You can create connectors to apply security restrictions to mail exchanges with a partner organization or service provider. A partner can be an organization you do business with, such as a bank. It can also be a third-party cloud service that provides services such as archiving, anti-spam, and filtering.
You can create a connector to enforce encryption via transport layer security (TLS). You can also apply other security restrictions such as specifying domain names or IP address ranges that your partner organization sends mail from.
Note
Setting up a connector to exchange mail with a partner organization is optional; mail flows to and from your partner organization occur without connectors.
Using connectors to exchange email with a partner organization
By default, Microsoft 365 or Office 365 sends mails using TLS encryption, provided that the destination server also supports TLS. If your partner organization supports TLS, you only need to create a connector if you want to enforce certain security restrictions – for example, you always want TLS applied, or you require certificate verification whenever mail is sent from your partner to your organization.
When you set up a connector, email messages are checked to ensure they meet the security restrictions that you specify. If email messages don’t meet the security restrictions that you specify, the connector rejects them, and those messages will not be delivered. This behavior of the connector makes it possible to set up a secure communication channel with a partner organization.
You can set up one or both of the following, depending on your requirements:
Review this section to help you determine the specific settings you need for your business.
Set up a connector to apply security restrictions to mail sent from Microsoft 365 or Office 365 to your partner organization
This section describes the process of setting up a connector in both the New Exchange admin center (EAC) and the Classic EAC. Before you set up a new connector, do the following:
Check for any connectors that are already listed here for your organization. For example, if you already have a connector set up for a partner organization, you’ll see it listed. Ensure you don’t create duplicate connectors for a single organizational partner; when this happens, it can cause errors, and your mail might not be delivered.
If any connectors already exist for your organization, you can see them listed here, as shown in the below screenshots for New EAC and Classic EAC, respectively.
Navigate to the new EAC from the Microsoft 365 admin center by clicking Exchange under the Admin centers pane.
Below are the procedures to set up a new connector.
For New EAC
Navigate to Mail flow > Connectors. The Connectors screen appears.
Click +Add a connector. The New connector screen appears.
Under Connection from, choose Office 365.
Under Connection to, choose Partner Organization.
Click Next. The Connector name screen appears.
Provide a name for the connector and click Next. The Use of connector screen appears.
Choose any one of the two options between Only when i have a transport rule set up that redirects messages to this connector and Only when email messages are sent to these domains.
Note
If you choose the second option, provide the name of any one of the domains that are part of your organization. If there is only one domain for your organization, enter its name.
Click + (after entering the domain name, if you have chosen Only when email messages are sent to these domains)
The domain name is displayed under the text box.
Click Next. The Routing screen appears.
Choose any of the two options between Use the MX record associated with the partner’s domain and Route email through these smart hosts.
Click Next. The Security restrictions screen appears.
Note
If you choose the first option, you need not mention the details of smart host. If you choose second option, enter the domain name of the smart host in the text box.
Check the check box for Always use Transport Layer Security (TLS) to secure the connection (recommended).
Note
It is not mandatory to configure the Transport Layer Security (TLS) settings on the Security restrictions page. You can navigate to the next screen without choosing anything on this screen. The need to define TLS settings on this page depends on whether the destination server supports TLS or not.
Choose one of the options under Connect only if the recipient’s email server certificate matches this criteria.
Note
If you are choosing the Issue by a trusted certificate authority (CA) option, the Add the subject name or subject alternative name (SAN) matches this domain name option is activated.
It is optional to choose the Add the subject name or subject alternative name (SAN) matches this domain name option. However, if you choose it, you must enter the domain name to which the certificate name matches.
Click Next. The Validation email screen appears.
Enter an email address that is part of the mailbox in your organization’s email server.
Click +.
Click Validate. The validation process starts.
Once the validation process is completed, click Next. The Review connector screen appears.
Review the settings you have configured, and click Create connector.
The connector is created.
Note
If you need more information about the setup, click the Help or Learn More links.
At the end, ensure your connector validates. If the connector does not validate, see Validate connectors for help resolving issues.
For Classic EAC
Navigate to the Classic EAC portal by clicking Classic Exchange admin center. Select mail flow and then connectors.
To start the wizard, click the plus symbol +. On the first screen, choose the options that are depicted in the following screenshot:
Click Next, and follow the instructions in the wizard. Click the Help or Learn More links if you need more information. The wizard will guide you through setup. At the end, ensure your connector validates. If the connector does not validate, see Validate connectors for help resolving issues.
