Since we have seen a massive change in the number of people that are working remotely in today’s world, let’s look at how we are going to deal with that. Since Covid-19 has pushed more and more people into a remote working situation a lot of companies have had to scramble to find a way to deal with this new normal. Most of the time when people talk about working remotely, they focus on VPN methods or remote desktop services. The part that starts to come up after the initial issues are dealt with seems to be, how do you manage those remote workers? I have been hearing requests more and more lately on how do we push out this application to our employees or how do we secure the data for remote workers?
Let’s look at one of the common problems we see. What if employee Bob must work remotely and takes his laptop home. Bob likes coffee though, so he stops at a popular coffee shop and works a bit while he enjoys his morning cup. Bob is forgetful. Bob leaves his laptop. Now here is the shocking part.
There are some not nice people in this word. They like coffee too. They like forgotten laptops too.
Now we have a company laptop that is in someone else’s hands, and we do not know what that person will do with the data. What if Bob worked in accounting and was working on a payroll report. You could have all the personal info for all your employees out there in the wild.
Hopefully, you have the drive encrypted with BitLocker or something similar. In a traditional environment, you could push out BitLocker using a GPO. Now since Bob needs a new laptop to finish his TPS report he might have to go out and just buy one from his local electronics store. Ok great now we can get Bob back to work. How do we secure his new laptop? Since he is remote a GPO is not really the best answer for this. We need a way to push out his applications, security settings, etc. Well, this is where we at today.
Lucky for us, we have tools to help us. This is where Intune comes into play. We can either do a remote screen session with Bob and help him get his device connected to the Azure Active Directory. We could also just send some basic instructions to Bob. Once we get his new laptop on the domain, we can let Intune take over and use auto-enrollment and policies. We can have a BitLocker policy as an example. This could detect Bob’s new machine, configure BitLocker per the policy, and encrypt the drive. Oh, but normally we would store this recovery key in active directory. We still can! We will just store it in Azure active directory. Since Bob is working remotely, he might need to get on the VPN. No problem, we have a policy for pushing out the VPN configuration to his new laptop.
Disaster averted; we can help Bob get back to work without compromising security.
Intune is another one of those often-overlooked products that we have in the Microsoft world. If we add this into the mix, we can offer some additional security and manage devices even if they are remote. We can do this with mobile devices like phones as well as Mac’s or Windows machines. With mobile device management and mobile application management, it can take over the function of many of the GPO’s that we would traditionally have set up. There are even a few features that we can do that GPO’s are not really used for. Such as wiping devices or locking them or even using MFA on the devices.
This makes Intune a valuable tool in our toolbox and not one to be overlooked.