As some regions begin to make their way out of the challenges and disruption of the past 18 months, we’re seeing a new world of work emerge. Organizations everywhere have transformed themselves through virtual processes and remote collaboration. And as people embrace hybrid work—with people returning to the office, continuing to work from home, or some mix of the two—things will be different all over again.

The ability to work whenever, however, and wherever it’s needed has become the new normal. All employees want technology that’s familiar, easy to use, and available across devices. And in the most complex cybersecurity environment we’ve ever seen, businesses need a solution that helps their employees collaborate, share, and create while also keeping their data safe and secure. 

We have an opportunity to design the tools that will empower this new world of hybrid work with a new perspective—and the power and security of the cloud.  

Today we’re excited to announce Windows 365, a cloud service that introduces a new way to experience Windows 10 or Windows 11 (when it’s generally available later this calendar year) for workers from interns and contractors to software developers and industrial designers. Windows 365 takes the operating system to the Microsoft Cloud, securely streaming the full Windows experience—including all your apps, data, and settings—to your personal or corporate devices. This approach creates a fully new personal computing category, specifically for the hybrid world: the Cloud PC.

Today I’d like to share with you why we think bringing the cloud revolution to personal computing will be such a milestone for how customers work in the future and the opportunities this will create for our partners.

A powerful, personalized, full Windows experience in the cloud on any device

Our recent Work Trend Index found that 73 percent of workers want flexible remote work options to stay, but at the same time, 67 percent say they also want more in-person collaboration, post-pandemic. This creates the hybrid work paradox, leaving organizations around the world to grapple with how to connect in a hybrid world and provide workers access to organizational resources at home, in the office, and at all points between.

Much like how we’ve embraced the cloud for other products, our vision for a Windows 365 Cloud PC is to deliver a new way to experience Windows through the power of the cloud—while solving both novel and traditional challenges for organizations. This new paradigm isn’t just about allowing and securing remote access. The user experience is more important than ever for attracting and retaining talent, improving productivity, and ensuring security.

The Cloud PC draws on the power of the cloud and the capabilities of the device to provide a powerful, simple, and secure full Windows 10 or Windows 11 experience that you can use to empower your workforce, regardless of location or device. Windows 365 provides an instant-on boot experience that enables users to stream all their personalized applications, tools, data, and settings from the cloud across any device including your Mac, iPad, Linux device, and Android. The Windows experience is consistent, no matter the device. You can pick up right where you left off, because the state of your Cloud PC remains the same, even when you switch devices. You can get the same work done on a laptop in a hotel room, a tablet from their car between appointments, or your desktop while you’re in the office. Seasonal workers also can ramp on and off according to the needs of the business, allowing the organization to scale for busy periods without the complicated logistical and security challenges of issuing new hardware. Further, companies can be more targeted in how they outfit specialized workers in creative, analytics, engineering, or scientific roles who need greater compute power and access to critical applications.  

Windows 365 supports your business apps—Microsoft 365, Microsoft Dynamics 365, Microsoft Power Platform—line of business apps, and more. With Windows 365, we also stand by our promise of app compatibility with App Assure, a service that helps customers with 150 or more users fix any app issues they might run into at no additional cost.

Greater simplicity with familiar tools

One of the most important design principles of Windows 365 is simplicity. You can choose the size of the Cloud PC that best meets your needs with per user per month pricing. Organizations have two edition options that include a complete cloud-based offering with multiple Cloud PC configurations based on performance needs: Windows 365 Business and Windows 365 Enterprise.

For IT, we built Windows 365 to be consistent with how you manage your physical devices now. Your Cloud PCs show up right alongside your physical devices in Microsoft Endpoint Manager, and you can apply management and security policies to them just as you do to all your other devices.

Windows 365 is built on Azure Virtual Desktop, but it simplifies the virtualization experience—handling all the details for you. You can scale processing power and monitor the performance of the Cloud PC to make sure your users are getting the best experience. We’ve also built analytics into the service to look at connection health across networks to make sure your Cloud PC users can reach everything they need on your network to be productive. From the Endpoint Analytics dashboard, you can easily identify the Cloud PC environments that are not delivering the performance needs of a given user, and not only can you get recommendations, but you can also upgrade them at the touch of a button, which is immediately applied without missing a beat. Our new Watchdog Service also continually runs diagnostics to help to keep connections up-and-running at all times. If a diagnostic check fails, we’ll alert you and even give suggestions for how to correct the issue. 

For greater customization and flexibility, especially if your organization has virtualization expertise, we recommend Azure Virtual Desktop, which continues to see significant adoption as organizations modernize VDI in the cloud. You can read more about our increased investments in Azure Virtual Desktop in today’s Tech Community blog.

For more information about the management experience, check out the Tech Community blog from Scott Manchester.