If you want to create a secure channel with your partner organization in both directions, set up a connector that restricts mail flow from your partner organization to Microsoft 365 or Office 365.
Set up a connector to apply security restrictions to mail sent from your partner organization to Microsoft 365 or Office 365
You can set up a connector to apply security restrictions to email that your partner organization sends to you. The procedure to set up a connector is described below.
For New EAC
Navigate to Mail flow > Connectors. The Connectors screen appears.
Click +Add a connector. The New connector screen appears.
Under Connection from, choose Partner organization.
Note
Once you select the Partner organization radio button under Connection from, the option under Connection to is greyed out, implying that Office 365 is chosen by default.
Click Next. The Connector name screen appears.
Provide a name for the connector and click Next. The Authenticating sent email screen appears.
Choose one of the two options between By verifying that the sender domain matches one of the following domains and By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization.
Note
If you choose By verifying that the sender domain matches one of the following domains, you can provide the name of any one domain from the list of domains for your organization. If you have only one domain for your organization, enter its name. If you choose By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization, provide an IP address of any of the recipients who are part of your organization’s mailbox.
Click Next. The Security restrictions screen appears.
Check the check box for Reject email messages if they aren’t sent over TLS.
Note
It is optional to choose the option of And require that the subject name of the certificate that the partner uses to authenticate with Office 365 matches this domain name. If you choose this option, enter the domain name of the partner organization.
Check the check box for Reject email messages if they aren’t sent from within this IP address range, and provide the IP address range.
Important
You can choose this option in addition to the option specified in Step 5; Else, you can choose either this option or the one in Step 5. Choosing at least one of these options is mandatory.
Click Next. The Review connector screen appears.
Review the settings you have configured, and click Create connector.
The connector is created.
Note
If you need more information, you can click the Help or Learn More links. In particular, see Identifying email from your email server for help in configuring certificate or IP address settings for this connector. The wizard will guide you through the setup.
For Classic EAC
To start the wizard, click the plus symbol +. On the first screen, choose the following options:
Click Next, and follow the instructions in the wizard. Click the Help or Learn More links if you need more information. The wizard will guide you through setup. At the end, save your connector.
Ask your partner organization to send a test email. Ensure the email your partner organization sends will cause the connector to be applied. For example, if you specified security restrictions for mail sent from a specific partner domain, ensure they send test mail from that domain. Check that the test email is delivered to confirm that the connector works correctly.
Change a connector that Microsoft 365 or Office 365 is using for mail flow
To change settings for a connector, perform the procedures specified below.
Select the connector you want to edit and then click the Edit icon, as shown in the following two screens for New EAC and Classis EAC, respectively.
The connector wizard opens, and you can make changes to the existing connector settings. While you change the connector settings, Microsoft 365 or Office 365 continues to use the existing connector settings for mail flow. When you save changes to the connector, Microsoft 365 or Office 365 starts using the new settings.
Example security restrictions you can apply to email sent from a partner organization
Review these connector examples to help you decide whether you want to apply security restrictions to emails sent by a partner organization, and understand what settings will meet your business needs:
Create a partner organization connector
For New EAC
For details on this procedure, see the For New EAC subsection in the Set up a connector to apply security restrictions to mail sent from your partner organization to Microsoft 365 or Office 365 section in this topic.
For Classic EAC
From the new EAC portal, navigate to the Classic EAC portal by clicking Classic Exchange admin center. Select mail flow and then connectors.
To start the wizard, click the plus symbol +. To create a connector for email you receive from a partner organization, use the options depicted in the following screenshot:
Once you choose this mail flow scenario, you can set up a connector that will apply security restrictions to emails that your partner organization sends to you. For some security restrictions, you might need to talk to your partner organization to obtain information to complete some settings. Look for the examples that best meet your needs to help you set up your partner connector.
Note
Any email sent from your partner organization which does not meet security restrictions that you specify will not be delivered.
Example 1: Require that email sent from your partner organization domain contosobank.com is encrypted using transport layer security (TLS)
To do this, specify your partner organization domain name to identify mail from that partner, and then choose transport layer security (TLS) encryption when you create the connector for mail flow from your partner to Microsoft 365 or Office 365.
During setup of the connector in the New EAC, use the options as shown in the following screenshots:
Use this screen to enter your partner organization’s domain name(s) so the connector can identify mail sent by your partner:
Choose this setting to require encryption for all email from ContosoBank.com using TLS:
During setup of the connector in the Classic EAC, use the options as shown in the following screenshots:
Use this screen to enter your partner organization’s domain name(s) so the connector can identify mail sent by your partner:
Choose this setting to require encryption for all email from ContosoBank.com using TLS:
When you choose these settings, all emails from your partner organization’s domain, ContosoBank.com, must be encrypted using TLS. Any mail that is not encrypted will be rejected.
