With the COVID-19 epidemic, businesses everywhere are rushing to meet the demand for remote work solutions and enable “business as usual” as much, and as quickly, as possible. While many have practiced and planned for business continuity and disaster recovery (BC/DR) scenarios, no one could have ever imagined the current challenges we’re all facing. For some organizations that have already begun their Modern Workplace journey, the change may not be drastic. But many others are scouring Google for technology, solutions, and integrators to support the transition to a productive remote workforce. As we band together to fight COVID-19, keep our people productive and employed, and do what we can for the economy, we wanted to share our knowledge and experience on how organizations can successfully navigate this new landscape. Many of you are searching for technology answers to enable remote work. We hope these tips help guide you.
Deploy Microsoft Teams
Our number one recommendation is to deploy and enable Microsoft Teams. Your employees are most likely accustomed to working in an office together, meeting in conference rooms, walking over to someone’s cube or office for a quick question. With the rapid transition to remote collaboration, a platform must be provided for them to engage and collaborate more intuitively than email communication. Teams will provide your organization with instant messaging, group or team-based chats, a platform for organization-wide updates or announcements, and audio/video conferencing (PC-based included in trials).
While you may not have the time for proper end-user training to ensure that all employees can fully leverage the platform and all of its enhancements, the basic requirements required to enable a remote workforce are intuitive enough that users can onboard quickly. Additionally, Microsoft provides some resources that can be integrated into channels that allow users to train as they go with the product.
Keep in mind, while it is possible to set up your trial tenant and go live, there are some baseline governance options you’ll want to consider, especially with the default option that all users can create new groups and quickly clutter your address list. AIS has even developed a Teams Rapid Adoption engagement so that we can help organizations quickly deploy Teams but also ensure it meets standard governance and compliance requirements before going live.
Addressing Identity Later
A quick note about a rapid deployment: if you don’t have time or your organization isn’t ready to get Azure AD Connect deployed for single sign-on (SSO) functionality prior to deployment, that’s OK! The solution can be deployed later and made to link up to existing Azure AD user accounts and override their Azure AD password with their on-premises Active Directory identities and authentication. There are ways to plan to move from a cloud-only identity to a “hybrid” identity using directory synchronization. In this scenario by verifying proper Active Directory attributes such as UPNs and SMTP addresses, you can ensure that when you do enable synchronization all of your AD objects correspond to Office 365 objects and they “match” to merge the identities. In some cases for Exchange, you might need to rely on an additional method to merge mailboxes using scripting beyond identity matching.
Leverage Existing Office 365 Deployments: SharePoint, OneDrive, & Azure AD
Many organizations have already taken their first steps into the Office 365 ecosystem, most commonly through a mailbox migration to Exchange Online or SharePoint for file storage, and have organically begun using Teams. What we find a lot of the time is that many organizations do not utilize the full range of tools and services available to them. For instance, your organization may have multiple applications configured for Azure AD SSO. Some of these applications may only be accessible inside of your LAN, and with everyone now working remotely you may be seeing some strain on your VPN appliances and datacenter bandwidth. Those applications you have configured for internal use could potentially leverage a solution like Azure AD Conditional Access to temporarily allow external connections to access them but require MFA or you could require that to access an application the user must be on a corporate device.
Sticking with application access, for organizations that have Azure AD premium, the Azure AD Application Proxy provides a solution to make applications that are hosted internally accessible outside of your data center without opening any firewall ports. The product simply needs port 443 out and acts as a reverse proxy of sorts so that your users can access any internally hosted applications through the same Azure AD SSO experience as SaaS applications.
File servers may be another reason for users to be required to remote in. Perhaps your organization was considering a migration of content to SharePoint Online or OneDrive for Business and now is the time to accelerate those plans or explore solution providers who have offerings to assist organizations to rapidly adopt or migrate to either platform.
Zero-Touch Deployment with Intune & AutoPilot
With so many employees working from home consistently, device management and deployment are quickly going to become a major consideration. Administrators need to continue to ensure that corporate devices are securely configured, compliant with your policies and have all the applications end-users need to continue to function. Microsoft Intune can help by setting your compliance and configuration policies from a cloud-based endpoint management solution to handle your workstation and mobile devices. Applications can be quickly packaged and deployed to your end-users across your devices.
Perhaps your organization didn’t finish your desktop to laptop rollout before the outbreak, or your users require a new device due to an accidental spill, or maybe your organization is still hiring and onboarding. Getting new devices into an end user’s hands has typically involved some touch from your IT department before they can be provided to an end-user. Applying a corporate image, joining to the domain, installing baseline apps; these are all things Intune can take care of for you with a zero-touch approach. With AutoPilot, it’s possible to have devices shipped right from your vendors to an end user’s home and once the device is powered on and connected to the internet for the first time, Intune takes over and applies your policies and applications.
To read more on Microsoft Teams Adoption, please reference this blog post.
Additional Remote Resources from Microsoft:
- How Microsoft Teams safeguards virtual conversations and protects users’ privacy
- What the disability community can teach everyone about working remotely
- Helping small- and medium-sized businesses work remotely with Teams
- Making it easier for your remote workforce to securely access all the apps they need, from anywhere
- 2 weeks in: what we’ve learned about remote work
- The top 9 ways Microsoft IT is enabling remote work for its employees
- Working remotely during challenging times
MICROSOFT TEAMS GOVERNANCE QUICK START
Hit the ground running through a guided workshop with Office 365 governance specialists. We'll work with your team to enable the appropriate governance solutions.