More than free coffee or subsidized gym memberships, what many of today’s job seekers want is the autonomy to choose where and when they work — hybrid workplaces that allow both in-person and remote work.
But when it comes to managing devices, hybrid workplaces can also make things more complicated. With employees in different locations and on different networks, how can sysadmins make sure that user devices remain compliant, secure, and productive? From software deployment to endpoint security and data storage, we’ll walk you through the key considerations and how to choose the tools that work best for you.
What is hybrid work?
In a hybrid workplace, employees can choose where they want to work — in the office, at home, or in a remote location. (We heard that a little sunshine and sea breeze work wonders for productivity.)
Employees can also choose whether they want to alternate between different work locations. For instance, if you crave human company but only in small doses at a time, you might want to spend only one or two days in the office and work from home the rest of the time. If the kids are driving you nuts, then working fully on-site may be more fruitful. In general, there are three common types of hybrid workplace models.
Flexible hybrid work model: Employees are free to choose where they want to work on any given day. They can also choose to be fully remote or fully on-site.
Fixed hybrid work model: Employees can work remotely on certain days of the week based on a preset schedule. Schedules can be assigned or decided at the department or individual level.
A combination of the two.
How you choose to manage user devices depends on the hybrid work arrangements your organization offers.
How to manage devices in hybrid work environments
In hybrid workplaces, employee devices spend a lot more time outside office networks, making it more challenging to manage them. From setting up user authorization and access to deploying the latest software updates and strengthening overall IT security, we’ve put together some pointers that might help.
Identity and access management
Whether employees are logging in at the office or from home, identity and access management (IAM) prevents unauthorized access to company systems and data. It’s the IT equivalent of hiring a couple of scary-looking bouncers to check everyone’s tickets at the door and keep out the riffraff.
IAM solutions allow you to set up role-based access control based on the principle of least privilege. Each user gets access to only specific resources they need for their work, which minimizes the risk of security breaches. If you’re supporting a hybrid mix of on-prem and remote workers, consider using a cloud directory with authentication tools, like multifactor authentication and single sign-on, to easily connect digital user identities from anywhere.
Software deployment
When users are scattered across multiple locations, how do you ensure that business-critical software is properly deployed and regularly updated on their computers? Instead of deploying software manually, we recommend using a software deployment solution that supports on-prem and remote deployments.
If you’re currently using an on-prem software deployment tool, you can set up VPN to deploy to remote devices as well. Or you can schedule deployments to occur when employees are in the office (for those who do go in). Alternatively, you can use web-based solutions to deploy to any device that’s connected to the internet, or offer self-service app delivery via the likes of Microsoft Intune’s Company Portal.
Whatever you choose, you’ll want to have full visibility of your software and hardware inventory to know what to update, install, or uninstall — and when —so you can spot any shenanigans before they occur. Following these software deployment best practices wouldn’t hurt, either.
Computer imaging
Imaging computers results in more a consistent and secure endpoint environment, whether you’re rolling out new hardware or migrating users to a new version of Windows. But execution can be tricky when you’re managing a hybrid workforce with employees who aren’t always on-site.
You can wait until employees are in the office, but what about those who are fully remote? One way is to deploy images to devices on-prem before shipping them out. Some imaging solutions, like SmartDeploy, also let you securely deploy images over the internet using your company’s third-party cloud storage provider, even if you don’t have VPN set up.
Unless you have a small fleet, we wouldn’t recommend imaging computers manually. And if you’re supporting different hardware models, using sector-based disk cloning software could result in an unwieldy number of images and physical reference machines. Some folks also choose to ditch computer imaging entirely and use Windows Autopilot to configure preloaded OEM systems, but you risk dealing with unwanted bloatware and security vulnerabilities.
IT security
If the thought of cybersecurity breaches makes your hands clammy and your skin crawl, you’re not alone. Allowing remote work is great for employees, but it also increases organizations’ exposure to cybersecurity threats. Installing good antivirus software is a start, but it takes more than that to mitigate the risks.
Besides controlling user access and keeping systems and software up to date, make sure you have other safeguards in place to protect company systems from threats, like phishing attacks. Employees are your weakest link, so make security top of mind for them through training, strong password practices, and proactive zero-trust security policies. Be prepared with an incident response plan. Time and resources permitting, consider testing your defenses to spot gaps and optimize your security measures.
User data storage and backup
With individuals and teams scattered across various locations, how can hybrid organizations ensure that company and user data is properly stored and backed up? One common approach is to use public cloud services, like Amazon Web Services (AWS), Google Cloud, Dropbox, or OneDrive for user data storage and backup. There are many advantages to using public cloud storage services.
Costs: Fees are based on usage, meaning they’re transparent and predictable. You also save on local infrastructure costs.
Scalability: It’s much easier to increase storage and backup capacity, as needed.
Security: Public cloud services typically come with built-in security features, like access control, data encryption, and multifactor authentication.
Automation: Administrators can configure and automate scheduled backups, so you don’t have to worry about doing this manually or overlooking an important step.
Collaboration: Cloud storage platforms enable file sharing and multiuser access, which facilitates collaboration across teams.
Organizations that want to leverage their on-prem storage assets may opt for hybrid cloud backups, which combine on-prem and public cloud storage components. Depending on your existing setup, IT resources, and user requirements, using hybrid cloud backup could be a viable option.
Communication and support
When managing a hybrid workforce, IT teams need ways to communicate efficiently with users, wherever they may be, and provide technical support. It could be as simple as having a centralized ticketing system, a reliable cloud-based communications tool, and streamlined workflows for common scenarios, like onboarding and offboarding employees.
One thing’s for sure: You’ll need good tools to help you stay efficient while managing user devices that are spread across multiple (and changing) locations.
How to choose the right device management tools for hybrid workers
Every organization is different, and deciding on the right combination of tools requires careful planning and deliberation. Here’s a list of questions to keep in mind when assessing potential options.
How often do users alternate between working on-site and remotely?
Do you need to do only light-touch deployments?
Does the solution support all the device models and operating systems in your organization?
Does the solution integrate with existing infrastructure?
Does the solution integrate with your IAM and security tools?
Does the solution allow you to easily automate and streamline recurrent workflows?
Does the solution allow you to collect and view useful hardware and software data?
Is the solution scalable?
Is the solution easy to set up and use?
Do you have the necessary budget and IT resources to manage your chosen setup?
Is technical support readily available?
Managing devices is an art and a science. Every organization is different, and there’s no one-size-fits-all approach. Our tools are designed to save a ton of time, simplify IT workflows, and give you the flexibility to decide how you want to manage devices across your environment.
Fan favorites like PDQ Deploy and Inventory can help you streamline deployments to Windows machines, update software, and oversee your fleet without an agent (and via VPN when necessary). There’s also PDQ Connect, our new standalone agent-based solution, that connects and deploys to Windows machines directly over the internet — and it’s lightning fast.
Can’t decide? Don’t worry, we got you. You can always try Deploy and Inventory or try Connect (or both) free for 14 days.