Author Archives: Tori Pazda

CHALLENGE

Crippled by outdated servers, ENT Specialists faced daily operational problems, making it difficult for physicians to service their patients. At times when electronic medical records were completely inaccessible to providers, the practice would have to close and the business lost revenue. ENT Specialists turned to Thrive to create a solution that would stabilize their infrastructure quickly, allowing them to keep their business running consistently and efficiently.

SOLUTION

Thrive stabilized the foundation of the network and updated the switches in ENT’s environment to all new Meraki equipment, managed by Thrive’s top-tier engineers. Additionally, Thrive installed managed firewalls to replace legacy firewalls and improve security and visibility. ENT Specialists’ outdated servers were virtualized, and their medical records moved off premises into the eClinicalWorks SaaS offering. The company has continued to migrate more business-critical applications into Thrive’s private Cloud solution, ThriveCloud, as well as an Office 365 environment. As a cybersecurity measure, ENT Specialists adopted Thrive’s end user security services. Utilizing Thrive’s Security Team, the company gets monthly phishing tests and mandated quarterly cybersecurity awareness training for their employees.

RESULT

With the infrastructure built by Thrive’s team, ENT Specialists no longer face daily technological interruptions. Physicians continue to service their patients without the fear of losing access to their medical records. The increased capabilities have allowed ENT Specialists to grow in new directions. The company has onboarded new physicians, launched its FYSICAL® Dizziness & Fall Prevention Center, and is adding more locations.

“Thrive’s NextGen Cloud and Cyber Security solutions are critical to our business and patients. Every minute counts in healthcare, and that’s why we turned to Thrive to provide a swift, secure and innovative update to our IT infrastructure to ensure patient care isn’t compromised.” ~ Debbie Joyce, Operations Manager, ENT Specialists

How can Thrive help your business?

Thrive is a leading provider of outsourced IT Infrastructure designed to drive successful business outcomes with our talented engineering teams and suite of Cloud-First, NextGen Managed Services.

To learn more about our services, CONTACT US

Organizations face constant cybersecurity threats and the numbers are staggering. The NextGen cybersecurity experts at Thrive offer a Security Information and Event Management solution that delivers comprehensive investigation, analysis and remediation. Secure your organization 24×7.

If you’re ready to experience NextGen managed security, talk to a Thrive expert today. CONTACT US

Microsoft Bookings, an app included in Microsoft 365, is a scheduling tool that allows customers to easily book appointments with a company. The app incorporates a web-based calendar that integrates with Outlook, ensuring availability always stays up-to-date. Customers can easily schedule appointments during available time slots with the team member of their choice, cancel and reschedule bookings, and enjoy auto-generated emails to keep all parties notified.

The following Microsoft licenses include Bookings:

• Microsoft 365 Business Standard
• Microsoft 365 A3
• Microsoft A5 subscriptions
• Office 365 E3 and E5 subscriptions

Components of Microsoft Bookings

Business Information

All details about your business are configured in the Business Information section. These details, such as your business name, address, phone number, logo, and hours of operations, are visible to your customers.

Services

Business offerings are configured in the Services section. You can specify details such as:

• Service location (virtual or physical)
• Service description
• Pricing
• Staff member assignments
• Maximum number of attendees per service

Staff

The Staff section is where you can specify all items relating to the members of your team relating to the services they provide. This can include:

• Assign to specific services
• Services the business provides
• Hours of availability for each staff member

Customers

When users schedule an appointment or book a service, they are automatically added as a customer in your Bookings app. 

Customers can be added manually or imported from a .csv file.

Bookings Page

The Bookings Page is where major app details are configured and where the app is published. These details include:

• Selecting a color scheme/theme of the Bookings app
• Setting the time zone
• Setting email notifications
• Requiring customers to have an Office 365 account to use the app

Calendar

The Calendar is for internal use only — it is only accessible by staff members. All Bookings made by customers will populate in the Calendar. The Calendar view can be switched around to display bookings by Day, Work Week, Week, Month, or Today. Clicking on each booking will display all the information regarding that specific booking.

Home

The Home dashboard displays an overview of the number of bookings made, the estimated revenue from all bookings, and the number of unique customers that have booked.

The Problem

The COVID-19 pandemic forced companies to quickly transition to working remotely. As the pandemic settles and work-from-home mandates are lifted, businesses will have to adjust, once again, to ensure a safe return to the workplace. One of the main priorities during return to work operations is limiting capacities to ensure social distancing is possible.

The Solution

At Thrive, we pride ourselves on discovering ways to leverage existing tools in the Microsoft 365 ecosystem to fulfill even more business needs than they were originally intended for. Why not utilize Microsoft Bookings to ensure a safe and socially-distanced return to the workplace?

