Author Archives: Tori Pazda

The  RCP 350 list represents the best Microsoft partners in the United States

Redmond Channel Partner magazine (RCP) has named Thrive to its Microsoft Top 350 U.S. Partners list. RCP has been exclusively covering the Microsoft channel community for more than 16 years and has compiled a list of 350 top Microsoft partners operating in the U.S. RCP’s list serves as the industry’s benchmark for recognizing the top-performing partners that reach across Microsoft’s technology stack and provide powerful solutions for their customers.

Thrive received recognition as a leading national provider for the Managed Service Provider (MSP) and Systems Integrator (SI) categories. The company successfully optimizes clients’ business performance with Thrive’s NextGen Platform of Cloud, Security, Networking, and Business Continuity services, powered by the automation and self-service capabilities of ServiceNow.

Additionally, Thrive continues to expand and enhance its technology portfolio with Microsoft tools. Thrive’s Microsoft Collaboration and Digital Transformation efforts enable companies to maximize Microsoft’s technology utilization, which increases employee adoption and productivity.

“We are thrilled to be recognized as one of the best Microsoft technology partners in the U.S.,” said Rob Stephenson, CEO of Thrive. Thrive brings the full power of Microsoft’s technology stack to each customer, making them more productive, profitable, and agile. Our company’s innovation is driven by a surge in demand for businesses to optimize their data and applications with maximum efficiency, speed, security, and insight.”

Click here to see RCP’s complete Top 250 list of Microsoft partners in the U.S.

If you have been using Power Apps in your organization, you have likely run into the consent prompt a user receives when accessing an app for the first time. While it is not a bad practice to let users know what has access to their account, admins are aware that these prompts can be intimidating for users and lead to an increase in requests for assistance during the rollout of a new app or customized form.

The Power Apps Administration PowerShell Module provides functionality that allows suppression of the consent prompt for end users by instead providing admin consent, essentially pre-approving the necessary access before it would normally be requested of users.

This can be even more beneficial for SharePoint Forms that are customized with Power Apps as the consent prompts feel more inconsistent as not all sites or lists will have these customized forms.

The cmdlet, Set-AdminPowerAppApisToBypassConsent, can be used for this configuration.

The documented example incorrectly identifies the Power App Identifier parameter as -PowerAppName (as of 3/13/21) while the list of parameters includes -AppName. We can quickly check the available parameters using the Get-Command cmdlet, as illustrated below, to confirm the appropriate parameter is -AppName as there is no -PowerAppName parameter.

Shown here are samples of what a user would see with and without the admin consent process. The user will be prompted for permission (A), listing any connectors used with the form or app. When prompted, they must choose to allow the permissions if they intend to use the form. Should they choose not to do so, they will be dropped into an unhelpful blank form (B).

Choosing to allow the permission request, or if the form has been configured with admin consent, the customized form will instead load as expected no surprise prompt. Configuring admin consent changes the experience, so users get what they expect the very first time they load up the form or app.

Aside from access and the appropriate PowerShell module, the App Id of the customized form is all the information necessary to run the bypass PowerShell command. It can be found in either the Power App Service (GUI) or PowerShell Module (CLI).

Within the Power App service, the form details are found by first navigating to a list with a customized form (or create a new one) and selecting Customize forms from the Power Apps drop down menu. After the Edit screen has loaded, move to the File menu, then click the See all versions button. To the left of Versions is the Details pane, which is where we will find the App ID.

The Power Apps Administration PowerShell Module is needed to identify the App ID from the command-line. With the module installed, we can run Add-PowerAppsAccount and complete authentication via login prompt. The account used must be able to grant admin consent and view all Power Apps in an environment, I will use a Global Administrator, other roles may be reviewed for Azure AD and the Power Platform using these resources:

Azure AD built-in roles – Azure Active Directory | Microsoft Docs

Use service admin roles to manage your tenant – Power Platform | Microsoft Docs

Running Get-AdminPowerApp lists all Power Apps in the default or selected environment. With the command-line method, we do not currently know the name nor the App Id. Fortunately, there is a default naming structure for customized SharePoint forms:

ListName on SiteName forms

In the example below, I have created a site, IntegrationForm, and a list, SampleList. The AppName is the identifier needed to grant Admin Consent.

Site: /sites/IntegrationForm

List: /sites/IntegrationForm/SampleList

Using the default naming scheme then identifies SampleList on IntegrationForm forms as the appropriate Power App.

Having identified the App ID through either method, we can now execute the Set-AdminPowerAppApisToBypassConsent command. Ideally, a Code of 200 will be returned, indicating success. Other codes which may be commonly encountered are 403 and 409 noting a lack of permissions or that the app or form has a session locked for editing, respectively. If the session is locked, it should clear up in a few minutes, so long as there is not any active editing. There is also a -ForceLease parameter that could be added to the Set-AdminPowerAppApisToBypassConsent command, though, this doesn’t appear reliable as of version 2.0.110 of the Power Apps Administration PowerShell Module.

