RMM = Remote Monitoring and Management

The RMM software agent runs on desktops, laptops, and servers. While it’s running in the background and invisibly, it collects generic information about your hardware, software, network, updates/patches, security concerns, and user accounts. No confidential data is observed in the process.

Here are the must-haves for any RMM according to the long-standing PSA and RMM vendor, ConnectWise:

  1. Automate any IT process or task
  2. Work on multiple machines at once
  3. Solve issues without interrupting clients
  4. Integrate smoothly into a professional services automation (PSA) tool
  5. Manage everything from one control center

 *I’m using Solarwinds MSP RMM & PSA

Some clients have concerns about possible tech scams, which are valid. There have been too many unsolicited calls from people claiming to represent “Microsoft”, but instead plant malware into your computer and then charge to have them take it out. It’s a big scam and it still happens today.

One key component of the Remote Monitoring and Management solution is remote control software. With a single click, a technician can sit with you virtually to visually examine your problem situation. Other key functions include automated tasks (such as running disk utilities), automatic patching with only approved Microsoft updates, and general network health reporting about your devices and their connectivity.

When the RMM is integrated with a Professional Services and Automation (PSA) tool such as Solarwinds MSP also provides, these tools can powerful insight and capabilities for your IT support team. Sending an email to [email protected] creates a new ticket request to be approved by Resolute IT Support in its ticketing system.

In short, where we’ve been putting out fires as needed (break/fix), we can now be more proactive and take measures to prevent problems that would otherwise be likely for the future (managed services). The RMM agent and its integration with the PSA management module enable us to look at new billing methods that mean a win/win scenario for provider/client.

One of the loudest buzzwords heard these days within the business computing environment is SECURITY. And the number one method to prevent a security breach is the use of multi-factor (MFA) or two-step authentication.

 

The most common practice in the MFA arena is to use SMS texting to receive an authentication code. When prompted, you enter the code into the field provided and voilà! The problem with this is that hackers are now SIM swapping or hijacking your mobile phone. When they’re successful, the hackers can request and receive a security code to access your account, lock you out of your own account, and wreak havoc with your life.

 

The best way around this is to use an authenticator app. Google has one, Microsoft has one, and there are popular third-party authenticator apps, such as Authy. They all work with any of your online accounts, but you should find one and use it!

 

As a Microsoft-centric technician, my preference is to use Microsoft Authenticator. It provides security codes for all Microsoft accounts either free and business, Google/Gmail, Reddit, Facebook, and so on. The easiest account to access with Authenticator is your Office 365 account – a balloon pops up on your mobile device and you simply tap it to authenticate.

 

When your devices are managed through Intune and Enterprise, Mobility + Security (EMS), then you have to have permission to use the app first. In my case, the Touch ID biometric thumb reader on my iPhone provides quick access to the Authenticator app itself, as well as access to any other Microsoft apps on the device.

 

It takes some getting used to, however getting hacked is not an option.

 

Scott Abbotts | https://resolute-it.com | https://office365techguy.com

“Currently, according to Microsoft, more than half of all commercial (business) Office users are using Office 365 rather than standalone/perpetual Office. But during some point in the company’s fiscal 2019 (which kicks off on July 1, 2018), Microsoft is expecting two-thirds of its business Office customers will be using Office 365.“ – Mary Jo Foley  (10/10/2017)

Okay, so let’s just say that we remain just past the halfway point. Somewhere else I picked up another tidbit from Redmond VP, Brad Anderson, who told of Microsoft billing for more than 120 million Office 365 licenses (users) per month. Doing the math, when it hits the 2/3 mark, then there will be an additional 40 million people using Office 365 during this fiscal year topping out at 160 million licensed users per month.

Dollar amounts and corporate earnings aside, this is a massive demographic, especially in consideration of all the servers that will be retired, all the documents that will be uploaded, and all 40 million email accounts along with each account’s respective messages, contacts, calendars and tasks that will migrated from on-premise machines to data centers.

But with the new cloud platform brings new ways of getting things done. You’ll no longer save to the S:\ (shared) drive; instead you’ll save to a SharePoint library, that is, if you’re saving to a common repository of shared documents. Your own documents – those that you’re still getting ready to publish for the rest to view and modify – will be saved to your respective OneDrive, which is actually a hidden SharePoint document library itself.

And now that your original files sit in the cloud, they can be shared with a link, not by attachment to an email. When they’re shared in this manner, then multiple users can co-author the document simultaneously. No more passing around various versions of the same file. The real file gets modified right in front of you as you share it with colleagues.

Not much will change with email, except that you’ll likely spend less time in Outlook. Instead, you’ll be chatting away in Microsoft Teams, either by text in private or within a group chat scenario, perhaps while several are co-authoring a document and tossing ideas back and forth. And if the conversation dictates a meeting, then that can happen in an ad hoc private manner with up to 20 attendees or later on as a scheduled meeting. And the scheduled meeting can be audio only, or it can be a video meeting with up to 250 attendees.

“There is also an option for recordings to have automatic transcription, so that users can play back meeting recordings with closed captions and search for important discussion items in the transcript.” – Microsoft

And more than ever, we will work from anywhere. Teams meetings, for example, can be attended using your mobile device.

40 million more Office 365 users – that’s equivalent to the entire population of California.

Cloud Change FactorFor small businesses, moving to the cloud is a frightening, yet inevitable transformation. It means business change, especially in regard to systems, processes, and people.

Just about every software vendor in the SMB space has a cloud-based option. In some cases, the only option ever available was cloud, such as with Salesforce CRM and Clio legal practice management. But there are QuickBooks Online, Sage Business Cloud, Oracle Financials Cloud, Adobe Creative Cloud, Autodesk A360, Abacus Private Cloud, Amicus Online.. The list goes on naming programs that were formerly client-server models requiring a host server for the main application combined with client desktop software, all designed to interconnect within the confines of the office.

Microsoft was also among the list of on-premise, server-based systems. But in 2007, Microsoft began offering BPOS, a precursor to today’s Microsoft Online Services, which put Exchange email services and SharePoint document management into the cloud. After BPOS, Office 365 was born in 2011 and now serves over 120 million subscribed users per month. From personal experience, I shut down my on-premise Exchange/SharePoint server in 2008 and have never looked back.

Systems: This is the easy part. Subscribe to your cloud service of choice and then sign in. The engineers have designed the system and they continually make improvements (included upgrades).

  • Now with so much importance placed upon the ability to connect to the Internet, many companies subscribe to a second ISP for failover.
  • The old client-server system authenticated user identity through its Active Directory, a service found within the Windows Server operating system. But now that more users are logging in from afar, the new authentication system that can manage devices and users beyond the four walls is known as Azure Active Directory.

Processes: Probably the most important aspect of business processes is related to security. Password management and protection from malicious attacks are key to preserving the integrity of business operations.

  • Microsoft has been doing a fine job with authentication by offering a variety of options, including Windows Hello, which is essentially face recognition that performs in an elegant fashion. In addition, there are other biometric systems, as well as Multi-Factor Authentication (MFA) using your mobile device as an authenticator.
  • What used to be considered a mediocre antivirus product, Windows Defender has evolved to become an integral part of a collection of security tools all working as a holistic solution across Windows 10 and Office 365. Recent tests by outside parties have found Windows Defender to be 100% effective, especially when combined with other layers of security within the Microsoft ecosystem.

People: Here’s the hardest part because people generally do not like change. They’re afraid of the unknown and frustrated with what they don’t know. It is here that the business has the intrinsic responsibility to properly train its users.

  • With training comes knowledge, and with knowledge comes confidence – confidence to lead others as a champion and confidence to represent the company in all affairs.
  • Without training comes the danger of ignorance.

Scott Abbotts | https://resolute-it.com | https://office365techguy.com

“On August 17, 1908, the new Bank of Italy (now Bank of America) Headquarters at 552 Montgomery Street (San Francisco) was opened to the public. Here, on the first floor in an open area, A.P. Giannini had his office where all comers were invited to stop and chat about not only financial but family matters as well.” – US Dept. of the Interior, National Park Service, National Register of Historic Places.