Example 2: Require that email sent from your partner organization domain ContosoBank.com is encrypted and uses their domain certificate
To do this in the New EAC, perform the following steps:
Use all the settings shown in Example 1 above.
Add the certificate domain name that your partner organization uses to connect with Microsoft 365 or Office 365.
To do this in the Classic EAC
Use all the settings shown in Example 1 above.
Add the certificate domain name that your partner organization uses to connect with Microsoft 365 or Office 365.
When you set these restrictions, all mail from your partner organization domain must be encrypted using TLS, and sent from a server with the certificate name you specify. Any email that does not meet these conditions will be rejected.
Example 3: Require that all emails are sent from a specific IP address range
This email could be from a partner organization, such as ContosoBank.com, or from your on-premises environment. For instance, the MX record for your domain, contoso.com, points to on-premises, and you want all emails being sent to contoso.com to come from your on-premises IP addresses only. This helps prevent spoofing and ensures your compliance policies can be enforced for all messages.
To do this, specify your partner organization domain name to identify mail from that partner, and then restrict the IP addresses that you accept mail from. Using an IP address makes the connector more specific because it identifies a single address or an address range that your partner organization sends mails from.
In the New EAC, the procedure is as described below:
Enter your partner domain as described in Example 1 above.
Use the options as shown in the screenshot below.
In the Classic EAC, the procedure is as described below:
Enter your partner domain as described in Example 1 above.
Use the options as shown in the screenshot below.
When you set these restrictions, all emails that are sent from your partner organization domain, ContosoBank.com, or from your on-premises environment will be from the IP address or an address range you specify. Any mail that does not meet these conditions will be rejected.
Example 4: Require that all email sent to your organization from the internet is sent from a specific IP address (third-party email service scenario)
Mail flow from a third-party email service to Microsoft 365 or Office 365 works without a connector. However, in this scenario, you can optionally use a connector to restrict all mail delivery to your organization. If you use the settings described in this example, they will apply to all email sent to your organization. When all emails sent to your organization comes from a single third-party email service, you can optionally use a connector to restrict all mail delivery; only mail sent from a single IP address or address range will be delivered.
Note
Ensure you identify the full range of IP addresses that your third-party email service sends mail from. If you miss an IP address, or if one gets added without your knowledge, some mails will not be delivered to your organization.
In the New EAC, to restrict all mails sent to your organization from a specific IP address or address range, use the options during setup as shown in the following screenshots:
In the Classic EAC, to restrict all mails sent to your organization from a specific IP address or address range, use the options during setup as shown in the following screenshots:
When you set these restrictions, all mails sent to your organization will be from a specific IP address range. Any internet email that does not originate from this IP address range will be rejected.
Example 5: Require that all mail sent from your partner organization IP address or address range is encrypted using TLS
To identify your partner organization by IP address, in the New EAC, use the options during setup as shown in the screenshot below:
Add the requirement for TLS encryption by using this setting:
To identify your partner organization by IP address, in the Classic EAC, use the options during setup, as shown in the screenshots below:
Add the requirement for TLS encryption by using this setting:
When you set these restrictions, all mail from your partner organization sent from the IP address or address range you specify must be sent using TLS. Any mail that does not meet this restriction will be rejected.
Suites, bundles, packages… You know the right tools will work wonders for your productivity and business growth—but which ones are the right ones?
The two biggest competitors for your business are Microsoft 365 (known until recently as Office 365) and G Suite. At first glance they might seem similar, and in many ways, they are. However, you should consider their key differences before deciding which one to go for. Media Hosting Services is here to help you make the right investment!
What’s included
Microsoft 365
It’s the applications you know, and then some. Word, Excel, PowerPoint, Outlook—the gang’s all here. And they’re available in both web and desktop versions for those of us who still like access to local copies of their documents.
For video calls and messaging, there’s Teams, a sleeper hit of the Great 2020 Work-From-Home Revolution. This tool is very user-friendly and allows up to 250 participants per call.
Also included is SharePoint, the ultimate collaboration application. It provides a secure environment for employees to work on the same document, store and share files.
G Suite
Google’s brand authority is undisputed. Their communication and data management solution includes popular applications such as Gmail, Calendar, Docs, Sheets and Slides. Chances are you‘re already familiar with some of these!
