I have no support/technical question and have seen the support category. (Be aware that direct support questions will be deleted.)

on

Which general topic do you have

We are investigating if we can start using Nextcloud instead of Office365. All office related features are more than enough for our organization. I am however wondering how to keep our operating systems secure when we stop using Intune for device management and Entra for user management. Google Workspace has something similar that covers it. How are you doing this over here? We we’re in contact with a Nextcloud supplier but they weren’t able to answer this question. Devices need to be encrypted or the local cache can be compromised.
I’m curious to hear what setups everyone is running.

For user management, Nextcloud can interface with different ones. The most popular for companies is probably LDAP.

Nextcloud does not have a device management like this integrated. If it is an official Nextcloud supplier, they can perhaps reach out to Nextcloud and ask about their experiences, if they know about other solutions that integrate well with Nextcloud.

My Solution Without Relying on Global Vendors

In the original discussion, a key question was raised:

How can we keep operating systems secure and manage devices without relying on Microsoft 365, Intune, or Entra ID?

My approach is built around the exact same goals:

• Securing operating systems, especially desktops and endpoints.
• Full control over data with zero vendor lock-in.
• Device and user management within my own infrastructure.
• Open-source technologies that are auditable and flexible.

Devices: Linux and Windows Combined

I use a combination of Linux and Windows devices:

• Linux is my main platform on local desktops and servers – used for daily work, development, and system management.
• Windows is present on some devices (mostly for multimedia or specific software).
  However, I don’t use encryption on Windows, since I don’t store sensitive data on them.

Office Work: OnlyOffice

I use OnlyOffice on both Linux and Windows desktops to:

• replace Microsoft Word, Excel, and PowerPoint,
• edit documents locally or online via Nextcloud integration,
• fully support standard MS Office formats (.docx, .xlsx, .pptx).

Cloud Storage & Collaboration: Nextcloud

I run Nextcloud as my primary self-hosted cloud platform:

• secure file sync and sharing,
• calendar, contacts, notes, and task management,
• built-in video conferencing with Nextcloud Talk,
• collaborative editing of documents with OnlyOffice,
• access via desktop, mobile, and browser.

Nextcloud runs on my own server, giving me complete ownership of my data.

Data and Identity Security

On my local Linux desktops:

I use LUKS (Linux Unified Key Setup) – a standard for full-disk encryption on Linux:

• all data is encrypted and unreadable without the correct passphrase,
• even if a device is lost or stolen, the data remains protected,
• encryption is transparent and doesn’t interfere with normal use.

For passwords and 2FA:

I run a self-hosted Bitwarden (Vaultwarden) server to:

• securely manage passwords across all devices,
• store TOTP 2FA tokens (e.g., for Nextcloud login),
• avoid insecure browser-stored passwords,
• access my vault from desktop and mobile apps.

Vaultwarden is a lightweight open-source alternative to Bitwarden, ideal for self-hosting.

Remote Device Management

I use MeshCentral, an open-source alternative to Intune or TeamViewer:

• full remote access to both Linux and Windows machines,
• remote desktop, terminal, and hardware-level management (if supported),
• self-hosted – no cloud dependency or third-party relay required.

Automation & Maintenance

I use Ansible for system management and updates across my Linux infrastructure:

• all configurations are defined as code (Infrastructure as Code),
• I can apply updates and changes across all machines consistently,
• scalable and reliable, even with multiple desktops and servers.

Two-Factor Authentication (2FA)

I have 2FA enabled on my Nextcloud instance:

• using TOTP via apps like Vaultwarden (Bitwarden), Aegis or Authy,
• adds an extra layer of security for all accounts,
• especially critical when services are exposed to the public internet.

Comparison Table: Commercial vs. Open-Source Setup

Final Thoughts

This setup allows me to:

• remain fully independent from global cloud providers,
• own and protect all my data, locally or in my infrastructure,
• secure operating systems and endpoints with strong encryption,
• remotely manage and automate devices with open-source tools.

If you’re considering replacing Microsoft 365 or Intune with open-source tools, this kind of setup is fully viable – even without a big IT team or budget.

thanks for this impressive post @vawaver

I’m adding an important topic IMO

note taking

I would recommend joplin as OneNote / Evernote replacement.

