KRACK - What is it and what does it mean for your Business?

https://www.krackattacks.com

We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.

 

What does it mean for your Business

If you use wireless in your organisation you are probably using WPA2 , which means this exploit effects you. Intruders can use this attack to listen to passwords and sensitive company information. Your Wireless Manufacturer being Draytek, Netgear, Meraki or Ubiqiuiti are currently realizing updates which will need to be applied to your device to protect against this.

Microsoft will release a fix for Windows 10 on October 17th, along with several extra features.

iOS devices are already patched for this problem. Android phone manufactures will be releasing updates as well as Linux Distro's.



Windows 10 Mobile - Is no more

Per this recent BBC article ,it looks like Microsoft has put the nail in the coffin of it's mobile Operating Windows 10

http://www.bbc.com/news/technology-41551546

The company's Windows 10 chief has tweeted that developing new features and hardware for the Mobile version of the OS was no longer a "focus".

With it's main competition being Android run by Google who gives it away for free and makes money using advertisting , and the iPhone the flagship product from Apple , it's hard for another company to come along and take some market share to make any money out of it! 



Windows Server Datacenter\Standard with Software Assurance? Save 40%!

AzureHybridUseBenefit-620x264[1].png

Use your on-premises Windows Standard and Datacenter Server licenses with Software Assurance to save big on Azure. With this benefit, we will cover the cost of the OS (on up to two virtual machines) for each license, while you only pay for base compute costs.

Enable your hybrid cloud model, or modernize in the cloud

  • Maximize value from your current investments
  • Save up to 82 percent when combined with Reserved VM Instances
  • More savings coming soon for SQL Server and Reserved Instances

 

For every 2-processor Windows Server license or Windows Server license with 16-cores covered with Software Assurance, you can run either of the following at the base compute rate:

  • Up to two machines with up to 8 cores or
  • One virtual machine with up to 16 cores.

Savings Calculator

https://azure.microsoft.com/en-gb/pricing/hybrid-benefit/#ahub-calculator



How does your business continue without Email?

Most of our customers have been migrated to Office 365 , however, we still have some customers who want on-premise Exchange due to a few reasons such as below

1) Bad Internet Availability - Due to location their internet speed would not cope with cloud hosting

2) Regulatory compliance and obligation - Government agencies proving their data is on UK Soil and equipment ) 

3) Their CMS app can only use Exchange Online mode - Mainly Law companies

As their email is host locally the issue is what happens when a server or internet connection goes down? Unlike a cloud service such as 365 , your email is only hosted in a single location. Email is usually is stored with your Spam filter provider until the server or internet comes back , but how can your organization still work in the event of this ? 

Introducing the Mimecast Personal Portal

Mimecast+Personal+Portal+v3[1].png

https://community.mimecast.com/community/knowledge-base/mimecast-personal-portal-v3

Users not in the event of a internet or server failure can now get to another internet connection E.g. Phone Hot Spot or home internet and send and recieve email from a Webmail type interface until the problem is resolved.

  • Instant failover and failback  reduces RPO & RTO for email to near zero.
  • Uninterrupted access to all live and historic email and calendarinformation from everyday applications and devices to keep business moving
  • 100% service availability SLA delivered from the highly secure Mimecast cloud
  • Access to email through Outlook for Windows, a native app for Mac users and a full suite of mobile apps means employees can carry on receiving and sending email as if the primary email system was performing normally.


What is Minecraft: Education Edition and how could it benefit your School?

N.B. : Rember Windows 10 is a requirement, with the new Microsoft Education Licenses schools will get this now with their 365 Plan , however, will need to plan the Upgrade path !

How is it different from normal Minecraft?

Classroom Mode is a companion app for Minecraft: Education Edition that enables educators to manage world settings, communicate with students, give items and teleport students in the Minecraft world. For videos and extensive documentation on Classroom Mode, head to our full set of training materials.

Education?

Code Connection is an extension (released on May 22, 2017) that allows educators and students to explore, create, and play in an immersive Minecraft world – all by writing code. Head here to a training that answers all your questions, and get in touch with support if you need further assistance.

