使用 Microsoft 365 为远程工作者提供强大帮助Empower remote workers with Microsoft 365

企业可能需要让员工能够从家中安全地访问组织的本地和基于云的信息、工具和资源。Your business may need to enable your workers to have secure access to your organization's on-premises and cloud-based information, tools, and resources from their homes. 对于许多组织而言,允许员工在离开办公室时工作非常重要,这有助于:Allowing workers to work away from the office is important for many organizations to:

  • 节省办公空间。Save on office space.
  • 聘用并留住不愿意调动的员工。Hire and retain workers who are unwilling to relocate.
  • 减少员工通勤,让他们有更多的时间来提高工作效率并在工作之外进行减压活动。Reduce worker commuting, leaving them with more time to be productive and for stress-reducing activities outside of work.

Microsoft 365 提供了帮助员工远程工作的功能。Microsoft 365 has the capabilities to empower your workers to work remotely.

使用 Microsoft 365 为远程员工提供强大帮助

备注

如果你第一次使用 Microsoft 365,请参阅 If you are new to Microsoft 365, see these resources.

观看此视频以简要了解部署流程。Watch this video for an overview of the deployment process.

为让 IT 专业人员管理现场和基于云的基础结构,提高员工的工作效率,此解决方案提供了以下关键功能:For IT professionals managing onsite and cloud-based infrastructure to enable worker productivity, this solution provides these key capabilities:

  • 已连接Connected

    远程员工能够随时随地访问:From anywhere in the world and at any time, remote workers are able to access:

    • Microsoft 365 订阅中基于云的服务和数据。Cloud-based services and data in your Microsoft 365 subscription.

    • 组织资源,例如由本地应用程序数据中心提供的资源。Organization resources, such those offered by on-premises application datacenters.

  • 安全Secure

    使用 Microsoft 365 和 Windows 10 的多重身份验证 (MFA) 和内置安全功能来保护登录,防止恶意软件、恶意攻击和数据丢失。Sign-ins are secured with multi-factor authentication (MFA) and built-in security features of Microsoft 365 and Windows 10 protect against malware, malicious attacks, and data loss.

  • 托管Managed

    可以使用安全设置、允许的应用以及需要与系统运行状况保持一致的方式,从云中管理远程员工的设备。Your remote worker's devices can be managed from the cloud with security settings, allowed apps, and to require compliance with system health.

  • 协作高效Collaborative and productive

    远程员工可采用与本地相媲美的高协作方式实现高效工作,方式如下:Your remote workers can be as productive as on-premises in a highly collaborative way with:

    • 通过 Teams 进行的联机会议和聊天会话。Online meetings and chat sessions with Teams.

    • 基于云的文件存储的共享工作区,可通过 SharePoint 和 OneDrive 实现全球可访问性和实时协作。Shared workspaces for cloud-based file storage with global accessibility and real-time collaboration with SharePoint and OneDrive.

    • 用于划分工作并完成任务的共享任务和工作流。Shared tasks and workflows to divide up the work and get things done.

为获得无缝登录体验,应将本地 Active Directory 域服务 (AD DS) 用户帐户与 Azure Active Directory (Azure AD) 同步。For a seamless sign-in experience, your on-premises Active Directory Domain Services (AD DS) user accounts should be synchronized with Azure Active Directory (Azure AD). 若要保护 Windows 10 设备,应在 Intune 中对其进行注册。To protect your Windows 10 devices, they should be enrolled in Intune. 下面是基础结构的高级视图。Here is a high-level view of the infrastructure.

面向使用 Microsoft 365 的远程工作者的基本基础结构

若要为远程工作者启用 Microsoft 365 的功能,请使用以下 Microsoft 365 功能。To enable the capabilities of Microsoft 365 for your remote workers, use these Microsoft 365 features.

