This is a continuation of a series of articles on Azure services from an operational engineering perspective with the most recent introduction to Microsoft Intune with the link here. The previous article mentioned Microsoft Intune with its device and application management capabilities. This article discusses its usage with Microsoft 365. 

Microsoft 365 for enterprise is a complete, intelligent solution that empowers everyone to be creative and work together securely. It is designed for large organizations, but it can also be used for medium-sized and small businesses that need the most advanced security and productivity capabilities. 

Microsoft 365 scenarios include productivity, collaboration, education, people, and workplace intelligence. It includes services that manage user and device identity, access, compliance, security and helps protect organizations from data leakage or loss. 

The standard Microsoft 365 cloud is used by Enterprise, Academia and even home Office 365 tenants. It has the most features and tools, global availability, and lowest prices. Since it’s the default choice between the clouds, everyone qualifies. That said there are sovereign 365 clouds for advanced data protection. 

The scenario used to describe the Microsoft 365 is often the one used to setup the infrastructure for hybrid work. This is achieved by allowing on-site and remote workers to access the organization’s on-premises and cloud-based information, tools, and resources easily and securely. The key layers of architecture that empower these workers include the following capabilities. MFA enforced with security defaults helps protect against compromised identities and devices by requiring a second form of authentication for sign-ins. Optionally, conditional access can be enforced with MFA based on the properties of the sign in. Conditional access policies can also be authored to be risk-based so that the sign-ins can be protected with Azure AD identity protection. Self-service password reset is another feature where Intune can step in with automations that are self-service for the users. It leverages the Azure Active Directory to turn on self-service password reset where the organization’s workforce is asked to register. When they register, they get instructions for resetting their password themselves. The Azure AD application proxy provides remote access for web-based applications hosted on intranet servers. Azure Point-to-site VPN can create a secure connection from a remote worker’s device to the intranet through an Azure Virtual Network. Windows 365 supports remote workers who can only use their personal and unmanaged devices with Windows 365 cloud PCs. Remote desktop services allow employees to connect to their domain joined windows computers. Remote Desktop Services Gateway encrypts communications and prevents the RDS hosts from being directly exposed to the internet. Microsoft Intune manages devices and applications. Configuration Manager manages software installations, updates, and settings on the devices. Endpoint Analytics determines the update readiness of the windows clients. Windows Autopilot sets up and pre-configures Windows devices.

With these capabilities, IT professionals managing on-site, and cloud-based infrastructure enable hybrid worker productivity. Those workers can access cloud-based service and data in their Microsoft 365 subscription and organizational resources anytime and from anywhere. Their sign-ins are secured, and their applications and devices can be managed with cloud security. The hybrid workers can be as productive and collaborative as on-premises.