CHALLENGE
SEC and FINRA standards require financial institutions to adhere to stringent data storage guidelines. Annually, the Financial Firm undergoes an internal infrastructure audit to ensure that its solutions are compliant with strict federal mandates. If new products or services are added to the Financial Firm’s compliance roadmap, it must fall within its IT budget.
SOLUTION
Over many years, Thrive’s Financial Services division has worked closely with the Financial Firm’s IT & Communications Manager to produce comprehensive technical business plans. With awareness of the Financial Firm’s planned IT expenditure, these plans offer recommendations based on new compliance regulations and the demand of the client’s workload. Thrive’s Financial Services team provides solutions that meet compliance goals focused on maximizing high availability, security and performance. From the implementation of advanced Active Directory auditing capabilities with Thrive’s SIEM as a Service solution, the Financial Firm and Thrive have enabled the Financial Firm to work efficiently and securely within FINRA and SEC guidelines.
RESULT
The integration of Thrive’s solutions in the Financial Firm’s infrastructure has optimized the business’ day to day operations to become more productive, efficient and secure. With the comprehensive understanding of the Financial Firm’s architecture as well as data governance regulations, Thrive’s Financial Services team has been able to provide forward-looking consultations, Cloud-based network and Cybersecurity management, and conscientious help desk support.
Financial Services
As the leading Managed IT Service Provider for financial firms, Thrive understands the liability that financial firms face daily. With increasingly rigorous standards set by the SEC, cybersecurity compliance can be difficult to navigate. The SEC’s Office of Compliance Inspections and Examinations (OCIE) Cybersecurity Examination Initiative is a stringent exam designed to test specific areas of cybersecurity within your firm.
At Thrive, we are IT experts with decades of experience managing security for the enterprise. We specialize in protecting the internet infrastructure, applications and Cloud platforms that power your business.
How can Thrive help your business?
Thrive is a leading provider of outsourced IT Infrastructure designed to drive successful business outcomes with our talented engineering teams and suite of Cloud-First, NextGen Managed Services.
To learn more about our services, CONTACT US
World Class Fertility Treatment Center Selects an IT Partner with Healthcare Expertise to Transform Their Outdated Technology into a Cloud First State-of-the-Art Infrastructure. Download Now
CHALLENGE
The Fertility Treatment Center is one of the largest providers of advanced fertility treatments in the United States. Their existing Hosted Citrix solution and existing Hosting Provider were not meeting the desired goals for performance, reliability and feature set that their business applications required. The Fertility Clinic’s management team wanted an experienced NextGen managed services partner with Healthcare expertise to guide in this transformation project. It was also critical to meet their budget and provide a true 24×7 support as an extension of their small internal IT team.
SOLUTION
Thrive’s solution to address their aggressive business growth goals and desire for a modern, scalable technology infrastructure, was an Azure Cloud compute environment delivering virtualized desktops and applications to all the Treatment Center’s locations. Thrive’s team setup and configured Azure Live scale features which ensured that the compute environment was right-sized for real-time demand’s and not over-provisioned, keeping costs within budget. The solution included comprehensive security and met all healthcare compliance requirements. To help manage it all, the Fertility Clinic’s internal IT team utilized Thrive’s Cloud-based client portal, powered by ServiceNow, to improve the user experience by delivering faster resolution, a real-time view of their application performance and a better route for technology support requests from their end users.
RESULT
Thrive’s NextGen Cloud solution has positioned the Fertility Clinic for scalable growth with a user-friendly interface that addresses all the pain points the clinic had experienced with its previous MSP. The high-performance solution has seamless integration with Office 365, resulting in increased productivity and improved user experience for their entire team. If issues ever arise, Thrive’s 24×7 support is accessed quickly through the ServiceNow portal.
How can Thrive help your business?
Thrive is a leading provider of outsourced IT Infrastructure designed to drive successful business outcomes with our talented engineering teams and suite of Cloud-First, NextGen Managed Services.
To learn more about our services, CONTACT US
Operating Systems & Patch Management — Windows-as-a-ServiceOn July 29th, it will be 5 years since the release of Windows 10. Seems like just yesterday that Microsoft released their bundle of joy into the marketplace. They grow up so fast, don’t they? Well, yes and no. After all, the current version of Windows 10 is only 1 month old. Confused? If so, you’re not alone. