{"id":11755,"date":"2023-07-12T07:57:04","date_gmt":"2023-07-12T14:57:04","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=11755"},"modified":"2023-08-01T14:31:22","modified_gmt":"2023-08-01T21:31:22","slug":"make-it-easy-but-secure-our-journey-to-frictionless-device-management-at-microsoft","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/make-it-easy-but-secure-our-journey-to-frictionless-device-management-at-microsoft\/","title":{"rendered":"Make it easy but secure: Our journey to frictionless device management at Microsoft"},"content":{"rendered":"

\"MicrosoftWith more than 200,000 employees each utilizing a handful of work and personal devices to get work done, the device management landscape at Microsoft is immense, complicated, and fraught with security risk.<\/p>\n

In short, the point at which our administrator responsibilities intersect with the experience our employees have with their devices has historically been full of friction.<\/p>\n

We are in a moment of massive transition. We went from everyone in the office to everyone remote, and now everyone is hybrid. Our expectation and goal is that every user can work from whichever device they want from wherever in the world they want. But we must accomplish this while fending off thousands of attacks every day on our devices around the globe.<\/p>\n

\u2014Senthil Selvaraj, principal product manager, Frictionless Devices, Microsoft Digital Employee Experience<\/p>\n<\/blockquote>\n

For years, we at Microsoft have been transforming the way we manage our company\u2013\u2013a long road of good work that has led us to where we are today that\u2019s enabling our employees to access their information whenever and wherever they need it.<\/p>\n

\"Selvaraj
Senthil Selvaraj led our Frictionless Devices team through the modern transition in device management. He is a principal product manager.<\/figcaption><\/figure>\n

Our continued shift towards empowering our employees to work anywhere enabled them to stay engaged and productive during the pandemic. Now that a new era of hybrid work has emerged, the necessity for seamless access to company resources is more important than ever, and the challenges of maintaining security in this new paradigm are ever-present.<\/p>\n

\u201cWe are in a moment of massive transition. We went from everyone in the office to everyone remote, and now everyone is hybrid,\u201d says Senthil Selvaraj, principal product manager of the Frictionless Devices team within Microsoft Digital Employee Experience, the company\u2019s IT organization. \u201cOur expectation and goal are that every user can work from whichever device they want from wherever in the world they want. But we must accomplish this while fending off thousands of attacks every day on our devices around the globe.\u201d<\/p>\n

Microsoft\u2019s approach to the frictionless device initiative is multi-faceted and has required us to update our thinking on how we approach procurement of hardware and software, our help desk solutions, and utilization of advances in AI technology.<\/p>\n

We divide this approach into three primary pillars: device experience, vulnerability management, and device lifecycle. Our mission is to produce efficiencies for our admins and business while demonstrably improving the experience of our employees across the globe.<\/p>\n

[<\/em>Unpack how we\u2019re evolving the device experience at Microsoft.<\/em><\/a> Discover how we\u2019re verifying device health at Microsoft with Zero Trust.<\/em><\/a> Explore how we\u2019re harnessing first-party patching technology to drive innovation at Microsoft.<\/em><\/a>]<\/em><\/p>\n

Self-managed help desk<\/h2>\n

At Microsoft Digital Employee Experience, the organization that powers, protects, and transforms the company, we oversee the IT function for the whole company. This includes managing the help desk experience for our employees, which is a common touchpoint for all users seeking help with their devices.<\/p>\n

However, the help desk is a key driver of financial and opportunity cost. In the traditional model, we would have one support person helping one user with an issue at a time. This approach is inefficient and often misses out on the network effects that can be gained with sharing solutions not just with a single user but with the whole community. Why help one person at a time when you can help the whole community at once?<\/p>\n

We found that 40 percent of all helpdesk tickets, especially from non-Windows devices, required user education rather than a hardware or software fix. So we have built a SharePoint site that contains all the information users need to set up their applications on their own.<\/p>\n

We see a compounded effect of savings: employees are not losing productive time while waiting for the help desk to assist them, and we reduce helpdesk costs by reducing the overall number of tickets. We can reallocate our resources to the true issues that need fixing.<\/p>\n

In the very near future, we will see even further gains in efficiency and cost reduction by utilizing the latest generation of AI automations at Microsoft. We anticipate that tools like a Helpdesk Copilot will enable employees to access information that enable them to solve device problems without needing to escalate to a help desk engineer. This will decrease the amount of time they use searching for solutions and the amount of time our help desk engineers will need to spend working on common solutions.<\/p>\n

The benefits of native Zero Trust and virtualization<\/h2>\n

The hybrid work environment requires us to provide flexibility to our employees who may be logging in to company resources from any number of locations. Our security needs to flexibly and securely meet employees wherever they are. Zero Trust architecture is our modern approach to this device environment that allows us to effectively secure our devices and our networks. And virtualization of devices is the next frontier for ease of use.<\/p>\n

By centralizing and simplifying security in the cloud we are saving money and becoming more secure than ever. No longer are we relying on a castle-and-moat strategy whereby once you are logged in you\u2019ll have free access to all resources on the network. We\u2019re now limiting users and accounts by a concept called least-privileged access<\/em>. Your login is verified at each step and each resource is thus secured individually.<\/p>\n