Video calls are possible via Hangouts. While the maximum number of participants might be lower (only 25), the overall experience is smooth and seamless.
For storage, there is Google Drive. Widely regarded as the benchmark of cloud storage solutions, it offers superior data security.
Keeping your data secure
Microsoft 365
ISO27001, ISO27018, SSAE 16, FISMA, HIPAA BAA, EU Model Clauses, and Cloud Security Alliance. Yes, Microsoft 365 complies with all of these standards. On top of that, there are server-level encryptions.
The features don‘t stop there, however. An additional layer of security is provided thanks to two-step verification.
G Suite
Nothing to scoff at, either. In addition to being HIPAA compliant, G Suite also boasts SO 27001, ISO 27018, EY Point, and AICPA/SOC certifications. Two-step verification is also available.
And if all the spam and phishing attempts drive you crazy, we have good news: G Suite features special protection to ensure these annoyances will soon become but a distant memory.
Accessibility and storage
Microsoft 365
If it ain’t broke, don’t fix it. Sure, Microsoft 365 offers subscription-based access to online apps, but if you like things a bit more conventional, the offline functionalities are still very much available. No internet connection necessary!
For storage, you get 1 TB of space with the Business Essentials plan. That’s plenty, but you can always buy more if needed.
G Suite
Although known for being entirely cloud-based, some G Suite apps are accessible offline—it just takes some configuration. Administrators can manage and set policies for offline access for various users, but there are a few limitations to consider such as having to use Google Chrome, for example.
While that may sound worrisome, if you do not envisage issues with staying online, chances are it won‘t even matter to you. Basically just less stuff to download and manage on your laptop!
Storage options depend on the plan you choose. With the Basic plan, you get 30 GB including email space. But if you buy more than five user accounts under the Business plan, each user gets unlimited storage. It’s up to you to decide how much space you need and which plan works best.
Business Essentials, Business, and Business Premium are plans intended for companies with fewer than 300 people. The difference between Business Essentials and Business plans lies mostly in the fact that the Business plan also comes with the desktop versions of the applications.
For large companies, there’s the Enterprise option with various plans available.
All include the essential communication tools, but the Basic plan comes with a storage limit. The Enterprise plan, on the other hand, includes handy features such as data loss prevention for Gmail and Google Drive.
Which one’s for you, then?
When it comes to productivity and streamlining, both Microsoft 365 and G Suite are solid options. Can you go wrong? Perhaps not, but you want to make absolutely sure you go right! To summarize:
Microsoft 365 is for you if…
you have a few hundred employees
you regularly need to work off a native computer
you are a more conventional organization that prefers tried-and-tested methods of productivity management
you have been using Microsoft Office applications for a while
you have a well-established IT infrastructure
G Suite is for you if…
you are a startup
you are a relatively small company
you are looking to keep costs low
you want branded email through Google’s Gmail
you need an easy-to-handle, hassle-free solution
Of course, you’re free to mix and match as you see fit. More and more companies opt to use both suites to streamline their operations. One thing is for sure—to grow your business, you need to suit(e) up!
Microsoft Teams is a unified communications platform offered by Microsoft to help enable those who work for businesses and organizations to easily collaborate and communicate in a variety of ways. Teams allows intelligent communication via chat, email, video meetings, file storage, and app integration from anywhere, so team members can keep in touch no matter where they are.
Having said that, one of the most common forms of communication between co-workers is still the traditional phone. Phone calls are still needed when a more detailed discussion of a subject is required or when a more personal level of communication must take place. And because a lot of business communication happens over the phone, Teams can also integrate with Voice over IP (VoIP) systems, which might just make your work life even easier.
Become an expert VoIP reseller with our UCaaS Insights Series
What will happen to my phones?
Microsoft Teams can now connect office PBX systems, which means that anyone can place and receive internal and external calls with anyone at anytime, anywhere. This is a system that makes telephony easy for your clients, even if they are working from a different office, while on the road or at home.
Benefits of calling with Teams
Several fantastic benefits come with integrating a phone system with Teams. Here is the best of them:
Streamlined communications and collaboration in one window
Less expensive
Works for remote team members and those working from home
Offers flexibility to choose the feature set you need (Teams, Microsoft Business Voice, UCaaS)
This is all done from within the Teams app, whether it is on a laptop, desktop computer, phone, or tablet, and can be used with any Teams-compatible headset conference room collaboration bar or desk phone.