功能或特性Capability or feature 说明Description 许可Licensing
通过安全性默认设置强制执行 MFAMFA enforced with security defaults 通过请求第二种形式的登录身份验证,抵御遭到入侵的身份和设备的威胁。安全性默认设置要求对所有用户帐户进行 MFA。Protect against compromised identities and devices by requiring a second form of authentication for sign-ins. Security defaults requires MFA for all user accounts. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
通过条件访问强制执行 MFAMFA enforced with Conditional Access 要求基于使用条件访问策略的登录的属性进行 MFA。Require MFA based on the properties of the sign-in with Conditional Access policies. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
通过基于风险的条件访问强制执行 MFAMFA enforced with risk-based Conditional Access 需要基于使用 Microsoft Defender for Identity 的用户登录的风险进行 MFA。Require MFA based on the risk of the user sign-in with Microsoft Defender for Identity. Microsoft 365 E5 或 E3(含 Azure AD Premium P2 许可)Microsoft 365 E5 or E3 with Azure AD Premium P2 licenses
自助服务密码重置 (SSPR)Self-Service Password Reset (SSPR) 允许用户重置或解锁其密码或帐户。Allow your users to reset or unlock their passwords or accounts. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
Azure AD 应用程序代理Azure AD Application Proxy 为 Intranet 服务器上托管的基于 Web 的应用程序提供安全的远程访问权限。Provide secure remote access for web-based applications hosted on intranet servers. 需要单独的付费 Azure 订阅Requires separate paid Azure subscription
配置点到站点 VPNAzure Point-to-Site VPN 通过 Azure 虚拟网络创建从远程工作者的设备到 intranet 的安全连接。Create a secure connection from a remote worker’s device to your intranet through an Azure virtual network. 需要单独的付费 Azure 订阅Requires separate paid Azure subscription
Windows 虚拟桌面Windows Virtual Desktop 支持只能将其个人和非托管设备与在 Azure 中运行的虚拟桌面配合使用的远程工作者。Support remote workers who can only use their personal and unmanaged devices with virtual desktops running in Azure. 需要单独的付费 Azure 订阅Requires separate paid Azure subscription
远程桌面服务 (RDS)Remote Desktop Services (RDS) 允许员工通过 Intranet 连接到基于 Windows 的计算机。Allow employees to connect into Windows-based computers on your intranet. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
远程桌面服务网关Remote Desktop Services Gateway 加密通信,防止 RDS 主机直接向 Internet 公开。Encrypt communications and prevent the RDS hosts from being directly exposed to the Internet. 需要单独的 Windows Server 许可证Requires separate Windows Server licenses
Microsoft IntuneMicrosoft Intune 管理设备和应用程序。Manage devices and applications. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
内容和功能,Configuration Manager 管理设备上的软件安装、更新和设置Manage software installations, updates, and settings on your devices 需要单独的 Configuration Manager 许可证Requires separate Configuration Manager licenses
桌面分析Desktop Analytics 确定你的 Windows 客户端的更新准备情况。Determine the update readiness of your Windows clients. 需要单独的 Configuration Manager 许可证Requires separate Configuration Manager licenses
Windows AutopilotWindows Autopilot 设置和预配置新的 Windows 10 设备,以便高效使用。Set up and pre-configure new Windows 10 devices for productive use. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
Microsoft Teams、Exchange Online、SharePoint Online 和 OneDrive、Microsoft 365 应用版、Microsoft Power Platform、YammerMicrosoft Teams, Exchange Online, SharePoint Online and OneDrive, Microsoft 365 Apps, Microsoft Power Platform, and Yammer 创建、沟通和协作。Create, communicate, and collaborate. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5

有关安全和合规性条件,请参阅针对远程工作者的部署安全性与合规性For security and compliance criteria, see Deploy security and compliance for remote workers.

有关此解决方案的两页摘要,请参阅“为远程工作者助力”文章For a 2-page summary of this solution, see the Empower remote workers poster.

“为远程工作者提供强大功能”海报Empower remote workers poster

你还可以下载 PDFPowerPoint 格式的海报,并以信件、法律或小报 (11 x 17) 的纸型打印。You can also download this poster in PDF or PowerPoint formats and print it on letter, legal, or tabloid (11 x 17) size paper.

为所有工作者提供远程工作Provide remote working for all of your workers

使用以下设备,你可以使所有工作者随时随地保持生产力:You can enable all of your workers to stay productive from anywhere with these devices:

  • 一个新式设备,例如 Surface laptop 和 Windows 10,具备通过网页直接访问 Microsoft 365 云应用和服务的功能、安全性和性能。A modern device, such as a Surface laptop and Windows 10, which has the features, security, and performance to access Microsoft 365 cloud apps and services directly over the web.

  • 包括旧式家用笔记本电脑或台式机在内的任何设备,可通过快速部署的基于 Windows 10 的虚拟桌面间接访问 Microsoft 365 云应用和服务。Any device including older laptops or desktops used from home, which can access Microsoft 365 cloud apps and services indirectly through a quickly deployed Windows 10-based virtual desktop. 该选项能提高性能、增强安全性并简化 IT 管理。This option provides high performance, strong security, and simplified IT management.

后续步骤Next steps

按照以下步骤保护和优化对组织的服务器和云服务的访问,并尽量提高远程工作者的工作效率。Use these steps to secure and optimize access to your organization's servers and cloud services and maximize your remote worker's productivity.

  1. 借助 MFA 提升登录安全性Increase sign-in security with MFA
  2. 提供对本地应用和服务的远程访问权限Provide remote access to on-premises apps and services
  3. 部署安全与合规服务Deploy security and compliance services
  4. 部署设备、电脑和其他终结点的终结点管理Deploy endpoint management for your devices, PCs, and other endpoints
  5. 部署远程工作者生产力应用和服务Deploy remote worker productivity apps and services
  6. 培训远程工作者和处理使用情况反馈Train remote workers and address usage feedback

使用 Microsoft 365 为远程工作者提供强大帮助的步骤The steps to empower remote workers with Microsoft 365

有关 Microsoft 提供的关于支持远程工作者的最新信息,请参阅使用 Microsoft Teams 网站实现混合型工作For the latest information from Microsoft about supporting remote workers, see the Enabling hybrid work with Microsoft Teams site.

若要了解虚构但具代表性的跨国企业如何助力远程工作者,请参阅Contoso 为远程及现场工作采取的 COVID-19 响应措施及所提供的基础设施To see how a fictional but representative multi-national organization empowered its remote workers, see Contoso's COVID-19 response and infrastructure for remote and onsite work.