Why use Office 365 Microsoft Teams

What is Teams?

Microsoft Teams is a free platform ( if you are an office 365 customer ) for communication and collaboration for teams inside your organisation to enable staff to interact better. Most organisations will have the following departments:

  • Finance
  • HR
  • IT
  • Sales
  • Marketing

Each of these departments and subteams will be communicating with each other currently using some form platform such as CCing Group Email , skype for business chat or phone calls.

Microsoft Teams enables you to use all the above methods and colloborate with documents at the same time.

Hows does it work

When you create a Microsoft Team for a department, it creates :

  • Sarepoint Site for Document Storage and live collaboration

  • A Team Mailbox for live Chat Communications
  • OneNote file for note collaboration.

 

You can then break down a Team into different Channels for example Different Projects inside a Department.

Best Features

Fully Synced Between your devices

Microsoft Teams can be accessed via

  • An installed Application on your Computer or Mac

  • The Web
  • An App on your phone with Push Notifications

Everything is synced between these so nothing is missed when using another device or on the move

Sync and collaborate on Files in Teams use External Providers such Dropbox/Box/Sharefile and Google Drive

 

Saving files

Each Channel in teams gets a specific email address, if your group is working from a shared mailbox , rather than forward that email to a group who then have to download it , you can forward it to your department channel and ask the question there.

Connectors

Connectors allow you to connect third party lists such as 

  • Twitter feeds
  • RSS Feeds
  • News

Into your teams site so its a one stop shop for information

Bots

You can intergrate helpful bots inside your chat windows for example

  • User : “Bot pull up sales figures for Customer Contoso “
  • Bot : “Beep Beep - Sum of sales from salesforce for Contoso X$”
  •  
  • User : “Bot does Customer Contoso have any outstanding amount due”
  • Bot : “Beep Beep - Xero shows Contoso has an outstanding amount of X$ overdue 5 days”

List of current bots available here : https://bots.botframework.com/ as well a a development library to program your own

 

New Business Features Windows 10 ( 1803 ) Download Link

Microsoft’s new version of Windows, Windows 10 is forever improving through feature updates released every quarter for its customers.

The update can be downloaded here and but released out via Windows Updates ( WSUS ) from the 8th May

Focus Assist

In today's distractive work environment Microsoft has come up with technology to snooze all alerts so you can concentrate on your work per below : 

Timeline

Have you ever worked on something and totally forget the name of the document or what webpages or other documents you were using at the same time? Windows 10 Timeline now lets you navigate through your previous 30 days of computer history, just like going back in time, to bring up your previous documents, webhistory and applications. It’s the perfect way to pick up where you left off between one computer and another.

This even links your Windows Phone history or online 365 useage

Social Engineering of Two Factor Text Messages

Now you have Two Factor Authentication Enabled on your system a hacker will try and Social Engineer other methods to get your codes if he has your password as well.

One of this  is Sim Card Hacking Per Our Article here

The next method seems to be messaging you pretending to be the Two Factor Service

Of course above is the hacker sending your a Text Message when he submit login trying to get you to reply with your Code. Its clever but pretty obvious. 

If goes with out saying you should never SMS back your Two Factor Code to anyone of enter it anywhere apart from the legitimate website requesting it 

UK National Lottery Hack - Customers information breached

The Uk National Lottery operator Camelot is urging all its online customers to change their passwords as it suffered an online hack the telegraph reports that Millions have been hacked

https://www.telegraph.co.uk/news/2018/03/16/national-lottery-hacked-millions-customers-warned-change-passwords/

However more newsworthy reporting such as The BBC New reports this was only 150 Customers

http://www.bbc.com/news/business-43437097

“We have directly contacted those players whose accounts have been affected. We are advising players to change their password as a precaution, particularly if they use the same password across multiple websites.”

No money or credit card information has been stolen

Camelot said it had reported the security breach to the police and the Information Commissioner’s Office and was liaising with the National Cyber Security Centre.

