Passwords – managing and/or doing without.

Passwords are the Achilles heal of security. As stated in this Microsoft video, users hate them but hackers love them.

Lorica Support for our Office 365 clients is now conditional on all user accounts being protected by MFA. You can find out what MFA is from this earlier post.

If you are not using MFA, please raise a support ticket to request enforcing this.

Fancy doing away with passwords on Office 365 as shown in the video above? Please get in touch for details on the options.

However, you’ll still have passwords for many other sites and services. We strongly recommend a password manager. This will prevent your users being required to remember passwords, using the same passwords on several sites and using too simple passwords.

There are several acceptable programs for managing passwords. Our preferences are RoboForm and 1Password, both of which we an supply and assist you with settings up. Again…..get in touch for more information.

Security Update

Some security updates for you.

First some recommendations and a request for you to let us know if you’d like them implemented.

  • Office 365 credentials are your user’s skeleton key and should therefore be treated as such.
    • Usernames (UPN) should be kept secret. It’s preferable these are not the same as your email address.
    • Passwords should be complex and secure.
  • Laptops and mobile devices containing data should be encrypted
  • User’s need to be “cyber aware” and trained.
  • Cloud backup is recommended.

Secondly, some changes we’ll be making to our client’s Office365 tenancies

  • Disabling POP and IMAP mailbox access. It’s insecure and outdated. If you’re using this method of mailbox access an alternative needs to be implemented.
  • Audit logs will be enabled on Office 365 – let us know if you would like any reports or alerts settings up

If you have any requests, questions or concerns please do get in touch.

MFA Lockout For Microsoft & Azure Users Causes Business Disruption

The latest multi-factor authentication (MFA) issue left users of Azure and Microsoft Office 365 unable to login to their accounts on Monday 21st, causing widespread disruption to businesses in Europe, Asia, and some parts of the US.

What Happened?

According to reports by Azure, the root cause was a European-based database, reaching operation threshold with requests from MFA servers.  This led to latency and timeouts, and an attempt to re-route traffic through North America caused the extra traffic to block servers.

Finally Rectified

After lasting from 4.39 am to the evening in the UK, the problem was finally rectified.  According to Microsoft reports, services could be resumed after engineers removed the link between the backend service and the Azure Identity MFA service, thereby allowing the impacted servers to catch up with the existing authentication requests.

Happened Before

This was certainly not the first time that disruptive outages had occurred with Azure and Microsoft’s service.  For example, a global outage in September this year affected Azure and Office 365 users worldwide after one of Microsoft’s San Antonio-based servers was knocked offline by severe weather.  Also, in October, UK Office 365 users endured a 3-day-long outage and had the frustration of having more login prompts appearing after their user credentials had already been entered.
Price Rise Makes Outages More Annoying
In addition to the obvious costly business disruption, the spree of outages occurring around the time of announcements of new commercial prices i.e. an increase of 10% over previous on-premise pricing (4% increase for employees who are part of a volume discount agreement), the service failures caused even greater annoyance.

MFA

Multi-factor authentication, which works by requiring any two or more verification methods for a login / transaction, such as a randomly generated passcode, a phone call, a smart card (virtual or physical), or a biometric device, is designed to be beneficial to a user and their business because it should provide an extra layer of security for user sign-ins and transactions.  Unfortunately, in the case of this most recent outage, MFA cost users rather than helping them.

What Does This Mean For Your Business?

For some companies, the recent outages at Microsoft and Azure are likely to bring into focus the dangers of placing huge operational dependency on one environment i.e. Microsoft, and of trusting a single cloud supplier to keep connected and productive during unplanned (and planned) email outages, especially when you have no independent cyber resilience and continuity plan.  In recent months, many businesses will have been counting the productivity costs of sticking to a software-as-a-service monoculture with a company whose service has let them down on several occasions.  Unfortunately, the dominance of big tech companies with their familiar Operating Systems and environments, and the fact that most businesses are committed to them with few possible, practical alternatives to choose from, mean that most businesses may simply have to unhappily endure the outages and weigh them up against the benefits and reliability of the environment generally.

