Is it safe to use Microsoft 365 on public WiFi without a VPN?

Yes. All Microsoft 365 traffic (Outlook, Teams, SharePoint, OneDrive) is encrypted using TLS 1.2 or higher. Nobody on the same WiFi network can intercept or read your data. The "you must always use a VPN on public WiFi" advice comes from an era when most web traffic was unencrypted. That's no longer the case.

What's the difference between NordVPN and a business VPN?

They're completely different things. NordVPN (and similar services like ExpressVPN or Surfshark) routes your internet traffic through their servers to hide your browsing activity and location. It does NOT connect you to your company network. A business VPN creates a direct, encrypted tunnel between your laptop and your office, giving you access to shared drives, printers, and internal software. NordVPN is a privacy tool. A business VPN is a remote access tool.

We have a file server in the office. Should we keep the VPN or move to SharePoint?

If your file server is getting old or approaching end of life, migrating to SharePoint/OneDrive is usually the better long-term move. It gets rid of VPN dependency, hardware maintenance costs, and the risk of losing everything if the server fails. If your server is relatively new and runs business software that needs it, a VPN is still the practical solution. We'll look at your setup and give honest advice.

What's the difference between a VPN and Zero Trust Network Access?

A VPN checks who you are once, when you connect, and then gives you network access. Zero Trust (via Global Secure Access) checks who you are and whether your device is secure on every single connection, continuously. A VPN is like a door: once you're through, you can go anywhere. Zero Trust is like having a security guard at every room who checks your ID each time.

Does Global Secure Access replace our firewall?

No. Your firewall still protects your network. Global Secure Access replaces the VPN part specifically. It works alongside your existing firewall but removes the need for inbound VPN ports and VPN client software.

Can I run Sage or other database software over a VPN?

You can, but it often causes problems. Database-driven applications constantly send small chunks of data back and forth between your computer and the server. Even slight delays over a VPN connection can cause slowdowns, dropped connections, and in some cases data corruption. If your team regularly needs remote access to database software, we'd strongly recommend looking at cloud-hosted alternatives or specialist solutions rather than relying on a VPN.

We work with large CAD files. Is SharePoint the right choice?

Probably not on its own. SharePoint and OneDrive work well for standard office documents but struggle with very large files like AutoCAD drawings, Revit models, or video files. For this type of work, we'd recommend a specialist platform like Egnyte or LucidLink that's designed for large file workflows. These give you cloud access without the sync problems you'd hit with OneDrive.

We use a NAS for shared files. Can we still use a VPN?

Yes. We regularly set up VPN access to Synology, QNAP, and other NAS devices. The VPN tunnel gives remote users mapped drive access just as if they were in the office. That said, NAS devices do reach end of life eventually, so it's worth planning a cloud migration when the time comes.

Can staff use their personal devices with a VPN?

They can, but it's a security risk. You'd be connecting an unmanaged, potentially insecure device to your company network. We recommend either company-managed devices (set up through Intune) or a cloud-first approach where files are accessed through the browser without needing direct network access. Global Secure Access can also block personal devices that don't meet your security requirements.

Technology Explained

Do I Still Need a VPN?

It's one of the most common questions we get asked. The short answer is: it depends on where your files live and what software you use. The world has moved on from the days when a VPN was the only way to work securely outside the office, but VPNs haven't disappeared entirely. Here's what's changed, what still matters, and what the modern alternatives look like.

Talk to an Expert Call 01584 517 234

What is it?

Before we get into the detail, it's worth clearing up a common confusion. There are two completely different things that people call "a VPN", and they work in very different ways.

Consumer VPN services (NordVPN, ExpressVPN, Surfshark, etc.)

These are apps you install on your phone or laptop. They route your internet traffic through a server in another country. People use them to hide their browsing from their internet provider, get around geographic restrictions on streaming services, or add a layer of privacy on public WiFi. They do NOT connect you to your company's network or give you access to office files. Think of them as a privacy tool for personal browsing.

Business VPN (site-to-site or client VPN)

This is what we're talking about on this page. A business VPN creates a secure, encrypted connection between your laptop and your company's office network. It lets you access shared drives, printers, and office software as if you were physically sitting at your desk. We set these up using your office firewall (typically UniFi or a dedicated VPN appliance), and your staff connect using a small app on their laptop.

The key difference: a consumer VPN protects your privacy online. A business VPN gives you remote access to your company's internal network and files.