Begin your Minecraft journey with these easy steps.

https://education.minecraft.net/



New Microsoft 365 Plans ( Education, Not for Profits and Firstline Workers )

Education

https://educationblog.microsoft.com/2017/09/microsoft-365-education-affordable-solution/

Available from 1st October 2017

Office 365 Education will be renamed to A1 Plan is still Free! 

2 New Plans : A3 and A5

Discover the Microsoft 365 Education that’s right for you

Office 365 A1Microsoft 365 A3Microsoft 365 A5
Collaboration & LearningOffice Online: web-based document editing
Office client applications: Word, Excel, PowerPoint, Outlook
Email and calendar, instant messenger (IM), persistent chat, Yammer
Files and content management: file storage, sharing, information discovery, Groups, Planner
Minecraft: Education Edition with Code Builder
Classroom ToolsMicrosoft Teams with classroom experiences, professional learning communities (PLC), and staff teams
OneNote Class Notebook, Sway
More inclusive classroomsLearning Tools, Accessibility Checker, Office Lens
Voice, video & meetingsSkype for Business
PSTN (public switched telephone network) Conferencing, Cloud PBX (private branch exchange)
ComplianceLegal Hold, eDiscovery search and export
Advanced eDiscovery, Customer Lockbox, Advanced Data Governance
AnalyticsDelve
Power BI Pro, MyAnalytics
Management & SecuritySchool Data Sync, Data Loss Prevention, Office 365 Rights Management
Office 365 A3: Advanced Security Management, Skype Meeting Broadcast
Enterprise Mobility Suite (EMS) A3: Intune for Education, Azure Active Directory P1, Azure Information Protection P1, Advanced Threat Analytics
Windows 10 Education A3: Windows Defender Antivirus, Device Guard
Advanced SecurityOffice 365 A5: Advanced Threat Prevention, Threat Intelligence
Enterprise Mobility Suite (EMS) A5: Azure Active Directory P2, Azure Information Protection P2, Cloud App Security
Windows 10 Education A5: Windows Defender Advanced Threat Protection
Server & CAL BenefitsProductivity Server Licenses and Client Access Licenses (CALs) for Exchange, SharePoint, Skype for Business, etc.
Windows Server Client Access Licenses (CALs
System Center Configuration Manager CML
System Center Endpoint Protection

Not for Profits

Not much to say here per the link : 

https://blogs.microsoft.com/on-the-issues/2017/09/25/learn-nonprofit-can-leverage-technology-greater-impact/

First Line Workers

First Line workers in the eyes of Microsoft are Employees that "serve as the first point of contact between an organization and its customers or products".

Mainly the industries are Retail, Manufacturing, Healthcare, and Government, however, are not enforced to just these

Features are Below and Cost is around 3 GBP per Month 

https://products.office.com/en-us/business/office-365-f1

microsoft-365-f1.png


Why all companies should use Signature deployment software

Whether you're using a cloud-based email solution such as 365 or On-Premise exchange you should utilise an email deployment tool for Signatures.

signaturesoftware.png

 

Job Titles can be and should be set by HR
A signature is a sign-off from an employee of your company to and internal or external party. This job title of a signature If needed or not is like a business card where the receiving party can see the seniority and Role of the sender. Sometimes employees have changed their own job titles for various reasons and this is not picked up until it is too late. Signature software can integrate into Active Directory and grab this each time to standardise the signature per user. You can also create templates so specific users display or don't display their mobile phone numbers for privacy reasons.

Consistent Branding for Logo's and marketing updates
Whether you have changed your logo, or have some new exciting news to share with your new and existing customers a Signature is a great place to show this. Centralising your signature store means you can change the Signature in real time with business updates getting you new leads.

Consistent legal notes and disclaimers
Laws change all the time, and disclaimers are there to protect the company and person sending each email. The company should deploy these when necessary and keep them up to date with the click of a button to protect itself.