Granting admin consent smooths the first-time experience for users but could cause issues for developers. If admin consent has been granted, users who do not access to run Set-AdminPowerAppApisToBypassConsent will not be able to restore past versions of the app or form. Interestingly, it is still possible to save and publish new versions.

The restore failure can be reproduced in both the browser and PowerShell, neither offer a very clear picture without some digging. Starting with the browser, go to your customized form or a canvas app and navigate to the version history as we did when identifying the App Id. Select a previous version and choose to restore it. For testing, I have used an account which is a Co-Owner of an app and a user which has access to edit forms, otherwise, no administrative roles are assigned.

With customized forms, I have only been able to reproduce an error regarding locked sessions. This may be due to a difference in how a customized form and an app are handled on the back end or may simply be tied to the timing of session releases.

Most browsers have developer tools which can be used to debug and investigate what is happening under the hood of a website. The overview for the developer tools available in Microsoft’s Edge browser can be found here. Two invoke entries can be found using the Network dev tool; they contain the error above about a locked session but another and more informative error as well.

This is message is much clearer; the account does not have the appropriate level of access to perform the restore now that admin consent has been configured.

If we instead try to perform the restore using PowerShell, we get the same message, though, only if the -Verbose parameter is included when attempting the restore. Without it, the command will complete silently and we may be led to believe it was successful when nothing has changed.

The Set-AdminPowerAppApisToBypassConsent command suppresses the first-time user prompt for both Power Apps and customized SharePoint forms, making for an expected and consistent user experience. If you choose to configure admin consent in this way, ensure your development team has the necessary permission to handle version restores or that your procedures detail the separation of responsibilities.

FOXBOROUGH, Mass. – March 23, 2021 – Thrive, a premier provider of NextGen Managed Services, announces today that CRN^®, a brand of The Channel Company, has named Thrive to its Tech Elite 250 list. This annual list features IT solution providers of all sizes in North America that have earned cutting-edge technical certifications from leading technology suppliers. These companies have separated themselves from the pack as top solution providers, earning multiple, premier IT certifications, specializations, and partner program designations from industry-leading technology providers.

Thrive optimizes business performance with scalability, the highest level of security, and future-proofs digital infrastructure operations through its NextGen technology platform, including ServiceNow, automation and AI solutions. The Thrive Platform features a broad and unmatched portfolio of Cloud, Security, Networking, and Business Continuity services, powered by automation and self-service capabilities of ServiceNow.

“We’re honored to be acknowledged as one of CRN’s top Tech Elite providers,” said Rob Stephenson, CEO of Thrive. “With more than 20 years in the industry, Thrive is constantly pushing the envelope to implement innovative technologies that further strengthen the success of our client’s IT infrastructure. We offer proactive, global, 24x7x365 support from our U.S.-based technical experts dedicated to solving clients’ greatest technology challenges. We take great pride in being included on CRN’s Tech Elite Providers’ list, and this recognition serves as a testimony to our team’s ability to understand each client’s unique needs and provide a custom IT strategy that guarantees ongoing peak business performance and application availability.”

“CRN’s Tech Elite 250 list highlights the top solution providers in the IT channel with the most in-depth technical knowledge, expertise, and certifications for providing the best level of service for their customers,” said Blaine Raddon, CEO of The Channel Company. “These solution providers have continued to extend their talents and abilities across various technologies and IT practices, demonstrating their commitment to really conveying the most exceptional business value to their customers.”

Each year, The Channel Company’s research group and CRN editors distinguish the most client-driven technical certifications in the North American IT channel. Solution providers that have earned these high honors — enabling them to deliver exclusive products, services, and customer support — are then selected from a pool of online applicants as well as from The Channel Company’s solution provider database.

Coverage of the Tech Elite 250 will be featured in the April issue of CRN^® Magazine and online at www.CRN.com/techelite250.

For more information about Thrive, click here.

### 

About Thrive

Thrive is a leading provider of NextGen managed services designed to drive business outcomes through application enablement and optimization. The company’s Thrive5 Methodology utilizes a unique combination of its Application Performance Platform and strategic services to ensure each business application takes advantage of technology that enables peak performance, scale, and the highest level of security. For more information, visit thrivenextgen.com.

Thrive: LinkedIn, Twitter, Facebook, YouTube and Instagram

MEDIA CONTACT:

Stephanie Farrell

Director of Corporate Marketing

617-952-0289 | sfarrell@thrivenextgen.com

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers, and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelcompany.com

 Follow The Channel Company: Twitter, LinkedIn, and Facebook.

