The Low Hanging Fruit of Cybersecurity Part 2 of 3: Advanced Email Security

This three-part series will highlight areas that are easy for Thrive to implement to help keep your business protected from outside threats.  If you missed Part One: Patch, Patch, Patch, we covered the importance of patching your environment to prevent potential disruption or even disaster. This installment, Part Two, will focus on advanced email security; how it developed and why you should ensure to use it in your businesses. Moving forward, Part Three will use this information and detail the proper measures to take when it comes to security awareness training. (more…)

4 Office 365 Apps You Can Utilize Today

WindowsMicrosoft continues to gain market share with their core product set.  This is mostly due to companies making the pilgrimage from on-premises Exchange to Exchange Online.  The combination of Microsoft Exchange and Office licensing migrating to the cloud, the Microsoft rebirth in the cloud is exploding.

At the same time, many companies that have moved to Office365 may not have realized there are several features that MAY be included in their subscription which they could leverage.  Unknown to many of you out there is this O365 resource, which provides a laundry list of included features.  I recommend referring to this page to see which features Microsoft offers, that you can make use of. (more…)

Azure Logic Apps: Connectors and REST and SOAP, oh my

When you start working with Logic apps, one of the things you’ll encounter is that there are hundreds of services presented as actions available to add easily to your integration workflows. Along with the numerous Azure services, there’s Dropbox, Slack, GitHub, Jira, Salesforce, and many, many more. As long as you have a license to access these services, and a way to authenticate, it is easy to begin interacting with them. However, what if you need to access an API that is not in the actions library? For instance, what if you have an on-premises application, or are connecting to a less-popular service such as openweathermap.org? Assuming the API is using REST, it would be possible to manually construct URLs and JSON documents and then use the HTTP actions in Azure to get, post, delete, etc. It is also possible, if your API has a correlating Swagger or OpenAPI document, to reference the document from an HTTP+Swagger action. However, Logic apps is not able to expose the returned data elements as easily consumable Dynamic content without further definition. Fortunately, there’s a relatively simple, more reusable way to add APIs, including those implementing SOAP, while also providing drag-and-drop access to the returned data elements. And you may be able to do it without writing any code, JSON, or other computer-readable syntax. (more…)

Azure Automation – How to Automate Secure Score Metrics

Secure Score metrics are an important guideline used to ensure security and performance across your Office 365 tenant. Secure Score analyzes your Office 365 organization’s security based on your regular activities and security settings and assigns a score. Think of it as a credit score for security.

A few tasks in the Secure Score toolbox are repeated tasks of reviewing certain logs within Office 365 and Azure. These tasks are typically repeated on a weekly or monthly basis. In this article, we will discuss how to automate a couple of these review tasks. By the end of this article, you should have a good understanding of how Azure Automation is used and how you can continue to use it to help streamline your Secure Score efforts.

Creating an Automation Application

Our first step in the process is to create an Azure Automation application.

Navigate to your Azure portal (https://portal.azure.com), click on “Create a resource”, search for “Automation” and click on “Create”.

Please note that provisioning a Microsoft Bot, Azure Active Directory Application, App Service, and other Azure resources will result in associated costs. In order to fully understand the associated costs that may incur from following this guide, please refer to the Azure Pricing Calculator which can be found here.

In the configuration menu, give the Automation Account a Name, select the appropriate Subscription based on your tenant, select “Create New” or “Use Existing” Resource group, and then select the appropriate Location. The last option to “Create Azure Run As account” is not necessary in this guide but is something you may want to utilize in the future, so we can leave this set to “Yes”. This account can be used to automate Azure specific functions. These are functions that you can run within the Azure CLI (not functions such as Exchange/MSOL commands). When finished, click on “Create” to create all the required resources.

When all resources have finished provisioning, click on the “Go To Resource” button in the notifications area to go to our new Automation resource or search for it in your resources list.

Once there, navigate to “Runbooks” in the “Process Automation” section.

By default, these resources are provisioned with example runbooks. The runbooks here are using the various methods of creating an automated function such as Python, PowerShell, and the Graphical Interface provided by Microsoft. We can ignore all of these examples, but feel free to look at them later on as they provide a good insight into everything we can do with Azure Automation.

Creating Our Runbook

While still in the Runbook section, click on the “Add Runbook” button.