Service Status

Here's a service status page for our cloud suppliers

BT Service Status:
https://btbusiness.custhelp.com/app/service_status/

Easynet Status:
https://support.uk.easynet.net/support_status.aspx

Zen Broadband
https://status.zen.co.uk/

Office 365 Service Status
https://status.office365.com

Dropbox Service Status
https://status.dropbox.com/

Sales Force Service Status
https://status.salesforce.com/

Google Apps Service Status
https://www.google.com.au/appsstatus

Cloudflare Service Status
https://www.cloudflarestatus.com/

123reg service status
https://twitter.com/123reghelp?lang=en

Here is a service you can check to see if a website is down for just you or everyone

https://downforeveryoneorjustme.com/

 

Office 365 will drop TLS 1.0 and 1.1 Support starting 31st October 2018

Microsoft has announced that as of October 31st ( Moved from the 1st March ) it will be dropping TLS 1.1 Support and only allowing TLS 1.2

https://blogs.technet.microsoft.com/exchange/2018/02/09/an-update-on-office-365-requiring-tls-1-2/

What you need to do 

https://support.microsoft.com/en-us/help/4057306/preparing-for-tls-1-2-in-office-365

1 ) Check for 2008 R2 and Windows 7 Devices and make sure this KB is installed : https://support.microsoft.com/en-au/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

Make sure this Reg key is set

https://blogs.technet.microsoft.com/schrimsher/2016/07/08/enabling-tls-1-1-and-1-2-in-outlook-on-windows-7/

2) Make sure you are not using any of these devices which do not support TLS 1.2

  • Android 4.3 and earlier versions
  • Firefox version 5.0 and earlier versions
  • Internet Explorer 8-10 on Windows 7 and earlier versions
  • Internet Explorer 10 on Win Phone 8.0
  • Safari 6.0.4/OS X10.8.4 and earlier versions

3) Check your devices e.g. MFD and Phone Systems support TLS 1.2

Network Access Control Systems and Solutions

Network access control systems are tools used for controlling and managing network access based on compliance with a network and its policies. These policies are devised based on various parameters like user identity, device location, device health, among others.

The same philosophy is someone requiring a username and password to connect to your Network remotely via VPN, or use a Wifi Password or Domain Credentials present some sort of  Network Access Control. But what happens when you look at the Physical layer , what happens when someone brings their home computer and plugs it into the network or even worse an attacker plugs in?

NAC systems present an authentication layer on the physical port so only devices with a working AntiVirus and Windows patches and correct credentials will be presented on the company network. You can even present a two factor authentication to this incase the user details get compromised. If any of these tests fail they will be redirected to the Guest Networks

Systems that help managed this are HP's Aruba ClearPass or Cisco's ISE

Contact us today if you need a quote for a NAC system or the supporting of an existing one

General availability of Vmware in AWS Cloud in London

Vmware has now announced its General availability of AWS hosted Vmware in its cloud in London UK. The costs are below and factors in colocation, electric, bandwidth, security and licensing.

Yearly Costs

Region : EU London

Per Host Configurations

EC2 I3 server (2 x Intel® Xeon® E5-26xx v4 series CPUs, 36 cores, 512 GiB Memory, 8 x 1900 GB NVMe SSD)

Total Number of Hosts : 1

Yearly Price : £44,790

Spectre and Meltdown

Offical Websites : https://meltdownattack.com/

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

On the 9th of Jan Microsoft will release a new patch to fix the issue. The same patch can be downloaded manually, more info here:

https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html

https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/

There are several reports (Read this thread https://www.reddit.com/r/sysadmin/comments/7o39et/meltdown_spectre_megathread/?utm_content=title&utm_medium=hot&utm_source=reddit&utm_name=multi) of users saying that the patch will slow down any CPU by 1 to 20% after patch, and some AV will not like it at all.