For Microsoft, these outages can be damaging to its reputation and can shake the trust of its prized business users.

Microsoft Education For Dyslexics

In partnering with charity ‘Made by Dyslexia’, and in signing the Made by Dyslexia pledge, Microsoft has announced that it is the first company to sign a global pledge to help people with dyslexia.

Dyslexia

Dyslexia is a lifelong condition that is not related to intelligence. Those with the condition experience difficulty with reading, spelling, writing and sometimes speaking because their brains have trouble recognising or processing some types of information.

It is estimated that it affects 700 million people worldwide and at least 5% of schoolchildren have dyslexia. In many cases, these schoolchildren are often (mistakenly) labelled as having a learning disability, which is why it is believed that they could make up as much as 85% of special education classes.

The Pledge & Partnership

The ‘Made By Dyslexia’ pledge that Microsoft has signed-up to states that the tech giant will endeavour to recognise dyslexia as a different and valuable way of thinking, understand the importance of identifying each dyslexic and their pattern of strengths and challenges, and give targeted support to dyslexics to enable them to harness their strengths and flourish.

The Pledge says that this can be achieved by “skilling up” staff in schools with regard to spotting, understanding, and how best to support those with dyslexia, using digital screeners to check whether people are dyslexic, and making sure that tests and assignments are adjusted so dyslexics can demonstrate their full knowledge and skills.

Through the pledge, Microsoft is essentially partnering with the global charity ‘Made By Dyslexia’, which describes itself as being led by successful (and famous) dyslexics.

What Will Microsoft Do For Dyslexics?

Microsoft has said that by adhering to the pledge, it hopes to democratise Dyslexia support, and it’s been reported that Microsoft’s contribution will include the creation of free training materials, including short films and reading tools, which are designed to help teachers and parents improve ways of spotting Dyslexia. Microsoft is reported to be working with top researchers and partners in the dyslexic community, with the hope of encouraging those involved in a child’s life to intervene earlier, and thereby improve their future.

Microsoft has announced that it will expand access to (and improve ease of) implementation of a number of tools, including:

  • The Dictation Tool in Learning Tools – to help students to write with their voice.
  • The Immersive Reader tool – to help students with maths problems, to invite all learners into the conversation, and to support students in their native language with real-time translation.
  • A partnership with the University of Washington – to help students sound out words.

What Does This Mean For Your Business?

As the ‘Made By Dyslexia’ charity demonstrates, dyslexia needn’t be a barrier to success if the right support and tools are available to help those with the condition. Dyslexia is not linked to intelligence, and it presents many extra challenges to those who have the condition. Understanding this and providing help in the form of adherence to the pledge, means that Microsoft is seen to be taking a high profile lead and demonstrating that it understands that those with Dyslexia are just as valuable in the workplace as those without, and that providing help at a young age can help dyslexic people to reach their potential.

Microsoft, like many other big tech companies, is showing how old problems can be tackled with new methods, hopefully with success.

Cloud Backup

Cloud-backup

We’ve taken a while to get on board with cloud backup solutions. Due to cost, maturity of the available offerings and the general performance limitations, including that of many Internet connectivity options, we just didn’t think it was reliable or cost effective.

Things change and now we have the following portfolio of cloud based backup options. What suits your environment and the functionality, costs and performance will vary from client to client so please get in touch if you’d like to discuss.

File/Folder Backup

A cloud backup solution to backup any number of devices and charged per month based upon usage. Prices are such that a daily backup of your accounts data spanning several months should costs less than a family mean at MacDonalds.

Office 365

Microsoft provide good data security and safety. Versioning is excellent and most data can be recovered from the past 30-90 days depending upon the service.

However……..we can build on that by providing complete, unlimited backup of  your Office365 user data from the point you start using the service, for a company with up to 25 employees this would have a monthly cost of £60.

