Author Archives: sfarrell

Thrive Employee Spotlight: Meghan O’Keefe, VP of Professional Services

We’re excited to share our “Thrive Employee Spotlight” blog series!

Our featured Thrive Employee is Meghan O’Keefe. Meghan is the Vice President of Professional Services for Thrive.

Meghan currently manages onboarding new clients onto The Thrive Platform and large-scale implementation projects for strategic accounts. Over the years at Thrive, she has also managed the project managers, customer service groups, dispatch coordinators and project engineers.

Meghan lives just north of Boston with her fiancé and rescue pup. In her spare time, you’ll find Meghan at the park or visiting local breweries. In a pre-COVID world, she enjoyed going to Boston sporting events, concerts and traveling. 


Hi Meghan! Can you tell us about your background and how you came to Thrive?

After graduating college, I started my career in retail operations as a district manager at a major grocery chain in New England. At the time, I was responsible for working with all outside vendors, hiring and training all staff, and procuring product and merchandising for all locations in my district. I found what I enjoyed most were the aspects of project management involved in the opening of new store locations. Therefore, I decided to get more involved in project management within a new and highly dynamic industry. After talking with old friends and alums, I found out about a position at Corporate IT Solutions, which would give me the opportunity to help build out a project management office at a growing IT company of 35 employees. This was back in 2012 prior to the Thrive merger, and the major growth we have seen within the last five years. Since then, I’ve managed hundreds of projects and learned an immense amount about technology.

What do you most enjoy about working for Thrive?

Definitely the people! I have been working with many of my colleagues for nine years, and while the company has changed and grown significantly over the years, the caliber of people that I get to work with every day has not.  Everyone shows up to work hard, and we do our best for our clients. I also get to learn something new every day! Technology is constantly changing, and there is always a new challenge to work through. I always feel a sense of accomplishment at the end of the day knowing we solved a problem or worked around a tough roadblock for one of our clients.

Any recent exciting projects at Thrive that you can tell us about?

We are currently working on automating a lot of our internal processes within the Project Delivery team, which doesn’t sound too exciting, but it will allow us to spend more time with our customers in strategic conversations, and I’m looking forward to that!

Where did you go to school or get training?

I graduated from Bentley University in Waltham, Massachusetts, and also have my ITIL and PMP certifications that I completed while at Thrive.

Are you interested in learning more about Thrive? Click here!

And please don’t forget to follow us on LinkedIn, Twitter, Facebook, YouTube and Instagram for the latest news, and continue checking our blog for more in our “Thrive Employee Spotlight” series. Until next time…

Thrive Named a 2021 Fast 50 Company by Boston Business Journal

The Boston Business Journal has named Thrive to its exclusive 2021 Fast 50 list, which represents the 50 fastest-growing private companies in Massachusetts. The Fast 50 companies are selected and ranked based on a formula that counts revenue growth from 2017 to 2020.

“Thrive is honored to be named to Boston Business Journal’s Fast 50 list,” said Rob Stephenson, CEO at Thrive. “We continue to experience strong growth in Boston and throughout the Mid-Atlantic region. Thrive is an industry leader that successfully optimizes IT business performance with our NextGen Technology Platform, powered by the automation and self-service capabilities of ServiceNow, for organizations across many industries, including financial, healthcare, life sciences, education and more, making them more productive, profitable, and agile.”

The numbers were crunched and analyzed by the Business Journal’s research department.

“The economic shutdown sent a lot of companies’ strategies and financials into uncharted territory in 2020, but as the Fast 50 illustrates, Greater Boston’s fastest-growth companies pivoted and prospered despite it all,” said Carolyn M. Jones, market president and publisher of the Boston Business Journal.

A Fast 50 special publication is scheduled to run in the May 21 weekly edition of the Business Journal and online that same week. A private virtual honoree celebration to honor this year’s Fast 50 is scheduled to be held on Wednesday, May 19, where the rankings will be released.

Companies on the Fast 50 must have their headquarters in Massachusetts and must have reported revenue of at least $500,000 in 2017 and $1 million in 2020 were considered. (Unlike in past years, due to the pandemic, companies were not disqualified from the ranking if they experienced a net loss during one of the years analyzed, provided growth from 2017 to 2020 was positive.)