In this same spirit, I kept my desk near the door when I had an office on Cape Cod. I can’t tell you how rewarding it was to have a steady stream of people dropping in to sit down and chat with me.

And now that I work solely as a remote consultant, I am opening a client-facing portal on an always-open basis in Microsoft Teams.

As Microsoft announced the free offering of Microsoft Teams yesterday, I feel that people are now unencumbered for the lack of this tool – Teams is free to download for desktop and mobile, and very simple to create an account in a matter of seconds.

To become a member of the Resolute IT Client Portal, sign up here.

A recent study predicts that 42% of the global workforce will be mobile by 2020. I wonder if we aren’t already there.. Another finding says that the number will be 75% by 2025.

Who really wants to get up, get ready, and walk into an office by 9am or earlier? We can easily attend a 10am office meeting using Microsoft Teams, so we can remain at home or in a coffee shop using a laptop, tablet or even a phone to share our presence, our Office documents, and our enthusiasm with colleagues. And of course, we don’t even have to be in the same country as the other attendees. 

While in the meeting, we can easily share the document that we’d been creating over the weekend. Teams allows you to present your original document for others to view within the Teams interface and co-author or co-edit it there. While collaborating on this document, team members can exchange chat messages alongside the open document. Or better yet, collaborating members can start an impromptu video meeting, while other members of the team can join the meeting and participate by co-authoring the document. You can even record the meeting for later review.

So the future is here. Where you are is irrelevant. But how you’re able to interact is key.

In its July 2018 roundup   of Microsoft Teams news, they announced a new feature that I dismissed at first. “Visio in Teams”, I thought. “So what – it’s just read-only with Visio Online.” But this is *not* Visio Online. Or is it?

At the bottom of this article it says, “Viewing diagrams within Teams is free for most Office 365 customers  , but editing is only available for those with a Visio Online Plan 1 or Plan 2 subscription.”

I’ve searched through the articles for ‘co-authoring’, but all it says is “Team members can work together on diagrams through in-app conversations to provide feedback in real time.” But can we edit the same diagram with another member in real time? One article compares the new editing feature to other Office co-authoring capabilities within Word, Excel, and PowerPoint. “We’ve extended these editing capabilities to Visio files, enabling you to make simple changes to your diagrams without leaving the Teams app.

So does this mean we can also co-author as we would in Word? I think not. Oh, but wait…

On one page of Microsoft’s website it says, “Real-time co-authoring – Not available in Visio Online. Advanced reviewer features, such as merge conflicts and compare diagrams, are only available in the Visio desktop application. With Visio Online, you can view, add, or delete comments.”

But on the features page for Visio Online 2 (not Visio Online 1) it says, “Complete diagrams faster with multiple people working on the same diagram at the same time.”

And in order for members to see any changes, they have to refresh the diagram in Teams.

In order to perform with full functionality, we are advised to use the desktop version of Visio. For ‘almost desktop’ functionality, we can subscribe to Visio Online 2.

Update 07/07/2018: Direct from Microsoft: “At this point in time Visio Online does not support co-authoring inside Teams, irrespective of the license. But this is part of our roadmap and we are working to enable this in future.”

In the May 2018 results at the security lab of AV Comparatives , Microsoft Windows Defender Antivirus performed very well. Often seen as a mediocre solution over the years, Microsoft’s solution is stepping to the plate.

But it isn’t just one solution. Microsoft’s answer has to be seen as a holistic approach as it integrates with Office 365 and its other defense layers as the company depicts here:

Physical security

  • 24-hour monitoring of datacenters.
  • Multi-factor authentication, including biometric scanning for datacenter access.
  • Internal datacenter network is segregated from the external network.
  • Role separation renders location of specific customer data unintelligible to the personnel that have physical access.
  • Faulty drives and hardware are demagnetized and destroyed.