Benefits include:

  • 3x/ daily backup for Office 365’s Exchange, OneDrive and SharePoint
  • Perform additional backups as needed at any time.
  • Security controls that include compliance with SOC 2 Type II, HIPAA, and PCI Compliant. Data is secured with 256-bit encryption.
  • Browse and preview backups by user and item. Search for metadata.
  • Restore individual files or groups of files back into a user’s account or export them directly to your machine.
  • Monitor data with domain health status and activity log.
  • Store an unlimited amount of data in the backup Cloud forever.

Business Continuity

Cloud or remote site hosted reverse chain image based backups of servers with instant restore and hosted virtualisation that boots in seconds. Got it? Ok, let’s say if you have a business that would suffer should your server go down for more than a few minutes this could be just what you need. Probably best to get in contact so we can explain, discuss and demo.

O365 – Free Skype Meetings

Firstly, a quick apology to our non-Office365 clients. A large proportion of my posts will be regarding Office 365. That’s because most of our clients are now on the platform and I hope the remainder will follow when the circumstances dictate. In the meantime, look at the post as information on what’s possible with Office 365.

I’ll try and remember to prefix posts as above so you know if they’re immediately relevant to you.

Most Office365 plans will include Skype for Business. You can use it for Instant Messaging internally, externally (try adding me as a contact to test it – see my email footer) and as a phone system. Lorica’s phone has now been ported from an internal 3CX (software PBX) to Skype for Business meaning one less server for us to look after and global mobile access on a variety of devices.

This post is about a recent extra benefit whereby you can use Skype for Business for meeting. Follow the link here to an Office Blogs post with more details.

As usual, contact me if you have any questions.

Office365 Credentials

You have a set of Office365 credentials which permit you access to the services.

IMPORTANT : You need to know these and be able to use them on the portal

( http://portal.office.com )

They consist of a username and a password.

 

 

 

 

Your tenancy name is appended to “onmicrosoft.com” as the full reference and we try and combine this with your first and last names to make your username.

So, for Fred Bloggs at Acme Corp the username would be FredBloggs@acme.onmicrosoft.com . Yes, this looks like an email address and you will receive any emails directed at it.

It’s also possible to allocate your own domain name as your email address. So if Fred has an email address of fred@acme.com then we could set that as the Office 365 username.

We prefer not to do so for the following reasons:

  • Your company might have several domains, acme.com and acmeexplosives.co.uk for example so remembering which one is your Office365 username could be a problem.
  • We automate some of our admin tasks using scripts and programs and having a standard username format makes this feasible
  • Using your own domain name means logging on won’t work if there are any DNS problems. Just another thing to go wrong!
  • People might not easily guess your Office365 username if they know your email address and are attempting to hack your account.

Signing in to the Office 365 portal

Office 365 is a cloud service, which means it’s hosted “somewhere else” and this has one very significant advantage. It’s not dependant on anything you own or maintain.

So, as long as you have access to a web browser (Internet Explorer/Edge, Chrome or Firefox) you can log in to the service and use most of the functionality.

To do so, you need your Office365 credentials, which consist of a username and password.

Then go to the URL for the portal, which is https://portal.office.com and login.

Here is a Microsoft tutorial page on signing in.

Temporary Remote Access

Most of our support is accomplished without time consuming and expensive site visits through remote access using our RMM (Remote Management and Monitoring) agent, a small program that silently runs in the background on machines that are under contract. If you don’t have this installed, perhaps it’s a new PC or you’re looking for assistance with a machine not under contract, then there’s an alternative method for you to allow us remote access on a temporary basis.

This is done by downloading and installing the TeamViewer Quick Support program.

Please be aware this is for our non-commercial customers only. For business usage Teamviewer requires a license purchase.


 
 

http://download.teamviewer.com/download/TeamViewerQS.exe

Click on that and then accept any invitations to run or install. Once it’s installed you’ll be given an ID and a numerical password, both of which you need to pass to us in a secure manner.