Cloud security powered by Zero Trust

With a focus on a Zero Trust architecture, Windows 365 also helps solve for today’s critical security challenges by design, storing and securing information in the cloud, not on the device. Multifactor authentication (MFA) works to explicitly verify any login or access attempt to a Cloud PC through integration with Microsoft Azure Active Directory (Azure AD). And within Microsoft Endpoint Manager, you can pair MFA with dedicated Windows 365 conditional access policies to assess login risk instantly for each session. We’ve also designed the user and admin experiences around the principle of least privileged access. For example, you can delegate specific permissions, like licensing, device management, and Cloud PC management using specific roles, so you don’t need to be a global administrator. You can use the security baselines for Windows 10, Microsoft Defender for Endpoint, and Microsoft Edge, just like you would for your physical devices now, and we’ve built a cloud PC-specific security baseline to help you get started quickly. 

If you use Microsoft Defender for Endpoint to protect your devices, it also works seamlessly with your Cloud PCs. You can use Microsoft Endpoint Manager to quickly onboard your Cloud PCs just like your other devices with Defender for Endpoint. It not only protects your Cloud PCs, but also gives you security recommendations to lower risks, and helps you quickly discover and investigate any security incidents.

Finally, encryption is used across the board. All managed disks running Cloud PCs are encrypted, all stored data is encrypted at rest, and all network traffic to and from your Cloud PCs is also encrypted.

Windows 365 means new opportunities for partners

Windows 365 creates new opportunities for partners of all types across the Microsoft ecosystem to deliver new Windows experiences from the cloud.

Independent software vendors can continue to build Windows apps, and now, deliver them in the cloud to reach a broader audience. Windows 365 also presents new development opportunities, leveraging APIs available to partners, enabling them to bring their own innovations to market. In fact, check out the Tech Community blog that highlights the solutions ISVs like Nerdio, UKG, Service Now, and Net App are announcing today in support of different user scenarios with Windows 365.

Our customers will look to system integrators and managed service providers to help them get the most out of their entire Windows estate, using the additional services that our partners like Accenture/Avanade, Atos, Crayon, Content and Cloud, Convergent, Coretek, DXC, Glueck & Kanja GAB, Insight, and Netrix continue to bring to market. For small and midsize businesses, partners like Iconic IT LLC, MachineLogic LLC, and Nitec Solutions already support Windows 365 and can assist with additional services. Original equipment manufacturers (OEMs) gain an opportunity to integrate Windows 365 into their broad portfolio of services alongside their devices’ robust features and secure hardware.

Cloud PC represents the next big step in cloud computing that connects the Microsoft Cloud and personal devices in a powerful new way. With the announcement of Windows 365, we’re inviting organizations, employees, and partners to reimagine experiences with Windows and their devices and look forward to creating new scenarios for users everywhere.

Hybrid Windows for a hybrid world

We are so excited to share this new way to experience Windows 10 or Windows 11 (when available) through the power of the cloud across all your devices. We believe this will give organizations of all sizes the power, simplicity, and security you need to address the changing needs of your workforce as you embrace hybrid work.

Windows 365 will be available on August 2, 2021, to organizations of all sizes. In the meantime, you can learn more about Windows 365 now.

We are excited to be on this journey together, and we can’t wait to learn about all the new ways you will get work done using Windows 365.

The post Introducing a new era of hybrid personal computing: the Windows 365 Cloud PC appeared first on Microsoft 365 Blog.

如今，精明的金融机构正在超越这种范例，转而采用一种新式的网络安全方法 -“零信任”模型。“零信任”模型的中心原则是默认情况下不信任任何人（无论是内部人员还是外部人员），并且在授予访问权限之前需要对每个人或每台设备进行严格的验证。

尽管城堡的外围防护仍然很重要，但是与不断加大投资力度来构建更坚固的城墙和更宽的护城河相比，“零信任”模型采用了一种更加细致入微的方法来管理对我们所谓城堡内的身份信息、数据和设备的访问。因此，无论是内部人员恶意或不经意的行为，亦或是隐蔽的攻击者突破了城墙，都无法获得对数据的自动访问。

“城堡和护城河”方法的限制

在谈到保护今天的企业数字财产安全时，“城堡和护城河”方法就突显出很大的局限性了，因为网络威胁的出现改变了我们对于防范和保护的定义。大型组织（包括银行）需要面对由员工、客户和合作伙伴现场或在线访问的数据和应用程序组成的分散网络。这使保护城堡的边界安全变得更加困难。即使护城河能有效地将敌人拦在城堡外，但对于身份已遭泄露的用户或其他潜伏在城墙内的内部威胁，它的作用则很有限。

以下做法都是导致暴露的安全隐患，而且这些做法在依赖于“城堡和护城河”网络安全方法的银行中很常见：

• 对员工的应用程序访问权限进行单一的年度审查。
• 由于经理的自行决定或出现员工调动时的治理缺失而导致访问权限策略出现模糊且不一致的情况。
• IT 过度使用有管理特权的帐户。
• 客户数据存储在多个文件共享中，却几乎不知道谁有相关的访问权限。
• 过度依赖密码来对用户进行身份验证。
• 缺乏数据分类和报告，导致不清楚具体数据的位置。
• 频繁使用 U 盘来传输包含高度敏感数据的文件。

