Professional Documents
Culture Documents
Starting at The Endpoint
Starting at The Endpoint
Starting at The Endpoint
at the
Endpoint
A new approach to
modernising devices, systems
and teamwork
April / 2022 Table of contents 2
/ 01
Chapter
Percentage of 6
business leaders
Increase flexibility adjusting their
workplace
by modernising flexibility policies
endpoints
Working whenever, wherever, on any device, a presentation on their laptop, edit it on their
used to be a perk. Today, it’s fundamental phone and present it with their tablet, all
for most people and enterprises.1 In fact, in without having to troubleshoot their devices.
a Forrester study commissioned by Microsoft, The whole experience should be intuitive
employers expressed that allowing people to and seamless so people can stay in the flow
81%
use their personal devices for work – and to of work. To meet these requirements, IT
work with more flexibility between home and departments are increasingly focusing on the
the office – improves employee satisfaction operating system on employees’ endpoints as
and reduces turnover.2 a key modernisation strategy.
1
‘The winner by a long stretch’, The WorkLab Year in Review, Microsoft, 2021.
2
The Total Economic Impact™ Of Modernising Endpoints, Forrester Consulting study commissioned by Microsoft, September 2021.
Passwordless authentication April / 2022 Increase flexibility by modernising endpoints 7
High security
Low security
3
Passwordless Protection: Reduce your risk exposure with passwordless authentication, Microsoft Security, 2021.
8
/ 02
Chapter
April / 2022 Deliver amazing employee experiences 9
4
2022 Work Trend Index: Annual Report: Great Expectations: Making Hybrid Work Work, Microsoft, March 16, 2022.
5
The Total Economic Impact™ Of Modernising Endpoints, Forrester Consulting study commissioned by Microsoft, September 2021.
April / 2022 Deliver amazing employee experiences 10
Improving employees’ experiences with their IT departments can help foster a positive,
devices isn’t just about helping them work thriving culture across hybrid teams by
faster – it’s also about empowering them implementing technology that supports
to contribute more meaningfully to the participation from people with different
enterprise. According to a report by Forbes communication styles and backgrounds.
Insights, “Employees benefit from a simple A unified endpoint environment fosters
and consistent experience that improves their collaboration across devices, locations and
efficiency, collaboration and communication documents. Adopting tools that use intuitive
with customers and each other.”6 design principles makes it effortless to start
and participate in meetings and chats with
Key to this is eliminating the friction of people inside the office and across the world.
toggling between endpoints so that
employees don’t have to divert focus away An inclusive workplace that empowers
from their work in order to start using employees to be themselves and get
another device. For example, an operating things done is a powerful differentiator for
system that delivers curated content can help enterprise organisations. Modernising your
them plan their day and easily access people endpoints will help you deliver a digital
and files, regardless of which device they’re experience that makes your workplace
using. Passwordless methods like fingerprint more productive and fun.
scans, PINs and facial recognition streamline
app sign-up and sign-in. And voice typing
and support for gestures and styluses make
it simple to work on any device.
6
‘Section IV: Endpoint Modernisation’, Reimagining Endpoints: Productive and Secure Computing in Today’s Hybrid, Front-Line and Edge
Environments, Forbes Insights in association with Microsoft, 2021.
11
/ 03
Chapter
12
As employees expand the number and Endpoint security starts with a holistic
variety of devices that they use to do their Zero-Trust approach
Data Endpoints
work – including their personal devices –
IT departments are scrambling to keep The principles of Zero Trust are:
endpoints compliant and up to date. A study
of enterprise IT leaders revealed some 1. Verify explicitly. Always authenticate and
common challenges:7 authorise based on all available data points.
• Stitched-together security solutions that 2. Use the least privileged access. Limit user
are disparate and outdated. access with just-in-time and just-enough
access, risk-based adaptive policies and
• Overdependence on VPNs, outdated data protection.
identity management and inadequate
Zero Trust Security
device management controls. 3. Assume breach. Minimise blast radius
and segment access. Verify end-to-end
• Increased risks of data breaches, restrictive encryption and use analytics to improve
authentication policies that degrade visibility, threat detection and defences.
the employee experience and obstacles Infrastructure Applications
to onboarding new technology and Microsoft encourages the use of Zero-Trust
employees. controls to provide visibility, automation and
orchestration across identities, endpoints,
To address these challenges, organisations are applications, network, infrastructure and data.
increasingly adopting Zero-Trust architecture Network
as a holistic approach to securing bring-
your-own-device environments, cloud-based 7
The Total Economic Impact™ of Zero Trust Solutions from Microsoft: Cost Savings and Business Benefits Enabled by Microsoft’s Zero Trust Solutions.
assets and remote users.8 A commissioned study conducted by Forrester Consulting on behalf of Microsoft. December 2021.