In the new menu that appears, click on “Quick Create”. You will need to fill in two values here: the Name of the runbook and the platform or Runbook Type in which we will build it. Type in the name of the runbook that you would like, and select PowerShell as the Runbook type.

Before we jump into the code of the runbook, we need to set up the credentials that we will use for automation. The account that we use will need to be an Exchange Administrator, have the Discovery Management role in Exchange, and not have MFA configured on the account (unfortunately, there is no way to handle this automation on an account with MFA just yet, but this may change in the future). We recommend provisioning an Azure Service Account that you can use for this functionality. This will ensure that you don’t have an overly provisioned account that is currently being used for other things in your tenant.

In the Automation Resource section, scroll down to the Shared Resources section and click on “Credentials”.

Once there, click on “Add a Credential” and fill in all of the required fields. The name of this can be whatever you’d like it to be. This will be used to reference this set of credentials within the code. The username and password should be one with the roles defined above and should follow standard login standards for Office 365 such as joesmith@contoso.com.

Coding our Azure Automation Runbook

Navigate back to the runbook you created earlier.

Once there, click on the “Edit” button to edit the code within.

Our first step is to grab the set of credentials we stored in our application earlier. To do so, use the dropdown on the left-hand side for “Assets”, click on “Credentials”, and you should see the credential object you created.

Use the … menu to “Add to Canvas”. This should then give you the PowerShell needed to pull the Credential object. We will also store this as a variable as shown below.

In this article, we will be covering how to automate two Review processes in the Secure Score toolbox. These are mailbox auditing and mailbox forwarding rules. Mailbox auditing needs to be automated as it will only affect users currently in your system. Any users added after this command is run will not have Mailbox Auditing enabled and therefore you will receive no points on Secure Score. The review of Mailbox Forwarding rules is something done weekly, and with this process automated you should always receive the Secure Score points for this task. We will first need to connect our runbook to the necessary areas of Office 365. These will be the ExchangeOnline and MsolService connect prompts. I will be posting the remainder of the code required for this runbook below and will break down what each piece is doing afterwards.

      #Connect to Azure Automation
      $Credentials = Get-AutomationPSCredential -Name ‘AutomationCredentialsSecureScore’
      #Connect-MsolService -Credential $Credentials

