Using Windows Virtual Desktop For Secure Remote Working
by TUCU Managed IT Services in Toronto
Despite being one of the dominant trends for the past year, remote working is still a complicated issue for many employers. There are different technologies involved, different vendors, and numerous configurations that affect the total cost as well as the effort required to deploy that solution.
Even the most popular remote working options such as Virtual Desktop aren’t always an obvious choice. Making things worse is the amount of noise available online regarding the implementations of these solutions.
So with the help of our in-house cloud engineers, we’re going to answer three questions regarding Windows Virtual Desktop that will help employers make the right call:
- What exactly is Windows Virtual Desktop and how does it work?
- When is the right time to deploy Windows Virtual Desktop?
- What is the best way to deploy Windows Virtual Desktop in 2021?
If you are a technician looking to deploy your own VDI for your organization, check out Christiaan Brinkhoff's Windows Virtual Desktop deployment guide.
Understanding Windows Virtual Desktop
There are many misconceptions surrounding what Windows Virtual Desktop is and what it can be used for - so let’s start there.
The main concept behind desktop virtualization is that traditionally, files and applications are tied to specific hardware (the hard drive in your work computer, for instance). This means that in order to access those files and apps, you must be able to access that specific computer. Windows Virtual Desktop eliminates this limitation by decoupling apps and data from specific hardware and thus allowing employees to access the information they need from anywhere.
In practice, this works through Microsoft’s global cloud platform, Azure which provides the storage and computing required to create a fully-functional simulation of a Windows environment. This simulation runs Windows and all of its applications the same way you would on any computer. The simulation is then streamed to any Windows, macOS, iOS, and Android device around the world. Employees can even use Windows Virtual Desktop through any modern web browser.
Apart from the obvious benefit of providing quick and easy access to important apps and documents, Windows Virtual Desktop becomes a crucial tool for centralizing security and reducing IT support overhead as a business only needs to virtualize one desktop for hundreds of employees. We’ll explore the benefits and use cases of Windows Virtual Desktop in the next section but before that, we must answer an important question: how is Windows Virtual Desktop secure?
A Windows Virtual Desktop is far more secure than most other remote working arrangements as it decouples apps and data from an employee’s personal hardware. Instead of copying data to a personal computer, employees simply stream information from a secure cloud server. This reduces the risk of critical business information being stored anywhere but on a secure, remote server.
Benefits of Windows Virtual Desktop
Traditionally, creating desktop virtualization similar to Windows Virtual Desktop would require the IT team to set up and manage the gateway, broker, diagnostics, load-balancing, etc. And even then, it very likely won’t be as refined or reliable. On the contrary, Windows Virtual Desktop is a fully-managed service which means the platform takes care of various configurations and settings.
That said, while the deployment of WVD is much quicker, businesses will still require the support of an IT team for changing configurations, staying compliant, updates, and other IT management functions. For this reason, TUCU, one of Canada’s top-rated IT solutions providers also helps businesses with ongoing WVD support after the initial deployment - learn more about our cloud IT management services here.
It’s also important not to mistake managed services for a lack of customizability. Windows Virtual Desktop runs on Azure which allows businesses to customize virtual machines (VMs) according to their workloads to ensure maximum efficiency.
Cross-platform native support
In your office, all work computers might be running a Windows operating system but employee’s personal devices might not. This would be a major obstacle for employees running macOS or a different version of Windows - but not with Windows Virtual Desktop. WYD has fully-featured native client support for not just Windows and Mac computers but also for Android, iOS, and HTML5 (modern web browsers).
More importantly, the user experience between an actual desktop and a virtual desktop is almost indistinguishable. The layout, controls, and personalization options are all the same across different platforms and applications perform just like local apps. Another underrated feature of Windows Virtual Desktop is the ability to save employee’s profile data on the cloud enabling apps like Outlook to open up with all data preloaded (emails, for instance) when the employee logs in.
This ensures that employees’ personal devices never become an obstacle between them and their job.