Update *

VMware has also released an advisory with patch links:

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

Update **

MS Disables Windows Updates if AV is not Spectre/Meltdown compliant

Update ***

Fortinet released new Forticlient 5.6.4 and it is fully compatible with the latest Windows patch.

Keep in mind that the Forticlient is seen as AV client from the OS (because it has an AV engine).

This in case you are unable to patch a system, make sure Forticlient is on latest version.

Forticlient can be freely downloaded here www.forticlient.com

Why Use a Managed Firewall Service?

We have had a few organisations with internal IT outsource the management of their Firewall and sometimes networking for us to they can concentrate on other aspects of the business. We usually arrange for a Site Networking Assesment were we come in and document ( if not already documented ) and provide some recommendations if nessesary on projects to get the network in a stable state.

Some reasons people outsource networking to us are as follows : 

Flat Rate

A managed firewall service gives you a flat monthly fee of managing each one of your firewalls or switching in regards to Monitoring , Security Updates and changes. This means you don't have any shock bills to worry about. 

Expertise

Our inhouse Networking gurus live and breath 1's and 0's flying across networks. We have notifications setup for the latest malware trends and 0 Day exploits currently beaing released on the internet and the patches to resolve them. Stay on top of patch levels from manufactures such as Cisco, Juniper, HP and Fortigate saving you the hassle. We also provide internal change control's to make sure each update gets installed without a hitch.

Monitoring

Our monitoring speaks to your router using various technologies such as SNMP , SSH and HTTP's to make sure we are getting the latest CPU and Memory load as well as making sure your bandwidth is not being over utilisted. If any of these are true we contact you about either performing QoS on your network or upgrading your Firewall/Connection to make sure your business is not disrupted.

Windows 10 Intune

As part of Microsofts Cloud offering , Intune is the functionality to control remote devices via the cloud instead of OnPremise Domain Controllers. With remote workers using devices like Microsoft Surfaces nowadays for portability they are rarely in the office or connected to a VPN which is able to connect back to the domain for new updates.

Windows 10 Intune allows a user to go to a store and purchase a device with their company credit card , and enter their Office 365 username and password on setup and it will setup the computer and download all the App's over the internet wiithout the need for being in the Office!

With Azure AD offering and now Windows 10 Intune slowely removing the need for onpremise Group Policys the move for cloud management is coming! You can also use these policies for deployment to Phones and Tablets as well. It's also a great tool for Asset Management, Security Auditing and remote assistant for devices in your firm.

Cost

Packages start from 4.50 GBP / Month

https://www.microsoft.com/en-gb/cloud-platform/microsoft-intune-pricing

Windows 10 inbuilt MDM or the Client

There are some features that the Inbuilt MDM in Windows 10 cannot do per below

Features

First, let’s take a look at an overview of the features available for the client and for Windows 10 MDM:

FEATURE INTUNE CLIENT Windows 10 MDM
Auto Enrollment via Azure AD
Software Deployment via Single MSI
Software Deployment via MSI + additional files
Software Deployment via EXE + additional files
Configuration Policies
Compliance Policies
Windows Update Policy Approved Updates & Reporting Policy
Endpoint Protection Policy & Reporting Policy
Software License Management
Hardware Inventory Limited
Conditional Access

 

Note 3 key items here – software deployment, Windows Update management and Endpoint Protection management:

 

Policies

Understanding the configuration policies possible with either approach is important for getting a full picture of how much control you have over Windows 10 PCs:

POLICY Intune Client Windows 10 MDM
Custom Configuration (OMA-URI)
Edition Upgrade Policy✗✓
Email Profile✗✓
General Configuration✗✓
PKCS #12 (.PFX) Certificate Profile✗✓
SCEP Certificate Profile✗✓
Trusted Certificate Profile✗✓
VPN Profile✗✓
Wi-Fi Import✗✓
Windows Information Protection (Enterprise Data Protection)✗✓
Microsoft Intune Agent Settings N/A
Microsoft Intune Center Settings N/A
Windows Firewall Settings
Exchange ActiveSync
Mobile Device Security

IT Support for Retail

Retail organisations such as shops and places that deal directly with the public through a shop front rely on IT Systems for multiple transactions through the day.