How to set up calling services in Teams
Telephony in Microsoft Teams is available as an add-on to Microsoft 365 plans. When you go into Teams, you can access the telephony service by doing one of the following:
Use direct routing to leverage the telephony engine you want and connect it to the Microsoft environment
Enabling phone systems and calling plans with Microsoft
This being said, when it comes to making the best use of calling in Teams, you may face some unique challenges. With this in mind, there are some important things to take into consideration when integrating business phones with Teams.
Five things to consider when integrating a phone system with Teams
In general, our team of experts can make calling integration with Teams fairly straightforward for you. However, there are some specific considerations worth noting regarding where employees are working, the equipment they are using, and how phone numbers work.
1. VoIP with your current phone system
One thing to think about when it comes to VoIP via your PBX system is what happens when team members don’t have access to their desktop phones.
It’s possible to link your existing PBX system to Microsoft Teams with the help of Media Hosting Services Teams connector, which will provide the necessary middleware and hardware to bridge the two systems.
2. Which phones should I use
With calling integration with Teams, in most cases, you can use your existing phones. This means no additional costs in terms of replacing your equipment. If you have SIP phones, integration is easy to accommodate. There are two ways to accomplish this:
Using your existing hardware (BYOD) with the help of Media Hosting Services team
3. Working remotely
There are times when you will rely heavily on enabled remote communications. The COVID-19 pandemic of 2020 is a prime example of this type of situation. With so many people working from home, the deployment of communications and collaboration tools becomes a critical aspect of operations. It can also come with a few challenges, particularly when it comes to connectivity. For this reason, you should take the following into account:
The quality of the network connection matters: Ideally, it should be a high-speed, low latency connection with little to no packet loss. Perform a soft deployment, and test calls to verify how everything sounds.
Make sure you can remotely connect back to the phone system.
Make sure you can remotely connect back to the phone system.
4. Faxing and local conference calls
Faxing documents is still an important way to stay connected and share information. Fortunately, with our UCaaS solution, we offer fax-to-email and email-to-fax services as part of your plan.
Perhaps even more important is the use of conference calls for when you need to hold important team meetings. This is possible, too, provided you have the conferencing add-on with your licensing (which is included in all Microsoft 365 Business Voice plans). This will provide you with a regional number (available in most countries) that your team members can use to connect to the call.
5. Finding the easiest way to get VoIP up and running
Whichever way you choose to integrate a phone system with Teams, it is made easier by having someone do it with you. With our UCaaS solution, Media Hosting Services comunications and collaboration. This leaves you time to focus on what matters most—your business growth. Give us a call to learn more about our solutions.
As a long-time cloud provider, Sherweb realizes the concerns you may have had with trusting a third-party hosting provider like us with your data migration.
While many others also claim to be the best at servicing their clients, we truly live up to that promise at Sherweb.
We believe our partners made the right choice when they decided to work with us. With the constantly changing business environment we live in, our passion for serving you grows even stronger.
Not only do we offer the best overall value with our technical knowledge, but our customer-centric approach, proven infrastructure, and flexible plans are also a part of a culture where customers come first.
See your feedback in action with our partner portal integrations
Transforming our business model from transactional to consultative has helped us understand our partners’ needs and stand at our partners’ side for a truly symbiotic relationship that ensures a successful business journey for all our stakeholders.
With UserVoice, we interact with our partners and measure their feedback for our services. Not only can our partners make suggestions for new features and vote on others, but UserVoice also enables us to prioritize your concerns and develop our services further.
With UserVoice, we aim to engage our partners and service them better.
UserVoice initiatives that enhance the Sherweb partner experience
The features you see below are some of the result of our partners’ initiatives to enhance the Sherweb experience. These ideas came through UserVoice; since then, these ideas are helping all our partners serve their clients better.
PSA Integration
Sherweb uses PSA (Professional Services Automation) software to manage our personnel and equipment for your projects. From ticketing, billing estimates and invoices, to marketing and reporting – PSA integrates and syncs the available data to ensure a stellar customer experience for your clientele.
Our integration lets our partners simplify billing through centralized platforms. Streamline your financial processes by syncing with Sherweb prices and offers.
To help our partners keep abreast of new developments, we use PSA to access the most up-to-date information – anytime, anywhere. Through our centralized system, we process your sensitive data most securely.
MFA
Cybersecurity is one of the most highlighted topics in the MSP arena. At Sherweb, safeguarding our partners’ data assets remain our foremost responsibility. As we continue to find ways to improve your experience, we implement MFA (Multi-Factor Authentication) to secure your confidential data.
MFA is an added security measure we use to authenticate access to your sensitive data. In addition to passwords, MFA requires your personal information, such as your phone or any other MFA device – which generates a token so you can gain access to your resources.