© 2021. CRN is a registered trademark of The Channel Company, LLC.  All rights reserved.

The Channel Company Contact:

Jennifer Hogan

The Channel Company

jhogan@thechannelcompany.com

The Microsoft Exchange Server attack, which was publicly disclosed by Microsoft on March 2^nd, was thoroughly explained by my colleague Eric Hasenstab in his blog post.  If you have not read it, please do so as it provides an excellent summary of the attack itself along with Thrive’s response to it.  The intent of this post is to do a slightly deeper dive into Microsoft’s Exchange Server patching policies which led to unfortunate worldwide delays in the rollout of patches to address these vulnerabilities.

When Microsoft announced the vulnerabilities on March 2^nd, many people overlooked a small detail in the patching prerequisites.  The critical security patches were only available for supported versions of Exchange CUs (Cumulative Update).  So, what is an Exchange CU?  First and foremost, it is not a patch and cannot be deployed via automated patching services like Windows Updates.  Per Microsoft, an Exchange CU “is a full installation of Exchange that includes all updates and changes from previous CUs.”

Microsoft leverages this Cumulative Update servicing model for all current versions of Exchange.  The CUs are released quarterly and are supported for an additional 3 months after the release of the latest CU.  Essentially, any Exchange CU is supported by Microsoft for 6 months after its release.  Once an Exchange CU reaches end of support it is no longer eligible to receive any monthly Exchange security patches which are released outside of the quarterly CU schedule.

To further compound the difficulty of maintaining a current Exchange CU, the installation requires significant downtime and risk to server stability.  Since it is a full installation of Exchange, downtime can exceed 4 hours and potentially result in long-term outages if the installation fails.  As such, it is exceedingly difficult for organizations to keep their Exchange CUs current.  Microsoft finally acknowledged this reality a full week after disclosing the vulnerability by releasing security patches for all Exchange CUs.  Unfortunately, by this time countless servers were already exposed to malicious activity from state sponsored threat actors and criminal organizations.

To recap:

• Microsoft originally released security patches only for supported Exchange CUs
• A CU isn’t a patch and requires a full reinstallation of Exchange
• A CU installation is at best disruptive and at worst hazardous to server stability
• A CU is only supported for 6 months after its release
• Microsoft took an entire week to release security patches for older CUs

If its not clear by now, there is only one reasonable solution to maintaining a stable and secure Exchange Server. Migrate your business off Exchange Server to a Cloud-based solution and transfer the patching responsibility to the Cloud provider.

To this end, Thrive has a team dedicated to Exchange migrations that can seamlessly transition your organization to the email Cloud solution which best meets the needs of your business. Contact us to learn more.

The RCP 350 gives customers a short list of partners they should definitely consider for their IT needs.

In this week’s episode of #FinTechFriday​​, Marc Capobianco talks about the SEC’s 2021 Exam Priorities that were released. Listen in as Marc breaks down the 6 main areas that the SEC identified. ▶️

All organizations want a Return on Investment (ROI) for Microsoft 365.  They want to use the technology to the fullest extent. However, staying on top of updating the end-user base and the lack of initiative by end users to find information are common challenges.  Thrive highly recommends utilizing Microsoft 365 Learning Pathways (LP) to improve  Microsoft 365 adoption rates.

LP s is a free, on-demand, customizable learning portal that is created as a SharePoint communication site within your Microsoft 365 platform. It’s an open-source solution that allows you to easily add and edit end-user-focused training content on Microsoft 365 apps, such as OneDrive, SharePoint, Teams, etc.

The content is automatically updated and delivered by Microsoft directly into your portal. It’s easy to navigate, which saves valuable time and resources.

Setup is handled through a configuration page that contains categories, subcategories, playlists, and assets, which can link to either a custom SharePoint SitePage containing content or the content itself wherever that may be.

LP also overs multilingual support and can be organized in such a way that you can layer on top custom solutions for scheduling, read validations, badges, and certifications to encourage adoption.

LP has been a proven solution to overcome common 365 integration and adoption challenges.

Benefits:

• Provides employees with organized, step-by-step trainings to achieving compliance
• Stores curriculum in a specific location with a modern and organized layout
• Brings multiple applications and offerings together in one place. Creates customized curriculum, including group of department specific trainings, available on SharePoint/Teams’ sites while filtering out irrelevant content and storing it all in a central location
• Intuitive layout and easy to navigate for end users with varying technical skills
• Provides y curriculum in different languages
• Tracks training status and displays accessible by employees and managers of direct reports
• Recognizes employees for completing assignments with certifications and/or badges

Organization of Content Configuration

There are two options to organize the configuration of your curriculum. Use the pre-configured setup and add on to the predefined categories with subcategories, or tie in a Content Delivery Network (CDN) that hosts your specific content. With the latter, you gain the ability to create your own categories.