I’m not up-to-date with Nextcloud Notes and collectives which look promising now but my switch happened at time when both couldn’t compete with OneNote and as one doesn’t do such massive switch every week I’m stuck with Joplin which is doing very good job for me with it’s “Joplin Server” acting and backend for my family’s notes. unfortunately not integrated with NC

• Evernote Replacement
• and few other thougts My daily experience with Nextcloud - organization and planning

Thanks for your answer. Since our focus now is mainly at security and device and user management, how do you handle LUKS encryption within an organization. Do all employees know the password of each system? We work with shared pc’s since the majority if the workforce works parttime. I can’t wrap my head fully around it.

I only use LUKS on personal devices. Each user manages their own passphrase. On shared machines, it simply doesn’t make sense – the idea of multiple people knowing the same encryption password is both impractical and insecure.

In such cases, other approaches make more sense:

• encrypted home directories for each user,
• or no local storage of sensitive data at all – everything accessed through the browser or a remote server.

This is exactly where I see value in Nextcloud without file sync – using it purely via the browser, without syncing files to the device. Just access what you need, when you need it.

That’s the direction we’re heading. Full-disk encryption stays an individual choice for those working with sensitive data on their own systems.

If you’re dealing with these questions in a company context, it’s probably best to discuss them with the people who manage IT internally – they’ll know your infrastructure and security requirements best.

Thanks for sharing your experience. I thought so as well. So in this case, when an organization leaves Office365 including Intune and Entra, what do they look for as an alternative. I understand that this is not part of Nextcloud, but it is a question that is part of stepping away from big tech.

The problem with this is that colleagues still handle other files outside of Nextcloud that contain sensitive information. This is why the device itself needs to be completely safe.

I do not consider shared devices safe in general. For non-shared devices of course encrypting the local storage could be a way to go. But technical security is one thing, psychological another. So no matter which tools/software you use to store your information and documents, user education helps a lot. And I have seen so many shadow workflows because of companies very strict policies. Users can get extremely creative then. There is always also the practical point of view. For example I would consider it a higher risk to accidently sending a share link to a wrong external person than information leak due to compromised cache.

And I either already lost data because of errors in decryption - so I personally even do not always encrypt everything. There is some data where accessibility outweighs security either.

Very interesting point of view. I sometimes wonder if we actually need to setup things like Microsoft because it’s best-practise, or we believe it’s best-practise because Microsoft makes us believe.

Our main issue is that whenever we look for a local IT system administrator, they are always bound to Microsoft as a certified gold partner.

Also for @wwe @tflidd @mwildam .

Exactly as you said, fietswiel – and as I mentioned above – the key is to be curious, questioning, investigative, and always learning . Only then comes the moment of realization: you don’t have to be a slave to corporate systems. You do have a choice.

It’s just like in the movie The Matrix – Neo is faced with a decision: take the red pill (truth, awareness, freedom) or the blue pill (comfort in ignorance, submission to the system) .
And those so-called “experts” with shiny certificates from “gold partners”? More and more they start to look like Agent Smiths – defenders of the system, part of the system, treating any attempt to break free as a threat.

By exploring alternatives, you’ve found yourself standing in Neo’s shoes – red or blue? And once someone takes the red pill, a whole new world opens up – one where you’re in control, where no one can force you to use tech that doesn’t serve your values .

And this is where it gets powerful: like in The Matrix, the freed minds begin to unite . They are no longer just scattered rebels – they become a community with a common goal: life outside the system. Out of the illusion, into reality .

Nextcloud is a real-world example of this. It’s not just a tool – it’s a movement .
A digital Zion, where people reject surveillance, embrace transparency, and fight to own their data. A space where tech serves people, not the other way around .

Everyone who wakes up, who chooses to dig deeper, is making Neo’s choice. And once you see the truth, you never want to go back . Because in the real world – where we are free to choose – our decisions have real power. That’s why we come together, build alternatives, and support technology that’s open, human, and free .