Open API
Sherweb uses Open API (Application Programming Interface) to allow our partners to integrate their platforms to our portal with ease almost instantly.
Consequently, we aim to simplify future integrations into the Sherweb portal with other products – so you never have to worry about complicated solutions, and can focus on helping your business weather the COVID-19 pandemic.
Moreover, the UserVoice API enables us to produce custom integrations for some partners that require specialized integration processes. With open API, Sherweb opens the door to our end-user portal, so that our partners’ clients can complete their own specific tasks.
How UserVoice feedback works
With UserVoice, Sherweb captures, tracks, and organizes the feedback we receive from our partners to build a service that scales with your needs.
UserVoice site
UserVoice works like a mood board, where our partners can up-vote and prioritize ideas to reflect our partners’ needs better. Our partners can submit feedback via the Sherweb Feedback Page, or they can submit ideas through the partner portal.
We regularly update our partners on the progress of their ideas and the changing status of their subscriptions. This ensures greater transparency and awareness of project status.
With the aggregate data we collect through UserVoice, Sherweb can also reach out to our partners to better understand their needs and feature requests – and how Sherweb can fulfill them with the utmost precision. Rest assured, we hear your concerns during this time and are working to implement the functionality you need.
Collect feedback across your customer base from end-users directly and through your sales, support, and internal teams who talk with customers every day.
Surveys
Sherweb uses NPS (Net Promoter Score) to survey our partners’ needs regularly so we can keep improving our service. By identifying problem areas, Sherweb can quickly correct them and identify services our customers like – so we can continue fulfilling your needs.
NPS is a metric based on customer feedback to ensure our service is up to the highest standards. How are the scores measured? NPS scores are measured from single question surveys, reporting a number from -100 to +100.
A higher score indicates that our partners are satisfied with our services and thus is more desirable. Respondents rate our offerings on a scale of 0 to 10 in these three categories:
1. Promoters
A score of either nine or ten lets us know that our partners affirm that our services meet their quality standards and are satisfied with our work.
2. Passives
When our partners respond with a score of seven or eight, we surmise that you are content with our services, but there’s still more we can do to better your experience.
3. Detractors
When Sherweb sees partners responding with scores between zero to six, we realize something is wrong and that you’re unhappy with us. Not only do we do our best to remedy the situation, but we also assess where we may have gone wrong and work to improve the Sherweb experience for you.
Final Thoughts
With the COVID-19 situation impacting businesses, Sherweb understands the confusion your clients are experiencing – and the pressure it can put on your business.
The Sherweb team always has your best interest in mind as we look for better and smarter ways to support our partners – and it all starts when you come forward and tell us what troubles your business.
As we strive to incorporate new initiatives to improve your Sherweb experience, we rely on you to guide us on how we can serve you better.
Contact Media Hosting experts today for more information on how we service our partners so that they can fulfill their client’s needs.
Due to the current pandemic crisis, remote work has increased by leaps and bounds. Time Magazine calls it “the world’s largest work-from-home experiment.”
For many of us, it has become the new normal, and we’re all learning as we go.
Even before the public health crisis struck, remote work was increasing in the U.S. Over the last five years, the number of people working remotely has grown by 44%. At the beginning of this year, 3.4% of the population was working from home. Since the start of the pandemic, nearly two-thirds of Americans work remotely.
After two months of confinement, we’re starting to notice different remote work trends shaping up.
In this article, we’ll take a close look at the positive, negative, and remarkable aspects of the current mass remote work environment and how it will shape the future of work.
The first thing the world noticed is that many businesses can succeed when employees don’t come into the office every day.
Here are the positive aspects of working remotely that have been documented:
#1. Better for the environment
Pollution over major metropolitan areas, including Los Angeles, Seattle, New York, Chicago, and Atlanta, has dropped since the lockdown. Not using our cars to commute to work reduces our carbon footprints and their adverse effects on climate change.
#2. Reduces costs
Research from Harvard Business School shows that companies could spend less on office spaces, as the U.S. Patent and Trademark Office estimated that, thanks to many of its employees working remotely, it saved more than $38 million in 2015 by not using as much office space.
#3. Accelerates cloud adoption
Microsoft’s total revenues increased by 15% over the first quarter ending March 31, with Dynamics products and cloud services revenue increasing by 17%. Since the pandemic, they’ve got 12 million new users on Teams, its group-collaboration platform. Microsoft expects COVID-19 to accelerate digital adoption and investments in cloud computing, AI, and cybersecurity, as well as more capital spending later this year.
