Thinking about deploying Skype for Business for your Small to Medium Business?

If you have Office 365 for your Email , you might be making the next step and deploying the Office 365 suite's replacement Phone System ( PBX )

https://www.microsoft.com/itshowcase/Article/Video/695/Skype-for-Business-at-Microsoft-SME-roundtable-March-2017

Skype for business gives your orgainisation

  • Instant Messaging Interally and Externally
  • VoiceCalls
  • Video Calls
  • Online Meeting Collaboration Internally and Externally

Available on

  • Desktop Phones
  • Tablets
  • PC's and Macs
  • Smart Phonnes

    If you are thinking about Deploying Skype for Business you can use the self assesment tool to check your internet is capable :

https://www.microsoft.com/en-us/download/confirmation.aspx?id=53885

 



Microsoft to Bundle Office and Windows into a Single Package!

At the Microsoft Inspire conference going on in America at the moment, we have been closely following, Microsoft has just announced it will be offering a package bundling its Office and Windows package into one

https://blogs.office.com/en-us/2017/07/10/introducing-microsoft-365/

They are calling it : Microsoft 365 Enterprise and comes with Office 365, Windows 10 Enterprise, Enterprise Mobility + Security.

It's going to be available in 2 flavours E3 and E5 depending if you would like PBX Functionality or extra security.

Microsoft 365 Business will be available in public preview on August 2, 2017.

Priced at US $20 per user, per month which comes to around 16 GBP

This will greatly simplify Licensing for Users and Business



Potential service disruption for Outlook 2007 for Windows users - October 31, 2017

How does this affect me?: Beginning October 31, 2017, Outlook for Windows clients using RPC over HTTP will be unable to access their Exchange Online mailbox.

What do I need to do to prepare for this change?: The necessary action depends on the version of Outlook in use in your organization.

 
If you are using Outlook 2007 or earlier, you need to upgrade. Outlook 2007 does not contain support for the MAPI/HTTP protocol. We encourage you to update to the Office 365 ProPlus subscription, or access Outlook via the web browser (which is included in your current subscription plan).

 
Outlook 2010-2016 customers will need to ensure their version of Outlook for Windows is set up to support MAPI/HTTP. At a minimum, you should ensure you have installed the December 2015 update. 

 
Lastly,  ensure your Outlook clients are not using a registry key to block MAPI/HTTP.



Petya Virus - Another Virus in the Wild and how to keep safe

Another Cyrptovirus has reared it's ugly head in the wild called Petya. It's already infected an Ukrainian Bank , DLA Pipa Law Firm in the USA and a few other agencies.

So far there has been no kill switch found to stop mass infection.

It utilises the same flaws that Wanna Cry used with SMB 1 so if you have already disabled this you should be some what protected. This virus gets into organisations through Email to Spam Filters behind your email servers are a real time defense against these new virus as well as up to date Windows and anti Virus on your Firewall.

Important Note per below :



CAL ( Client Access License Guide )

A Client Access License (CAL) is a license granting access to certain Microsoft server software. CALs are used in conjunction with Microsoft Server software licenses to allow Users and Devices to access and utilise the services of that server software.

Microsoft give you a guide here

http://download.microsoft.com/download/6/8/9/68964284-864d-4a6d-aed9-f2c1f8f23e14/CAL_Suite_Bridges_Overview.pdf

I have created a cheat sheet : 

Products Which Require CALs:

  • Windows Server
  • Windows MultiPoint Server
  • Exchange Server
  • Windows Small Business Server
  • SharePoint Server Remote Desktop Services (RDS)
  • Skype for Business Server
  • Microsoft Identity Manager (MIM)
  • SQL Server (except in per core model)
  • Visual Studio Team Foundation Server (TFS)
  • System Center Dynamics AX
  • Project Server Dynamics CRM

Core CAL Suite (User & Device Options):

  • Windows Server
  • Exchange Standard CAL
  • SharePoint Standard CAL
  • Skype for Business Standard CAL
  • System Center Endpoint Protection CML
  • System Center Configuration Manager CML