Logical security

  • Lockbox processes  for a strictly supervised escalation process greatly limit human access to your data. Learn how to activate Lockbox .
  • Servers run only processes that are whitelisted, minimizing risk from malicious code.
  • Dedicated threat management teams proactively anticipate, prevent, and mitigate malicious access.
  • Port scanning, perimeter vulnerability scanning, and intrusion detection prevent or detect any malicious access.

Data security

  • Encryption at rest protects your data on our servers.
  • Encryption in transit with SSL/TLS protects your data when it’s transmitted between you and Microsoft.
  • Threat management , security monitoring, and file/data integrity prevent or detect any tampering of data.
  • Exchange Online Protection  provides advanced security and reliability against spam and malware to help protect your information and access to email.

User controls

  • Office 365 Message Encryption  allows users to send encrypted email to anyone, whatever email service recipients may use.
  • Data loss prevention can be combined with Rights Management and Office 365 Message Encryption to give greater controls to your admins to apply appropriate policies to protect sensitive data.
  • S/MIME provides message security with certificate-based email access.
  • Azure Rights Management  prevents file-level access without the right user credentials.

Admin controls

Tab panel for expanded tab number5

  • Multi-factor authentication protects access to the service with a second factor such as phone.
  • Data loss prevention prevents sensitive data from leaking either inside or outside the organization while providing user education and empowerment.
  • Built-in mobile device management capabilities allow you to manage access to corporate data.
  • Mobile application management within Office mobile apps powered by Intune provides granular controls to secure data contained in these apps.
  • Built in antivirus and antispam protection along with advanced threat protection safeguard against external threats.
  • Office 365 Cloud App Security provides enhanced visibility and control into your Office 365 environment.

 

The last article that I wrote was about the Microsoft Office 365 terminology change from “Preservation” to “Retention” in regard to how your data is held – or not – within Exchange, SharePoint and OneDrive.

But when you want to hold your Microsoft Teams data with a retention policy, that policy must be exclusive to Teams – no other service can be part of that policy.

Teams holds its chats, conversations and emails forever by default, but your company might have another inclination to delete data, save it for 7-10 years, or both for whatever reason. Policies can be created and applied in a granular fashion.

Microsoft unveiled its new Teams Retention policies at the end of March 2018 and rolled them out to tenants over the month of April. This is evidently part of the move to bring Skype functionality into the Teams fold.

The next step on the roadmap for Teams data management is eDiscovery.

Scott Abbotts | https://resolute-it.com | https://office365techguy.com

 

What used to be called a Preservation Policy is now called a Retention Policy. That said, you might still see a folder in your OneDrive’s storage metrics* that’s called Preservation Hold Library, although the folder isn’t visible unless you’ve actually edited or deleted items that are affected under such a policy.

Your ‘permanently deleted’ mailbox items are held in the Recoverable Items folder, which is accessible from the Outlook Web App (OWA). Right-click on the Deleted Items folder and choose “Recover deleted items…” These are items that you’ve removed from the Deleted Items folder and will remain in the Recoverable Items folder for 14 days unless otherwise configured to 30 days by your system administrator OR unless there’s a Retention Policy in place that prevents anything from getting really, actually, truly, permanently deleted.

A caveat here: Retention policies applied to mailboxes require Office 365 Enterprise E3 or E5. This is because Exchange Online Plan 2 must be in place for mailbox retention. So if you have Office 365 Business Premium with its lesser Exchange Online Plan 1, then you can set a Retention Policy that covers your documents stored in SharePoint or OneDrive, but not on mail, calendar or contact items. Actually, you might be able to create such a policy that would seem to cover your Exchange items, but this data governance would not take effect until a qualified license would be put in place.

About Teams from Microsoft:

* To see your OneDrive metrics, go to portal.office.com, login, and then launch the OneDrive web app. In the upper right, click on the gear icon and choose Site Settings. On the Site Settings page under Site Collection Administration, choose Storage Metrics.

Scott Abbotts | https://resolute-it.com | https://office365techguy.com