Windows 7 End of Life January 14, 2020 - Migration Plans

On January 14, 2020 Microsoft support for its Windows 7 Operating system will end.

 

Large organizations such as governments have looked previously to secure ongoing support packages direct with Microsoft for many millions of dollars, here's a way your organization can migrate before

Hardware refresh

If you your computers had Windows 7 preinstalled when you purchased then the hardware is around 5 years old which is over the recommended 3 years hardware refresh period. Not only will your machines be out of hardware warranty, but they will probably still used hard disks instead of solid state harddrives.

This might be the ideal time to purchase new machines which come with Windows 10 preinstalled to save on the license purchase.( currently 220 GBP for a retail copy ). For large refreshes you can use the Microsoft Deployment Technologies with their User State Migration Tool (USMT) for Seamless migrations

 

If your machines came with Windows 10 Licenses on them , then you can use one of the following migration routes to upgrade, if not then you can purchase Windows 10 licenses from your Microsoft Partner

 

Manual Inplace Upgrade

This is advisable for 50 or fewer computers where you have enough time to run this manually, takes around 3 hours.

To get started, go to the Download Windows 10 webpage and click the Download tool now button. After the download completes, run the Media Creation Tool.

 

MDT Windows 10 Upgrade

You can set up Microsoft Deployment Technologies Server and using this workflow , this will enable you to deploy the installation media for the Windows 10 Upgrade across multiple offices

You can script the upgrade to take place automatically without user intervention

Security Recommendations for all Company Computer Systems - Part 2

LAPS

Implement Microsoft Local Administrator Solution A common practice when running Windows networks is to set the local Administrator account to the same password on every machine. Whilst this makes system administration more convenient the practice also makes is easier for attackers. When an attacker has compromised one machine, they are able to obtain the administrator password and then use the password to access any other machine on the same network. 
The "Local Administrator Password Solution" (LAPS) provides management of local account passwords of domain joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset. 
LAPS removes the common local account password by setting a random password on each machine. LAPS also mitigates the risk of a Pass-the-Hash (PtH) credential replay attacks. 

Consider implementing Microsoft LAPS. 
https://www.microsoft.com/en-us/download/details.aspx?id.46899

Email Security

SPF (Sender Policy Framework) is a standard that helps reduce spam. Each domain lists in one DNS record a list of all the servers that are allowed to send emails for that domain. When an email provider like Gmail sees an email sent from an address @example.com but coming from a server not listed in the SPF record, it knows it is likely to be spam. 

Conversely, it is important to set such a record to avoid your emails to be considered spam. More and more email providers consider domains without SPF record as more suspicious than others. Even if your domain does not send emails, you should set a SPF record as this will prevent spammers from faking emails from your domain. 


Implement DKIM and DMARC to strengthen email security. Deploying both configuration with SPF hard fail will prevent any third party sending emails pretending to be from @companydomain. This will prevent spear phishing emails internally and externally to customers and suppliers. 

Email Archiving

Lack of Email Archiving Email archiving is the act of preserving and making searchable all email to/from an individual. Archiving emails is considered a better practice as it allows an organisation to control the size of mailboxes and to keep a non-reputable copy in case of legal disputes. 

Implement some form of email journaling or archival to meet compliance or admissible evidence in court proceedings. Check if Barracuda offer additional archiving services or purchase additional software and storage for on-premise vault. Alternatively, Office 365 business plans have large mailbox and storage capacities, and offers legal hold as additional add-on service.

 

Patching

Hackers take advantage of errors in software code to attack and take over computers. These vulnerabilities are specifically targeted by attackers. Software vendors correct errors in their code by releasing patches. Applying patches is one of the most effective measures to improve the security of a computer system. 

Patching implement Windows Update Server Services to manage, monitor and control the deployment of Windows patches. This free Windows application. 

