In July 2022, NTT Communications Corporation (NTT Com) launched a Remote Standard System (RSS) that allows employees to work from anywhere in Japan. Workers work primarily from home or from satellite offices. This next-generation work style is supported by a robust security infrastructure powered by Microsoft 365 E5.
A way of working that brings freedom to your life
NTT Com became a member of the DOCOMO Group from July 2022 as a result of a reorganization. The new business unit, which is integrated with DOCOMO’s corporate business, has a mission to create more value by adding the power of mobile to existing digital platforms.
NTT Com’s transformation extends not only to the organization, but also to the way each individual works. This system includes a focus on better health through “work-in-life” in which employees do not have to live within commuting distance and are free to design their own work and living styles.
Tsuyoshi Toyoshima, Director of Information Systems for Digital Transformation, explains the significance of the Remote Standard System.
He says, “For the past two years, the entire NTT Group has been thinking about how to respond to the era of Covid-19. The basic idea is that work performance is enhanced when a person’s life is fulfilled. While employees live in their preferred locations, corporate activities can be realized through distributed networks. The Remote Standard System is a new initiative to achieve this.”
The history of remote work practices at NTT Communications is long, dating back 20 years when trials began. Initially, the program was limited to employees with circumstances such as childcare or nursing care, but all employees became eligible by 2017. Thanks to early efforts to create a telework environment and foster a receptive culture, 14,000 employees were able to immediately switch working styles when a state of emergency was declared in 2020. The company has promoted work-style transformation based on the three elements necessary for a new way of working: Process, Systems, and Culture. Today, as much as 80% of its work is now conducted remotely.
“The Remote Standard System will make it possible to live in a rural area and commute to a company in Tokyo. This will expand job choice possibilities for students and job seekers from all over Japan. In addition, I believe that the spread of employees working in their hometowns throughout the NTT Group will make it possible to offer proposals that are rooted in the local community,” says Toyoshima.
NTT Communications has embarked on a new era of workstyle that does not impose restrictions on where you work or where you live. Microsoft 365 E5 was an indispensable platform for the company to establish a standardized system for remote work.
Microsoft 365 E5: A One-Stop Solution for Security Challenges
The impetus for using Microsoft 365 E5 came from the fact that security and governance for remote work still remained an issue, according to Shuji Inoue and Tatsuya Inada, Senior Managers of Information Systems for Digital Transformation.
Inoue says, “In the past, we used an on-premises Active Directory combined with an AD FS (Active Directory Federation Service) server for account management and system authentication. This meant that each system had its own authentication infrastructure, and because the authentication mechanism was based on the ID/Password, governance and security were insufficient.”
Inada added that, “With 80% of the devices outside the company, perimeter protection by firewalls and on-premises device management are not enough to provide adequate protection. Furthermore, given the increasing sophistication of cyber-attacks in recent years, new mechanisms are needed to minimize damage. This is why we sought to manage distributed locations in the cloud with Zero Trust Security.”
Microsoft 365 E5 was the platform that provided a comprehensive solution to these challenges. The platform offers the most advanced security and governance management features of any enterprise plan, and NTT Communications upgraded its subscription license from Microsoft 365 E3 to E5 in April 2021.
“With Azure Active Directory (Azure AD), you can integrate your authentication infrastructure and add multi-factor authentication (e.g., face and fingerprint) with Microsoft Authenticator. In addition, the Premium 2 edition of Azure AD is included as part of Microsoft 365 E5 to provide risk-based ID access control. If a user is supposed to be working in Tokyo, but a login is recorded from overseas five minutes later, we can prevent unauthorized access by requiring additional authentication,” says Inoue.
Inada also added a perspective on administration saying, “In terms of device management, Azure AD and Microsoft Intune enable us to provide fine-tuned permission control, such as access if you are logged in to the on-prem AD. We have allowed “secured PCs” as remote PCs since 2018, and we decided that Microsoft 365 E5 would further strengthen our security and speed up device provisioning.”
Inoue explains the deciding factor in implementing Microsoft 365 E5 saying, “Zero Trust is a mechanism that assumes a breach of all resources, grants minimum privileges to resources, checks all access logs, and detects and responds to any suspicious activity. In order to implement this system, we considered every aspect, including cost, implementation time, and operational burden, and the best choice was Microsoft 365 E5.”
Improved Governance through Visualization
The implementation of the various features of Microsoft 365 E5 went extremely smoothly. Both Inoue and Inada say that the introduction has significant impact for increased visibility of potential security issues.