Reduced costs and IT overhead
It’s common practice for businesses to purchase and assign dedicated Windows laptops to every employee. However, this poses numerous challenges to the business. For starters, company-owned work laptops for remote working aren’t as secure as they might sound. Even with data protection software and strict firewall policies, confidential company data is stored in tens or hundreds of separate hard drives that increase the risk of data theft and loss.
Additionally, each company-owned work laptop becomes an IT asset that the company is responsible for. This means providing IT support and oversight to each employee which can quickly become very expensive and time-consuming.
On the other hand, implementing Windows Virtual Desktop as your remote working platform avoids all of these problems. For instance, every employee can use their own personal devices without increasing IT overhead as the IT team only needs to be concerned with central virtualization. Overall, a properly optimized Windows Virtual Desktop setup can reduce infrastructure costs by up to 80%.
A properly optimized Windows Virtual Desktop setup can reduce infrastructure costs by up to 80%.
With the rise of privacy laws around the world, protecting company data has become more important as data leaks have become far more expensive to deal with, especially those containing personal information. As a result, the best approach to data security is to be proactive rather than reactive - and Windows Virtual Desktop helps businesses do just that.
The backbone of all Windows Virtual Desktop implementations is Microsoft Azure, which is arguably one of the most secure cloud platforms available today This also means that the remote servers running on Azure are almost guaranteed to be more secure than the on-premises solutions that most have small-medium-businesses (SMBs) have.
One of the most common security concerns regarding virtual desktops is the possibility of data exfiltration. Fortunately, Windows Virtual Desktop does not allow employees to download any data from the virtual desktop onto their personal devices. Furthermore, WVD gives administrators a centralized platform to create and enforce policies reducing the need to control employee devices directly (although they can, by using Microsoft Intune along with WVD)
Most importantly, none of this security comes at the cost of productivity as employees are only required to log in with a secure connection to ensure data safety, allowing them to focus fully on their work.
Another top security concern for businesses is data residency or where data is stored. Security frameworks like NIST 800-171 require businesses to store their data exclusively within US soil. Furthermore, if a business works with the US government, this framework is mandated for every user or device that can access the data. Canada has similar data residency requirements when performing government work as a vendor.
Windows Virtual Desktop has built-in features to ensure compliance with such frameworks, as Azure allows you to specify exactly which physical data centers your IaaS deployment resides in.
Highly scalable and reliable
Like security, scalability and reliability are two areas that most SMBs struggle with, especially when using on-premises hardware. One of the most popular solutions to these limitations is to use a cloud-based remote working solution like WVD as it offers incredible scalability and almost perfect reliability at a very affordable cost (especially compared to what a similarly specced on-premises solution would cost).
Microsoft Azure ensures businesses get consistent performance and low latency, irrespective of their geographical location by allowing administrators to choose the data center that’s closest to end-users when creating desktop sessions.
When to Use Windows Virtual Desktop
Windows Virtual Desktop is an obvious choice for any business looking for a secure and easy-to-use remote working solution as it has all of the features most businesses would ever need. WVD can also be deployed on short notice which might be a key requirement for many businesses switching to remote working due to an emergency. That said, there are some less obvious scenarios where it would make sense to use Windows Virtual Desktop as an effective solution. The following are four such scenarios:
When facing high IT costs
High IT costs are very common in modern businesses due to their dependence on computers and software. More often than not, high IT costs can be pinpointed to a few key areas. For instance, many businesses that are shifting towards remote working are experiencing added costs due to additional licensing fees to add security capabilities for remote staff. Another reason could be the unusually high demand for IT support as employees set up their personal computers for work.
However, both of these problems can be overcome with WVD as it removes the need to buy additional licenses for individual employees, instead hundreds of employees use the same desktop (but with different profiles). At the same time, this means that the IT team only needs to manage the central virtualization. That said, each employee device (personal or company-issued) would still require a Windows 10 license to access Windows Virtual Desktop. The license can be attained with a subscription to M365 Business Premium, M365 E3 (or higher) or a standalone Windows 10 license.