Administrator Privileges

Administrator or admin access is a level of access where the user has full, complete or unrestricted access to the entire system and all its data. Users with administrative access pi privileges for operating systems and applications can make significant changes to their configuration and operation, bypass critical security settings and access sensitive ' information.

Make sure Users do not have Local Admin to Machines and Administers have a specific login for Domain Admin Tasks for Logging and Auditing

Logging

Consider implementing a system for managing and storing logs from key infrastructure services are periodically copied to an external system for long term storage and access.

We recommend that at least the last 3 months logging information is on hand for immediate analysis and that at least the last 12 months of logging data can be retrieved when required for analysis.

Limited Retention of Logs Logging should be enabled across all systems and logs retained for a reasonable period to allow investigation and review of events that have occurred in the past.

 The lack of available logging information makes any subsequent investigation into an incident that occurred in the past very difficult to perform.

Network segmentation

Network segmentation is the act of splitting a network into many "sub networks" or areas. Segmentation segregates and protects company data and systems and limits attackers' lateral movements between computers and across the network.

There should be an segmentation between internal network and internet accessible computers. Should an internet facing computer be compromised by attackers the rest of the company network will be easily accessible.

Consider implementing network segmentation. At a minimum, internet facing systems should be segregated from the internal network by creating a demilitarised zone or DMZ.

Network access to administer computers, firewalls, switches and routers is not restricted. Any computer on the network can connect to any other computer on the network and potentially access services that are only meant to be accessed by IT administrators.

Access to administration ports should be restricted to only certain network addresses and/or computer systems.

This can be achieved through network segmentation and/or by implementing IP address restrictions for accessing administration functions such as SSH, remote desktop or web based administration portals.

Security Recommendations for all Company Computer Systems - Part 1

Multi-Factor Authentication

Multi-factor authentication (MFA) is a method of controlling computer access in which a user is only granted access after ' successfully presenting several separate pieces of evidence to prove that they are who they say they are — typically at least two of the following categories of authentication information are provided: something they know — for example a password, something they have — for example a PIN code sent via SMS to a phone, and something they are — for example a fingerprint.  
Multi-factor authentication is one of the most effective controls an organisation can implement to prevent an attacker from gaining access to a device or network. When implemented correctly, multi-factor authentication can make it significantly more difficult for an attacker to steal legitimate credentials to facilitate further malicious activities on a network. 

Extend the rollout of MFA to any system that is publicly available and to any system that requires a higher level of access control:

  • Remote VPN access
  • Webmail Access
  • Third Party Apps
  • Website access
  • Administrator level access to key systems
  • Implement a RADIUS server on-premise to allow local systems to integrate with the Azure MFA service
     

Training

Extend Security Awareness and Training Training employees to understand and avoid common security threats can greatly reduce a companies risk of a security incident. It is therefore vital that an organisation has a security awareness program in place to ensure employees are aware of the importance of protecting sensitive information, what they should do to handle information securely, and the risks of mishandling information. 

Implement security awareness training for new starters. expand its security awareness efforts by implementing a security training platform. 
Implement an integrated Security Awareness Training and Simulated Phishing platform such as Knowbe4. https://www.knowbe4.com/about-us/  
 

Hard Disk Encryption

Hard disk encryption prevents any information stored on disk from being read or accessed. Data that is encrypted may only be decrypted and read if the encryption key or password is known. 
If a computer is lost or stolen, the information stored on the computer will be protected from unauthorised access. 

You can upgrade the version of Windows in use to Windows 10 Enterprise to take advantage of Bitlocker. Bittocker is a Windows feature that allows hard drives to be encrypted. Bitkocker provides the most protection when used with a Trusted Platform Module (1-13M) version 1.2 or later. The TI)M is a hardware component installed in many newer computer by the computer manufacturers. 