These systems are usually:

  • Point of Service Systems for purchases and stock audits

  • Systems for Payments e.g. Credit Card Machines and or systems like Square

  • TimeSheeting Software to check staff in and out for Payroll
  • Site to Site VPN's for shop connectivity to the main office for stock ordering and finance reconciliation and also failsafe options for secondary internet or offline processes if connectivity fails
  • Coupon Validation
  • Systems for Audio and Visual such as background music that is streamed and organised from the head office to all royalties are paid for and managed

Retail organisations also have multiple premises around the country if not world, so an IT provider needs to have engineers around the country available through all hours of the day and also prioritise busy seasons for retail companies e.g. Black Friday and Xmas to make sure any problems are dealt with efficiently and effectively

Retail organisations also need CCTV systems for their premise for security and insurance purposes and these should be stored either in the cloud or at the main office for archival purposes.

Future

Some stores are also now using iPAD's for PoS systems and also giving these out to their customers for the shop experiencing in being able to find new items and also try outfits on virtually.

Free Wifi in stores also enables Stores to gather information about their consumers and start building a Customer Management System for offering offers for repeat business and building analytics to increase return sales.

 

Contact us today for how we can help your Retail Organisation with it's IT Support today

Integrating your Remote access Citrix/Terminal Server Solution with Office 365 Two Factor Authentication

We preach two factor authentication whenever we can!

Previously ths cost of this has been pretty expensive for Customers due to the Labour of performing the following 

  • Setup of a DMZ on your Network 
  • Creation of a New Subnet
  • Firewalls Rules between on premise and DMZ 
  • Setup of MFA Software
  • Purchase of Licenses
  • Setup of MFA Application on Users Phone

However what if a customer already has office 365 ? They can enable 2fa authenticaiton with their 365 Tenant for free and outsource this setup and security to Microsoft.

To do this you just need a machine to be able to accept the SAML Tokens and Citrix's Netscaler does just this!

Not only can you toughen up the security to your inhouse and hosted apps but you can also restrict access by Enabling Country of Origin in a Conditions in Conditional Access Policies in Active Directory and SAML
 

You can host a Netscaler in Azure if you already have infrastucture there or you can host it as a Virtual Applicance on your existing Virtual Infrastructure.

You can host a Netscaler in Azure if you already have infrastucture there or you can host it as a Virtual Applicance on your existing Virtual Infrastructure.

LAPS – Local Administrator Password Solution

The problem with computers that come straight from an OEM or setup by users themselves is that sometimes they leave the original Local Administrator Account Password Blank. When this PC joins a domain as most PC's in business' do , this blank password is left as an exploitable security rish which is how UK renowned British Hacker Gary McKinnon infiltrated Nasa

Not only can someone access your PC remotely they can also :  

  • Install a keylogger to get the Domain Users or Administrator Password
  • Install Software to reverse engineer Cached Credentials 
  • Get immediiate access all the local FIles on the Computer
  • Get Users Saved Browser Passwords

 

LAPs is a solution provided by Microsoft , that when installed has a tiny client rolled out on each PC, that gets told by Group Policy to generate a random password. The password gets changed every 30 days and is unique for each computer. Even if the computer disconnects the domain for what ever reason your local AD will still have a record for the password

LAPS is easy to deploy, easy to manage and provides several security benefits… and it’s free available below

http://aka.ms/laps

IT Support Travel Agents

Travel Companies such as Travel Agents, Tour Operators or tourist centres need access to the fastest internet to scour Holiday Booking sites or access airline checkin Systems and check availability. Not being able to access a site at a certain time such as a ticket site could lose existing business so the reliability of the provider and failback options should always be looked at.

