Microsoft spun up 32,000 virtual desktop infrastructure (VDI) sessions in two days at the start of the coronavirus pandemic to accommodate 10 times its usual remote workforce. At the same time, the company only increased its virtual private network (VPN) capacity 1.5 times to support all of its employees now working from home.

“Luckily, when we started our transformation on this client-to-cloud world about five years ago, we had already made the determination that the network as an effective control plane was going to diminish over time and so we really started focusing on our zero trust effort,” said Microsoft CISO Bret Arsenault during a virtual fireside chat today. “We were already in the process of getting rid of a corporate network and everything, even if you’re in a building, you go out through the internet first,” he said. “So the idea that you’re coming from your house internet versus a building to the internet didn’t radically change things for us.”

Microsoft’s zero trust security approach focuses on identity management, continuous device health checks, and signals to track and, if needed, adjust the different pieces, Arsenault added.

“But the first thing was: ensure you have a strong identity, so that people can’t be you just with your username and password,” he said. This involves using biometric access controls like fingerprints and voice patterns. In fact, 92% of Microsoft employees and vendors don’t use passwords for authentication and access to systems, Arsenault added.

In addition to detailing how Microsoft transitioned its employees to work from home, the company also rolled out product updates including management tools for its VDI, a unified control plane for device and access management to secure endpoints connecting to corporate resources, and a new tool called Microsoft Productivity Score to measure employee and technology performance in remote environments.

Brad Anderson, corporate VP for Microsoft 365 called out the company’s ability to spin up 32,000 VDI sessions in two days. “Think about: would you have the capacity in your own organization to do that?”

He said some other organizations “had to do all kinds of gymnastics to free up capacity” for VDI. “In come cases, they’ve had to take away disaster recovery from some of their service. I have a couple of customers still waiting on additional capacity to come in,” and these customers won’t have enough VDI sessions until the end of May.

“VDI is such a perfect workload for the cloud, because it is bursty, and what we’ve seen with Windows Virtual Desktop is just an explosion in use, way beyond any of our expectations that we mapped out for our entire fiscal year,” Anderson said.

Windows Virtual Desktop is Microsoft’s VDI, built on its Azure public cloud, and Anderson announced three major updates to the product. This includes a new management interface integrated into the Azure Portal. It allows users to set up host pools, manage applications or desktops, and assign users from the portal.

Microsoft also improved the virtual desktop’s auto-scaling capabilities via integration with Azure Automation and Azure Logic Apps. And it added Azure data centers to support Windows Virtual Desktop deployments in specific regions to meet regulatory and compliance rules around where companies’ data resides.

And finally, Anderson announced upcoming support for Microsoft Teams — this is the vendor’s video conferencing tool that competes against services like Zoom, Cisco Webex, and Google Meet. This feature will be available in preview within a month. It will improve the video and audio quality for people using Microsoft Teams from Windows Virtual Desktop by creating a direct path between users sharing video.

Microsoft also added new security features including improved integrations between Endpoint Manager and Configuration Manager in Azure.

And it extending the ability to use Azure Active Directory single sign-on with unlimited cloud applications across all pricing tiers. This means any Microsoft customer using a commercial online service subscription can connect all their cloud applications to Azure Active Directory using single sign-on (SSL) and multi-factor authentication (MFA) for a flat cost.

“That’s a big deal. Our competition in that space charges you per SaaS app for SSL for MFA,” Anderson said. “And so the more apps you have the bigger your bill is.”

The vendor also announced a new product called Productivity Score, which is available in preview. It provides visibility and analytics across remote work and then gives recommendations to fix problems and make improvements. The product measures employee and technology productivity versus industry or internal company benchmarks.