So has anything changed?

Yes, a lot. In 2025, almost all internet traffic is already encrypted without needing a VPN:

Every website uses HTTPS (the padlock in your browser). Your banking, email, and cloud apps are all encrypted by default, even on coffee shop WiFi.
Microsoft 365 (Outlook, Teams, SharePoint, OneDrive) encrypts everything automatically. Nobody on the same WiFi can read your emails or intercept your files.
Cloud business apps like Xero, Sage, your CRM, and most modern software all use HTTPS. The connection between your browser and the service is already secure.

This means the original reason many people used business VPNs, protecting data from being intercepted on untrusted WiFi, is largely solved. You don't need a VPN tunnel to safely check your Microsoft 365 email from a hotel. It's already encrypted.

When you DO still need a business VPN

VPNs are still essential when you need to access things that live inside your office network, things that aren't on the internet:

Traditional file servers. If your shared files live on a Windows Server or NAS device in the office, the only way to get to them from outside is a VPN tunnel back to your network.
On-premise business software. Some accountancy packages, manufacturing systems, databases, and specialist software still run on a local server and aren't available through a web browser.
Printers and network devices. If you need to manage equipment or print remotely.
Remote Desktop connections. Connecting to office workstations or servers.

We regularly set up VPN tunnels for clients who still run file servers or NAS devices. It's a proven, reliable approach. But it's worth understanding whether you actually need one, or whether the smarter move is to get those files into the cloud instead.

A word of warning: databases and VPNs don't always mix

One issue we see regularly is businesses trying to run database-driven applications over a VPN connection. Software like Sage, MYOB, or bespoke systems that use a database on your office server can struggle badly over a VPN. The database constantly sends small packets of data back and forth, and even slight delays (latency) in the VPN connection can cause slowdowns, timeouts, or in the worst cases, data corruption.

If you've ever had a VPN drop out while someone was saving to a shared database, you'll know the damage it can cause. This is one of the strongest reasons to look at cloud alternatives for these applications rather than stretching a VPN to do something it was never designed for.

The modern alternative: files in the cloud

If your files live in SharePoint and OneDrive rather than on a local server, you don't need a VPN to access them. Staff can open, edit, and share documents from any device, anywhere, with the same security as being in the office. The files simply aren't on your office network anymore.

SharePoint and OneDrive give you:
- Offline sync. Files are cached on your laptop so you can work without internet, and changes sync when you reconnect.
- Version history. Every edit is tracked. Accidentally overwrite something? Roll back in seconds.
- Granular permissions. Share specific folders with specific people, including external partners, without giving them VPN access to your whole network.
- No single point of failure. If your office floods or your server dies, your files are safe in Microsoft's data centres.

For most small and medium businesses, migrating from a file server to SharePoint/OneDrive removes the need for a VPN entirely. We handle these migrations regularly. See our Cloud & Digital Transformation service for more detail.

When SharePoint and OneDrive aren't enough

SharePoint and OneDrive are brilliant for everyday office documents: Word files, spreadsheets, PDFs, presentations. But they have limitations for certain types of work:

Large files and CAD drawings. If you're an architecture, engineering, or design firm working with AutoCAD, Revit, or similar software, SharePoint struggles with files that are hundreds of megabytes or larger. Syncing large CAD files over OneDrive can be painfully slow and cause conflicts when multiple people need access.
Video production and creative work. Large video files, project files from Adobe Premiere or After Effects, and other media-heavy workflows don't suit SharePoint's sync model.
File locking requirements. Some workflows need proper file locking (only one person can edit at a time), which SharePoint handles differently to a traditional file server.

For these situations, there are specialist cloud platforms designed for the job:

Egnyte is a popular choice for businesses that need the convenience of cloud file access but with the performance and control of a file server. It handles large files well, integrates with CAD software, and gives you proper file locking. Many architecture and engineering firms use it.
LucidLink is designed for teams working with very large files (video, CAD, 3D modelling). It streams file data rather than syncing entire files, so you can open a 5GB AutoCAD file almost instantly without waiting for it to download.
Autodesk Construction Cloud / BIM 360 is purpose-built for AutoCAD and Revit users who need to collaborate on designs.

We can advise on which platform fits your workflow. The key point is that "move to the cloud" doesn't always mean SharePoint. Sometimes the right answer is a specialist cloud service that's built for your type of files.