For the complete list of 2021 Fast 50 companies, visit the Boston Business Journal’s website here.

FBI Warning: Recent FortiOS Vulnerabilities

The FBI recently released a warning on hackers using a trio of vulnerabilities that are present on some Fortinet Firewalls. Attackers are leveraging these three distinct vulnerabilities to gain access to the networks.   

The first vulnerability, CVE-2018-13379, allows an attacker to download firewall system files under the SSL VPN web portal using HTTP.  Attackers scan ports 4443, 8443, and 10443 to see if this is available. If so, they utilize vulnerability CVE-2020-12812 to allow an attacker to log in without using a second factor authentication. Finally, the attackers utilize CVE-2019-5591 to sniff traffic going to a legitimate LDAP server internally. 

Utilizing all three of these attacks allows the attacker to gain more access into the network. Each one of these vulnerabilities is present in different versions of code. If the device runs an earlier version of code then it may require it may require multiple upgrades. 

This is a sophisticated attack, that requires multiple exploitable vulnerabilities to work. Only a select number of firewalls are vulnerable to this attack. Thrive observed that less than 1% of its customer deployments are on the firmware versions contained in this notification. 

In general, our engineering team recommends all Fortinet firewall be upgraded to 6.4.4 if possible. 

If you have any questions, please feel free to contact us.

vCISO Education – Blessed Sacrament

Overhauling a school’s IT infrastructure to support the evolving technology needs of today’s high-tech classrooms.

Download Now

 

CHALLENGE

Blessed Sacrament School is a private school in Walpole, Mass., with nearly 400 students ranging from preschool through 8th grade. The school’s administration sought out to update their IT infrastructure to support the technology needs that were increasingly integrated into the curriculum, including an iPad initiative for grades 4-8, a circulating iPad cart for Pre-K through grade 3, a technology lab, a science lab, and interactive white boards in several classrooms. The COVID-19 pandemic accelerated the need for an upgraded network and wireless access points as more curriculum was shifted to iPads than originally planned.

SOLUTION

A long-time Thrive customer, Blessed Sacrament reached out to the Thrive team to overhaul their existing network with the latest technology to create a flexible, scalable and secure infrastructure to support their growing classroom technology requirements. To support a vast increase of individual student devices, a strong WiFi network was imperative to ensure reliable, fast connections for remote learning, but their environment had to be reconstructed from the ground up. While undergoing this digital transformation with Thrive’s NextGen platform, Thrive’s senior principal consulting team determined they would require a 1GB fiber backbone to meet the growing demand of media streaming and virtual classrooms.

This increased connection speed, along with configuring cutting-edge networking solutions, has positioned the school to operate an advanced learning environment in a post-pandemic world. Thrive’s advanced supply chain and project management teams were able to quickly implement the solution in time for school to begin. The Director of Technology is now able to be proactive about future technology initiatives, such as MDM, and focus on what’s most important – the students.

RESULT

With 90 percent of students returning to school at least part time after the initial COVID-19 shutdowns, the newly updated WiFi network offered the speed and reliability to support the large number of devices used throughout the day within the school network. Teachers and administrators have the peace of mind that their network is secure with superior firewall technology that provides real-time threat assessment and monitoring. In the event there is ever an IT issue, the school’s Director of Technology can reach out to the Thrive team for fast communication and support via Thrive’s client portal, The Thrive Platform, powered by ServiceNow.

Blessed Sacrament“With such a growing emphasis on technology in the classroom, we wanted to make sure we had the right IT infrastructure in place to set our students and teachers up for success. We had built a relationship with the Thrive team over the years, and we trusted their expertise to overhaul our existing network to set a strong foundation for our expanding technology initiatives.” ~ Rob Hall, Director of Technology, Blessed Sacrament School

How can Thrive help your business?

Thrive is a leading provider of outsourced IT Infrastructure designed to drive business outcomes by helping you get the most out of your IT.

To learn more about our services, CONTACT US

Thrive Named a Top 350 U.S. Microsoft Partner

The  RCP 350 list represents the best Microsoft partners in the United States

Redmond Channel Partner magazine (RCP) has named Thrive to its Microsoft Top 350 U.S. Partners list. RCP has been exclusively covering the Microsoft channel community for more than 16 years and has compiled a list of 350 top Microsoft partners operating in the U.S. RCP’s list serves as the industry’s benchmark for recognizing the top-performing partners that reach across Microsoft’s technology stack and provide powerful solutions for their customers.

