An IT worker holding a smoothie and working on his laptop. An IT worker holding a smoothie and working on his laptop.

New tools to help IT empower employees securely in a remote work world​

If you want to know just how dramatically the world has changed over the last few months, consider how your opinion on working from home has changed since March. Remote work used to be an option that was nice to have if you needed it or if you were getting some extra things done over the weekend—but I don’t think any of us ever anticipated that mastering every nuance of working from home in a climate like this was going to be a critical part of our long-term success.

The challenges of the work-from-home necessitated by COVID-19 will never be forgotten by anyone, especially in our IT community where 100-hour weeks were necessary to make sure everyone else could continue working 40. Here at Microsoft, we’ve probably seen every possible challenge from every industry and point on the map, and we are committed to partnering with you as we all navigate this “new normal” and keep working to ensure the continuity of your business at a time when there’s no precedent to guide us.

As you’ve shared your challenges with us, we have been hard at work to find the answers that technology can provide. Whether it’s enabling remote meetings and collaboration, provisioning and managing remote devices, ensuring the data that’s no longer confined to your network remains secure and compliant, using low-code tools and platforms to rapidly build new business applications, or addressing the latest COVID-19-related threats—we have built solutions and developed the guidance your organization needs to help you make the most of this new environment. I recommend you check out the full set of assets we’ve complied on the Microsoft Together site.

Over the last two months, there has been heavy usage of Microsoft Teams for online meetings, group chat, file sharing, and more—and this has led to an unprecedented spike in active usage that we’ve worked around the clock (quite literally) to support. Today we announced new features to enhance the meetings experience for organizations and schools. For those of you using Teams, we have resources to help you with best practices and tips, wherever you are in your Teams adoption journey. You can access those resources and see what else is new in this Tech Community blog.

Enabling your users to work from anywhere, regardless of the industry you’re in, requires a level of confidence and control over how users access information across different device endpoints and networks. To make this easier for you, today I’m happy to announce several improvements to our products, including:

  • A new management experience for Windows Virtual Desktop to quickly provision and manage remote desktops and apps and upcoming support for Microsoft Teams.
  • A unified control plane for device and access management, with Microsoft Endpoint Manager and Azure Active Directory (Azure AD), to ensure all endpoints connecting to corporate resources are secure.
  • And the ability to get the insights you need to understand how your organization is working, and make proactive improvements with Microsoft Productivity Score.

Also, we invite you to tune into our Fireside Chat today at 7 AM Pacific, during which Alysa Taylor (Corporate Vice President, Microsoft Business Applications & Global Industry), Bret Arsenault (Corporate Vice President, Microsoft Chief Information Security Officer), and I will answer your questions, share best practices, and provide guidance to help you during this challenging time. If you can’t join us live, you can watch the replay here.

Enabling you with a virtualized desktop for remote work with Windows Virtual Desktop

Many of our customers have turned to the power of desktop and app virtualization to empower their remote workers on any device. Windows Virtual Desktop uses the scale and power of the Azure global footprint and network to enable a secure remote app and/or desktop experience wherever your users are.

Today I’m happy to announce that we’ve made some significant updates to help to make it easier for you:

  • Updated management experience—Now get started with Windows Virtual Desktop faster with the new management experience deeply integrated into the Azure Portal. You can set up host pools, manage applications or desktops, and assign users—all from the Azure Portal. We have improved the auto-scaling experience through integration with Azure Automation and Azure Logic Apps. Check out the details in this Microsoft 365 blog.
  • Compliance and security—Windows Virtual Desktop is already available worldwide and today we are giving users choice on where to store the service data to meet your regulatory and compliance needs. releasing support for service databases distributed across Azure regions for regulatory and compliance needs of data residency—service metadata can be distributed across the U.S. and Europe, with additional regions coming soon.
  • Upcoming support for Microsoft Teams—Additionally, we will be improving the remote meeting and collaboration experience when using Microsoft Teams from Windows Virtual Desktop deployments with “A/V redirection” for video calling. This will create a direct path between your users when sharing video, significantly improving the video and audio experience. We expect this feature to be available within a month in Public Preview. Check out the deep dive.

You can read more about these new Windows Virtual Desktop features in a Microsoft 365 blog I wrote together with Julia White today. In addition, for a robust set of videos from the Windows Virtual Desktop engineering team demoing step-by-step deployments with all this new functionality and more, watch the Virtual Event content.

New features to help you to manage and secure your endpoints remotely

Securing remote work starts with a strong identity foundation. Azure Active Directory (Azure AD) enables your remote workers to find and access the apps they need from anywhere without compromising security. Many of our customers use Azure AD Conditional Access policies and multi-factor authentication (MFA) to secure access to their resources aligned with the principles of Zero Trust, and enable remote collaboration with external users with B2B collaboration capabilities.

Today, we’re extending the ability to use Azure AD single sign-on (SSO) with as many cloud applications as you’d like across all pricing tiers, including Azure AD Free. This means any Microsoft customer using a subscription of a commercial online service can connect all their cloud applications to Azure AD for single sign-on, and protect this access with multi-factor authentication (MFA) as a security default at no extra cost. We are also introducing several new features to make it easier for IT administrators to secure and manage access. You can learn more in the Azure AD blog authored by Alex Simons.