The next step: Zero Trust Network Access

For businesses that want the security benefits of a VPN without the drawbacks, there's a newer approach called Zero Trust Network Access (ZTNA). Microsoft calls their version Global Secure Access, and it's part of the Microsoft Entra security suite.

The idea behind Zero Trust is simple: instead of trusting anyone who connects to the VPN ("you're through the door, so you must be allowed in"), it checks every single connection individually. Every time someone tries to access something, it asks: who is this person, is their device secure, are they allowed to access this specific thing?

Think of it this way. A traditional VPN is like giving someone a key to the building. Once they're in, they can go anywhere. Zero Trust is like having a security guard at every room who checks your ID each time.

Business Benefits

Secure Remote File Access

VPN tunnels give remote workers the same access to shared drives and office software as if they were sitting in the office, with all traffic fully encrypted.

Cloud Removes the Need

When files live in SharePoint/OneDrive or a specialist platform like Egnyte, staff access them securely from anywhere without a VPN. No tunnel to set up, no software to install, no connectivity headaches.

Zero Trust Goes Further

Microsoft Global Secure Access checks who you are, whether your device is secure, and whether you're allowed access on every single connection, not just once when you log in.

Simplified Management

Cloud-first approaches get rid of VPN hardware, licensing, and the troubleshooting that eats up IT time and frustrates staff.

Risks Without It

False Sense of Security

A VPN encrypts the tunnel, but if the device connecting has malware, missing patches, or no MFA, the VPN hands that compromised device full network access. A VPN without endpoint security is like a locked front door with all the windows open.

All-or-Nothing Access

Traditional VPNs typically give connected users access to the entire network. If an attacker gets hold of a VPN connection, they can move around all your systems. This is exactly the problem Zero Trust is designed to solve.

Performance Hit

VPN connections route traffic through your office internet connection, creating a bottleneck. Multiple staff in different locations all fighting for bandwidth through one pipe slows everyone down. This is especially painful for database applications, where even small delays cause timeouts and data corruption.

Using a VPN When You Don't Need One

If you're connecting via VPN just to use Microsoft 365 or web-based apps, you're adding complexity and slowness for no benefit. Those apps are already encrypted without a VPN.

How Fresh Tech Implements This

Our approach depends on where your files and applications actually live.

For clients with file servers or NAS devices in the office:
We set up client VPN tunnels using your firewall (typically UniFi or a dedicated VPN appliance). Staff connect with a simple app on their laptop, log in with MFA (multi-factor authentication, so a stolen password alone isn't enough), and access shared drives as if they were in the office. We configure split tunnelling so only the traffic that needs to reach your office goes through the VPN. Everything else (web browsing, Microsoft 365, cloud apps) connects directly, which keeps things fast.

For clients ready to move files to the cloud:
We migrate files from your server to SharePoint and OneDrive, keeping your folder structure, permissions, and shortcuts intact. Once moved, staff access files from any device, anywhere, with no VPN needed. We pair this with Conditional Access and Intune (device management) to make sure only company-managed, secure devices can access business data.

For businesses with large files, CAD drawings, or specialist requirements where SharePoint isn't the best fit, we recommend and deploy platforms like Egnyte or LucidLink that are built for heavy file workloads.

For clients who want the next level, Zero Trust Network Access:
Microsoft's Global Secure Access (part of the Entra security suite) replaces traditional VPN with a Zero Trust approach. Instead of connecting a device to your entire network, it gives access to specific applications based on who you are, what device you're using, and whether that device is secure.

How Global Secure Access works in practice:

A small agent runs on managed devices (installed automatically via Intune).
Every time someone tries to connect to a company resource, the system checks: who is this person? Is their device up to date and secure? Are they allowed to access this specific thing?
Only the specific application or file share is made available, not the entire network. An accountant accessing the finance folder doesn't automatically get access to engineering systems.
Checks happen continuously. If a device becomes non-compliant during a session (antivirus turned off, patches overdue), access is cut off straight away.
No holes in your firewall. Unlike traditional VPN, Global Secure Access doesn't need you to open ports on your firewall. Connections are routed through Microsoft's own secure network.

The result is remote access that's both more secure and simpler than traditional VPN. No VPN software to troubleshoot, no "I'm connected but can't see the drive" support calls, and security that doesn't stop at the office door.

We're deploying Global Secure Access for clients who want to get rid of VPN entirely while keeping access to office resources during or after their cloud migration.