How Leveraging Azure Virtual Desktop Can Increase End-User and Data Security

Azure virtual desktop

As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories— Ken Knox of Synoptek breaks down how Azure Virtual Desktop adds value to the distributed workforce, and how to leverage it to increase end-user and data security.

Premium ContentSince the pandemic began over two years ago, there has been a rapid and unplanned emergence of a large and remote workforce culture. This category of employees can often be found working virtually from home, the airport, or even a coffee shop and, more than likely, on uncontrolled and unsecured networks, which creates ample opportunity for security breaches and data misuse to occur. Threats range from malware, corporate espionage, ransomware attacks, exposure of corporate or customer data, and the possible disclosure of personally identifiable information. In 2021, Sophos reported that an estimated 60+ percent of companies experienced a ransomware attack at some point, with an average cost of $1.4M to remediate the breach.

In addition to the security risks posed by this new distributed workforce, there is also the danger of inconsistent digital experiences since end-users don’t always practice the necessary care and maintenance needed to avoid these threats. Not only do such inconsistencies affect workforce efficiency, but they also make it difficult to provide support when issues arise. This results in extended resolution times, the need for increased support resources, and a potential impact on workforce productivity. The lack of essential operating system and application updates can further leave end-user devices vulnerable to zero-day threats and newly discovered exploits.

Assembling sufficient hardware to support this rapid switch to remote work has been challenging, forcing companies to reactivate older computers that are past their useful life. These computers are often underpowered for modern workloads resulting in a poor end-user experience.

Leveraging Azure Virtual Desktop to Increase Endpoint Security

Leveraging Azure Virtual Desktop, where the applications and resources live in the cloud, provides a consistent workspace experience and a familiar look and feel for users. IT support is much easier because the environment is well-known and has persistent configuration and controls, eliminating the need for end-users to have elevated rights. Additionally, when there are new applications to deploy or existing applications needing upgrades, IT staff members can update the image used to create the Azure Virtual Desktop hosts and redeploy new hosts quickly and efficiently.

Because Azure Virtual Desktop can be accessed using a purpose-built Remote Desktop application or as an HTML 5 web application, most modern computer platforms support it, and end-users can securely use the solution from almost anywhere. With actual computer processes being run remotely, the solution reduces the need for high-performance laptops or workstations for every user – thus extending the useful life of already distributed laptops and workspaces.

On the security side, a high-profile benefit is the reduction of potential exposure of corporate and customer data because information can now be restricted to the cloud environment, which prohibits downloads to an employee’s computer. Controlling such data movement further helps reduce the risk of data exfiltration by a disgruntled employee or a malicious actor.

Azure Virtual Desktop also allows security controls to be enforced consistently throughout the environment. For example, multi-factor authentication (MFA) can be added as a requirement to access the Azure Virtual Desktop, creating an additional layer of protection for information accessed by a distributed workforce. Similarly, Conditional Access policies can be configured to enforce geofencing rules or restrict access only to known devices managed by an Azure-integrated Mobile Device Management (MDM) solution such as Intune.

End-User Flexibility and App Support

In addition to security-oriented configuration options, the environment can also be set up for extreme end-user flexibility. Azure Virtual Desktop can support multiple monitors as well as full bi-directional audio and video passthrough. And for end-users who move from location to location or need to transition between devices, the session stays active – allowing online activity to remain consistent.

Moreover, leveraging Microsoft’s FSLogix application for end-user profile containerization allows the use of OneDrive for document storage, providing additional data durability and accessibility of end-user data. Using an Azure Files storage account for end-user profiles additionally enables easy backup, further protecting their documents.

In addition to using Azure Virtual Desktop as a full desktop replacement, the solution also supports published applications where all security controls available for the full desktop replacement approach are available. This approach can be useful when an organization still needs to use an application with a full client and centralized database, but with distributed end-users. To the end-user, the application appears to be running on their local computer, when it is actually running on an Azure Virtual Desktop host.

Conclusion

Azure Virtual Desktop is a strong and reliable solution for the distributed workforce that supports multiple options to secure and control the environment. It also supports multiple end-user configuration scenarios with flexibility in access platforms and access methods. And with a well-architected infrastructure, data backup and durability are easily implemented.

Ken Knox
Follow Ken