Thrive received recognition as a leading national provider for the Managed Service Provider (MSP) and Systems Integrator (SI) categories. The company successfully optimizes clients’ business performance with Thrive’s NextGen Platform of Cloud, Security, Networking, and Business Continuity services, powered by the automation and self-service capabilities of ServiceNow.

Additionally, Thrive continues to expand and enhance its technology portfolio with Microsoft tools. Thrive’s Microsoft Collaboration and Digital Transformation efforts enable companies to maximize Microsoft’s technology utilization, which increases employee adoption and productivity.

“We are thrilled to be recognized as one of the best Microsoft technology partners in the U.S.,” said Rob Stephenson, CEO of Thrive. Thrive brings the full power of Microsoft’s technology stack to each customer, making them more productive, profitable, and agile. Our company’s innovation is driven by a surge in demand for businesses to optimize their data and applications with maximum efficiency, speed, security, and insight.”

Click here to see RCP’s complete Top 250 list of Microsoft partners in the U.S.

Granting Admin Consent for Power App Customized SharePoint Forms

If you have been using Power Apps in your organization, you have likely run into the consent prompt a user receives when accessing an app for the first time. While it is not a bad practice to let users know what has access to their account, admins are aware that these prompts can be intimidating for users and lead to an increase in requests for assistance during the rollout of a new app or customized form.

The Power Apps Administration PowerShell Module provides functionality that allows suppression of the consent prompt for end users by instead providing admin consent, essentially pre-approving the necessary access before it would normally be requested of users.

This can be even more beneficial for SharePoint Forms that are customized with Power Apps as the consent prompts feel more inconsistent as not all sites or lists will have these customized forms.

The cmdlet, Set-AdminPowerAppApisToBypassConsent, can be used for this configuration.

The documented example incorrectly identifies the Power App Identifier parameter as -PowerAppName (as of 3/13/21) while the list of parameters includes -AppName. We can quickly check the available parameters using the Get-Command cmdlet, as illustrated below, to confirm the appropriate parameter is -AppName as there is no -PowerAppName parameter.

Get Command

Shown here are samples of what a user would see with and without the admin consent process. The user will be prompted for permission (A), listing any connectors used with the form or app. When prompted, they must choose to allow the permissions if they intend to use the form. Should they choose not to do so, they will be dropped into an unhelpful blank form (B).

ConsentPromptEmptyForm

Choosing to allow the permission request, or if the form has been configured with admin consent, the customized form will instead load as expected no surprise prompt. Configuring admin consent changes the experience, so users get what they expect the very first time they load up the form or app.

BypassConsent UserExperience

Aside from access and the appropriate PowerShell module, the App Id of the customized form is all the information necessary to run the bypass PowerShell command. It can be found in either the Power App Service (GUI) or PowerShell Module (CLI).

Within the Power App service, the form details are found by first navigating to a list with a customized form (or create a new one) and selecting Customize forms from the Power Apps drop down menu. After the Edit screen has loaded, move to the File menu, then click the See all versions button. To the left of Versions is the Details pane, which is where we will find the App ID.

CustomizeForms

ReEnter SeeVersions

FirstSave SeeVersions

SeeVersions

SeeDetails AppId

The Power Apps Administration PowerShell Module is needed to identify the App ID from the command-line. With the module installed, we can run Add-PowerAppsAccount and complete authentication via login prompt. The account used must be able to grant admin consent and view all Power Apps in an environment, I will use a Global Administrator, other roles may be reviewed for Azure AD and the Power Platform using these resources:

Azure AD built-in roles – Azure Active Directory | Microsoft Docs

Use service admin roles to manage your tenant – Power Platform | Microsoft Docs

Running Get-AdminPowerApp lists all Power Apps in the default or selected environment. With the command-line method, we do not currently know the name nor the App Id. Fortunately, there is a default naming structure for customized SharePoint forms:

ListName on SiteName forms

In the example below, I have created a site, IntegrationForm, and a list, SampleList. The AppName is the identifier needed to grant Admin Consent.

