Long term telework - how to handle computers off active directory for +30 days with no VPN

["Jim A. Bole" <jbole () STEVENSON EDU>]

Today we officially went to full virtual/online for the rest of the semester. So we are working on longer term issues 
around telework.

We currently aren't using any VPN. Most folks are using cloud services (O365, Blackboard, etc.) For selected staff who 
need access to onprem resources, we've used an RDP gateway for many years with a good security setup.

A number of faculty/staff have taken their Win10 domain PCs home. We have the default 30-day policy for machine account 
passwords, so we have a bit of a clock ticking.

We're testing/piloting a VPN solution. And earlier we started testing/piloting InTune.

Can InTune update the domain policies/creds on a Win10 client? We are ADFS to Azure, not Azure AD, so I'm not sure if 
that would be a show stopper or make it complicated.

Any other issues to think about when you have people and computers off your network for a long time?

I hope everyone gets some respite over the weekend.

Jim Bole
Director of Information Security
Stevenson University
1525 Greenspring Valley Road
Stevenson, MD, 21153-0641
jbole () stevenson edu | O: 443-334-2696



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community