#4. More time with our families
While almost all parents can’t wait for the day schools and nurseries reopen, at least we can appreciate more time spent with our families.
#5. No more commuting
The American commute increases depression, divorce, obesity, and fossil-fuel emissions. Research shows that people who drive to work spend 54 hours per year stuck in traffic. Working remotely—whether at a coffee shop, in a co-working space, or on a couch—is a win for work-life balance and the biosphere.
The bad
The mass switch from traditional office work to remote work brings along several challenges. But with problems, there also are solutions and actions managers can take to ease the transition.
#1. You may not get your answers in a flash
One thing about working remotely is you can’t just turn around to ask your colleague a question. But you can chat with them on Teams (or whatever collaboration tool you use).
#2. Solitude is a bummer
Humans are hard-wired for connection. Many people work in an office because they crave social interaction. Isolated work makes people feel lonely and disconnected. Make sure employees know what’s happening on their teams, and keep feelings of isolation at bay by communicating frequently and having touchpoints so there are no unaddressed frustrations. Dedicate time to sharing stories and getting vulnerable with each other.
#3. Sarcasm can be misunderstood
Humor works great in person. However, office teasing, bad jokes, and sarcasm are difficult to detect in texts and emails because there are no facial cues or vocal tones involved. Use emojis when you need to highlight something that was meant sarcastically.
#4. Harsh times for working parents
Most working parents are not having a blast at the moment with working, homeschooling, and taking care of their kids at the same time. Companies can make things easier by allowing parents to have more control over their schedules. Also, to help with the transition, Microsoft shared the Work From Home with Children guide they created for their employees.
#5. Creativity suffers
For many, remote work blocks the creative sparks we get when interacting live with people. Teammates working together in the same room tend to solve problems more quickly than remote collaborators. Organizing regular company retreats, allowing employees to schedule “virtual coffee breaks” with their peers, and having the option to work on flexible schedules can help.
The surprising
#1. Increased productivity
A recent survey by YouGov, USA Today, and LinkedIn on professionals aged 18–74 shows that the pandemic has had a positive effect on 54% of workers’ productivity. The reasons given by the respondents were the time saved from commuting (71%), fewer distractions from co-workers (61%), and fewer meetings (39%).
#2. Fully remote teams are more engaged than teams separated in multiple offices
Disengagement is a risk when managing teams across multiple locations. Team members divided into multiple offices are not close to the manager, which can lead to unconscious bias creeping in, as well as information imbalances. One such example is what Darren Dahl calls the “out-of-site-out-of-mind syndrome”: when things get busy at your primary location, it can be hard to give your employees based at other locations the time they deserve.
One benefit of working in a fully remote team is that everybody becomes equal, which has democratized remote meetings. This is an important aspect we should all learn from once we go back to the office.
#3. A new economic reality
There’s no news that we’ve been heading into an economic downturn. Jared Spataro, CVP of Microsoft 365, thinks the healthiest thing we can do is to “take a step back and think about how we can emerge from this stronger than we went into it; recognize we will have to cut costs in some places and rethink our business.” This is an opportunity to move your resources around and make sure you’re prepared for the new reality.
Imagining life after lockdown
Will the future of work after COVID-19 be a mix of breakfast in bed, pajamas, and Microsoft Teams?
Perhaps.
According to Gallup, “three in five U.S. workers who have been doing their jobs from home during the coronavirus pandemic would prefer to continue to work remotely as much as possible, once public health restrictions are lifted.”
Some will want to keep working from home, while others will rush into the offices without looking back.
When the time for us to go back to the office comes, it won’t all happen in one day. It’s going to be a gradual shift, moving through different phases.
Long story short, we need to acknowledge there will be a before and after the crisis that will affect the way we work in the future. It’s our job to make sure we keep The Good and The Surprising to make the future of work better.
Microsoft recently announced that it will be adding its Azure Active Directory Premium P1 license to Microsoft 365 Business subscriptions. This is great news for small and medium-sized business (SMB) customers. The Azure AD P1 license—we’ll just call it P1 to keep things simple—brings a powerful set of enterprise security, identity, and access control tools into what will now certainly be Microsoft’s flagship cloud offering for SMBs. And it does so at no added cost.
Microsoft is adding the P1 license to new subscriptions now and will be rolling it out to existing subscribers over the coming weeks. This is particularly great news for clients grappling with long-term remote work planning.
The features in P1 are designed to facilitate secure access to work applications from anywhere. Microsoft Business 365 plus Azure AD P1 will let you transform your clients’ modern workplace into a work-from-anywhere workplace.
