Last spring, many of us went through the unprecedented process of moving to remote work. The migration was largely a lift and shift exercise of office gear and technology. For many, this meant tweaking underlying security and connectivity technologies to enable seamless remote work. As an IT managed service provider, we observed first-hand how the major workplace shift prompted a significant spike in end-user support requests. More than a year later, organizations are now exploring the option of employees returning to the office. In anticipation of potential in-office challenges, we are spotlighting some technology and productivity hurdles to get ahead of before your team arrives back on site.
Let's start with the basics. When working in the office, the default printer/scanner is commonly shared in most cases. As employees began working remotely, they may have installed home printers/scanners to their workstations, setting these as the default. Upon returning to the office, the default printer/scanner connections will likely need to be reset to recognize the shared office printer/scanners once again. For some employees, new laptops/desktops may have been deployed while working remotely. These new laptops will need a bit more work to be configured to the shared office printers/scanners for the first time. In any case, be aware of printer defaults, especially for users with access to sensitive information.
Some remote users have been accustomed to starting their day by joining the office network through a VPN connection. Once those remote users are back in the office, they will no longer need the VPN connection. For many, a new habit formed over the last year, and users may instinctively connect to the VPN without a second thought. This action will not allow for a successful network connection. It is important to remind users that VPN is no longer needed once in the office (behind your network's firewall).
Over the last year, multiple zero-day vulnerabilities were discovered that required patching/updates. When employees began working remotely, the chances are that desktop computers left in the office were powered down. Those units likely did not receive any routine, out-of-band, or critical updates/patches. Once these desktop computers are powered back on, installing any missing updates/patches before anyone attempts to use those workstations will be necessary. If you have a managed patching service associated with your desktop units, you will still most likely need to have them updated/patched outside your routine service before the first use.
Within a company environment, all office computers (desktops and laptops) are typically managed centrally on a domain controller (DC) that runs on Active Directory (AD). This central management establishes "trust" for all the domain-joined devices. Periodically the domain-joined computers need to "check-in" (connect) with the company network to maintain trust with the domain (at least every 30-60 days). Typically, remote users check in to the network using a VPN connection. With the proliferation of cloud-based software-as-a-service (SaaS), much of the corporate information remote users need to get their job done can be accessed using cloud-based software (SharePoint, Teams, etc.), which does not require connection to the company network. Since users are not checking in as often as they used to, when that remote user attempts to connect to the network after an extended period, the DC may no longer trust their device. If that happens, an administrator will need to rejoin that particular workstation to the company domain to reestablish trust.
Sometimes, it is the simple things that can cause the most disruption. It has been over a year since many employees have worked within the office, so connecting everything back up may require some physical intervention. Here is a shortlist of troublesome items and the potential issues users may face:
For devices running business editions of Windows 10, organizations likely use BitLocker to secure data on the computer from unauthorized access. Using only the employee's Windows logon to encrypt the data, BitLocker is a seamless process for the user. Data protection becomes nearly invisible and protects the PC when it is offline/hibernating. With a move back to the office, laptops and desktops will have a sudden behavior change. This unusual activity may cause BitLocker to assume unauthorized access, scramble the data, and lock the computer down. Unusual Windows updates, hardware, firmware, or software changes can present conditions that BitLocker cannot distinguish from a possible attack. For example, BitLocker may detect an insecure condition from a simple change in docking station hardware, or a new laptop assigned for remote work joining the DC for the first time. When this happens, the specific 48-digit BitLocker key for that user's PC is needed to revert the scrambled data manually. A system administrator often holds this key, and it will be important to make sure these keys are accessible if needed when making the transition back to the office.
We hope this gives you an overview of potential productivity roadblocks to look out for in your transition back to the office. You may find it helpful to break these points down by department and consider the specific needs for each. By anticipating some of these obstacles now, you can enable a more productive and successful reentry for your employees.
If you return to the office and find your IT environment cannot keep pace with the new demands of your business and its workforce, get in touch with us to discuss how we can help with your modern workplace needs.
If you are a client of Systems Engineering and foresee issues with your return to the workplace, please call us ahead to put a transition plan in place.
If you have questions, please reach out to your Account Manager, or connect with us at info@systemsengineering.com or call 888.624.6737.