To protect and optimize worker productivity and collaboration, you must enable local and remote workers to access your organization's local and cloud-based information, tools, and resources easily and securely. This solution guides you through deploying key layers of infrastructure that enable workers to do the best job possible, wherever they are.
Hybrid workers can work onsite or remotely in a combination of locations. Allowing employees to work away from a traditional office is important for many organizations:
- Hire and retain workers who are unwilling to relocate or who require a flexible work environment.
- Reduce worker commuting, leaving them more time to be productive and for activities that reduce stress outside of work.
- Save office space.
Microsoft 365 has the capabilities to enable your hybrid workers to work onsite or remotely
For IT professionals managing on-premise and cloud infrastructure to enable hybrid worker productivity, this solution provides these key capabilities:
- Connected
- From anywhere in the world and at any time, your workers can access:
- Cloud-based services and data from your Microsoft 365 subscription.
- Your organization's resources, such as those provided by on-premises application data centers.
- From anywhere in the world and at any time, your workers can access:
- Protected
- Logins are secured with multi-factor authentication (MFA), and built-in security features in Microsoft 365 and Windows 11 or 10 protect against malware, malicious attacks, and data loss.
- Managed
- Your hybrid workers' devices can be managed from the cloud with security settings, allowed applications, and system state compliance.
- Collaborative and productive
- Your hybrid workers can be as productive as locals in a highly collaborative way with:
- Online meetings and chat sessions with Teams.
- Shared workspaces for storing files in the cloud with global accessibility and real-time collaboration with SharePoint and OneDrive.
- Shared tasks and workflows to break down work and finish it more effectively.
- Your hybrid workers can be as productive as locals in a highly collaborative way with:
For a seamless sign-in experience, on-premises Active Directory Domain Services (AD DS) user accounts must be synchronized with Azure Active Directory (Azure AD). To protect Windows 11 or 10 devices, they must be enrolled in Intune. An overview of the infrastructure is shown here.
To enable Microsoft 365 capabilities for your hybrid workers, use these Microsoft 365 features.
| Functionality or feature | Description | Licences |
| MFA applied to security defaults | Protects against attacks on identities and devices by requiring a second form of authentication to log in. Security defaults require MFA for all user accounts. | Microsoft 365 E3 or E5 |
| MFA applied with conditional access | Require MFA based on login properties with Conditional Access policies. | Microsoft 365 E3 or E5 |
| MFA applied with risk-based Conditional Access | Require MFA based on the user's sign-in risk with Azure AD Identity Protection. | Microsoft 365 E5 or E3 with Azure AD Premium P2 licensing |
| Self-Service Password Reset (SSPR) | Allow users to reset or unlock their password or account themselves. | Microsoft 365 E3 or E5 |
| Azure AD Application Proxy | Provides secure remote access for web-based applications that are located on intranet servers. | Separate paid Azure subscription required. |
| Point-to-site Azure VPN | Create a secure connection from a remote worker's device to the intranet through an Azure virtual network. | Separate paid Azure subscription required. |
| Windows 365 | Support remote workers who can only use their personal, unmanaged devices with Windows 365 cloud PCs. | Separate paid Azure subscription required. |
| Remote Desktop | Allows employees to connect to Windows computers on the intranet. | Microsoft 365 E3 or E5 |
| Remote Desktop Services Gateway | It encrypts communications and prevents RDS hosts from being directly exposed to the Internet. | Requires licenses other than Windows Server. |
| Microsoft Intune | Manage devices and apps. | Microsoft 365 E3 or E5 |
| Configuration Manager | Manage installations, updates, and software configurations on your devices. | Separate licenses are required for Configuration Manager. |
| Endpoint analysis | Determines the upgrade readiness of Windows clients. | Separate licenses are required for Configuration Manager. |
| Windows Autopilot | Set up and preconfigure new Windows 11 or 10 devices for productive use. | Microsoft 365 E3 or E5 |
| Microsoft Teams, Exchange Online, SharePoint Online and OneDrive, Microsoft 365 apps, Microsoft Power Platform, and Yammer | Create, communicate and collaborate. | Microsoft 365 E3 or E5 |
Edward Ustariz
Technology Support Engineer
EN 
ES