CAL Equivalents of your On-Prem Rights from your Online Subscription Licenses (Most Popular Plans – see Product Terms for more details):

  • Exchange Std CAL – E1/E3/E4/E5/SPE E3 & E5
  • ADRMS - EM+S E3 & E5/SPE E3 & E5
  • SCCM - EM+S E3 & E5/SPE E3 & E5
  • Exchange Ent CAL – E3/E4/E5/SPE E3 & E5
  • MIM - EM+S E3 & E5/SPE E3 & E5
  • SharePoint Std CAL – E1/E3/E4/E5/SPE E3 & E5
  • SfB Std CAL - E1/E3/E4/E5/SPE E3 & E5
  • EM+S E3 & E5/SPE E3 & E5
  • SharePoint Ent CAL – E3/E4/E5/SPE E3 & E5
  • SfB Ent CAL - E3/E4/E5/SPE E3 & E5
  • Windows Server CAL – EM+S E3 & E5/SPE E3 & E5
  • SfB Plus CAL - E4/E5/SPE E5

Additive CALs:

  • Often referred to as Enterprise CALs,
  • although not exclusively, these CALs
  • require a Base CAL and provide
  • additional functionality to the users or
  • devices assigned them.

Enterprise CAL Suite (User & Device Options – Includes Everything in Core CAL Suite:

  • Exchange Enterprise CAL w/Services – includes DLP & Exchange Online Protection
  • Exchange Online w/Archiving for Exchange Server
  • SharePoint Enterprise CAL
  • Skype for Business Enterprise CAL
  • Windows Server AD Rights Management Services (ADRMS) CAL
  • Advanced Threat Analytics


Careful with Windows Update .NET 4.7 Upgrade

Be careful installing this update on Exchange Servers per Microsoft Recommendations

https://redmondmag.com/articles/2017/06/13/avoid-net-framework-4-7.aspx

There are some also Current Known Issues Listed here

https://support.microsoft.com/en-us/help/4015088/known-issues-in-the-net-framework-4-7

Careful installing this manually or approving this via WSUS!



Citrix XenApp & XenDesktop v6.5 End-Of-Life

The new step forward for anyone currently using Citrix XenApp and or XenDesktop v6.5 the Upgrade path is Citrix Version 7.14 or maybe migration to another product altogether such as Citrix in VDI per below or Microsoft Terminal Server.

https://www.citrix.co.uk/global-partners/microsoft/azure.html

  • Do you need help identifying if your applications are supported in either of these setups?
  • Are you wary of security of the cloud and Azure?
  • Benefits of Citrix 7.14 and changes for your IT Team support?

If any of these questions are going through your head , please contact us today so we can guide you in the right direction



British Airways IT Disaster

If you haven't heard in the news recently British Airways had an IT meltdown last weekend causing thousands of passengers to be grounded.

http://www.bbc.co.uk/news/uk-40081112

Some points to take away for your network and IT Infrastructure: 

Everything critical should have dual power supplies. The incident currently is being blamed on a power surge or cut. If either of these were to happen, this should not have caused any issues. Each rack should have a PDU for UPS and PDU for UN-UPS power meaning you are protected from either of these

Highly Critical devices should be in a highly available state! Whether this be a server using Vmware Highly Available option, or 2 sets of routers in automatic HA, technology makes this easy to implement and can be shared across production and Diaster Recovery Site.

You should have a plan for Diasters - Another blame for the recent outage was due to lack of personnel on the ground to fix and manage the problem. If you have mission critical devices to your business you should have a proper monitoring and oncall person 24/7 so your TTF ( Time to Fix ) is reduced due to knowing about the problem 5 minutes after this has happened.

 

 



Wanna Cry Virus - What you need to know!

Cyprtolocker Variances such as the recent "WannaCry" have been around for years. The main reason this hit the news headlines is of big outbreaks across the NHS and other global organisations.