With Microsoft Endpoint Manager, we’ve done a lot to help ensure that your people can access information and services securely from almost any device. For broader endpoint management, across your apps and devices, we’ve improved the integration between Configuration Manager and the Microsoft Endpoint Manager admin center in Azure. You can try the new Endpoint Manager portal yourself at endpoint.microsoft.com.

Other new features include:

  • Tenant attach—With tenant attach, you can quickly attach an Intune tenant to your Configuration Manager deployment to enable the two to work together. Starting with the Configuration Manager 2002 release, you can upload your Configuration Manager devices to the cloud service and take actions—like device and user policy sync—directly from the Endpoint Manager admin center. This will help speed up common actions you might take and provide a consolidated view of all your organization’s devices in the web-based admin center. In the near future, searching for a user in the troubleshooting portal will allow your help desk to see all of a user’s device regardless of their management configuration in Microsoft Endpoint Manager. Over the coming months we’ll enable more troubleshooting tools to enable your help desk access to information and capabilities to facilitate their day-to-day actions.
  • Unified app delivery—We’ve also been working to bring the richness of Software Center from Configuration Manager and MyApps from Azure Active Directory into our Company Portal app for unified app delivery, so people can get the apps they need across their endpoints. The unified end user experience is expected in the next few weeks. But don’t worry, if you rely on Software Center and MyApps as standalone portals, they are not going away.
  • Support for Microsoft Edge for deploying apps and packages across platforms—A few months back, we released the new Microsoft Edge browser, which gives you the most compatibility for modern web and your existing apps, plus you benefit from the advanced security and privacy controls. Today, our endpoint management experiences natively integrate the app and package deployment process for PC and MacOS, and you can distribute the Edge mobile apps directly from the App Store or Google Play. We also have a security baseline dedicated to securing Edge.
  • Expanded support for macOS—Microsoft Endpoint Manager is a unified platform for all endpoints, so I’m excited to announce that we are introducing the Intune MDM agent for macOS, which extends the management controls in macOS. For example, with shell scripting, admins can leverage the agent to automate repetitive tasks and attain greater flexibility in configuring Macs. This is just the beginning of new capabilities, and we’re well on our way to giving admins first-class macOS management with Microsoft Intune.
  • Prevent cross-account sharing in Outlook mobile—With Microsoft Intune, you can apply app protection policies for Outlook for iOS and Android to help to ensure that work or school accounts can only access approved storage locations. This enables you to mitigate the risk of introducing personal content and potentially malicious content from entering your corporate environment. We’ve also updated the file attachment experience in Outlook to help guide you towards these trusted data sources and further protect mobile communications and collaboration in the enterprise.

Improve employee and technology experiences with Productivity Score preview

Remaining productive in this new remote work-centric world can be challenging on many levels. Employees are using new tools to collaborate, meet, and communicate, while needing to securely work anywhere. Enabling this requires a powerful and consistent technology experience. As an IT Pro, you’re responsible for ensuring both the employee and technology experience. Productivity Score can help by delivering visibility into how your organization is working, insights to improve productivity, and recommendations actionable in Microsoft 365 to fix issues and impart helpful changes.

Available in preview, Productivity Score is an analytics solution that measures employee and technology experiences versus benchmarks and your own business goals. These goals are flexible and personal to your organization, making it a key tool to maximize your IT investments as you adjust to new remote workstyles and needs now, and in the future, when onsite work begins to restart.

Based on feedback from our initial November announcement at Ignite 2019, we are moving beyond providing tenant-level information and can now give you more granular insights in critical categories, including:

  • Content Collaboration, so you can understand how people are reading, authoring, collaborating, and sharing content though OneDrive and SharePoint.
  • Mobility, to help you see how your employees work from any device, anywhere though their use of email, documents, and Microsoft Teams across the web, mobile, and desktop versions.
  • Communications, a new category designed to drive awareness and action so people can easily communicate via email, chat, and Yammer posts.

At Ignite, we also talked about how technology is critical to productivity. Today we are adding to Productivity Score, insights on how endpoints and your network contribute to your organizational productivity. The Network Connectivity category provides visibility into which worksite locations have network challenges that may inhibit access to critical workloads such as Exchange Online, SharePoint Online, and in the future, Microsoft Teams.

Endpoint Analytics helps you measure and improve one of my favorite things—time to productivity. In other words, the time it takes someone to get up and running. Lag time leaves your employees waiting—and unproductive. For example, people are surprised when I share that my managed device cold boots in under 15 seconds with all the security and policy controls applied. I strongly believe this can be achieved in any environment and I want to help you get there. Endpoint Analytics can help by identifying policies or hardware issues that may be slowing down devices in your estate, and proactively make changes without the need to disrupt end users or generate a help desk ticket.

To learn more about what’s new with Productivity Score, check out this Tech Community blog.

Investing in resources to help you through this time

We also understand that there’s never been a more important time to ensure you are securing and governing your most critical data. Check out today’s Microsoft Security blog from Alym Rayani as he shares some new research and product innovation that will help you to more easily secure and govern your most critical assets.

We understand what a challenging time this is for you—both professionally and personally. We remain committed to innovating in ways that will make your job easier and help you empower your people to be productive and secure in this new world of work. For more information and detailed guidance around empowering your employees, securing your environment, and more, check out the COVID-19 Remote Work resources page.