The first step to organizing your content is to understand what content you have available, who owns it, and what classifications and metadata relate to it all. Once you have that information, break that down into “Category” (top-level description), “Subcategory” (subtopic), “Playlist” (contains a series of related content), and finally “Asset” (links to the content). Each of these has a one-to-many relationship with the next level. Note that the default categories cannot be changed or removed, only hidden.

How to think about the default categories:

1. Get Started – Beginner-level and compliance training
2. Products – 3^rd party application training
3. Scenarios – Relates to a specific task or service
4. Adoption Tools – Links, tools, or methods of adopting a tool, service, or application

Let’s look at our use cases to identify different ways we might organize our content.

• Training that involves multiple assets or assets that must be completed in a specific order
  • Use a playlist specific to these assets
• You are required to separate content (i.e., general/company vs compliance training)
  • Create separate subcategories for each and then add the necessary playlists
• Some of the default curriculums do not relate to our organization
  • You can opt to hide a subcategory or playlist
  • Hiding all subcategories will hide the category
• Curriculum to be available in different languages
  • You can add up to eight additional languages for a given asset
• Content must be broken down by department
  • Create separate subcategories for each and then add the necessary playlists
• Bring all the curriculum under one hood
  • Target assets at the appropriate Microsoft 365 locations and even 3^rd party applications. This allows you to showcase that you have all this training available, and the employee just needs to browse there
• Display training on departmental sites
  • The LP web part can also be used on separate SharePoint sites and can be filtered to a specific need
• Intuitive designs
  • Customize your landing page to tell your audience what this site is used for and how to effectively navigate it
  • Break down the product and application training into FAQ-like pages. This is extremely popular with the various colleges that  need to support students of all technical skill levels

What is important to know about the images for Subcategory and Playlist?

1. You cannot change the default Microsoft images
2. Default Image Specs:
   1. Image Resolution: 280×200
   2. Bottom Border: 280×9 gradient bottom border
   3. Center Image Resolution: 80×80
3. Some prefer to use the whole space

Here are a few additional suggestions to organize your curriculum:

• Create an Onboarding subcategory or playlist under Compliance Training as all onboarding employees and contractors must complete specific training for a company to meet compliance requirements.

• Use the Power Platform to create an acknowledgment  workflow (custom solution) that validates the employee who completed the training.

• Track training status and display it to the employees and allow managers to see the status of direct reports.
• Track specific series completions to award employees with certifications and/or badges, and then post about it to the intranet news.

• Use groups and/or modern calendars to schedule one-off and regular training sessions.
• Consider offering course registrations when your company is large enough to hold regular training sessions.
• Setup the site navigation in a way that makes sense.
• Offer the end users a means to request or vote on requested training.

Creating a Microsoft 365 utilization plan can be difficult to navigate.  Let the experts at Thrive help your business through the planning, development and execution to handle your customized Microsoft 365 solutions to meet your growing digital demands. Contact the Thrive team today.

Have you ever given a B2B guest user access to your shared SharePoint content and they were denied access? The “user not found in the directory” errors can easily happen. However, you might be scratching your head if they accessed the content previously and they are still listed in the Office 365 user base and Azure Active Directory.

The Thrive team has some suggestions to help you avoid an embarrassing situation and keep shared content flowing smoothly across users.

What is the cause?

The guest user profile has become corrupted and it’s not being recognized leading to error “User not found in directory.”

How to fix it?

The standard way to fix the error is to remove the  guest user and re-add them, essentially re-creating their account anew. This can be a bit tedious and when finished the guest user permissions need to be re-added to all content that they previously had access to.

However, there’s a new functionality that’s been deployed to Azure Active Directory for managing B2B guest accounts. The improved workaround allows for a quick fix and without the need to re-add user permissions to SharePoint online content.

1. Go to your Azure Active Directory portal (https://portal.azure.com/)
2. Go to Users and lookup your guest
3. Go to Identity > Invitation Select manage

4. Change Redemption status to Yes and confirm you want to reset the invitation status.

5. The guest user will receive an email on behalf of your organization asking them to accept the invitation. They will be asked to sign in and this will fix their guest account. Immediately after, the guest can once again  access previously shared SharePoint sites and content.

Still need help? Or, do you need help deploying, managing, and scaling your business’ Microsoft 365, SharePoint or Teams? Contact the Thrive experts today to handle your Microsoft suite of collaboration tools so you can focus on your core business.

The Pioneer Award recognizes the customer who has successfully leveraged Infinidat solutions towards the implementation of digital transformation initiatives. Thrive was awarded The Pioneer – Americas.