Working from home has its own challenges: dogs barking, children screaming, not having access to a fully stocked breakroom, etc. Secure access to your corporate apps and data should not be one of those challenges. Thanks to cloud technologies provided by Azure and Office 365, everyone can be productive, even in the most challenging of locations. In this blog we will talk about a few options to help keep you connected while you work from home. We will start off by talking about Office 365 and how it can be your Office away from your office, then we will talk about how Azure can enable you to take your office home with you, finally we will wrap up with some technical tips to help you be more productive working in the Cloud from wherever you may be.
Your Office away from the office
Office 365 is the first stop on our tour of working from home. I'm going to focus this section on 3 products that are essential for working from home: OneDrive for Business, Document Co-authoring, and finally Teams
OneDrive for Business is the intelligent files app for Microsoft 365. It enables you to securely access, share, and collaborate on all your files, so you and your team can work together from anywhere while protecting your work. With OneDrive for Business you can easily store, access, and discover personal and shared work files throughout the Microsoft 365 ecosystem (including in Microsoft Teams) from all your devices. To learn more about how OneDrive for Business can help your organization, check out this e-book entitled, "Why organizations are choosing OneDrive with Microsoft 365". It contains 10 reasons why you and your team are going to love using OneDrive for Business. My two favorite features in OneDrive for Business are its native integration with Windows 10, and Document autosave. When you save an Office document in your OneDrive for Business folder, you get a new toggle button up in the top left corner to enable AutoSave. This feature has saved me on numerous occasions (including once while writing this blog!) To learn more about AutoSave, check out this article.
Document co-authoring is a feature in Office 365 that allows multiple people to collaborate and edit a single Word, Excel, or PowerPoint document. This is especially useful when you need to quickly get feedback from a large team (e.g. trying to throw a team lunch together last minute). Document co-authoring is enabled when you save and share a document located in OneDrive or OneDrive for Business. If anyone else is working on the document as you, you'll see their presence and the changes they're making in real-time. It's great, especially when your entire time is in the same document and you keep misspelling the same word (definitely not speaking from experience...)
Microsoft Teams is your hub for seamless teamwork. It allows you to communicate and collaborate in a single, secure location. I like to think of it as a 4-in-1 solution including a rich chat-based messaging experience, online meetings, calling capabilities, and native integration with familiar Office apps. Teams also provides a mobile experience that can be used across any device or platform. It can be used both in a web browser or as a native application on Mac, iOS, Android, Linux, or Windows. To learn more about how you and your team can leverage Microsoft Teams, check out this page for more information: https://www.microsoft.com/en-us/microsoft-365/microsoft-teams/group-chat-software
Azure: Your office in the Cloud
What IT components do businesses need to remain operational? While every business is unique in its requirements, there are core services that must be made available in order for employees to continue to operate. Employees must be able log into workstations, access corporate data, and use business applications. Almost all other IT components are dependent upon these core services. Let's talk about how Azure enables these core services to be managed and accessed remotely.
Log into workstations
Workstations aren't always the same. Some people need large scientific workstations that have multiple GPUs to process huge datasets. Others need small Point-of-Sale devices to quickly assess inventory or process customer checkout. One thing that is common among all workstations, however, is that users need to be able to log into their device. This process of logging into a device is surprisingly complex (it just seems so easy now that everyone logs into their phones with a finger or even with their face).
Everything in the login process relies on trust. Trusting that a correct password means that the person using the device is who they say they are, or trusting that a device belongs to a known individual. Unfortunately, this trust can be exploited to gain access to devices and information that otherwise shouldn't be accessible. This problem is especially hard when you are trying to log into devices outside of the control of corporate IT (i.e. from your house). How do you trust a request that comes from outside of your organization? How do you verify someone when you don't know specifically from where they are coming? Are passwords enough to establish that trust?
Suzanne Choney wrote an article a few years back that talked about "the growing problem of passwords". In the post she says, "Securing devices is important, but it’s not enough. We should also be focused on securing individuals." Microsoft can help organizations focus on securing individuals through services such as Azure Active Directory, Azure Multi-Factor Authentication, and Microsoft Intune.
With Azure Active Directory (AAD), identities can be verified securely from any internet connected device. As long as your data or application trusts AAD, you can confidently enable remote login capabilities. But trusting AAD as an identity provider isn't enough. AAD works best when a login request is verified with two or more different factors. These factors include things you know (passwords, secrets, PINs, security questions, etc.) and things you have (other devices/phones, fingerprints, facial features, and other biometrics). This is where Azure Multi-Factor Authentication comes into play
Multi-factor Authentication (MFA) is the "verify" portion in the "Trust, but verify" philosophy of computer security. We trust that the person who correctly entered a password is who they say they are, but we will verify it with a quick SMS or call to their registered phone (because who doesn't have their phone with them 24/7?) All IT organizations should enable MFA, especially for remote work. It takes only a few seconds to verify with MFA, but it greatly improves security over simple passwords. A more seamless experience can be had through the use of a modern MFA applications, such as the Microsoft Authenticator App. This app can combine with modern biometric enabled devices to quickly verify identity requests. If you haven't tried it out yet, I highly recommend it!