“When we try to implement a combination of disparate security products, we often end up having a lot of trouble. However, in this case, the interfaces are all consistent across the suite of Microsoft products, which is very helpful to us as an IT department. For example, when we start using Microsoft Defender for Cloud Apps, which provides visibility and control of cloud applications, we only need to activate that from the management center,” says Inada.
Inoue says, “We only allow the use of SaaS services that we have authorized internally, but Microsoft Defender for Cloud Apps allows us to visualize and manage actual usage to ensure that we are really using only those services that we have approved.”
Inada commented on an actual incident saying, “The other day,there was an access with strange authorization, but after tracking it with Microsoft Defender for Endpoint (MDE) and interviewing the employee, it turned out that it was not infected with malware, but was caused by a wrong operation. Previously, it was not possible before to trace back to this point. MDE also has a “vulnerability management function” that identifies weaknesses of applications installed in the terminal and indicates which ones have the greatest impact. From the perspective of the IT department, we are now able to understand the risks of apps that are installed on the device on their own, and we are now able to enforce governance.”
In addition, NTT Com has begun using Windows Autopilot, a service that performs device set-up via the cloud, in conjunction with the introduction of Microsoft 365 E5. According to Inada, the impact of the new coronavirus outbreak (COVID-19) and the reorganization of the group created challenges in provisioning for remote devices.
The coronavirus era raised the question, ‘What if the center for device set-up cannot be staffed in person?’ Provisioning all employees’ devices in one place was a risk in itself. And now that we are a member of the DOCOMO Group, there are locations all over the country where the internal network has not yet been extended. If we remained dependent on an on-premises environment, we would have to go into the field and do provisioning work on site,” says Inada.
Windows Autopilot is used to deploy Windows devices, allowing the employees to complete the initial configuration for work by simply logging on to an internet-connected device, much like changing a smartphone model. Joining the new PCs to Azure AD was essential to this model, as it does not rely on traditional on-premises Active Directory. NTT Com is now solidifying a new model for provisioning with an eye toward workstyle change.
Inada says, “In the past, set-up involved creating a master image with information on all settings, security policies, drivers, applications, etc., and then deploying it at the provisioning center, which was a struggle. With device changes, we would have to put in quite a bit of effort into creating new master profiles. With Windows Autopilot, all we have to do was set up the necessary apps and configuration profiles in advance in Intune, and the rest was done automatically, using the OS as shipped from the manufacturer’ s factory.
A society where people’s lives are enriched by the way of work brought about by Zero Trust
In addition to this, NTT Com is taking advantage of all the features of Microsoft 365. The company has completely phased out its traditional file servers and migrated everything to SharePoint Online. The internal rollout of a phone system that allows users to make and receive external calls, Direct Calling for Microsoft Teams, was completed in 2021. The company has also begun implementing Microsoft Sentinel, an automated solution that collects all logs, detects alerts, investigates, and responds to them.
Microsoft 365 has resulted in a 98% satisfaction rate among internal users of the company’s secured PCs and a 65% cost savings compared to traditional thin-client devices. It is notable that not a single serious incident has occurred.
Toyoshima has defined the future of the digital workplace at NTT Communications saying, “The concept of the Remote Standard System is to liberate working time and place. To achieve this, we are advancing the sophistication of hybrid work and moving away from perimeter-type defenses. We will think and deliver for ourselves what a complete Zero Trust IT infrastructure can look like respectively across network, cloud, and endpoint. We hope to work to get closer to the ultimate application of Zero Trust, which is to constantly and dynamically monitor and deal with the data itself.”
Toyoshima also mentioned the external deployment of remote work environments explaining, “Most employees have no idea how well they are protected by their Secured PC and Microsoft 365 E5,” he said. “They can work as usual from anywhere and still have strong security. That’s exactly what we wanted. We will standardize this system as the model for Zero Trust at NTT Group. It will eventually be provided outside our company as a workstyle solution, contributing to the realization of a working style that enhances people’ s lives in society.”
NTT Communications has laid the foundation for the Remote Standard System with Zero Trust Security using Microsoft 365 E5. The company’s implementation of this system will show Japanese society the ideal way to work.
“With Azure Active Directory (Azure AD), you can integrate your authentication infrastructure and add multi-factor authentication (e.g., face and fingerprint) with Microsoft Authenticator. In addition, the Azure AD Premium P2 edition is included to provide risk-based access control.”
Shuji Inoue, Senior Manager, Information Systems Division, Digital Transformation Department, NTT Communications Corporation
Follow Microsoft