The only real cost of WVD is the cost to run Azure’s Virtual Machines (VMs). VMs can be thought of as computers running on the cloud that simulate the Windows environment for employees (although capable of much more). However, unlike on-premises hardware, Azure VMs have only operating costs and no recurring fixed costs. This means that businesses only pay for what they use and idle resources cost nothing.
When facing capacity restraints
A fast-growing company that adds new employees every month has its own set of challenges, ranging from efficiently onboarding new employees and managing access control to ensuring the backend can handle the growth without any outages.
WVD can help with many of these challenges by providing a centralized management platform to manage end users and a highly scalable backend with a 99.9% availability to minimize downtime.
When already using Microsoft Business Premium
If your business is already using Microsoft 365 (formerly known as Office 365), it makes little sense to use any other third-party virtual desktop service instead of Windows Virtual Desktop as WVD licensing is already included in Microsoft 365 at no additional cost. As we mentioned, the only cost of using WVD is the hosting cost of Azure VMs, which isn’t a fixed cost.
Additionally, WVD provides seamless integration with all other Microsoft 365 applications and tools which simplifies IT management and promotes consistency across the entire organization.
Difference between Windows Virtual Desktop and VPN
Many employers find it difficult to choose between Windows Virtual Desktop and a Virtual Private Network (VPN) due to their similar purpose and intended role as a remote working solution. However, there are some key differences between WVD and VPN that may affect your decision.
For starters, a Virtual Private Network (VPN) creates a secure network on top of an existing network (that is, the internet). This adds connectivity capabilities that allow employees to access files and applications that can normally only be accessed when you’d be connected to the local network (that is, in the office). However, this can also be a major security drawback as employees will have the ability to download files onto their local devices.
Additionally, using a VPN exposes the corporate network to possible brute force attacks against the VPN software/appliance. It also adds an attack vector via the endpoint connecting to the company network which means a virus on the employee’s personal device would have access to the entire company network. On the other hand, WVD removes the possibility of data exfiltration as well as both the brute force and endpoint connection vectors.
Difference between Windows Virtual Desktop and Microsoft Intune
Microsoft Intune is a popular device management platform that can also be used to secure remote endpoints. However, compared to Windows Virtual Desktop, Microsoft Intune isn’t as manageable or secure as having a single virtualised infrastructure.
The following are some of the key differences between using Windows Virtual Desktop and Microsoft Intune as a remote working solution:
- In order to onboard new staff, the business needs to purchase a dedicated computer for that hire. No new hardware needs to be purchased in order to use WVD, new hires may connect with their own devices.
- Intune + Autopilot requires 3-4 hours of downtime during staff changeover, computer failure, and Upgrade/Replace & Data Transfer. The same process takes a few minutes with WVD.
- Windows Virtual Desktop has built-in disaster recovery capabilities, Intune does not (although there are addon options to integrate disaster recovery).
It’s important to note that Microsoft Intune is not a dedicated remote working solution but rather it is an endpoint security and configuration tool. In a best-practice scenario, a business would want to use both Intune and WVD for a buttoned-up and user-friendly experience.
Implementing Windows Virtual Desktop in 2021
Windows Virtual Desktop is one of the most comprehensive and fully-featured remote working solutions available today. It is cost-efficient, secure, and as user-friendly as remote working solutions get. However, it’s not the only platform for remote working and there are many technologies that can assist in securing your remote workforce.
Understanding all of these technologies (Intune, Autopilot, VPN, RDS, etc) might make you think that modern IT is too complicated - but it doesn’t have to be.
If you’d like help implementing the right remote working solution for your business, get in touch with the cloud experts at TUCU Managed IT Services Inc, one of Toronto's top-rated IT providers offering Microsoft 365 support and Azure support services. Let's talk!
Say goodbye to techaches!
We understand that you need a reliable IT company you can trust. Join our long list of happy clients dating back to 2003.
Reach out now to schedule your Discovery Call to learn how we can help you.