Make your signatures Mobile and Device Friendly
If you have created your signature in Word with your company logos sometimes the width of this will make the email UNREADABLE on mobile devices. With 20% of the internet traffic being mobile nowadays you want to make sure you have this covered

Make sure your emails do not get marked as Spam
We recently had a customer whos employee has created a LinkedIn Logo pointing to the companies linkedIn site to be more socially aware. Unfortunately the colleague sourced the image from an unreliable spam site and the companies email was being blocked at receiving mailservers due to this. 

 



Intergrate your Xero Accounts straight into Power BI

We work with our Local Gold Xero Consultants in Surrey : http://www.dna-accountants.co.uk/ , in helping move our existings customers accounting Systems to Xero to offload more of their resources to the cloud for better management and mobility.

Most of our customers will now be utilising Office 365 which comes with Power BI so in 5 minutes we can integrate their accounts package into a very powerful reporting tools giving the below

What's included

The content pack dashboard includes tiles and metrics that cover a variety of areas, with corresponding reports to learn more:

Cash
Cash in
Cash out
Closing balance by account
Closing balance today

Bank Accounts

Customer

Invoiced sales
Invoiced sales by customer
Invoiced sales growth trend
Invoices due
Outstanding receivables
Overdue receivablesCustomer
Inventory

Supplier

Billed purchases
Billed purchases by supplier
Billed purchases growth trend
Bills due
Outstanding payables
Overdue payables

Suppliers
Inventory

Inventory

Monthly sales amount by product
Inventory

Profit and loss

Monthly profit and loss
Net profit this fiscal year
Net profit this month
Top expense accountsProfit and Loss

Balance sheet

Total assets
Total liabilities
EquityBalance Sheet

Health

Current ratio
Gross profit percentage
Return on total assets
Total liabilities to equity ratioHealth
Glossary and Technical Notes



SMBv1 now disabled by default in Azure VMs

https://blogs.msdn.microsoft.com/azuresecurity/2017/08/18/disabling-server-message-block-version-1-smb-v1-in-azure/?

Flow on effect from the recent WannaCry and Petya epidemics. Applies to only new Azure VMs that are created through the Azure Marketplace, does not impact existing VMs. Funnily enough Server 2016 Core is the only VM image that still has SMBv1 enabled by default.

If SMBv1 is required, it can be re-enabled using the steps in this article: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows



Logitech Smart Dock - the perfect SMB Conference Phone

Walk into a conference room and instantly launch your meeting using the high performance, easy-to-use Logitech SmartDock. Transform your meeting with a rich, collaborative Skype for Business experience. Meeting organizers enjoy the familiar Skype for Business interface, and IT admins appreciate the easily deployed and managed Windows® 10 Skype meeting app.

 

Edholm_SmartDock-pricing[1].JPG

SmartDock includes three USB 3.0, Dual HDMI Out, Gigabit Ethernet, and HDMI In. You can use the USB ports to integrate with existing audio-video solutions in the meeting room. Certified for Skype for Business audio and video solutions are recommended.

The real experience comes from the Skype for Business Room software, which is designed for easy meeting joins as part of a resource-based video conference room model. When a room receives an invite to a Skype for Business meeting, the meeting will appear on the Surface Pro screen. An attendee merely touches the meeting to join. During my visit we unfortunately did not have time to explore other options, such as using the room with a user login, but I assume that works also.



RPC over HTTP deprecated in Office 365 on October 31, 2017

https://support.microsoft.com/en-us/help/3201590/rpc-over-http-deprecated-in-office-365-on-october-31--2017

The following are the minimum required Office updates to install to avoid connectivity disruption on October 31, 2017.
 

Office 2016The December 8, 2015 update Subscription: 16.0.6568.20xx - MSI: 16.0.4312.1001

Office 2013 Service Pack 1 (SP1) and the December 8, 2015 update - 15.0.4779.1002

Office 2010 Service Pack 2 (SP2) and the December 8, 2015 update - 14.0.7164.5002

 

I'm using Office 365 with Outlook 2007 or earlier. What actions do I have to take?

