My Solution Without Relying on Global Vendors
In the original discussion, a key question was raised:
How can we keep operating systems secure and manage devices without relying on Microsoft 365, Intune, or Entra ID?
My approach is built around the exact same goals:
- Securing operating systems, especially desktops and endpoints.
- Full control over data with zero vendor lock-in.
- Device and user management within my own infrastructure.
- Open-source technologies that are auditable and flexible.
Devices: Linux and Windows Combined
I use a combination of Linux and Windows devices:
- Linux is my main platform on local desktops and servers – used for daily work, development, and system management.
- Windows is present on some devices (mostly for multimedia or specific software).
However, I don’t use encryption on Windows, since I don’t store sensitive data on them.
Office Work: OnlyOffice
I use OnlyOffice on both Linux and Windows desktops to:
- replace Microsoft Word, Excel, and PowerPoint,
- edit documents locally or online via Nextcloud integration,
- fully support standard MS Office formats (.docx, .xlsx, .pptx).
Cloud Storage & Collaboration: Nextcloud
I run Nextcloud as my primary self-hosted cloud platform:
- secure file sync and sharing,
- calendar, contacts, notes, and task management,
- built-in video conferencing with Nextcloud Talk,
- collaborative editing of documents with OnlyOffice,
- access via desktop, mobile, and browser.
Nextcloud runs on my own server, giving me complete ownership of my data.
Data and Identity Security
On my local Linux desktops:
I use LUKS (Linux Unified Key Setup) – a standard for full-disk encryption on Linux:
- all data is encrypted and unreadable without the correct passphrase,
- even if a device is lost or stolen, the data remains protected,
- encryption is transparent and doesn’t interfere with normal use.
For passwords and 2FA:
I run a self-hosted Bitwarden (Vaultwarden) server to:
- securely manage passwords across all devices,
- store TOTP 2FA tokens (e.g., for Nextcloud login),
- avoid insecure browser-stored passwords,
- access my vault from desktop and mobile apps.
Vaultwarden is a lightweight open-source alternative to Bitwarden, ideal for self-hosting.
Remote Device Management
I use MeshCentral, an open-source alternative to Intune or TeamViewer:
- full remote access to both Linux and Windows machines,
- remote desktop, terminal, and hardware-level management (if supported),
- self-hosted – no cloud dependency or third-party relay required.
Automation & Maintenance
I use Ansible for system management and updates across my Linux infrastructure:
- all configurations are defined as code (Infrastructure as Code),
- I can apply updates and changes across all machines consistently,
- scalable and reliable, even with multiple desktops and servers.
Two-Factor Authentication (2FA)
I have 2FA enabled on my Nextcloud instance:
- using TOTP via apps like Vaultwarden (Bitwarden), Aegis or Authy,
- adds an extra layer of security for all accounts,
- especially critical when services are exposed to the public internet.
Comparison Table: Commercial vs. Open-Source Setup
| Area | Commercial Vendor Solution | My Open-Source Alternative | Notes |
|---|---|---|---|
| Cloud & File Sync | Microsoft OneDrive / Google Drive | Nextcloud | Self-hosted |
| Office & Collaboration | Microsoft 365 (Word, Excel, Teams) | OnlyOffice + Nextcloud Talk | Works on Linux & Windows |
| Disk Encryption | BitLocker | LUKS (Linux Unified Key Setup) | On Linux desktops only |
| Device Management | Microsoft Intune | MeshCentral | Fully self-hosted |
| User Management | Azure AD / Entra ID | LDAP / FreeIPA / internal Nextcloud users | Depends on scale |
| Automation & Updates | WSUS / Endpoint Manager | Ansible | Used on Linux systems |
| 2FA Authentication | Microsoft Authenticator | TOTP + Nextcloud 2FA | Trusted and secure |
| Password Management | Microsoft Password Manager | Bitwarden / Vaultwarden (self-hosted) | TOTP support + full control |
| Remote Access | TeamViewer / AnyDesk | MeshCentral | Open-source, secure, LAN-capable |
| Vendor Lock-In | Very high | None – full self-hosted stack | Total independence |
Final Thoughts
This setup allows me to:
- remain fully independent from global cloud providers,
- own and protect all my data, locally or in my infrastructure,
- secure operating systems and endpoints with strong encryption,
- remotely manage and automate devices with open-source tools.
If you’re considering replacing Microsoft 365 or Intune with open-source tools, this kind of setup is fully viable – even without a big IT team or budget.