# Function: Connect to Exchange Online
function Connect-ExchangeOnline {
param(
$Creds
)
Write-Output “Connecting to Exchange Online”
Get-PSSession | Remove-PSSession
$Session= New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/-Credential $Creds-Authentication Basic -AllowRedirection
$Commands= @(“Get-MailboxFolderPermission”,”Get-MailboxPermission”,”Get-InboxRule”,”Set-MailboxFolderPermission”,”Set-Mailbox”,”Get-Mailbox”,”Set-CalendarProcessing”,”Add-DistributionGroupMember”)
Import-PSSession -Session $Session -DisableNameChecking:$true -AllowClobber:$true -CommandName $Commands | Out-Null
}
# Connect to Exchange Online
Connect-ExchangeOnline -Creds $Credentials
Connect-MsolService -Credential $Credentials
# Enable Mailbox Audit for All Users
Write-Output “Enable Mailbox Audit for all Users”
$mailboxesSetToEnabled = Get-Mailbox -Filter {RecipientTypeDetails -eq “UserMailbox” -and AuditEnabled -eq $False}
Get-Mailbox -Filter {RecipientTypeDetails -eq “UserMailbox” -and AuditEnabled -eq $False} | Set-Mailbox -AuditEnabled $True
# Set AuditLogAgeLimit to 1 year
Write-Output “Set Mailbox Audit Log Age Limit for all Users”
Get-Mailbox -Filter {RecipientTypeDetails -eq “UserMailbox”} | Set-Mailbox -AuditLogAgeLimit 365
#Get Forwarding Rules
$allUsers = @()
$AllUsers = Get-MsolUser -All -EnabledFilter EnabledOnly | select ObjectID, UserPrincipalName, FirstName, LastName, StrongAuthenticationRequirements, StsRefreshTokensValidFrom, StrongPasswordRequired, LastPasswordChangeTimestamp | Where-Object {($_.UserPrincipalName -notlike “*#EXT#*”)}
$UserInboxRules = @()
$UserDelegates = @()
foreach ($User in $allUsers)
{
Write-Host “Checking inbox rules and delegates for user: ” $User.UserPrincipalName;
$UserInboxRules+= Get-InboxRule -Mailbox $User.UserPrincipalname | Select Name, Description, Enabled, Priority, ForwardTo, ForwardAsAttachmentTo, RedirectTo, DeleteMessage | Where-Object {($_.ForwardTo -ne $null)-or ($_.ForwardAsAttachmentTo -ne $null)-or ($_.RedirectsTo -ne $null)}
$UserDelegates+= Get-MailboxPermission -Identity $User.UserPrincipalName | Where-Object {($_.IsInherited -ne “True”)-and ($_.User -notlike “*SELF*”)}
}
$SMTPForwarding = Get-Mailbox -ResultSize Unlimited | select DisplayName,ForwardingAddress,ForwardingSMTPAddress,DeliverToMailboxandForward | where {$_.ForwardingSMTPAddress -ne $null}
$UserInboxRules | Export-Csv MailForwardingRulesToExternalDomains.csv
$UserDelegates | Export-Csv MailboxDelegatePermissions.csv
$SMTPForwarding | Export-Csv Mailboxsmtpforwarding.csv
$timeStamp = (Get-Date -Format g)
$timeStamp = $timeStamp -replace ” “, “-“
$timeStamp = $timeStamp -replace “/”, “-“
$timeStamp = $timeStamp -replace “:”, “-“
$UserInboxRuleFile = New-Item -Path . -Name “UserInboxRules$timeStamp.csv” -ItemType “file” -Value $UserInboxRules
$UserDelegatesFile = New-Item -Path . -Name “UserDelegates$timeStamp.csv” -ItemType “file” -Value $UserDelegates
$SMTPFile = New-Item -Path . -Name “SMTPForwarding$timeStamp.csv” -ItemType “file” -Value $SMTPForwarding
Write-Output “Sending email”
$ToAddress = ‘joesmith@contoso.com’
$FromAddress = ‘joesmith@contoso.com’
$smtpserver = ‘smtp.office365.com’
$smtpPort = ‘587’
$Files = @(
$UserInboxRuleFile
$UserDelegatesFile
$SMTPFile
)
$mailparam = @{
To = $ToAddress
From=$FromAddress
Subject = “Azure Automated Reporting – Mailbox Forward and Auditing”
Body = “<p>Attached you will find the User Inbox Rules, Delegates and SMTP Forwarding Setup review files. </br>In addition, here are the accounts we have enabled Mailbox Auditing on this week that did not previously have it enabled (if empty, all users currently had Mailbox Auditing configured):<p></br>$mailboxesSetToEnabled”
SmtpServer = $smtpserver
Port = $smtpPort
Credential = $Credentials
}
$Files | Send-MailMessage @mailparam -UseSsl -BodyAsHtml
# Close Session
Get-PSSession | Remove-PSSession
Write-Output “Script Completed!”

The first function exists to connect to Exchange Online Management via PowerShell. As we are looking to take care of the Mailbox Auditing as well as Mailbox Forwarding, we give it the commands you see in the $Commands array. We specify the commands for performance reasons as there is no reason to load every single Exchange Admin command here. The next few lines utilize this function as well as the standard Connect-MsolService command to connect to both services using the credentials object we grabbed earlier. Once connected, we first take care of mailbox auditing.

The code between lines 22 and 29 are set up to take care of Mailbox Auditing. These lines will loop through all users in the tenant that do not currently have Mailbox Auditing configured and setup auditing on them with a time frame of 365 days.

Next, we take care of compiling all forwarding rules that are reviewed within Secure Score. Lines 31 to 47 take care of this task and store all User Inbox Rules, User Delegates and SMTP Forwarding rules inside variables we use next. Lines 49 to 87 serve the primary purpose of reporting. These lines are set up to utilize the Send-MailMessage function to send out an email to whomever you specify (group or single user) for them to review everything this script has done. The content of the email will be all users (if any) that now have Mailbox Auditing configured that did not have it before. In addition, it will send three attachments which are the output of all User Inbox Rules, User Delegates and SMTP Forwarding we stored earlier. Once the code has been implemented, publish the current revision and we are ready to set up our schedule for this runbook.

Scheduling our Runbook

Navigate to the overview of the current runbook we have been working on. Scroll down to the “Resources” section and click on “Schedules”. From here, click on “Add a schedule” to implement a schedule for this runbook.