MAPI over HTTP was not backported to Outlook 2007 or earlier versions. Therefore, Outlook 2007 and earlier versions will be unable to connect 

 



Microsoft Flow - Free Workflow Tool for 365 Users

Microsoft-Flow-offers-more-than-150-connectors-600x558.png

Have an automated task in 365 that you want to Automate e.g.

Saving emails to Sharepoint?

Email you when specific SQL varies are entered into your Application in SQL?

 

Microsoft has just released Microsoft Flow to do this Automatically for you saving you time and administrative headaches

https://flow.microsoft.com/en-us/documentation/frequently-asked-questions/



Thinking about deploying Skype for Business for your Small to Medium Business?

If you have Office 365 for your Email , you might be making the next step and deploying the Office 365 suite's replacement Phone System ( PBX )

https://www.microsoft.com/itshowcase/Article/Video/695/Skype-for-Business-at-Microsoft-SME-roundtable-March-2017

Skype for business gives your orgainisation

  • Instant Messaging Interally and Externally
  • VoiceCalls
  • Video Calls
  • Online Meeting Collaboration Internally and Externally

Available on

  • Desktop Phones
  • Tablets
  • PC's and Macs
  • Smart Phonnes

    If you are thinking about Deploying Skype for Business you can use the self assesment tool to check your internet is capable :

https://www.microsoft.com/en-us/download/confirmation.aspx?id=53885

 



Microsoft to Bundle Office and Windows into a Single Package!

At the Microsoft Inspire conference going on in America at the moment, we have been closely following, Microsoft has just announced it will be offering a package bundling its Office and Windows package into one

https://blogs.office.com/en-us/2017/07/10/introducing-microsoft-365/

They are calling it : Microsoft 365 Enterprise and comes with Office 365, Windows 10 Enterprise, Enterprise Mobility + Security.

It's going to be available in 2 flavours E3 and E5 depending if you would like PBX Functionality or extra security.

Microsoft 365 Business will be available in public preview on August 2, 2017.

Priced at US $20 per user, per month which comes to around 16 GBP

This will greatly simplify Licensing for Users and Business



Potential service disruption for Outlook 2007 for Windows users - October 31, 2017

How does this affect me?: Beginning October 31, 2017, Outlook for Windows clients using RPC over HTTP will be unable to access their Exchange Online mailbox.

What do I need to do to prepare for this change?: The necessary action depends on the version of Outlook in use in your organization.

 
If you are using Outlook 2007 or earlier, you need to upgrade. Outlook 2007 does not contain support for the MAPI/HTTP protocol. We encourage you to update to the Office 365 ProPlus subscription, or access Outlook via the web browser (which is included in your current subscription plan).

 
Outlook 2010-2016 customers will need to ensure their version of Outlook for Windows is set up to support MAPI/HTTP. At a minimum, you should ensure you have installed the December 2015 update. 

 
Lastly,  ensure your Outlook clients are not using a registry key to block MAPI/HTTP.



Petya Virus - Another Virus in the Wild and how to keep safe

Another Cyrptovirus has reared it's ugly head in the wild called Petya. It's already infected an Ukrainian Bank , DLA Pipa Law Firm in the USA and a few other agencies.

So far there has been no kill switch found to stop mass infection.

It utilises the same flaws that Wanna Cry used with SMB 1 so if you have already disabled this you should be some what protected. This virus gets into organisations through Email to Spam Filters behind your email servers are a real time defense against these new virus as well as up to date Windows and anti Virus on your Firewall.

Important Note per below :



CAL ( Client Access License Guide )

A Client Access License (CAL) is a license granting access to certain Microsoft server software. CALs are used in conjunction with Microsoft Server software licenses to allow Users and Devices to access and utilise the services of that server software.