Applications

Travel Agents also need to store previous , pending and future clients details with agenda's and be able to send the clients these all in a printable PDF Format. We can setup systems to prove a client has read each email or downloaded tickets to have a audit in case of any documents have been lost.

Customisable databases with all the above details can be created to suit each client with enough security to protect from a data breach.

We have helped our Travel Clients create booking forms on their websites for their clients to send through details of Exhibitions and Stands for their events which go straight into their booking database

Phone System

Calling abroad future, overseas or existing clients can stack up expensive bills for travel companies. VoiP makes the cost of this much cheaper and also provides portibility for remote workers to have a follow me phone which means they can answer calls if people are out of the office.

Hosting

As travel is the main worktype of people who work in travel , we host can host all infrastucture in the cloud so whevere they are in the world they always have speedy uniterupted access

EU’s General Data Protection Regulation (GDPR)

From 25 May 2018 businesses of any size may need to comply with the GDPR if they have an establishment in the European Union (EU), if they offer goods and services in the EU, or if they monitor the behaviours of individuals in the EU.

Risk that businesses could face fines of up to 4% of global revenues or €20 million (whichever is highest)

What does it mean for me?

Do you collect names, ID numbers, IP addresses, cookie data, health data, genetic data, biometric data, racial or ethnic data, information on political opinions and sexual orientation or EU citizens ? This can be current employee's, previous employee's ,  existing customers , furture customers and previous customers.

If so the new rules means that

EU citizens have the right to access, so companies have to make sure they detail what personal data is being processed; the right to be forgotten and erased, which requires companies to delete personal data upon request; and also, the right to data portability, so the citizens are enabled to transfer personal data between companies.

The UK has launched an advisory Website for companies

https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/

Data might not have to be erased if any of the following apply:

  • The “right of freedom and expression”
  • The need to adhere to legal compliance, e.g. a bank keeping data for 7 years.
  • Reasons of public interest in the area of public health
  • Scientific, historical research or public interest archiving purposes
  • For supporting legal claims, e.g. PPI offerings.

Out of Scope

  • Non-electronic documents which are not to be filed, e.g. a random piece of microfiche, or a paper notepad, are not classed as personal data in the GDPR and are therefore not subject to the right to erasure.
  • Some personal data sets are impossible (or infeasible) to edit to remove individual records, e.g. a server backup or a piece of microfiche.

Microsoft is letting its data heavy customers have a Free StorSimple device

How would you like to reduce your initial SAN costs and expenditure and change it to a montly ongoing cost , Microsoft if giving customers its Azure StorSimple 1200 for FREE

Feature StorSimple Virtual Array
Installation requirements Uses virtualization infrastructure (Hyper-V or VMware)
Availability Single node
Total capacity (including cloud) Up to 64 TB usable capacity per virtual array
Local capacity 390 GB to 6.4 TB usable capacity per virtual array (need to provision 500 GB to 8 TB of disk space)
Native protocols iSCSI or SMB
Recovery time objective (RTO) iSCSI: less than 2 minutes regardless of size
Recovery point objective (RPO) Daily backups and on-demand backups
Storage tiering Uses heat mapping to determine what data should be tiered in or out
Support Virtualization infrastructure supported by the supplier
Performance Varies depending on underlying infrastructure
Data mobility Can restore to the same device or do item-level recovery (file server)
Storage tiers Local hypervisor storage and cloud
Share size Tiered: up to 20 TB; locally pinned: up to 2 TB
Volume size Tiered: 500 GB to 5 TB; locally pinned: 50 GB to 500 GB
Volume size Tiered: up to 5 TB; locally pinned: up to 500 GB
Snapshots Crash consistent
Item-level recovery Yes; users can restore from shares

 

Cost

  • StorSimple Cloud Appliance 1200 monthly subscription = £94.96
  • You will also need to pay for your storage in Azure Blob

The tiering engine is now based on a heat map. Frequently accessed blocks are kept locally. Colder blocks are deduped, compressed, encrypted and sent to an Azure storage account, which can be cool blob storage (ultra cheap disk).