By utilizing the Services section for your office building, room, floor, or workspace, you can automate monitoring and limiting capacity with ease. The Staff section can be used for reservations and the Customer section can be used by employees who would like to come into the office.

The Fine Print

The ‘Maximum Attendees’ feature in the Services component doesn’t always work as seamlessly as we would like.

The key to successfully limiting the number of people that can book on a specific day is to add the exact amount of staff members, listed below as “reservations,” as a guideline for the maximum capacity for the office. In other words, make the total number of staff members equal the maximum capacity of people allowed in the office at once to restrict any more appointments.

Bookings require at least one staff member per booking. With three added staff member reservations and myself as an Administrator (by necessity), the app will allow four bookings per day—and nothing more. Even if ‘Maximum Attendees’ was set to one or two, the app would still allow four users to book—which is why this workaround is necessary to get the app to behave how it is intended to.

For this to work, the Availability for the Services must be set to “Bookable when staff are free.”

Takeaways

We encourage you to try customizing your Microsoft features to best fit your needs. Microsoft Bookings’ capabilities reach far beyond simply scheduling and can be a great way to assist with keeping your team safe while returning to work.

As always, Thrive is here to help you keep up with these quick transitions. If you would like assistance to get the most out of your Microsoft 365 investment, please contact us today.

Encryption has become so ubiquitous that one could assume that most people understand what it is, how it is used, and why it is important in the digital age. Of course, we all know what happens when you assume, right?

Simply put, encryption is how the content of a message between two or more trusted parties is hidden from untrusted or unintended recipients of that message.

In the early days of the Internet, there were no widely used methods to encrypt information sent over public or private networks. As a result, any individual with basic skills could intercept and read content as it was sent over a network to which they had access. For the Internet to grow into a digital marketplace, it was critical to secure sensitive data as it was in transit. To accomplish that goal, engineers at Netscape created the SSL protocol to encrypt content as it passed from webserver to web browser. SSL has since been replaced by TLS, but the underlying mechanics remain the same.

1. A web browser extracts the public key from a website’s certificate
2. The browser generates itself a new key, uses the website’s public key to encrypt it, and sends the new key to the website’s server
3. The server then decrypts the key using its own private key and uses that new key to encrypt all information exchanged between the web browser and website

The exchanged cipher keys are how text can be encrypted and then translated back to the original text. Whether data is at rest or in transit, encryption of that data still relies on cipher keys to encrypt and decrypt that data. Thus, encrypted data is only as secure as the keys used to encrypt that data.

In the modern cloud era, it’s safe to say that most data is encrypted as it’s transmitted and stored. The important question to ask is who has access to the keys used to encrypt that data. This is particularly important as more and more organizations move their data to Cloud Service Providers (CSP). It’s a given that nearly every CSP will encrypt your data, but how will they secure the keys used to encrypt that data? Do they support BYOK (bring your own key) options? If so, do you have the in-house expertise and infrastructure to deal with the added responsibility of managing your own encryption keys?

These are but a few questions that any organization should consider when moving data to CSPs. However, it’s important that business owners and decision-makers first understand the basics of the underlying technology used to secure their data before evaluating the answers to those questions.

Interested in learning more? CONTACT US TODAY!

As you navigate everyday life, have you taken a moment to stop and think of how many things are automated. Almost every stoplight you pull up to has a sensor that ensures that the system controlling the traffic light knows you are there and then plans to change the sequence of red and green lights accordingly. More and more people have thermostats that are connected to the Internet that learn the behavior of the inhabitants and create a custom schedule to use as little energy as needed daily but keep the environment to their liking. Toll booths are becoming a thing of the past as cameras and RFID chips are being used to collect fees that were collected by humans in the past.

Over the last three years, we have been looking for ways to automate tasks as well.  Why would we want our valued customers to have to wait any longer than needed to get an issue or task resolved? As we provide a varying array of services for different customers, we needed to make sure that we built a foundation that could scale across all the services. The foundational piece needed to be user friendly to the customer while being able to integrate with the enterprise-class solutions that we utilize to deliver NextGen managed services. After a long analysis of the options, ServiceNow was chosen as the foundational piece of the platform. As each customer is brought onto the platform, we work to understand their business and where automation of common IT tasks will provide a reduction of time to resolution and a more consistent outcome.

As an example, resetting passwords is usually a high-volume type task for most organizations. Historically the user would need to open a request with the helpdesk and then wait for someone to get back to them with a temporary password. With automation, the user can reset their password on their own within a minute after logging into the Thrive customer portal. As Thrive continues to build out more automation, Office 365 licensing and management, tasks will be incorporated into the customer portal.  For instance, creating a new user may happen by filling out a form. Once submitted, the accounts and licenses will automatically be created and assigned to that user.