8
McKendrick, Joe. Reimagining Endpoints: Productive and Secure Computing in Today’s Hybrid, Frontline, and Edge Environments.
©Forbes Insights 2021.
The six layers of Zero-Trust security April / 2022 Protect people, data and services 13
Zero Trust extends from the chip to Organisations should implement security
the cloud features for hardware and operating
systems that:
Cloud Cloud services
Robust end-to-end security strategies should:
• Protect and maintain system integrity
• Separate hardware from software to as the firmware loads, preventing
protect against threats – the endpoint unauthorised firmware or software from
device is protected before it’s even starting before the operating system
Identity and booted up. launches.
Secured identity Privacy controls
privacy
• Protect the operating system against • Use a trusted platform module (TPM)
unauthorised access to critical data. 2.0 for features like Windows Hello and
BitLocker.
• Prioritise application security and prevent
access to unverified code. • Create virtualisation-based security using
Application Application security Privacy controls CPU hardware virtualisation to secure
• Protect user identities with passwordless a region of memory isolated from the host
security. operating system to protect information
and code integrity.
Encryption and data Virus and threat • Extend security to the cloud to help
Network security
protection protection protect devices, data, apps and identities An exciting development in hardware root-
Operating remotely. of-trust technology is Pluton, a security
system
processor designed by Microsoft to foil
System security
Zero-Trust endpoint security begins with sophisticated attacks. The chip can be
hardware-based isolation at the chip configured as the device TPM or as a security
level. Sensitive data is stored behind processor in non-TMP scenarios, such as
security barriers and kept separate from platform resilience.
Hardware / the operating system, so encryption keys
Hardware root of trust Silicon-assisted security
chip
and user credentials are protected from
unauthorised access.
/ 04
Chapter
15
1% outlier attacks
1% outlier attacks
mitigate the ‘people’ part of the problem
In 2021 alone, Microsoft detected and and therefore the vast majority of attacks:
blocked more than 25 billion attempts to multifactor authentication and patching.
hijack enterprise accounts.10 These weren’t
9
‘Identity is the New Battleground’, Cyber Signals, December – January 2021.
10
Ibid.
April / 2022 Mitigate risks and vulnerabilities 16
Microsoft customers
authentication. • A host firewall, such as Windows Defender
Firewall, to limit which devices can enter
• Multifactor authentication. Employees the network and the data that can be sent
provide multiple forms of identification, from within and to require authentication
employ multifactor
such as a hardware token and biometric, from any device that attempts to
to access their accounts and data. communicate with devices on the network.
authentication.
• Passwordless authentication eliminates • Multifaceted antivirus software which
11
the need for employee-generated unifies machine learning, big-data analysis
passwords, which are usually the weakest and in-depth resilience research to provide
link of an organisation’s security. comprehensive protection for endpoint
devices – Microsoft Defender Antivirus is
• Updating and patching software is a well-known example.
a simple, but effective way of preventing
attacks. IT departments should implement
automatic updates to harden security
across the organisation.
11
Microsoft Digital Defence Report, October 2021.
17
/ 05
Chapter
18
/ 06
Chapter
Most enterprise IT 20
departments provision,
Increase IT productivity update and secure
endpoints on site
54%
IT teams see two types of business benefits endpoint users are empowered to resolve
from endpoint modernisation: rote task more technology challenges on their own.
simplification or automation and redundant When employees own taking care of tasks 31%
solution consolidation or elimination. like updating apps or login credentials,
help desks get time back to apply to other
Rote task simplification or automation projects.
15%
capability.
it within an existing software ecosystem.
14
Evaluate and develop your It may surprise you that an eBook that
recommends modernising endpoints
and security as if they’re interoperable by
default – because for most employees and
organisation’s endpoint
would also recommend that some IT departments, they now are. And while
enterprises maintain their current endpoint Windows 10 will continue to be a platform of
strategies. The fact is, many organisations innovation for many successful organisations,