Staying secure remotely: Exploring AVD and security

The swift transition to remote working has raised a number of challenges for organisations. Microsoft’s CEO Satya Nadella summarised the situation succinctly when he said we have experienced two years’ worth of digital transformation within two months.^[1] In addition to managing concerns around productivity, connectivity and accessibility, ensuring employees are able to work in a secure environment remains a top priority for organisations.

A number of challenges exist with securing remote workers.  The use of personal devices, a lack of clarity over data-sharing, and the natural drop-off in alertness when working in a home environment all pose security risks.

Microsoft’s Azure Virtual Desktop (AVD) (formerly known as Windows Virtual Desktop or WVD) has emerged as one of the more popular methods of facilitating remote working over the past year, with its security capabilities being a stand-out factor.

Traditionally, security has often been a last-minute and rushed consideration, only factored in at the final moment. However, we are beginning to see more and more organisations move away from this approach and ensure that security considerations are baked into the way we work. Instead of being perceived as a blocker, it is being increasingly recognised as an integral part of protecting business success in the digital economy.

AVD is part of this change in approach. Its centralised model provides an organisation with far greater security control over access, reducing the risk of confidential data leaving its intended environment. There are also a number of easily applied additional mechanisms that can help secure users. Let’s explore some of these features, and how they can help organisations stay secure remotely.

Azure Active Directory

Whenever a user connects into AVD, they are authenticated against Azure Active Directory. At this point, organisations can layer on a number of additional security controls, including the use of multifactor authentication. This instantly provides a greater level of security compared with a standard username and password setup. Multifactor identification can be applied to all users, or more selectively to particular user groups based on the risk impact of their role.

Access controls allow organisations to easily manage which employees have access to certain kinds of data – particularly important given the huge potential consequences of a data breach. Since the arrival of GDPR, ignorance of the law is no longer an excuse when it comes to data breaches and businesses face very significant fines, even if the breach comes from an internal bad actor. The key to managing this risk is having governance and control over who has access to what data, and AVD has a strong ability to do just that.

Impossible Travel

AVD benefits from the link with Microsoft’s comprehensive security functions. One of the stand-out security features is called Impossible Travel. As a component of Microsoft Cloud App Security, it uses machine learning algorithms to detect behavioural anomalies across users and devices that may represent a threat.

For example, if a user logs in to Office 365 from London, and then attempts to do the same from New York an hour later, the feature recognises the impossibility of this and creates an alert. When analysing behaviour anomalies, it takes over 30 different risk indicators into account including impossible travel, as well as login failures, risky IP addresses and activity rate to name a few. The component also has built-in machine learning which is able to learn from the usual behavioural patterns of each business, reducing false positives over time.

Reverse Connect

In the past, organisations often had to open up a large number of ports to connect within a traditional VDI environment. AVD contains a new mechanism called Reverse Connect that addresses this fundamental problem of traditional Remote Desktop Services. The Reverse Connect technology removes the need, for any inbound ports to be opened on perimeter firewalls in order to set up a connection to the AVD service. This means desktops and applications only ever connect to Microsoft managed Azure services, and never connect directly to public networks. Everything is managed inside Azure.

Azure Security Centre

Another benefit of AVD being hosted on Azure is the access to the platform’s security centre. It provides unified visibility and control across Azure services, as well as intelligent threat detection response. The centre makes use of machine learning for real-time security analysis, and provides actionable recommendations and controls to help protect an organisation. A network map is included that allows organisations to see a topology of its workloads, with key information such as if each node is properly configured and connected – making it easier to block unwanted connections that could facilitate a security risk. And of course, as a cloud-native service, the deployment process is simple and fast.

A secure future

These features represent just a portion of the security capabilities available when using AVD. On top of the in-built security features, there are a number of additional steps organisations can take in order to achieve the ideal set-up for them. Each business will have its own needs based on its remote working strategy and the nature of its work. AVD ensures that whatever these circumstances may be, employees can connect from any type of device and from any location with the knowledge that they can do so securely.

Follow this series to understand more about how AVD can benefit your business and unlock the potential of your users. For more insights on AVD click here.

^[1] Microsoft’s quarterly earnings report, April 2020