The modern Microsoft 365 workplace and the forgotten remote worker
By Cleo van Engelen
We are witnessing a rapid transition from old thin client solutions to modern Microsoft 365 workplaces. No more RDS or VDI; instead, we have fat clients with modern Office solutions from the cloud. Just as secure and manageable as RDS, but faster, more user-friendly, and mobile. Experience has taught us that there are a few points of consideration. Today, we focus on the remote worker on their personal workspace.
The 'old' thin client RDS, Citrix, or VDI environment, despite its limitations, has one strong point: it can be easily used for remote work with minimal effort. An external portal and a multi-factor solution provide secure access to company systems from an unmanaged computer. Because work is done within a 'bubble,' the security of the user's PC is of less importance as long as the bubble's security is strict. Ideal for employees who don't typically work remotely but occasionally need to work overtime or pitch in.
In the new Office environment, this 'bubble' concept doesn't exist. We assume well-secured workstations through tools like 'Intune.' This allows us to maximize the capabilities (and hardware) of the workstation, which is great for users. Employees are increasingly given laptops, which they take home to have a securely protected workspace.
And what about the remote worker?
But what about employees who don't receive a laptop but occasionally work from their own workspace at home? We don't want to grant them full access from what is likely an inadequately secured workstation. Of course, they can log in to Office services with a username, password, and an additional factor like an SMS or an app. But should this user also be able to download and upload files from this unmanaged workstation? Is the virus protection up to date? A data breach is a real risk. What are the other options?
- Provide these employees with a managed laptop. The best solution in terms of functionality and security. But it could also be costly. Laptops with docking stations are more expensive and typically have a shorter lifespan than fixed workstations. And do employees want to carry laptops around for those occasional times they need to work outside the office (hours)?
- Offer the online environment only from unmanaged PCs, with restrictions. No file downloads or local storage. No local Word or Outlook versions. Access to other (non-SaaS) business applications is also restricted. Is there enough functionality left?
- Take personal devices under management. Include them in the management regime (and Intune). This adds extra management tasks. And does every personal workstation meet the requirements? How do employees feel about central management being performed on workstations used for non-business purposes?
Planning to transition to the new Microsoft 365 workplace? Be aware of these implications. Identify whether this applies within the organization and to whom. Don't forget about external users who currently work with their own workstations based on a thin client environment. It would be unfortunate to discover at the end of the migration that it necessitates the purchase of additional workstations.
This article is part of a blog series; you can read the second part of the series here.