Access Corporate Apps and Data
Data is said to be the new currency in the digital age. Without data, apps become useless, and people become ill-informed. But if data is the new currency, how do you prevent it from being stolen? Answer: Azure Information Protection. Azure Information Protection (sometimes referred to as AIP) is a cloud-based solution that helps organizations classify and protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations. Recommendations and labels show up as tooltips or banners at the top of the document. After your content is classified and protected, you can then track and control how it is used. When someone opens a protected document, you can setup automatic email notifications, letting you know the moment your data is being access. Along with tracking document access, you can analyze data flows to gain insight into your business, detect risky behaviors and take corrective measures, prevent data leakage or misuse, and so on. To learn more about AIP, check out this link for more information: https://azure.microsoft.com/en-us/services/information-protection/
Data is great, but it is useless without access to the applications that feed off of that data. Secure access to business applications allows you to make the most out of your corporate data. Azure provides developers with an easy to use Platform as a Service offering to host custom applications in the cloud. This service is called Azure App Service. With a combination of AAD and Azure App Service, application developers can quickly incorporate the same identity protection mentioned earlier into their applications. If you are a developer and want to learn more about how you can quickly enable AAD in your app, check out this quickstart tutorial on how to Configure your App Service or Azure Functions app to use Azure AD login.
Tech tips to keep you connected
In this section I want to highlight three different features in Azure that enable me to stay productive and connected from anywhere. These tips will be technical and will include screenshots of the Azure portal and the Azure Shell. The first tip I will talk about is creating and using a corporately connected VM inside of Azure. Then I will talk about using a new service in Azure called Azure Bastion which will enable us to connect to our VM from a web browser. Finally I'll wrap up by talking about the Azure Cloud Shell and how that can be leveraged to remotely administrate your cloud environment.
Azure VMs: your computer in the cloud
Several years ago, I read a blog post by Scott Hanselman titled: Using a Surface 2 (RT/ARM) to get actual work done + Remote Desktop + Visual Studio + Azure. That blog post (and the blog in general for that matter) is a great resource for getting work done remotely, even almost a decade later. The gist of the post is that with a lightweight device (a Surface 2 RT) Scott was able to do real work from a bagel shop by remoting into a VM in Azure that had all his apps already installed. Azure has a large marketplace with different VM images that come preloaded with several industry specific apps. If the marketplace doesn't have what you need, you can always load up a blank VM and customize it how you'd like!
Azure has undergone a lot of changes since 2013, but the concepts remain the same:
- Get an Azure subscription (Click here to sign up for a free account)
- Create a VM (You can create a Windows VM or a Linux VM)
- Install your apps
- (Optional) Enroll your device into an Active Directory Domain or register your device with Microsoft Intune (There are some caveats with Intune)
Once you are done with work, you can turn off the VM to prevent being charged during downtime.
Azure Bastion: Remote Desktop in the browser
Azure Bastion is a fully managed Platform as a Service that provides secure and seamless remoting capabilities (both RDP and SSH) to enable access to your virtual machines directly through the Azure Portal. It's like a VM running inside your browser! You can learn more about Azure Bastion here: https://azure.microsoft.com/en-us/services/azure-bastion/
Azure Cloud Shell: the command prompt to the cloud
Azure Cloud Shell has quickly become one of my favorite tools in Azure. If you are like me and do work from several different devices, you know how much of a pain it is to keep your tools synchronized across machines. Have I installed Ansible on this computer? What version of git is loaded on my Surface? Where did I store all those SSH keys? Well, if you do all your work from the Cloud Shell, you can keep all of those tools (and key) synchronized across all your devices.
Azure Cloud Shell comes pre-loaded with almost every cloud admin tool I can think of: Linux shell interpreters, PowerShell modules, Azure CLI, text editors (including a version of VS Code, it's pretty slick), source control, build tools, container tools, database tools, and more. Cloud Shell also includes language support for several popular programming languages such as Node.js, .NET, and Python.
If you'd like to learn more about Azure Cloud Shell, check out this overview: https://docs.microsoft.com/en-us/azure/cloud-shell/overview
Where can I learn more about Azure, Office 365, Teams, or any of the other stuff you mentioned?
Here are some of my favorite places to learn about all the great things we talked about in this blog:
- Shows on MSDN Channel9 - Especially Azure Friday
- The Office 365 Blog
- The Microsoft Security Blog
- The Microsoft Tech Community Azure Forum
You can also reach out to me on LinkedIn to ask me any questions. I hope everyone is able to continue innovating in their respective spaces and collaborating on all those fantastic projects! Thank you for reading!