Replacing Office365, how to keep OS secure

:jigsaw: My Solution Without Relying on Global Vendors

In the original discussion, a key question was raised:

How can we keep operating systems secure and manage devices without relying on Microsoft 365, Intune, or Entra ID?

My approach is built around the exact same goals:

  • Securing operating systems, especially desktops and endpoints.
  • Full control over data with zero vendor lock-in.
  • Device and user management within my own infrastructure.
  • Open-source technologies that are auditable and flexible.

:computer: Devices: Linux and Windows Combined

I use a combination of Linux and Windows devices:

  • Linux is my main platform on local desktops and servers – used for daily work, development, and system management.
  • Windows is present on some devices (mostly for multimedia or specific software).
    However, I don’t use encryption on Windows, since I don’t store sensitive data on them.

:page_facing_up: Office Work: OnlyOffice

I use OnlyOffice on both Linux and Windows desktops to:

  • replace Microsoft Word, Excel, and PowerPoint,
  • edit documents locally or online via Nextcloud integration,
  • fully support standard MS Office formats (.docx, .xlsx, .pptx).

:cloud: Cloud Storage & Collaboration: Nextcloud

I run Nextcloud as my primary self-hosted cloud platform:

  • secure file sync and sharing,
  • calendar, contacts, notes, and task management,
  • built-in video conferencing with Nextcloud Talk,
  • collaborative editing of documents with OnlyOffice,
  • access via desktop, mobile, and browser.

Nextcloud runs on my own server, giving me complete ownership of my data.


:closed_lock_with_key: Data and Identity Security

On my local Linux desktops:

I use LUKS (Linux Unified Key Setup) – a standard for full-disk encryption on Linux:

  • all data is encrypted and unreadable without the correct passphrase,
  • even if a device is lost or stolen, the data remains protected,
  • encryption is transparent and doesn’t interfere with normal use.

For passwords and 2FA:

I run a self-hosted Bitwarden (Vaultwarden) server to:

  • securely manage passwords across all devices,
  • store TOTP 2FA tokens (e.g., for Nextcloud login),
  • avoid insecure browser-stored passwords,
  • access my vault from desktop and mobile apps.

Vaultwarden is a lightweight open-source alternative to Bitwarden, ideal for self-hosting.


:desktop_computer: Remote Device Management

I use MeshCentral, an open-source alternative to Intune or TeamViewer:

  • full remote access to both Linux and Windows machines,
  • remote desktop, terminal, and hardware-level management (if supported),
  • self-hosted – no cloud dependency or third-party relay required.

:arrows_counterclockwise: Automation & Maintenance

I use Ansible for system management and updates across my Linux infrastructure:

  • all configurations are defined as code (Infrastructure as Code),
  • I can apply updates and changes across all machines consistently,
  • scalable and reliable, even with multiple desktops and servers.

:closed_lock_with_key: Two-Factor Authentication (2FA)

I have 2FA enabled on my Nextcloud instance:

  • using TOTP via apps like Vaultwarden (Bitwarden), Aegis or Authy,
  • adds an extra layer of security for all accounts,
  • especially critical when services are exposed to the public internet.

:bar_chart: Comparison Table: Commercial vs. Open-Source Setup

Area Commercial Vendor Solution My Open-Source Alternative Notes
Cloud & File Sync Microsoft OneDrive / Google Drive Nextcloud Self-hosted
Office & Collaboration Microsoft 365 (Word, Excel, Teams) OnlyOffice + Nextcloud Talk Works on Linux & Windows
Disk Encryption BitLocker LUKS (Linux Unified Key Setup) On Linux desktops only
Device Management Microsoft Intune MeshCentral Fully self-hosted
User Management Azure AD / Entra ID LDAP / FreeIPA / internal Nextcloud users Depends on scale
Automation & Updates WSUS / Endpoint Manager Ansible Used on Linux systems
2FA Authentication Microsoft Authenticator TOTP + Nextcloud 2FA Trusted and secure
Password Management Microsoft Password Manager Bitwarden / Vaultwarden (self-hosted) TOTP support + full control
Remote Access TeamViewer / AnyDesk MeshCentral Open-source, secure, LAN-capable
Vendor Lock-In Very high None – full self-hosted stack Total independence

:green_circle: Final Thoughts

This setup allows me to:

  • remain fully independent from global cloud providers,
  • own and protect all my data, locally or in my infrastructure,
  • secure operating systems and endpoints with strong encryption,
  • remotely manage and automate devices with open-source tools.

If you’re considering replacing Microsoft 365 or Intune with open-source tools, this kind of setup is fully viable – even without a big IT team or budget.

6 Likes