StorSimple is available as a virtual appliance, with up to 64 TB (hot + cold, with between 500 GB and 8 TB of that kept locally) per appliance.

Other Benefits

  • Auto backups with 13 years of retention.

  • DR Situation you receieve a new unit and can start to use data in 2 minutes of installation

  • Requires 5 Mbps data per virtual appliance for normal usage.

Uses

  • Archive: You need to store a lot of data that is not accessed very frequently. E.g. CCTV , old customer information, financial data and huge Medical Scans.
  • File storage: You can use a StorSimple appliance as a file server, instead of a classic Windows Server. The shares are the same – the appliance runs Windows Server – and you manage share permissions the same way. This is ideal for small businesses and branch offices.
  • Backup: Veeam supports StorSimple as a backup target. You get the benefit of automatically storing backups in the cloud with lots of long term retention.
  • Virtual Appliance can be setup with ready made VHDX/VHD or VMDK Applicancies , attach the disk, configure networking, provision shares/LUNs from the Azure Portal, and just use the storage.

Office 365 - FindTime - Share your Calendar with your internal and Third Parties

FindTime is an Outlook add-in or Web Based Tools that allows you to quickly find time to meet with others Internally or Externally - something that can take weeks without FindTime! FindTime helps you pinpoint times to meet by looking at available free/busy data for your attendees as well as creating a poll where attendees can vote on the times you suggest, and even suggest new times themselves!

FAQ

Do recipients also need to have FindTime installed?

Nope! Your friends and colleagues only need an email address and Internet access in order to be a recipient. You are certainly welcome to spread the love and invite them to install FindTime, however, and become an organizer!

Can I send a test invite?

Definitely! Just add a second personal email address to the To: or Cc: line and you're in business!

Can I send invites to people who don’t use Office 365?

Yes! You can send a FindTime invite to anyone with an email address. Only organizers are required to be on Office 365.

Skype for Business Broadcast ( Free GoToMeeting Webinar service for 365 Users )

Skype for Business has a limit of 250 Users ... how do big enterprises get around to showing Webinars for a user count larger than this?

Introducing : Skype Meeting Broadcast is a feature of Skype for Business Online and Office 365 that enables you to schedule, produce, and broadcast meetings or events to online audiences up to 10,000 attendees. The Skype Meeting Broadcast portal is where you schedule a meeting of this size.

Company's can use this for free if they have an Office 365 Subscription and send event invitations to internal and external users with automatic Language translation which makes it a great worldwide feature.

A few great use cases for company's

  • For existing Employee's - Great for announcements and feedback across multi region offices and remote users

  • For Existing Customers - Great for new product launches 

  • For New Customers - Great for promoting new products 
  • For the Public - Great for publically listed companies promoted annual meetings

After the meeting, this video can be downloaded to host online in 365 Video for people who missed the event and also a CSV file can be download to list all attendee's to follow up attendee's on future events or feedback

https://www.microsoft.com/itshowcase/Article/Video/598/Overview-of-Skype-Meeting-Broadcast-and-how-to-schedule-a-Skype-Meeting-Broadcast

Guy Fawks - Burn the BT Open Reach Van effigy!

A small village in Devon have used their annual theme bonfire night to vent their frustrations about WiFi speeds – by burning a giant effigy of a BT Openreach transit van.

“Upload speeds are almost zero! There really are very few places in our village where a 2G phone signal can be reliably found, let alone 4G.

A spokesman from BT said: “Templeton is an extremely rural community which makes rolling out fibre broadband much more challenging. Templeton was not included in Openreach’s commercial roll-out of fibre broadband or the first phase of the Connecting Devon and Somerset partnership but we’re working hard to find alternative ways of bringing faster broadband to residents.