The top 9 ways Microsoft IT is enabling remote work for its employees
Last week, as COVID-19 cases continued to spread around the world, millions of people moved to remote work. We were right there with them. From Milan to Puget Sound, tens of thousands of Microsoft employees in impacted areas have begun working from home. Many of our customers have asked us to share the details of how we enable remote work for such a large workforce. My colleague Nathalie D’Hers is the exact-right person to do just that.
Nathalie and her team are part of Microsoft’s Core Services Engineering and Operations (CSEO), our internal IT team that builds and operates the systems that run Microsoft. They have spent the past few years transforming end-user productivity across the company and learning so much along the way. Here, she walks us through the top ways CSEO is enabling remote work. Over to you, Nathalie.
When people ask me about my job, I tell them my team and I make sure every Microsoft employee has the tools, resources, and solutions to be as productive, creative, and secure as possible—working from any location and on any device. For the last few years, that’s meant overseeing Microsoft’s journey to the cloud. Getting there has required that we manage identity and network access for all users; help ensure devices used to access the network are secure and healthy; and provide users access to the productivity-enabling apps they need.
Below, I’ve identified some of the top ways we are enabling remote work at Microsoft. I hope you find them useful, but I also understand that Microsoft has IT resources that many IT leaders may not. What is more, every company is at a different stage of their journey to the cloud. Maybe identity and device management are your top priorities, or you are digging into long-term projects like multi-factor authentication (MFA) or desktop virtualization. Maybe you are working to empower access to resources via a browser. Every IT leader needs to define the priorities to enable productivity from anywhere across their organization’s workforce. We get that, and we want to help. At the bottom of this post, you’ll find a link to our new Enabling Remote Work Tech Community. I hope you’ll join and share your own journey there. With that, let’s get into the top 9 ways our team is enabling remote work.
- User identity and access
It all starts with managing identities. We have a hybrid environment that helps us both retain and expand existing systems while using a cloud-based control plane to enable people to work productively and securely. Whether they are an employee, partner, or supplier, every user who needs to access the corporate network receives a primary account synced to Azure Active Directory (Azure AD). To learn more about our identity and access management practices, check out our IT Showcase covering opens in a new windowuser identities and secure access.
- Multi-factor authentication (MFA)
MFA is required to access any corporate resource at Microsoft. When a user connects remotely to our domain using their Microsoft work credentials on a device that we manage, MFA is almost transparent. We offer three authentication methods: certificate-backed virtual and physical smart cards, Windows Hello for Business (with PIN or biometric sign-in), and Azure Multi-factor Authentication. To learn more about enabling Azure MFA to support remote work scenario, check out this opens in a new windowtutorial.
- Managing devices
At Microsoft, we manage a wide range of devices, including Windows, Mac, Linux, iOS, and Android. Like many of you, we are making the transition to a fully cloud-based management environment. As we make that shift, we are using a co-management approach with Microsoft Endpoint Manager (MEM). MEM integrates Microsoft Intune and Configuration Manager into a single console where you can manage all your endpoints and apps and take action to ensure they are secure and reliable.With more employees working remotely and across devices, it’s important to support bring-your-own-device (BYOD) scenarios. We offer self-service enrollment so users can quickly and easily join Azure AD and enroll in MEM to access company resources. Once enrolled, MEM then applies appropriate policies, for example, to ensure that a device is encrypted with a strong password and has certificates for access to things like Virtual Private Networks (VPN) and WiFi. MEM can also ensure that devices are adhering to policy by checking-in the device’s health compliance status to Azure AD as it processes the user’s authentication. For guidance on deploying and using MEM, your teams can check out our opens in a new windowMEM documentation and tutorials.
- Productivity applications
With this foundation in place, we are driving our employees to work in the cloud. This is particularly important for our large population of information workers working remotely. Microsoft 365 enables users to access resources and share files with Office apps across the web, mobile, and desktop, storing their content in the cloud by default. Outlook mobile, Microsoft Teams, and OneDrive are deployed on all of our corporate devices, so people can access their emails, calendars, and files within File Explorer on Windows, Finder on Mac, and Office Apps on mobile devices. We’ve made it easy for users to opens in a new windowsave their files to OneDrive the same way they traditionally saved files to their C: drive; this has been key to getting files to the cloud. Our users are also now able to do real-time coauthoring and commenting in documents in the cloud, which has proved extremely useful for a distributed workforce.