 

Cyber insurance policies

  • Third Party Claims - covers the Insured's liability to third parties from a failure to keep data secure, such as claims for compensation by third parties, investigations, defence costs and fines and penalties from breaching the Privacy Act. 
  • First Party Costs - reimburses the Insured for the costs they would incur to respond to a breach, such as IT Forensic Costs, Credit Monitoring Costs, Public Relations Expenses and Cyber Extortion Costs (including ransom payments to hackers).
  • Business Interruption - this section provides reimbursement for the Insured's loss of profits resulting from the breach, as well as any additional necessary expenses it may need to incur to continue business as usual. 

 

What is Azure Advanced Threat Protection?

We have spoken about Azure SQL Advanced Threat Protection but what about Azure's product for your onpremise enviroment

Azure Advanced Threat Protection ( AATP ) Uses AI to forward traffic from your environment and detect problems or threats on your onpremise enviroment

 

What is currently protected

  • Pass the ticket (PtT)
  • Pass the hash
  • Overpass the hash
  • Forged Privileged Attribute Certificate (PAC; MS14-068)
  • Golden ticket
  • Malicious replication
  • Directory service enumeration
  • Server Message Block (SMB) session enumeration
  • Domain Name Service (DNS) reconnaissance
  • Horizontal brute force
  • Vertical brute force
  • Skeleton key
  • Unusual protocol
  • Encryption downgrade
  • Remote execution
  • Malicious service creation

How it works

Once a license is acquired an Azure ATP Admin center will appear in your 365 Admin Portal

You create a workspace for each of your Domain Forests , enter the credentials for the domain and download the Sensor onto a domain controller. This uses the Wireshark driver to forward traffic Live to Azure for real time log Analysis 

You can then see issues live as well as schedule reports

License

Enterprise Mobility + Security (EMS) E5 at 13 Pounds / Month per User

Free (Boilerplate) IT Policy templates for your IT Enviroment

If you are in charge of IT for a company, it is a good idea as part of the onboarding process a User signs a user acceptance policy like they sign their work contact. This document will cover 

  • Acceptable use of the company network, files and equipments
  • Security measures a user is expected to abide to
  • Protection of company data

It makes clear from the start of what is expected of them as a user of the system.

Sans.org has put together some standard documentation you can use for your environment for free

Acceptable User Access Policy

Email Policy

Remote Access Policy

You can get the user to use this free tool to electronically sign the document then email it back to you

https://smallpdf.com/sign-pdf

Office 365 Document Collaboration LifeCycle

There are so many Office 365 apps sometimes customers get lost in the functionality and sometimes lose out in ways it can help their business. Some of these apps work in parallel for your Document Collaboration and building. These are the steps your document should go through

 

1) One Drive

 This is your personal storage like a home drive, documents here are only viewed by you. You should put all your Documents and Desktops here to protect them from accidental deletion or corruption. 

 

2) Teams

 This is a document storage for collaboration, e.g an Accounts Team would have a team site to work through 2018 Finances. People can upload their receipts to an accounting package or integrate into a personal one drive to a Teams folder. Once finished the accounts team would publish the accounts to Sharepoint for viewing by management.

 

3) Sharepoint

This is permanent storage for Organisation Company Documents

Companies should look at Data retention policies and have an information strategy to force documents to end up in Sharepoint rather than stay in personal One Drives and Team Sites.

 

4) Yammer

This is the solution to let companies know about changes on Sharepoint

Microsoft 365 Advanced Threat Protection VS Mimecast M2A License

Recently we looked at why someone might choose 365 Advanced Threat Protection vs Mimecasts Spam Protection

A table of some of the added Features Mimecast can give you over Office 365 with ATP

POLICY 365 with Advanced Threat Protection 365 with Mimecast M2A
Impersontation Protection
Spam Filtering
URL ReWrite / Safelinks ✓ Uses AI to scan webpage for malicous content
Archive ✓ 7 second search SLA
Email Continuity ✓ ( C1 Product )
Signature Software
Disclaimer Software
DKIM
Attachment sandboxing ✓ ( SLA for Speed )
Safe File Conversion
Email encryption