Learn how to resell Microsoft 365 and help your client’s digital transformation with our guide
Expanding the toolset for SMB clients
Microsoft will also be renaming the 365 Business plan to Business Premium when the P1 license is added. This is part of a wider renaming of all their small and medium-sized business-focused offerings. The Business Premium plan is still intended for small and medium-sized businesses with 300 users or less.
Some of the free Azure AD features were previously available in Microsoft 365 plans, the most important being Multi-factor Authentication (MFA), self-service password resets, and conditional access policies. Adding the entire P1 license is part of Microsoft’s efforts to help SMBs establish more secure remote work conditions for the current COVID-19 crisis and beyond.
What does Azure AD P1 add to 365 Business?
P1 licenses will give Sherweb Partners and their clients access to advanced group, identity, and access control policies for more granular control over how users and their devices access cloud resources. P1 also offers a few key enterprise-level features we wanted to highlight:
Cloud App Discovery
It was hard to keep track of BYOD devices and consumer cloud app usage even before remote work became the new normal. Now, contending with these security risks is something practically every business faces. This just amplifies the challenge of protecting your client’s cloud infrastructure against data breaches and the unwanted effects of shadow IT.
The Cloud App Discovery tool analyzes your client’s cloud traffic logs. Any activity in their environment coming from a list of over 16,000 different cloud apps is flagged and scored for risk level. You can access reports that measure and rank app usage by traffic volume, number of users, individual user, or number of outbound web requests by app.
This helps you identify and prioritize what data is at risk, what shadow IT systems might have access to your client’s data, and the relative risk those shadow systems pose to your client’s data integrity.
Application Proxy
Businesses that rely on critical on-premise applications have been particularly challenged by the sudden increase in remote workers. Many clients and Sherweb Partners have figured out reverse proxy or VPN solutions that are good enough, but the Azure Application Proxy now available with P1 licenses can be a superior choice. It’s a lightweight software agent that gives access to specific on-premise apps without exposing larger segments of a client’s network.
Remote users use their standard Azure single sign-on (SSO) account to access the Application Proxy. This will grant them access to both authorized on-premise apps and their cloud apps, like Teams, SharePoint, other Office 365 apps, and Remote Desktop.
Using the Proxy for remote access also mitigates the need to open inbound connections on the client’s firewall. And it’s often more cost effective than a VPN or other proxy setups, as it doesn’t require any local infrastructure or network changes.
Dynamic Groups
Any Partner who’s used dynamic groups to manage an enterprise client knows what a time saver they can be. Dynamic AD groups allow you to automatically add and remove users from security groups based on user or device properties (though an Office 365 group can only be a user group).
For example, you can define a “Guest” dynamic group that automatically collects all guest accounts spread around the tenant so you can centrally manage them. Also, any time a user or device attribute changes, Azure AD runs all dynamic group rules and automatically updates membership accordingly.
Password-less authentication
Password fatigue is real. Perhaps you’ve seen an uptick in password-related support requests since people have shifted to working from home. There’s a whole range of personal laptops and mobile devices now trying to authenticate against client resources. Thankfully, the P1 license lets you enable password-less authentication for your client’s cloud apps.
Password-less authentication replaces passwords by performing multi-factor authentication against something users have with them, against information they know, or against biometrics. Azure AD currently supports three different password-less authentication options:
FIDO2 security keys—Authenticates with high-security keys stored on a USB thumb drive
An opportunity to deliver more value
Most notable for resellers is that the addition of P1 to Business Premium subscriptions lets you offer more enterprise-grade features to your customers at a lower cost than Office 365 E3 licenses.
Beyond the features listed above, the addition of the P1 license lets you offer your SMB clients many other enterprise-grade features on a Business plan, like:
Customized branding for your clients’ sign-on pages
Password protection, including access to global and custom banned password lists
Advanced self-service password reset tools
MDM auto-enrollment for increased device security
Many other identity and access control tools
Bring enterprise tools to your SMB clients
The addition of Azure AD Premium P1 to Business Premium is definitely welcome news for Sherweb Partners looking to offer more value-added services to their clients. It’s great to see Microsoft make these enterprise-grade security tools available to even more organizations.
In particular, we think password-less authentication is a great security feature to implement. It can greatly simplify user authentication while improving security at the same time. And Azure’s Application Proxy is another great tool to support Partners pushing the Zero Trust security model.
Don’t forget, Sherweb is available whenever you need a hand with Azure AD setup and implementation.
Recent Comments