A great example of this Zero Trust initiative appearing in the device management role are the peripherals that we use in our joint conference rooms. Alongside devices like printers<\/a>, conference rooms are extremely common touchpoints for employees coming into a Microsoft office. We need and want their experience in using these resources to be as seamless as possible, but\u2013\u2013because they\u2019re shared resources\u2013\u2013they remain a security vulnerability. Now, users are accessing these resources under their own credentials on a Zero Trust protocol.<\/p>\n

\u201cIf you\u2019re looking for security, speed, and ease of access, your answer is the cloud,\u201d Selvaraj says. \u201cThe ultimate expression of this modern security posture will be coming through opportunities in virtualized devices.\u201d<\/p>\n

The problem and opportunity of software management is two fold: How do we provide ease of access to users while reducing friction for our security and support teams? We are moving the goal posts to make sure all apps are pre-approved and are known entities before being installed.<\/p>\n

\u2014Sean Cottrille, senior product manager, Frictionless Devices<\/p>\n<\/blockquote>\n

We recently announced new ways of delivering employees\u2019 desktop experiences with virtualization solutions such as Windows 365<\/a> and Microsoft Dev Box<\/a>. With Windows 365 Cloud PCs, users can access their personalized Windows apps, settings, desktop, and data\u2014securely hosted in the Microsoft Cloud and accessible on any device\u2014wherever and whenever they work. Cloud-based solutions like these aligned to Microsoft Zero Trust principles are key in reducing friction for everyone in the modern flexible workplace.<\/p>\n

Maintaining the approved software Rolodex<\/h2>\n

Modern software like Microsoft Teams is incredibly powerful and enables a new world of collaboration through its associated apps and APIs. However, each of these exit points where one piece of software or hardware connects with another is a vulnerability. One approach we are taking to more effectively secure this software ecosystem is by centralizing permissions for all applications.<\/p>\n

We have effectively created an internal database of known and trusted apps. These are software applications that our IT team can, to a certain degree, guarantee will work and be secure. Previous generations of application management were extremely open. Each user had nearly complete access to installing new applications. Obviously, while this approach may be popular with users who can use whatever software they wish, if paired with the pre-Zero Trust security environment, we would face greater risk to the network.<\/p>\n

\u201cThe problem and opportunity of software management is twofold: How do we provide ease of access to users while reducing friction for our security and support teams?\u201d says Sean Cottrille, senior product manager on the Frictionless Devices team. \u201cWe are moving the goal posts to make sure all apps are pre-approved and are known entities before being installed.\u201d<\/p>\n

This new approach to applications ensures that we have a structure in place that answers the questions and needs of the user in advance. Now we can provide a solution to the user more quickly than ever before.<\/p>\n

When you\u2019re making a change to the user experience, you must make sure it\u2019s well communicated. If we see problems with the rollout of a new feature, it\u2019s usually because we haven\u2019t communicated enough or in the right channels. You need to go to multiple places where employees gather information to make sure the correct information is meeting them.<\/p>\n

\u2014John Philpott, senior product manager for seamless access, Microsoft Digital Employee Experience<\/p>\n<\/blockquote>\n

Managing expectations and building for success<\/h2>\n

Any change to how an employee gets their daily work done requires clear communication about expectations and flexibility from all involved. Employees rely on their hardware and software to work correctly to be able to get work done and quickly become frustrated if there is an unexpected change to their workflow.<\/p>\n

\"Philpott
John Philpott and Sean Cottrille are two members of Microsoft Digital Employee Experience team who helped bring our modern vision for frictionless device management to life.<\/figcaption><\/figure>\n

\u201cWhen you\u2019re making a change to the user experience, you must make sure it\u2019s well communicated,\u201d says John Philpott, a senior product manager for seamless access in Microsoft Digital Employee Experience. \u201cIf we see problems with the rollout of a new feature, it\u2019s usually because we haven\u2019t communicated enough or in the right channels. You need to go to multiple places where employees gather information to make sure the correct information is meeting them.\u201d<\/p>\n

We always test and analyze changes before implementing them, and we are sure of the worth of these updates and upgrades before we roll them out broadly. With this confidence we can go to our team, clearly communicate what the changes are going to be while knowing that the effort of the transition period will be worth it.<\/p>\n

The overall benefit of our frictionless devices initiative is that our employees are more connected and enjoy a more seamless device experience. We have developed disruption free updates and ensuring seamless access to the tools and services that users need to get their work done wherever they\u2019re working, whether at home, at the office, or on the road. We are doing all of this while gaining time and financial efficiencies by centralizing procurement, optimizing automation, and improving the virtualization technology.<\/p>\n

\u201cOur goal with device management is to make the whole experience frictionless and to help our employees remain productive with less downtime,\u201d Selvaraj says. \u201cThis doesn\u2019t have to conflict with our parallel mission of keeping our company safe. We\u2019re making the employee and admin experience easy but secure.\u201d<\/p>\n

\"Key<\/p>\n