Once here, click on “Link a schedule to your runbook”, then on “Create a new schedule” and finally fill in all required fields. We will want this runbook to run weekly, so set up a time in the future that you’d like to start the schedule on, select “Recurring” and have it repeat once each week on the day of your choosing. For the foreseeable future, we won’t want this expire so leave the “Set expiration” option to “No”.

Once this has been completed, the setup of your Azure Automation resource and its runbook will run once a week, take care of a couple of your Secure Score review tasks automatically, and email your administration the report for review.

 

Preemptive Measures to Protect Your Company’s Database Against Disaster

UpdateThere’s an old adage in IT that goes something like this: “people only notice/value technology when it doesn’t work as expected.” This is never truer than with the databases that sit behind so many of the applications we use every day. We expect applications to perform as quickly as we’ve grown accustomed to. We also expect the information contained in them to be kept securely, accurately, and for as long as we need it. A substantial part of an application’s capability to satisfy these baseline requirements depends on the database. So, while most of us never interact directly with databases, most of us become acquainted with them when they become slow, or worse, lose data to theft or other disaster.
(more…)

An Alternative Approach: How to Achieve Success with an Office 365 Center of Excellence

How to Achieve Success with an Office 365 Center of Excellence

The future is digital. Every company, irrespective of industry, is, or will soon be, thinking and operating like a digital company, re-engineering operations to support the new speed of business. If you’ve invested in Office 365, you have the capability to execute your own digital transformation. Enabling and sustaining that capability, however, can be challenging for even the largest organizations.  

Just maintaining deep knowledge on the entire platform and understanding the implications of each tool and every enhancement on your environment alone can be daunting. It’s why taking the “if you build it they will come” approach to Office 365 is simply destined for failure.

That’s why we developed an alternative, managed approach – the Office 365 Center of Excellence. We approach digital transformation as a process, instead of a project. Our proven methodology is made up of six pillars which we’ll explore in this blog post and will show how you can achieve the maximum success of your Office 365 investment with a Center of Excellence approach.

What is a Center of Excellence?

The Center of Excellence is a proven process methodology that provides solutions beyond standard managed services by utilizing six services areas to improve and execute on digital transformation in Office 365 and SharePoint. Through this process, Office 365 becomes an extremely powerful business productivity solution that if used and supported correctly, can greatly improve innovation, deliver business value, protect your internal and external data, decrease reliance on email, and further empower your employees.  



 

Six Pillars of a Successful Office 365 Center of Excellence

The power of the Center of Excellence (CoE) comes from combining the right skills, activities, and commitment and focusing them on your organization’s goals. There are six service areas that require focus for a successful Office 365 CoE, and communication is their underlying foundation. Let’s take a look at each service area:

  • Strategy
    Strategy is critical to success because it forces your organization to define what you need instead of expecting the technology to solve problems that have not been thoroughly defined. Strategic efforts focus heavily on asking stakeholders what problems must be solved and defining the value derived by meeting the goals. Developing a strategy first allows you to measure success in a tangible way to ensure you meet your objectives. In addition, when employees understand why they are being asked to do something, they generally respond more favorably when they know the vision of the project.
  • Governance
    Governance takes Strategy down to the service level. Governance efforts define usage policies, guidelines, and rules for your solutions. A successful plan leverages Microsoft’s best practices, demonstrates how to use different services to meet the business objectives, and ensures there is ownership of critical requirements and processes.

    Governance is critical because it requires that other parts of the business are engaged to ensure success. One of the most important aspects of governance is gaining traction with a group of stakeholders that will take ownership of the digital transformation process. And governance doesn’t stop — it requires regular meetings to discuss progress, collect feedback, and make changes to the governance plan, roadmap, and service offerings as technology and business needs change.
  • Architecture
    Architecture focuses on the technical components of leveraging Office 365, including information architecture, taxonomy, metadata, branding, user experience, best practices, technology changes, application integration, and the continuous effort to ensure that all the pieces fit together correctly for your organization.
  • Training
    Training isn’t one size fits all. It’s customized training in small doses on a regular basis in order to increase user understanding and adoption. Custom training combined with repetition increases user interaction and sends a message to the end users that your organization cares enough to ensure users have what they need to be effective.
  • Administration
    Administration components in Office 365 are different from classic on-premises platforms. The needs of patching, service packs, upgrades, and most of the routine maintenance activities are gone. However, many of those requirements have been replaced with new features and capabilities that should not be ignored. A successfully engaged administration plan will involve monitoring Microsoft messaging relating to tenant updates, changes, and outages. It’s not uncommon to see 15 or more messages per week relating to items affecting each Office 365 environment.
  • Support
    Support includes defined service level agreements based on requirements of the business. If your organization needs 24×7, one-hour response time because it’s critical to the business objectives, then this must be considered. CoE resources must have deep understanding of the platform and capabilities. While no single person understands it all, it’s imperative that your organization’s support skills align with its intended use of Office 365. With user adoption, including from your support teams, this will grow organically. While all the service areas are important, this is the area to absolutely ensure the proper resources are in place. Most customer contact, feedback, and ideas are generated through support interaction. Proper support teams will have plans to collect feedback and present this information to the governance and architecture teams to continue the circle of improvement.