 

Conclusion

Mimecast adds the following security protection

  • Safe File conversion ( ability to convert Office and PDF files to a safe file format for immediate delivery to employees )

  • Email Continuity ( a service so employees can still send and recieve email with Calendar in the case of an office 365 outage )

Mimecast adds the following functionality

  • Signature software - to Tag signatures on all employee emails

  • Mimecast had an Outlook add In , so users get notified in real time and can release quarantine items using this instead of waiting for a scheduled Quartine Email ( which cannot be customised like it can be in Mimecast )

There is some talk about 365 Attachment Sandboxing adding 5 minute delays , this really depends on the attachment size etc , however Mimecast have an SLA on this sandboxing unlike 365

I'd also add that Mimecast's Technical support and help is much better than 365!

 

Microsoft 365 Business - Free Upgrades

As Of May 1st 2017 the Office 365 License "Microsoft 365 Business" got some serious Upgrades

The full final list can be seen here

Exchange Online Archiving ( Unlimited Mailbox Size ) 

Azure Information Protection (AIP) Plan 1

Data Loss Prevention

Enterprise State Roaming

In-Place Hold and Litigation Hold

Microsoft Stream

Advanced Threat Protection (ATP)

 

Why you still might need an E3 License instead of Microsoft 365 Business

DLP : Data Loss Prevention

Recently I got shown the product Tessian

A nice piece of software that stops the following using clever AI : 

  • Internal parties emailing confidential documents out to themselves or to third parties by mistake
  • Data being passed between internal ethical walls
  • Miss addressed or mistaken emails
    .....with also other customizable filters defined by the customer.

This is a fancy version of the DLP you get with Office 365 with an E3 or E5 License ( but only applies to emails instead of your business Apps suite ) 

Office 365 Data Loss Prevention

Data Loss Prevention is especially evermore important now the rules have come in about GDPR

Where companies must now legally report on any EU customer data loss. It's much better to prevent this happening in the first place using restriction rather than report on it later! You can always release emails but you can never bring them back!

Office 365 comes with all the Sensitive information types you need to be wary of leaking:

Its not just Office 365 this comes with, you can actually enforce this with Exchange 2013 SP1 and Upwards

Data Loss Costs

The EU will be handing down fines to companies who do not comply with GDPR on top of that you will need to factor in internal costs to your company

  • Loss of clients due to their data being breached
  • Legal costs to business for insurance claims of loss of earnings
  • Loss to the business if important information such as Client Lists or information gets taken by an ex collegue

Office 365 Enterprise State Roaming

Enterprise State Roaming is a feature of Azure AD Premium (which is now included in Office 365 Business) which enables the user to roam their settings using the cloud instead of OnPrem Roaming Profiles between Windows 10 Devices

A screenshot below on a Windows 10 shows how you can control this : 

  • Theme, which includes features such as desktop theme and taskbar settings.
  • Internet Explorer settings, including recently opened tabs and favorites.
  • Edge browser settings, such as favorites and reading list.
  • Passwords, including Internet passwords, Wi-Fi profiles, and others.
  • Language preferences, which includes settings for keyboard layouts, system language, date and time, and more.
  • Ease of access features, such as high-contrast theme, Narrator, and Magnifier.
  • Other Windows settings, such as command prompt settings and application list.

Application data ( %AppData% ) Universal Windows apps can write settings data to a roaming folder, and any data written to this folder will automatically be synced. It’s up to the individual app developer to design an app to take advantage of this capability.

Shadow IT - what does it cost a company

What is Shadow IT?

Shadow IT is the notion of users of an organisation going out finding technology on their own without the backing of IT because they do not have the technology inhouse to solve a problem

Some example of this are

·        Users not being able to share files between themselves or publically with thirdparties easily so they install and move company documents to services such as Dropbox Free Edition

·        Users purchasing a new Mobile Phone with software that doesn’t support Mobile device management and wanting company email setup.