Per below we've put together a list of things you can do to mitigate this for this strain and other strains : 

http://www.response-it.co.uk/news/2016/10/27/ransomware-the-small-business-guide?rq=Cryptolocker

Install the MS17-010 update that patches the vulnerability in Windows

Done with finding out the version? Here are the links to the updates for all of the Windows versions for which it has been released. Note that if you aren’t sure if you use 32-bit or 64-bit version of Windows, you can simply download both patches — one of them will work for you; trying to run the wrong one will bring up an error box but will do no harm.

 

 

You can also be extreme and disable SMB 1 totally from your network however careful with this as things such as VCentre use this for domain authetnication! 

Microsoft have put together a full list here thats uses SMB1

https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-clearinghouse/

 

 

 



The Cloud is helping us get rid of Software Asset Management

Part of Response IT's duties for our customers is to help with their Software Asset Management and Licenses. Find the most cost effective solution for their needs and make sure this is kept in a way to produce to Software Vendors if ever the need for Audits. One of the benefits from buying software from Us is that this happens automatically for you.

Game Changer ....

Salesforce was a close creator of the vison of Software being a service instead of a product. The solution would be paid for in a subscription which would let you use it and have access to all the future updates instead of a once off purchase. Some people like paying for things outright as they can see the final price , however when things get more expensive due to celeverer functionality, the cost goes up and this doesn't become viable. Some key companies who have followed : 

Microsoft

The whole microsoft license sheme has changed from a direct one purchase now to a monthly per user model, no more software assurance rules like MDOP, VDA, per device. And the upgradability on these licenses are mearly a flick switch so computers can be upgraded to be joined to the domain , and functionaly for 365 Users can be changed by changing their price plan ( per user not for the whole group !) 

Adobe

They have been on the front runner for this for sometime, and probably due to the cost of their product its been a great welcome. Initial outlays from Adobe Creative Suite where a big hit for one company , and change thing between users where complex and needed software for auditing. Now this is managed in a central dashboard for all the companies products that can be switched around when needed and activated by email straight to the user.

 

Pluses

Self Audits and Costings

Employee's sometimes in a rush were forced to buy software and or hardware themselves which would get them up and running however to check if they had purchased the correct version E.g. Home instead of a professional version of Windows to Join to the domain and Audit the purchase for future SAM Adutis and expense the purchase under the right cost center!

Instant meaasurments

Companies can now check their monthly spendature on Software and Software Vendors can see in realtime companies use which means auditing can be done efficently without SAM Consultants or Software

No Wastage

As instant measurements are so easy , licenses can be re-assigned in realtime making sure no license is doubly users and users who have left the firm do not leave with it on their personal device

 

All in all , this helps everyone , simplier equals easier to manage which reduces the overall costs ! Microsoft are even stopping SAM

https://www.theregister.co.uk/2016/04/13/microsoft_we_have_a_bullet_ready_for_12_competencies/



Microsoft 365 Intune with EMS

If your organisation has Office 365 with Enterprise Mobility Suite (EMS), you’re probably already familiar with Intune, Microsoft’s solution for mobile device and application management.


ems.jpg

You can use EMS as a Single Sign on Solution to over 1200 Software as a Service Cloud Applications such and salesforce and box across devices and browsers

Active Directory Premium gives you full Active Directory into the cloud so you don't need local servers for management of Active Directory , see here for a full list of differences

Group membership can be requested by users to the groups Owner and this can be approved from the cloud

User Password resetting can be done in the cloud and automated to be self service to reduce the time for users to fix their issues and load on helpdesk staff

Intune is also your go-to solution for managing shared tablets in limited-use mode. With Intune, you can bulk provision, secure, and centrally manage shared tablets configured to run in limited-use mode.

 

This makes IT’s a job a lot easier: you don’t have to configure settings on individual tablets, and you don’t have to do anything differently than you would for devices not in limited-use mode. With Intune, your transactions, inventory, and other information are protected, no matter what your tablets are used for.



What is Azure Information Protection (AIP)

Azure Information Protection (AIP) allows you to classify and add security directly to your sensitive data so that it's always protected and identifiable.

Example : 

Admin creates policies for data classification, labeling, and protection. Sally, an accountant, creates a document that has customer PII, including credit card numbers.

