I am working for a remote company, a company that is overseas and worldwide ranged with many other remote employees.
I use my personal laptop to work. They have not installed anything on it. Only things I have installed in order to work are Teams and Azure Virtual Desktop. I have the authenticator as well.
I use this commercial vpn which I trust; it has autoconnect feature to same server and killswitch feature on the laptop and on my mobile device as well. Will they know where I am?
I would connect to AVD to work and authenticate while connected through my VPN. In this case, will they only detect that I am connecting through a VPN server, or is it possible that they know where I am?
Which situations, mistakes or flaws could compromise my location?
I want to travel for a few weeks but the company has some policies regarding hr and such. Can you guys give me some advice? Should I buy a vpn router or something as well?
I imagine someone has figured out a killswitch system for tailscale or zerotier. Just set up a computer at home and your remote devices, do some research, set your home device as an exit node and go.
Q: How is my location information used and stored?
A: Authenticator collects your GPS information to determine what country you are located in. The country name and location coordinates are sent back to the system to determine if you are allowed to access the protected resource. The country name is stored and reported back to your IT admin, but your actual coordinates are never saved or stored on Microsoft servers.
If your HR has policies against working where you’re not supposed to, then you probably shouldn’t.
Yes we can tell where you are if you are connecting through VPN. AVD has some pretty detailed logs including the IP you’re coming from. The IP address will give away the location. Some commercial VPN addresses may be blocked as well. We also block sign ins from certain countries so those automatically get flagged if there is an attempt.
At the very least your concerns would seem to raise a red flag in most enterprises that I’ve worked in. “I will work for you but you can’t know my location …” . Hmmmmm.
If you go commercially, setting it up at home or a friend’s house should be a sure way of not ruining an IP. There’s a datacenter in Seattle that has Xfinity servers that appear to be just a normal ISP address but I’m not sure if you get a dedicated or a shared/used IP.
I dont know about azure vdi thing and how it works. But to be safe you should put those on a vm like virtualbox.
The way people do these things normally is they a mini router like the gl.net AXT1800 travel router. And spin up either a good/safe IP as VPN on it and connect your laptop to that. Then your laptop literally cannot know itself that it is on a VPN.
A safe IP includes your home address or a friends by having another one of those travel routers at friends hosue and wiring them together or maybe an old laptop with a linux server over openvpn protocl or something.
OR sping up a VM in a public cloud like azure/aws etc with linux on it and wire it up as a VPN to your mini router. You have to set the VM in a region that works. I did this for my job but it wasn’t too strict or anything. They just had basic intune security or like cisco XDR/duo cyber monitoring. If I went to IPlocation dot com it shows microsoft azure and a map of the data centre that was placed in it was a popular equinix DC.
If you work for a governmental agency a VM in a public cloud could be risky, probably fine, but it could still be flagged.
As for how to do these things, spin up a VM in the cloud, set up a VPN protocl on a linu machine, etc etc cehck it out on youtube. “how to work from home with a vpn” or something like that.
You’re a fucking fool. I’m a technical architect that works remotely for a US company in China. I think it’s you that needs to learn how the world works. OP cares very much about useless laws to stay out of a court room and keep his job.
Getting a dedicated residential ISP VPN from a major VPN provider is a crapshoot and like I said is a matter of when it will be discovered to be a VPN. But yea OP if you can have a friend set up a VPN for you state-side and you be the only one using it will pretty much guarantee you a clean residential VPN for a good long while.
If they haven’t installed anything on the PC then yes they won’t really find out. Now if you log into your company’s website it might get flagged as a different IP than normal or maybe just a VPN in general, but for just using teams they won’t have a clue.
it was a popular equinix DC.