·        Users unable to chat to each other so they install Skype for calls and chat inside the office also sharing files using this

·        Users uploading and converting documents to ZamZar because they needed to quickly convert a customers document to another format such as pdf.

 

How does this effect my company?

Data Loss
Most of the above examples involve company data being uploaded to third party services were the company loses control of the data and possibly releases confidential customer data to the public.  

Implementing the wrong solution
Most of the time the solution implmented will be the first solution a user finds on a quick search on google. Not only does this pose a risk of a user downloading and installing malware trying to find a program to fix their problem ( something like Dropbox or Chrome does not need Local Administrator to install) but it actually could be the wrong solution in the first place. By the time other users in the organisation have jumped onboard and uploaded more data , the company could then need this application for day to day running of the business and it could then need migrating to a correct application at more cost.

Performance impacts
If everyone in the organisation installs dropbox , this not only now needs space on all computers to sync the library, but substantial bandwidth requirments on all the computers. If someone uploads a large file externally which has been shared with multiple users in the company than this can saturate the office internet connection.

Breach of License Use
An example of this is a user isn’t enabled from remote access to their computer. They install TeamViewer themselves so they can work on a document from home without having to go through the setup process of two factor authentication. All this is possible if the company has not blocked teamviewer using the firewall, but Teamviewer Free is actually not valid for commerial use , so in an license Audit the company could be found for breach of the License Agreement.

 

Ways to resolve

The main reason of users going out and finding technology themselves ( which is usually free as this needs no manager approval ) is they are finding a solution to a problem their existing enviroment cannot solve.  Instead of denying technology to users which causes this problem in the first place , IT should work with the company to cost out a solution that will be supported and maintained interally from the start.

When planning a service to resolve a problem, maybe due to budget requirments, a free service might need to be piloted or used. IT can make sure they use a business email account to sign up to this service so the business still retains control of the login on the users departure.

Policies can be setup for a hardware standard that is fully support and tested with the companies applications and services. Once this policy is approved by management, policies can be enabled on Firewalls to stop access to unauthorised sites and blocking of applications. A policy for BYOD ( Bring Your Own Device ) Should be formalised for so recommations can be passed down in regards to supported operating systems and hardware.

IT should always be kept up to date with new technology whether it be software/services or hardware to be able to recommend technology to the business that will ease their day to day work.

 

Free PDF Tools for your Small Business

Reading PDF's can be done in most browsers for free. However, editing them can require expensive software such as Adobe Acrobat

Here are some free alternatives for you to use : 

OCRing

How to get a text from photos or flat PDF's. Easily convert a PDF to Doc File

https://www.onlineocr.net/

Use Optical Character Recognition software online. Service supports 46 languages including Chinese, Japanese and Korean . OnlineOCR.net is a free OCR service in a "Guest mode" (without registration) that allows you to convert 15 files per hour (and 15 pages into multipage files). Registration will give you ability to convert multipage PDF documents and other features.

Edit PDF's in Browser or Program

PDF Escape allows you to edit PDF's in browser or you can download their program

https://www.pdfescape.com/windows/

Azure SQL Advanced Threat Protection (ATP) can save you being hacked and plastered on haveibeenpwned.com

People who code their own login forms and database-backed apps available publically should be careful of the SQL famouse Injection : 

'OR 1=1

For poorly coded forms this changes an SQL Query searching for a Username/Password to list all the logins

SELECT userid
FROM users
WHERE username = ''OR 1=1/*'
    AND password = ''
    AND domain = ''

You only need to look at Troy Hunts site and method to hack databases  to see how easy and how many people have been effected.