Site: /sites/IntegrationForm

List: /sites/IntegrationForm/SampleList

Using the default naming scheme then identifies SampleList on IntegrationForm forms as the appropriate Power App.

Get Command 1

Having identified the App ID through either method, we can now execute the Set-AdminPowerAppApisToBypassConsent command. Ideally, a Code of 200 will be returned, indicating success. Other codes which may be commonly encountered are 403 and 409 noting a lack of permissions or that the app or form has a session locked for editing, respectively. If the session is locked, it should clear up in a few minutes, so long as there is not any active editing. There is also a -ForceLease parameter that could be added to the Set-AdminPowerAppApisToBypassConsent command, though, this doesn’t appear reliable as of version 2.0.110 of the Power Apps Administration PowerShell Module.

BypassConsent

Granting admin consent smooths the first-time experience for users but could cause issues for developers. If admin consent has been granted, users who do not access to run Set-AdminPowerAppApisToBypassConsent will not be able to restore past versions of the app or form. Interestingly, it is still possible to save and publish new versions.

The restore failure can be reproduced in both the browser and PowerShell, neither offer a very clear picture without some digging. Starting with the browser, go to your customized form or a canvas app and navigate to the version history as we did when identifying the App Id. Select a previous version and choose to restore it. For testing, I have used an account which is a Co-Owner of an app and a user which has access to edit forms, otherwise, no administrative roles are assigned.

With customized forms, I have only been able to reproduce an error regarding locked sessions. This may be due to a difference in how a customized form and an app are handled on the back end or may simply be tied to the timing of session releases.

SeeDetails AppId

GUIRestore

FormRestoreFail

Most browsers have developer tools which can be used to debug and investigate what is happening under the hood of a website. The overview for the developer tools available in Microsoft’s Edge browser can be found here. Two invoke entries can be found using the Network dev tool; they contain the error above about a locked session but another and more informative error as well.

BrowserErrorScreen

BrowserFullError

This is message is much clearer; the account does not have the appropriate level of access to perform the restore now that admin consent has been configured.

If we instead try to perform the restore using PowerShell, we get the same message, though, only if the -Verbose parameter is included when attempting the restore. Without it, the command will complete silently and we may be led to believe it was successful when nothing has changed.

GettingVersions

AppRestoreFail

The Set-AdminPowerAppApisToBypassConsent command suppresses the first-time user prompt for both Power Apps and customized SharePoint forms, making for an expected and consistent user experience. If you choose to configure admin consent in this way, ensure your development team has the necessary permission to handle version restores or that your procedures detail the separation of responsibilities.

Thrive Named to CRN® 2021 Tech Elite 250 List

FOXBOROUGH, Mass. – March 23, 2021Thrive, a premier provider of NextGen Managed Services, announces today that CRN®, a brand of The Channel Company, has named Thrive to its Tech Elite 250 list. This annual list features IT solution providers of all sizes in North America that have earned cutting-edge technical certifications from leading technology suppliers. These companies have separated themselves from the pack as top solution providers, earning multiple, premier IT certifications, specializations, and partner program designations from industry-leading technology providers.

Thrive optimizes business performance with scalability, the highest level of security, and future-proofs digital infrastructure operations through its NextGen technology platform, including ServiceNow, automation and AI solutions. The Thrive Platform features a broad and unmatched portfolio of Cloud, Security, Networking, and Business Continuity services, powered by automation and self-service capabilities of ServiceNow.

“We’re honored to be acknowledged as one of CRN’s top Tech Elite providers,” said Rob Stephenson, CEO of Thrive. “With more than 20 years in the industry, Thrive is constantly pushing the envelope to implement innovative technologies that further strengthen the success of our client’s IT infrastructure. We offer proactive, global, 24x7x365 support from our U.S.-based technical experts dedicated to solving clients’ greatest technology challenges. We take great pride in being included on CRN’s Tech Elite Providers’ list, and this recognition serves as a testimony to our team’s ability to understand each client’s unique needs and provide a custom IT strategy that guarantees ongoing peak business performance and application availability.”