Microsoft give you a guide here

http://download.microsoft.com/download/6/8/9/68964284-864d-4a6d-aed9-f2c1f8f23e14/CAL_Suite_Bridges_Overview.pdf

I have created a cheat sheet : 

Products Which Require CALs:

  • Windows Server
  • Windows MultiPoint Server
  • Exchange Server
  • Windows Small Business Server
  • SharePoint Server Remote Desktop Services (RDS)
  • Skype for Business Server
  • Microsoft Identity Manager (MIM)
  • SQL Server (except in per core model)
  • Visual Studio Team Foundation Server (TFS)
  • System Center Dynamics AX
  • Project Server Dynamics CRM

Core CAL Suite (User & Device Options):

  • Windows Server
  • Exchange Standard CAL
  • SharePoint Standard CAL
  • Skype for Business Standard CAL
  • System Center Endpoint Protection CML
  • System Center Configuration Manager CML

CAL Equivalents of your On-Prem Rights from your Online Subscription Licenses (Most Popular Plans – see Product Terms for more details):

  • Exchange Std CAL – E1/E3/E4/E5/SPE E3 & E5
  • ADRMS - EM+S E3 & E5/SPE E3 & E5
  • SCCM - EM+S E3 & E5/SPE E3 & E5
  • Exchange Ent CAL – E3/E4/E5/SPE E3 & E5
  • MIM - EM+S E3 & E5/SPE E3 & E5
  • SharePoint Std CAL – E1/E3/E4/E5/SPE E3 & E5
  • SfB Std CAL - E1/E3/E4/E5/SPE E3 & E5
  • EM+S E3 & E5/SPE E3 & E5
  • SharePoint Ent CAL – E3/E4/E5/SPE E3 & E5
  • SfB Ent CAL - E3/E4/E5/SPE E3 & E5
  • Windows Server CAL – EM+S E3 & E5/SPE E3 & E5
  • SfB Plus CAL - E4/E5/SPE E5

Additive CALs:

  • Often referred to as Enterprise CALs,
  • although not exclusively, these CALs
  • require a Base CAL and provide
  • additional functionality to the users or
  • devices assigned them.

Enterprise CAL Suite (User & Device Options – Includes Everything in Core CAL Suite:

  • Exchange Enterprise CAL w/Services – includes DLP & Exchange Online Protection
  • Exchange Online w/Archiving for Exchange Server
  • SharePoint Enterprise CAL
  • Skype for Business Enterprise CAL
  • Windows Server AD Rights Management Services (ADRMS) CAL
  • Advanced Threat Analytics


Careful with Windows Update .NET 4.7 Upgrade

Be careful installing this update on Exchange Servers per Microsoft Recommendations

https://redmondmag.com/articles/2017/06/13/avoid-net-framework-4-7.aspx

There are some also Current Known Issues Listed here

https://support.microsoft.com/en-us/help/4015088/known-issues-in-the-net-framework-4-7

Careful installing this manually or approving this via WSUS!



Citrix XenApp & XenDesktop v6.5 End-Of-Life

The new step forward for anyone currently using Citrix XenApp and or XenDesktop v6.5 the Upgrade path is Citrix Version 7.14 or maybe migration to another product altogether such as Citrix in VDI per below or Microsoft Terminal Server.

https://www.citrix.co.uk/global-partners/microsoft/azure.html

  • Do you need help identifying if your applications are supported in either of these setups?
  • Are you wary of security of the cloud and Azure?
  • Benefits of Citrix 7.14 and changes for your IT Team support?

If any of these questions are going through your head , please contact us today so we can guide you in the right direction



British Airways IT Disaster

If you haven't heard in the news recently British Airways had an IT meltdown last weekend causing thousands of passengers to be grounded.

http://www.bbc.co.uk/news/uk-40081112

Some points to take away for your network and IT Infrastructure: 

Everything critical should have dual power supplies. The incident currently is being blamed on a power surge or cut. If either of these were to happen, this should not have caused any issues. Each rack should have a PDU for UPS and PDU for UN-UPS power meaning you are protected from either of these

Highly Critical devices should be in a highly available state! Whether this be a server using Vmware Highly Available option, or 2 sets of routers in automatic HA, technology makes this easy to implement and can be shared across production and Diaster Recovery Site.

You should have a plan for Diasters - Another blame for the recent outage was due to lack of personnel on the ground to fix and manage the problem. If you have mission critical devices to your business you should have a proper monitoring and oncall person 24/7 so your TTF ( Time to Fix ) is reduced due to knowing about the problem 5 minutes after this has happened.