Azure SQL Advanced Threat Protection can detect these kinds of attacks for you stop or notify you as soon as they happen as well as let you know the hack 

Other Features is can help you with 

Vulnerability to SQL Injection:

This alert is triggered when an application generates a faulty SQL statement in the database. This may indicate a possible vulnerability to SQL injection attacks. There are two possible reasons for the generation of a faulty statement:

A defect in application code that constructs the faulty SQL statement

Application code or stored procedures don't sanitize user input when constructing the faulty SQL statement, which may be exploited for SQL Injection

Potential SQL injection

This alert is triggered when an active exploit happens against an identified application vulnerability to SQL injection. This means the attacker is trying to inject malicious SQL statements using the vulnerable application code or stored procedures.

Access from unusual location:

This alert is triggered when there is a change in the access pattern to SQL server, where someone has logged on to the SQL server from an unusual geographical location. In some cases, the alert detects a legitimate action (a new application or developer maintenance). In other cases, the alert detects a malicious action (former employee, external attacker).

Access from unusual Azure data center

 This alert is triggered when there is a change in the access pattern to SQL server, where someone has logged on to the SQL server from an unusual Azure data center that was seen on this server during the recent period. In some cases, the alert detects a legitimate action (your new application in Azure, Power BI, Azure SQL Query Editor). In other cases, the alert detects a malicious action from an Azure resource/service (former employee, external attacker).

Access from unfamiliar principal

This alert is triggered when there is a change in the access pattern to SQL server, where someone has logged on to the SQL server using an unusual principal (SQL user). In some cases, the alert detects a legitimate action (new application, developer maintenance). In other cases, the alert detects a malicious action (former employee, external attacker).

Access from a potentially harmful application

This alert is triggered when a potentially harmful application is used to access the database. In some cases, the alert detects penetration testing in action. In other cases, the alert detects an attack using common attack tools.

Brute force SQL credentials

This alert is triggered when there is an abnormal high number of failed logins with different credentials. In some cases, the alert detects penetration testing in action. In other cases, the alert detects brute force attack.

Cost

The cost of around  £11.18/node/month with a 60 day free trial, You will be needing to use a Managed SQL instance ( PaaS ) fo this feature

 

Office 365 - Advanced Security Management

What is it?

Briefly Office 365 Advanced Security Management enables organisations to create Policies based on user activity or predefined, AI detections . Not only can you alert on these , you can also action such detections by suspending the user accounts and alerting 365 administrators. It is also another level to Office 365 Audit Log for storing audit data and getting useful insight on the Office 365 usage in your company.

What tools do I get?

  • Threat detection— Uses AI to algorithms to detect suspicious activities such as below, e.g an Administrator forwarding emails to another party using an unknown IP Address.

  • Enhanced control—You can create policies for specific user group and actions which automatically suspends user accounts due to threats, so in realtime, you can stop intrusions.

Discovery and insights— Deeper insights into user actions that you do not see in the Audit log off office 365 without the need to install software on user machine.

How much is it?

For Business Essentials or Business Premium, Microsoft 365 Business Office 365, Enterprise E3 Microsoft or 365 Enterprise E3 its £1.50 / Month / User

For Office 365 Enterprise E5 or Microsoft 365 Enterprise E5 it is included in your subscriptions

 

Costs of Azure VS AWS for Virtual Tape Library and Veeam

For organisations wanting to ultilse a VTL setup for Veeam instead of Veeam Cloud connect , they should be aware that VTL won't be able to roll up incremental backups into synthetic fulls, meaning every full back you are going to do will copy then entire full backup set to AWS.

AWS

Each virtual tape is limited to 30MB/s of upload throughput. To get up to the gateway maximum of 120MB/s, you need to have 4 virtual tapes running simultaneously

Guide

Amazon vtl is 20-30 megabytes per second

Gateway : Maximum of 95 GBP / Month

Archive Glacer Storage : 0.0034 GBP per GB / Month

Azure

You will need a Starwind VTL Virtual Machine running ( is free software ) 

You will need to pay for this VM in Azure : 133 GBP / Month

Azure Cool Storage : £0.0079 per GB ( first 50TB ) 

Office 365 Threat Intelligence

What is it?