“CRN’s Tech Elite 250 list highlights the top solution providers in the IT channel with the most in-depth technical knowledge, expertise, and certifications for providing the best level of service for their customers,” said Blaine Raddon, CEO of The Channel Company. “These solution providers have continued to extend their talents and abilities across various technologies and IT practices, demonstrating their commitment to really conveying the most exceptional business value to their customers.”

Each year, The Channel Company’s research group and CRN editors distinguish the most client-driven technical certifications in the North American IT channel. Solution providers that have earned these high honors — enabling them to deliver exclusive products, services, and customer support — are then selected from a pool of online applicants as well as from The Channel Company’s solution provider database.

Coverage of the Tech Elite 250 will be featured in the April issue of CRN® Magazine and online at www.CRN.com/techelite250.

For more information about Thrive, click here.

### 

About Thrive

Thrive is a leading provider of NextGen managed services designed to drive business outcomes through application enablement and optimization. The company’s Thrive5 Methodology utilizes a unique combination of its Application Performance Platform and strategic services to ensure each business application takes advantage of technology that enables peak performance, scale, and the highest level of security. For more information, visit thrivenextgen.com.

Thrive: LinkedIn, Twitter, Facebook, YouTube and Instagram

MEDIA CONTACT:

Stephanie Farrell

Director of Corporate Marketing

617-952-0289 | sfarrell@thrivenetworks.com

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers, and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelcompany.com

 Follow The Channel Company: Twitter, LinkedIn, and Facebook.

© 2021. CRN is a registered trademark of The Channel Company, LLC.  All rights reserved.

The Channel Company Contact:

Jennifer Hogan

The Channel Company

jhogan@thechannelcompany.com

Exchange Vulnerabilities Expose Microsoft’s Obstructive Patching Requirements

The Microsoft Exchange Server attack, which was publicly disclosed by Microsoft on March 2nd, was thoroughly explained by my colleague Eric Hasenstab in his blog post.  If you have not read it, please do so as it provides an excellent summary of the attack itself along with Thrive’s response to it.  The intent of this post is to do a slightly deeper dive into Microsoft’s Exchange Server patching policies which led to unfortunate worldwide delays in the rollout of patches to address these vulnerabilities.

When Microsoft announced the vulnerabilities on March 2nd, many people overlooked a small detail in the patching prerequisites.  The critical security patches were only available for supported versions of Exchange CUs (Cumulative Update).  So, what is an Exchange CU?  First and foremost, it is not a patch and cannot be deployed via automated patching services like Windows Updates.  Per Microsoft, an Exchange CU “is a full installation of Exchange that includes all updates and changes from previous CUs.”

Microsoft leverages this Cumulative Update servicing model for all current versions of Exchange.  The CUs are released quarterly and are supported for an additional 3 months after the release of the latest CU.  Essentially, any Exchange CU is supported by Microsoft for 6 months after its release.  Once an Exchange CU reaches end of support it is no longer eligible to receive any monthly Exchange security patches which are released outside of the quarterly CU schedule.

To further compound the difficulty of maintaining a current Exchange CU, the installation requires significant downtime and risk to server stability.  Since it is a full installation of Exchange, downtime can exceed 4 hours and potentially result in long-term outages if the installation fails.  As such, it is exceedingly difficult for organizations to keep their Exchange CUs current.  Microsoft finally acknowledged this reality a full week after disclosing the vulnerability by releasing security patches for all Exchange CUs.  Unfortunately, by this time countless servers were already exposed to malicious activity from state sponsored threat actors and criminal organizations.

To recap:

  • Microsoft originally released security patches only for supported Exchange CUs
  • A CU isn’t a patch and requires a full reinstallation of Exchange
  • A CU installation is at best disruptive and at worst hazardous to server stability
  • A CU is only supported for 6 months after its release
  • Microsoft took an entire week to release security patches for older CUs

If its not clear by now, there is only one reasonable solution to maintaining a stable and secure Exchange Server. Migrate your business off Exchange Server to a Cloud-based solution and transfer the patching responsibility to the Cloud provider.

To this end, Thrive has a team dedicated to Exchange migrations that can seamlessly transition your organization to the email Cloud solution which best meets the needs of your business. Contact us to learn more.

Microsoft’s Top 350 U.S. Partners

The RCP 350 gives customers a short list of partners they should definitely consider for their IT needs.