When Sally saves the document, it’s automatically classified CONFIDENTIAL and encrypted with permissions

When she emails the document to her team, she accidentally includes two unauthorized users. Sally’s team are able to open the file, but cannot print, save, copy text, or forward the file. The two unauthorized users are unable to open the file or forward the email.

Sally and IT can view successful/unsuccessful attempts to open the file. Sally or IT can quickly recall the document from unauthorized users.



The next tech is here - Hyper-Convergence

Hyper-converged infrastructure (HCI, also called a hyper-converged integrated system. HCIS) refers to integrating virtualization of storage, computing and networking in a data center into a single appliance.

Why is the industry moving towards this?

Compatibilty out the box : Storage, Networking and Computing providers have come together with their products to offer something out the box that has been thoroughly tested together. No more searching three providers on compatibility when updating a single firmware for a device.

Support ; Single point of support for all of your hardware 

Management : Again single management interface for all your virtulised hardware

Faster setup : You can have new infrastructure setup to expand your ERP system or increase your VDI seat count in less than one hour!

There are multiple hyper converged providers at the moment , but we've had great Demo experience with HP's solution per below

 

Companies will tend to expand on their existing infrastructure due to their already inhouse expertise on existing technologies and human nature of staying the same however this can unnecessary increase costs and manageability by not looking at all solutions at the time of expansion.



Legal E-discovery in 365

Discovery is the process of finding search terms in your organisations data. Searching your who organisations files for keywords can be difficult and duanting task unless all of it is in a collaborated cloud system such as 365.

 For example if you need to trace a client named "client 1" due to a legal case you can use the below method to search your company Documents stored in Sharepoint, Company Emails in Exchange Online and User Data stored in One Drive for Business

You can also Upload Old larges PST's to 365 to Exchange and or sharepoint giving you discovery of all your archived email and mailboxes



Windows Vista support is ending - Good Riddance

After April 11, 2017, Windows Vista customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft. Microsoft has provided support for Windows Vista for the past 10 years, but the time has come for us, along with our hardware and software partners, to invest our resources towards more recent technologies so that we can continue to deliver great new experiences.

If your running Windows Vista , you won't be one of our customers , but please upgrade to a new version of windows or contact us to help you!

https://support.microsoft.com/af-za/help/22882/windows-vista-end-of-support



Bye Bye Exchange 2007 End of Life Today - Users of Small Business Server 2008

Exchange 2007 has officially now been dropped by Microsoft today

https://blogs.technet.microsoft.com/exchange/2016/04/11/exchange-server-2007-t-1-year-and-counting/

A great product which was the base for Exchange 2010 and up helping with DAG setups and using powershell , it will be sad to see it go!

This was bundled in with Small Business Server 2008 so if you are using this version you will need to look at migrating your users elseswhere! 

What are your migration paths?

1) Upgrade and Migrate to the Cloud e.g. Office 365 (using their FastTrack service if you have a Minimum of 50 Users Seats) 

2) Upgrade and migrate your server to Exchange 2013 ( Can only do one jump so no Exchange 2016 ! ) 



Office 365 - Advanced Threat Protection (ATP)

Advanced Threat Protection (ATP) similiar and complimented well with Exchange Online Protection (EOP) , is a service that helps you prevent zero-day malicious software attacks in your email environment. It does this with clever analytics, the same as webroot antivirus uses, where it puts attachements into sandboxed enviroments and tests what they do before forwarding them to you once they know it's safe

Safe Links

It also uses Safe Links technology to rewrite each external link through 365 ( acting like a web proxy ) to block any Phishing sites or websites that have been marked as unsafe due to malware or blocked file extensions. This means that even home users will get the protection they need via Webmail or via their Mobile device

Reporting

A rich reporting dashboard gives you realtime stats to see what user clicked what link and where milianious links where sent from enabling you to stop future attacks and mitigate risks of existing attacks

This service comes bundled with the E5 Package in Office 365 and can be purchased as an add on for 1.50/User/Month



What is Microsoft Azure Rights Management Services (RMS)?

Azure Rights Management Services (RMS) is the solution to the problem of protection documents after they have left you organisation as they move across different platforms such SharePoint, Exchange, and OneDrive, and maintains permissions while saved online and offline.