  1. Making it easy to identify, monitor and understand attacks

  2. Helping to quickly address threats in Exchange Online and SharePoint Online

  3. Providing insights and knowledge to help prevent attacks against their organization

What tools do I get?

  • Display Name Spear Phishing Attack: Microsoft has now their own tool for internal testing users against phishing attacks so you can test then and train where needed

  • Password Spray Attack: Let microsoft try commonly use passwords across your entire organisation to find out weak entries a hacker could use
     
  • Brute Force Password Attack: Let microsoft try and bruteforce specific accounts internally and externally to make sure you have adequate lockouts assigned to your user accounts

How do I get it?

Threat Intelligence is included with Office 365 Enterprise E5 and Microsoft 365 Enterprise E5 for free

Business Essentials or Business Premium Microsoft 365 Business or Office 365 Enterprise E3 or Microsoft 365 Enterprise E3 its a £5 monthly add on / user / month

Critical Microsoft Exchange Patch - CVE-2018-8154 patch

Microsoft has released a update to address a critical vulnerability for all Exchange versions

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8154

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.

Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.

The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.

Exchange 2007 will not be patched by Microsoft so if you are using this version its highly recommended you update or migrate to Office 365

Why use Office 365 Microsoft Teams

What is Teams?

Microsoft Teams is a free platform ( if you are an office 365 customer ) for communication and collaboration for teams inside your organisation to enable staff to interact better. Most organisations will have the following departments:

  • Finance
  • HR
  • IT
  • Sales
  • Marketing

Each of these departments and subteams will be communicating with each other currently using some form platform such as CCing Group Email , skype for business chat or phone calls.

Microsoft Teams enables you to use all the above methods and colloborate with documents at the same time.

Hows does it work

When you create a Microsoft Team for a department, it creates :

  • Sarepoint Site for Document Storage and live collaboration

  • A Team Mailbox for live Chat Communications
  • OneNote file for note collaboration.

 

You can then break down a Team into different Channels for example Different Projects inside a Department.

Best Features

Fully Synced Between your devices

Microsoft Teams can be accessed via

  • An installed Application on your Computer or Mac

  • The Web
  • An App on your phone with Push Notifications

Everything is synced between these so nothing is missed when using another device or on the move

Sync and collaborate on Files in Teams use External Providers such Dropbox/Box/Sharefile and Google Drive

 

Saving files

Each Channel in teams gets a specific email address, if your group is working from a shared mailbox , rather than forward that email to a group who then have to download it , you can forward it to your department channel and ask the question there.

Connectors

Connectors allow you to connect third party lists such as 

  • Twitter feeds
  • RSS Feeds
  • News

Into your teams site so its a one stop shop for information

Bots

You can intergrate helpful bots inside your chat windows for example

  • User : “Bot pull up sales figures for Customer Contoso “
  • Bot : “Beep Beep - Sum of sales from salesforce for Contoso X$”
  •  
  • User : “Bot does Customer Contoso have any outstanding amount due”
  • Bot : “Beep Beep - Xero shows Contoso has an outstanding amount of X$ overdue 5 days”

List of current bots available here : https://bots.botframework.com/ as well a a development library to program your own

 

New Business Features Windows 10 ( 1803 ) Download Link

Microsoft’s new version of Windows, Windows 10 is forever improving through feature updates released every quarter for its customers.

The update can be downloaded here and but released out via Windows Updates ( WSUS ) from the 8th May

Focus Assist

In today's distractive work environment Microsoft has come up with technology to snooze all alerts so you can concentrate on your work per below : 

Timeline

Have you ever worked on something and totally forget the name of the document or what webpages or other documents you were using at the same time? Windows 10 Timeline now lets you navigate through your previous 30 days of computer history, just like going back in time, to bring up your previous documents, webhistory and applications. It’s the perfect way to pick up where you left off between one computer and another.

This even links your Windows Phone history or online 365 useage