“零信任”模型如何助力银行家和客户

“零信任”方法的好处已有据可查，并且有越来越多的实际例子表明，这种方法可以防止复杂的网络攻击。然而，如今许多银行仍然坚持与“零信任”原则相背离的做法。

采用“零信任”模型有助于银行加强他们的安全防护机制，使他们能自信地支持一些赋予员工和客户更多灵活性的举措。例如，银行高管都希望将他们面向客户的员工（例如关系经理和理财顾问）从办公桌上解放出来，使他们能在银行营业场所外部与客户会面。如今，许多金融机构是通过使用文件打印输出或他们顾问的静态视图等模拟工具来支持这种地理灵活性的。但是，银行员工和客户都期望能通过实时数据来获得更动态的体验。

依赖于“城堡和护城河”安全方法的银行在将数据分散到物理网络之外时会有诸多顾虑。因此，这些银行的银行家和理财顾问只有在银行营业场所内与客户进行会面时才能利用已经过验证且严格的投资策略的动态模型。

从历史上来看，对于忙碌的银行家或理财顾问来说，与其他银行家或贸易商共享实时模型更新或积极地展开协作是很麻烦的，至少在没有 VPN 的情况下是这样的。然而，这种灵活性正是做出可靠的投资决策和提高客户满意度的重要驱动力。“零信任”模型使关系经理或分析师能够利用来自市场数据提供者的见解，与他们各自的模型进行综合，并随时随地动态处理不同的客户场景。

好消息是，这是一个智能安全的新时代 – 由云和“零信任”体系结构提供支持 – 可以简化并实现银行安全性和符合性的现代化。

Microsoft 365 助力银行安全性的转型

借助 Microsoft 365，银行通过部署三个关键策略即可立即迈向“零信任”安全性：

• 标识和身份验证 – 首先，银行需要确保用户的身份与他们自己所述的身份一致，然后根据他们的角色提供访问权限。借助 Azure Active Directory (Azure AD)，银行可以使用单一登录 (SSO) 使已通过身份验证的用户能够从任何地方连接到应用，从而使移动办公的员工能够在不影响工作效率的情况下安全地访问资源。

银行还可以部署强身份验证方法，例如双因素或无密码的多重身份验证 (MFA)，从而使泄露风险降低 99.9%。Microsoft Authenticator 支持适用于任何 Azure AD 连接应用的推送通知、一次性密码以及生物识别。

对于 Windows 设备，银行员工可以使用 Windows Hello，这是一个用于登录设备的安全便捷的面部识别功能。最后，银行可以使用 Azure AD 条件访问来应用相应的访问策略，从而保护资源免受可疑请求的影响。Microsoft Intune 和 Azure AD 协同工作以确保仅托管和兼容的设备可以访问 Office 365 服务，包括电子邮件和本地应用。通过 Intune，还可以评估设备的合规性状态。是否强制执行条件访问策略取决于用户试图访问数据时设备的合规性状态。

条件访问插图。

• 威胁防护 – 借助 Microsoft 365，银行还可以利用 Microsoft 威胁防护集成和自动化的安全性来增强他们保护、检测和应对攻击的能力。它利用 Microsoft Intelligent Security Graph 中世界上最大的威胁信号源之一以及由人工智能 (AI) 提供支持的高级自动化来增强事件识别和响应能力，从而使安全团队能够准确、高效和及时地解决威胁。Microsoft 365 安全中心提供了一个集中化的中心和专用的工作区来管理和充分利用 Microsoft 365 智能安全解决方案，用于标识和访问管理、威胁防护、信息保护和安全管理。

Microsoft 365 安全中心。

• 信息保护 – 虽然标识和设备是网络攻击的主要对象，但数据才是网络罪犯的终极目标。借助 Microsoft 信息保护，银行可以增强对敏感信息的保护，无论这些信息位于何处或者会在何处传输。Microsoft 365 使客户能够 1) 标识他们的敏感数据并对这些数据进行分类；2) 应用灵活的保护策略；3) 监视并修复存在风险的敏感数据。

分类和保护场景的示例。

使用“零信任”简化安全管理

Microsoft 365 帮助简化新式“零信任”体系架构中的安全管理，从而实现利用所需的可见性、规模和情报来打击网络犯罪。

在考虑如何保护你现代“城堡”的安全时，“零信任”环境是应对现代网络安全威胁的最优选择。“零信任”环境要求对正在进行访问的人员和所访问的内容、访问位置、时间以及他们是否应具有访问权限进行即时的监督。

Microsoft 365 安全性和合规性功能帮助组织在信任用户或设备前对这些用户或设备进行验证。Microsoft 365 还提供完整的团队合作和高效工作解决方案。总而言之，Microsoft 365 提供了一个全面的解决方案，有助于银行高管将工作重点放在客户和创新上。

The post 为什么银行要采用新式的网络安全方法 -“零信任”模型 appeared first on Microsoft 365 Blog.