The Importance of Process

The real CoE magic happens when you have the right combination of pillars driven by a defined and ongoing process, supported by the right resources for each set of activities, all of which are set with the proper cadence.

Your CoE is like a puzzle. All your components should fit together to showcase your vision with a total solution.

Without some pillars (or pieces of the puzzle), you will find there will be a hole in your process. Depending on the size of your organization, the needs and complexity of the solution will vary, but all are necessary to a certain degree.

When your entire plan is working harmoniously, it demonstrates to the organization the capability of IT to deliver on the needs of the business. This builds internal trust, while spotlighting IT as a leader and innovator in your organization, versus positioning IT as a cost center. This is key to transform your internal end users’ impressions of IT of simply providing tools and services to one where IT provides full life-cycle solutions to business problems.

A Customer-Centric Approach

The difficulty with digital transformation is that it is 100% based on people and their ability and willingness to change how they operate. When all of the pillars of the CoE are executed and maintained, user adoption will increase. As adoption increases, the entire solution becomes self-sustaining.

There is a tipping point where existing users create most of the new demand for capabilities because of their reliance on these tools. Your CoE activities drive user adoption, which in turn, support your overall transformation efforts. You should see a few of these benefits across your organization as overall user adoption grows:

  • Cultural shift from manual processes to automated technologies
  • Increased efficiency from a work processing perspective
  • Decreased reliance on email
  • Streamlined communication, searchable communication

With a Center of Excellence approach, you will begin to see an increase in user awareness, engagement, adoption, and all of the measurable and tangible benefits of true digital transformation.

If you are interested in delving deeper into the Center of Excellence methodology, you can learn more by downloading our free whitepaper here.

 

IT Buzzword: Cloud Integration

cloudIn today’s fast paced world, it’s social media, viral videos, celebrity news and the latest trends. Generally, these boil down to a single word or two which in and of itself, becomes Pop Culture. In the business of information technology, it’s all the acronyms and buzzwords. Some of these buzzwords end up sticking around and become much more than we could have imagined just a few years ago. One of them that’s stood the test of time is, “Cloud Integration.”

It’s become very clear in the past few years that the ever present, and often talked about, “Cloud”, is here to stay. Many people still don’t grasp how important the cloud has become, in both your business and your personal life. It’s more important than ever for businesses of all sizes to take a step back and assess the state of their Cloud Integration…it’s more than a trendy new buzzword now. (more…)

Thrive Networks

Manages mission-critical infrastructure, 24/7 monitoring and alerting, and executing client cloud strategy, overseeing every aspect ranging from end users to critical infrastructure.

What are the Benefits to Outsourcing Cybersecurity?

Today’s cybersecurity landscape is changing at a pace we’ve never seen before, and the ability for companies of all sizes to keep up is becoming increasingly difficult.

So that begs the question, and one that myself and my colleagues get very frequently, why would we outsource our security? 

There are so many reasons why companies should very seriously consider enhancing what they’re doing internally by partnering with external experts, but I will lay out the Top 3 we’re seeing in the marketplace today. (more…)

Disaster Recovery – Datacenters, the Cloud, and Winning Over the Business

CybeRTODisaster Recovery Planning – Where to Start?

Whether you’re a newly hired IT leader or recently promoted, understanding the business continuity plan of the organization is critical to sleeping well at night and building a platform for future success.  No matter the challenge or issue, the CIO is expected to prepare, test, and execute their way through any event involving IT systems, to keep the business going.  As IT transitions from a necessary support system into an age of business enablement, having robust and tested DR capabilities are critical to allow for future scalability and reliability.

So, you’ve been charged with reviewing, revamping, or refreshing the “BCDR Plan”.  Where do you start? (more…)