Interested in learning more? CONTACT US TODAY!

On July 29^th, it will be 5 years since the release of Windows 10.  Seems like just yesterday that Microsoft released their bundle of joy into the marketplace.  They grow up so fast, don’t they?  Well, yes and no.  After all, the current version of Windows 10 is only 1 month old.  Confused?    If so, you’re not alone.  Most of us grew up with the familiar 2-3-year cadence of Windows releases.  Windows 95 in 1995, Windows 98 in 1998, Windows ME in 2000, Windows XP in 2001, etc. (and my sincere apologies for mentioning Windows ME for those of you old enough to remember).

So, how is Windows 10 both 5 years old and 1 month old and why hasn’t Windows 11 come out yet?  Windows-as-a-Service is the answer to both questions.  This agile approach to Operating System development eschews “new” Operating Systems in favor of feature updates to Windows 10.  Think of iOS for the iPhone.  Apple doesn’t release newly branded iOS’s every couple of years.  They are constantly releasing new versions of iOS with new features and enhancements every few months.

The Windows-as-a-Service roadmap consists of feature updates twice a year, one in the Spring and one in the Fall. Each update has a version number that corresponds to the year and month of intended release (e.g., version 2004 was intended to be released in April of 2020). These feature updates are essentially new free versions of Windows 10.   Who doesn’t like getting new things for free?  Well, there’s always a catch.  Actually, quite a few catches.

First and foremost, Microsoft has drastically reduced the amount of time in which it will support a particular OS.  While Windows 7 was supported by Microsoft for just under 10 years, Windows 10 will only be supported for 18-30 months depending on the version and feature update (see Figure 1).

So, who cares if a feature update is no longer supported, right?  After all, I know a guy that still uses Windows XP on their home PC, and it works just fine.  OK, so here’s the most important takeaway; once a feature update reaches end of support, Microsoft no longer releases security patches for it.  For that reason alone, it is critically important to keep Windows 10 current.

Many organizations believe these concerns don’t apply to them because they utilize a patch management solution.  But here’s the second catch, a feature update isn’t a patch.  It’s technically a brand-new Operating System and when deployed you are essentially reinstalling the entire Operating System.  For this reason, it is important to take a methodical approach to feature update rollouts by first targeting test workstations and then increasing the deployment volume in phases.  This approach can be further streamlined by leveraging Thrives advanced tools to automate and schedule deployments.

In many ways, Windows-as-a-Service can be challenging and difficult to understand.  However, a trusted partner like Thrive can offer a simplified solution allowing you to focus on your business instead of your Operating System lifecycles.

Interested in learning more? CONTACT US TODAY!

As the world tries to navigate the new challenges presented with COVID-19, many businesses shift their operations to remote work. The migration of workloads and data from the office to home has presented new territory for many financial institutions. It’s critical at this time to be aware of where your data is, what new threats it is being exposed to, and how to move forward once this crisis begins to settle.

In the second blog of this series, we discussed how Access Reviews in Azure Active Directory (Azure AD) provides a guided review of a group of Microsoft 365 users to help determine if their continued access to tenant resources is required. The third and final tool designed to control and audit access to company resources is Privileged Identity Management (PIM). PIM works synergistically with the other tools to help keep a watchful eye on the collaboration space without impeding productivity.

In Part 3, we’ll discuss PIM in detail. This tool is designed to provide just-in-time escalation of permissions to ensure higher permission levels are only available when needed and can be applied with governance in mind.

Privileged Identity Management

Setting up Privileged Identity Management

PIM is designed to support a “least privileged” model by making granular roles available to users requiring elevated functionality. In addition, users with continuous excessive access are vulnerable in the event their account is compromised, so when not-needed users’ accounts have no extraneous permissions. When needed, a user simply requests elevation into a specific role that has been made available to them. Depending on configuration, the assignment is either automatic or requires approval and/or justification.

The first step in configuring PIM is selecting which roles should be available under which circumstances. This configuration is found under Identity Governance, in the Manage section, by selecting Roles. The Roles screen presents a large list of Roles along with a Description of the Role’s intended usage. The screen will also display how many users are currently Active in a Role and how many users are eligible to be activated in the role.

For example, suppose you want to allow an Administrative Assistant to occasionally reset passwords without involving a tenant Global Administrator. To set this up, click on the Helpdesk Administrator Role in the list, or use the search to filter the list. Selecting this Role will list all current assignments for that Role, including Eligible, Active, and Expired. Pressing the “Add assignments” button will begin the process.

