critical apps that may not be accessible from outside the corporate
AD Application Proxy is a lightweight agent that enables inter access to
your on-premises apps, without opening up broad access to your network. You can
combine this with existing Azure AD authentication and Conditional Access
policies to help keep users and data secured.
Additional guidance on secure
Work remotely, stay secure – guidance for CISOs
Take a look at Ann Johnson’s (CVP cyber
security at Microsoft) newest blog post, where she goes into detail on security
measures that should be taken by an organisation for employees working
Top tips for working more securely from home
Many companies are now asking their
workers to work remotely. Working remotely might introduce new security
concerns, here are some end user tips on how to work from home more securely.
Microsoft Teams Controls for Security and Compliance
Learn about the controls in Microsoft 365
to help drive security and compliance as your users work in Microsoft Teams.
Security deployment resource hub
Explore and download resources and
templates to help managing adoption of Microsoft 365 within your organization.
*** This is a Security Bloggers Network syndicated blog from Roger Halbheer on Security authored by Roger Halbheer. Read the original post at: https://www.halbheer.ch/security/2020/03/24/secure-working-from-home-some-ideas-and-guidance/