Rights management doesn't just encrypt files; it encrypts them so only specific people can open them (rather than anyone with the password) and works on all Microsoft Office documents including Word, Excel, PowerPoint and even email within Outlook. Full list of growing applications here :

https://docs.microsoft.com/en-us/information-protection/get-started/requirements

The RMS sharing apps for Android and IOS can open protected versions of .TXT, .XML, .JPG, .PDF, .PNG, .TIFF, .BMP and .GIF files (with the usual variations like .JPE and .JFIF). 

Previously you would of needed a standalone server and trust to other Active Directoy domains, however now with Office 365 any size company and use this service

To make sure the viewers of the file are the correct recipients ..

This is done by the collection and monitoring the following information about the file

  • What device it’s accessed from

  • What device it’s sent from

  • What device it’s sent to

  • What application accesses it

  • Whether it’s accessed online or offline

Uses

Look no further than the recent US elections of how this solution could of saved some embarrassment! 

http://www.theblaze.com/news/2016/05/25/trump-spokeswoman-accidentally-sends-email-to-a-reporter-instead-of-her-coworker-heres-what-it-said/

Limitations

If you send an RMS protected email to a Gmail account then the recipient will not be able to open it using the browser-based Gmail interface.  Instead they will see an error that reads: “This message uses Microsoft Information Protection solutions. Open this item using an email application that supports protected messages, such as Microsoft Outlook.”

You can block printing and screen capture, but if someone with enough time can capture an image of the open document with print screening or they can just pull out a phone and take a picture. 

It is recommended that before purchasing this solution you sit down and test this with a provider to make sure this is the right solution for you!

Cost

£1.50 / User / Month



Give your employees the tools they need to work so they don't have to burden you...

 A 2014 report, showed more than 80% of employees use non-approved software-as-a-service (SaaS) applications at their jobs. The reason for this and what we find is they are looking for services to make their job easier instead of a service not to do their job. If you find tools that can do all these service in house , it leads to easier management of single apps through the business as well as shared expertise of Company Apps throughout the business

Some examples of this are below

Installation of Dropbox for sending and receiving large files and having a realtime document sharing platform

The old method we see of this is using email to transport documents between third parties to a central store at either end. Dropbox changes the way this happened by bringing a simple to use consumer product which was hosted in the cloud. Methods for companies to leveraging this technology have been to purchase dropbox for business for better auditing and security of files or use One Drive for business which is free on select Office 365 plans to bring the same functionality. Once either of these where setup and training dropbox for home was not being used anymore

Messaging - For communicating to Third parties and internal employees in real time

Again for the above this was used for real-time communication usually matching with the dropbox service for getting immediate group feedback for changes or discussion to file changes. Services being used for this were Facebook, Skype, Whatsapp and iMessage. It seemed uses where after a mobile way to always be in communication with their team especially as deadlines got closer. Skype for Business again free with Office 365 plans adds all of the above however enables history tracking into the users Outlook for searching for previous chats and also governance to make sure all communication is audited. It also adds the functionality of Video and Audio calls and mobile worker Phone Services.

 



Meraki now introducing Video Camera's to their great portfolio

Response IT are a big believer in Meraki brand, the way it's simple, stable and most easy to manage. We are really excited to know they have now added Video Camera's to their portfolio.

Having helped setup existing customers with security solutions for their Offices, DataCenter and remote sites we bundle this into out wide offerings of services.

Dream of eliminating servers and video recorders? Looking to spend less time on complex security camera deployments and maintenance? Look no further. 

Cisco Meraki is bringing the magic of Meraki cloud management to MV Security Cameras. Like all Meraki products, MV cameras provide zero-touch provisioning, allowing IT admins to add a serial number to the dashboard and begin configuring before hardware even arrives on site. 

On top of that, MV security cameras feature:

  • intelligent motion indexing with search engine
  • ability to export and share historical video
  • secure encrypted control architecture
  • video walls with up to 12 cameras per layout
  • remote monitoring and troubleshooting from anywhere in the world