- Meetings and collaboration
All of us at Microsoft use Teams daily for chat, meetings, calls, and collaboration. Now that we find ourselves working remotely, we’ve been able to stay productive because we are accustomed to a digital workspace. Every meeting is now a Teams meeting, often with video. We‘re using features like background blur to block out our naughty kids, our barking dogs, and our mismatched furniture. As we rally to help our customers prepare for remote work, we’ve found that the ability to record meetings has become essential. All attendees can access recordings of meetings they’ve missed and then listen in to the most relevant parts. We also rely on the Microsoft 365 environment to empower employees to collaborate through self-service creation of Office 365 Groups or teams within Teams while ensuring appropriate security, compliance, and manageability are in place. To learn more about our experience enabling remote work with Teams, check out our opens in a new windowIT Showcase post.
- Access to line of business (LOB) applications
Microsoft has migrated most of our legacy applications to the cloud. But even with most applications accessible in the cloud, some still require VPN. Additionally, we are in the process of rolling out Windows Virtual Desktop and are scaling up this offering to support the devices that our developers want to use (more on this later in the post). To get stated with Windows Virtual Desktop, you can point your teams to this opens in a new windowtutorial.
- Service monitoring
With the increased load and usage from so many people working remotely, service monitoring has proven crucial to making sure everything is operating as it should. We carefully monitor application and network performance and we’ve built product telemetry monitoring into every solution so that we can check reporting for user satisfaction metrics and changes to service behavior.
- Culture and change management
Remote work can create challenges to maintaining a healthy work culture and managing change. Modern social and engagement platforms can help make sure messages are heard, leadership is visible, and best practices are shared. In our company, Satya Nadella and other executives connect with the organization using live events and Yammer. Our team recently held an 18-hour global opens in a new windowlive event to drive employee connections, engagement, and learning. And we educate employees to use Yammer to build communities that connect people across teams. For example, we recently set up a work-from-home (WFH) Yammer group with tips and tricks for making the switch to remote work.
Here are some of the main points we emphasize in our end-user education:
- Save files to the cloud so you can coauthor within the Office 365 suite of products. Users should save individual documents and drafts in OneDrive, where files are private by default but can be shared. They should save shared documents to the Teams or SharePoint sites where your group works.
- Share links rather than attachments in email to make sure everyone’s using the latest version of a document.
- Use Teams to the fullest. We tell users to think of Teams as a virtual office. Hold every call and meeting on Teams. Use channels, rather than email or group chats, for team-level conversations. Turn on your camera to connect during meetings. Use Live Events for larger gatherings. If your organization allows, record meetings to access the transcript later. We also remind the Teams meetings aren’t just for 1:1s or small standups. They can range from informal “coffee breaks” in channels, to highly collaborative quarterly planning offsites with a hundred employees or more.
- Designing for specific roles
A lot of the resources we’ve discussed benefit information workers most. It makes sense, we have a lot of those at Microsoft. But it’s important to enable other types of workers to work remotely as well.
Developers: Engineers need to be able to collaborate on code and build their workflows into Teams for remote collaboration. We have a number of developers who typically work exclusively on desktops. We are providing them with laptops with a WVD solution so they can remote into their dev environment.
Call center and help desk: At Microsoft, we have walk-up help desks as well as online technicians. They all have Microsoft-managed PCs, which enables those who typically work onsite to switch instantly over to a remote work model and remain productive.
Firstline Workers: It’s key to connect all workers so that they are equipped with the knowledge to take appropriate steps for themselves, customers, and the community. Teams serves as the single productivity hub for retail employees and managers across Microsoft Stores, connecting remote sites, digitizing workflows, and ensuring workers have real-time access to the right information at the right time. During the COVID-19 outbreak, they’ve used the Store Portal application in Teams to communicate latest policies and procedures including sanitation updates, staffing changes, and event status. Additionally, the Stores team uses Teams to run daily standup meetings and for Q&As with associates and team members that drive dialogue and collaboration on key topics.
Enabling a team to work remotely is an ongoing challenge, and we get that this challenge is different for every organization. I hope that reading about our approach has been useful to you, and as I wrote earlier in this post, I’d love to learn more about yours. To share your experiences, ask other IT professionals and partners for advice or information, and find additional resources, join the new opens in a new windowEnabling Remote Work Tech Community. Let’s keep the conversation going there!