The first screen will show you the Role you have selected, with a link to select member(s) to assign to the role. Pressing the hyperlink under the Select member(s) will bring you to a search for all users within your tenant.

Select the user and press the Select button to add them to the list of members eligible for the Role. Selecting Next navigates to the Settings section, where you determine the Assignment type and durations. Leaving the type Eligible will require the user to request elevation when needed, which is the intention in this case. If you want the assignment to be limited in duration, such as covering an employee who is on leave or vacation, you can set dates for the start and end of the assignment by un-checking Permanently eligible and select dates. Selecting Assign will move that assignment into the Eligible list.

Additional settings can be applied to the Role by selecting the Settings button at the top of the Assignments screen for the Role.

From this screen, there are many configuration options to allow for more granular control of how the escalation process is executed, including approval and notification options. 

The first section covers the Activation process itself. Here you can set a maximum duration for the escalation, require Azure MFA, justification, ticket information, or even approval. If requiring approval, you can select who provides the approval from this screen as well.

The next section covers Assignment, where you can decide if permanent Eligible assignments are allowed, permanent Active assignments, and whether justification and/or MFA is required for Active assignments.

The final section provides rich configuration for Notifications to be sent regarding this process. Notifications can be enabled for when members are assigned eligible to the role, when they are assigned as Active to the role, and when eligible members activate the role. This last alert would trigger when escalation has occurred. Each section of notification includes three options: Role activation, Notification to requestor, and request for approval. All of these options are enabled by default, with default recipients being Admin, Requestor/assignee, and Approver. Additional recipients can be added for most notifications.

Requesting Elevation

Once a role is configured to be available, a user can request escalation by going to Azure AD, navigating to the Identity Governance screen, and selecting “Activate Just In Time”. There, they will see all Roles for which they are eligible, and have the opportunity to request being assigned to that role. Pressing Activate will start the process to be added to the role.

Depending on configuration there may be approval and / or justification needed for the assignment to be completed. They can also set a Duration, up to the configured maximum, for how long the assignment should be in effect. 

Once completed, they will be in the Active roles section until the duration has been met, or they manually Deactivate the assignment.

Summary

Privileged Identity Management in Azure AD Identity Governance provides just-in-time elevation to targeted roles, helping to protect users’ accounts during normal usage, but providing an easy, governed method of escalating privileges when needed. As with the other facets of Identity Governance, PIM provides a healthy balance of productivity and security within the Microsoft 365 platform.

Need a refresher?

Revisit Part 1 and Part 2 of this blog series.

CHALLENGE

Shawe Rosenthal, a Baltimore-based labor and employment law firm, was looking to update its IT architecture. The firm wanted more efficiency, security and flexibility, which their aging on-premise systems were unable provide. Meanwhile, their existing managed services provider (MSP) was resource constrained and didn’t have the capability set to move the client towards digital transformation. Shawe Rosenthal recognized that they needed a new, trusted partner to help modernize their IT infrastructure in order to accomplish their goal.

SOLUTION

After completing a thorough assessment of the firm’s needs, Thrive’s engineering team determined Shawe Rosenthal’s IT support structure required better redundancy, higher levels of security and the ability to provide the firm’s partners with seamless remote work access. Thrive approached this challenge with a complete overhaul of the firm’s systems and migration to a fully-customized Hybrid Cloud solution. During the process, Thrive consolidated the existing servers and moved Shawe Rosenthal into a modern Cloud Desktop as a Service (DaaS) platform that not only directly addressed the firm’s needs, but also added the benefits of scalable storage and a comprehensive disaster recovery solution.

RESULT

Shawe Rosenthal is now leveraging ThriveCloud, Thrive’s best-in-class VMware, Cloud Service, housed in a world-class SOC2 Type II-certified data center. In addition to boosting the stability and security of the firm’s IT Infrastructure, their partners now have access to their applications and data from anywhere, anytime and from any device. The robust Cloud solution also reduced capital spending by consolidating servers, resulting in a smaller footprint of on-premise devices and adding an additional level of resiliency.

Thrive now provides 24×7 monitoring, management and support of the Cloud solution – providing the firm with peace of mind that their mission critical legal applications will always available.

“Thrive delivered and continues to deliver the right technology and support to meet our goals and exceed our expectations. We hit a home run by selecting this team to lead and direct our Technology.” ~ Lisa A. Mangus, Administrator

How can Thrive help your business?

Thrive is a leading provider of outsourced IT Infrastructure designed to drive successful business outcomes with our talented engineering teams and suite of Cloud-First, NextGen Managed Services.

To learn more about our services, CONTACT US