Love this setup! A couple questions:

• How large is your user base?
• How do you store the LUKS keys and local admin logins? Microsoft’s alternative is LAPS or Intune, I’m interested in an automated way, I looked at Vaultwarden but API access control is very limited, either full, write or read rights, I’d like add only and read only for example, so I can include this during installation of the workstation.
• How do you perform workstation installation? Manual? I’ve been investigating Ubuntu’s autoinstall.yaml, Microsoft’s out out of box solution at this time is AutoPilot
• Can you recommend any training for using Ansible for software deployment and policies?

Hi zaggynl, glad for your interest!

Just to clarify up front — I’m not an IT professional and I don’t have any formal background in tech. Everything I’ve learned, I picked up on my own over time, mostly out of necessity for my home setup.

I self-host everything at home — I run Proxmox with 5 VMs using Ubuntu Server. Everything I do is strictly for personal or family use, so I don’t have to worry about managing other admins, enforcing policies, or dealing with enterprise-level requirements.

To your questions:

• My Nextcloud setup serves around 10 users, mostly family and a couple of close friends.
• For LUKS keys and local admin logins, I keep things very simple — all devices are under my direct control, so there’s no need for something like LAPS. I do use Vaultwarden, but I haven’t explored its API capabilities yet. I agree, more fine-grained access control would be useful.
• I’ve tested Ubuntu’s autoinstall.yaml, but honestly, I didn’t really like it. Since I use Proxmox, I usually rely on VM templates when I need to spin up a new Ubuntu server — it’s fast and works well for my needs.
• After installation, I manage everything with custom Ansible playbooks that I write for specific services and settings. I keep it focused on my use case — no need for complex policy deployments like in enterprise environments.

Like many others here, I’m just a regular person who chose the red pill and prefers to have full control over their own digital environment.

Nextcloud is not a MDM, so you would have to do that some other way. Intune and Google Workspace only have a minimal impact on end user device security anyway, so even in that case I would not rely on them as a security measure.

Amazing, as an IT professional I have to say that the level of your knowledge as a non-IT professional is very high. Reading your posts has just given me valuable tips for my Nextcloud installation. Chapeau.

@kjathome
About Freedom and the Journey to Independence

I appreciate your feedback. Where I am today is the result of a simple but very powerful desire – to stop being a slave to the system and gain freedom. Freedom not just in using software, but also in knowledge and the ability to manage everything according to my own needs.

Why Linux and Open Source

That’s why I became a fan of Linux and open-source solutions. It’s a completely different environment – a place for those who don’t want to remain passive users. For those who want not only to learn theoretically but, more importantly, to turn acquired knowledge into real benefits. And to genuinely enjoy the process, because every new configuration mastered, every problem solved, is a real step toward personal independence.

Passing Knowledge Forward

An essential part of this journey is also the ability to share knowledge with others. Selflessly, without expecting any reward, which in today’s world, where almost everything is measured by money, is often hard for people to understand.

Balancing Two Worlds

I balance between two areas – the professional IT sector and the community of enthusiasts who seek freedom and independence. I’m fully aware that the key to success is quality and clarity in education. That’s why I strive to share information in a simple and understandable way, so that even complete beginners can follow.
Because a student can only grow as much as their teacher shows them.

The LinuxDoma Project

For the Czech Republic and Slovakia, I lead a project called LinuxDoma (Linux at Home), which is focused exactly on this – helping beginners learn how to use Linux, both for desktop and home server purposes.

Why Nextcloud

Maybe that’s also why I’m a huge supporter of the Nextcloud project, which naturally aligns with this philosophy. In many of its values and ideas,
I share a strong connection with its founder and owner, Frank Karlitschek, with whom I share the same motto: “Freedom and Independence.”

Nextcloud for Everyone

Nextcloud is not just a business solution. It offers a real opportunity for every individual who wants to protect their privacy, own their data, and avoid dependency on large corporations. Thanks to Nextcloud, even an ordinary person can build their own cloud – a personal space for documents, photos, communication, and collaboration – all fully under their own control.

This is a value that cannot be measured in money – freedom over your own data and independence in an age increasingly driven by centralized platforms.

Final Thoughts

That’s why I strive to make my tutorials and contributions here on the forum high-quality yet understandable, so that Nextcloud can truly be a tool for freedom, not just another technical obstacle.

I replaced Notesnook with NC Notes. Works perfectly and it’s yet another chunk of my digital life that is under my exclusive control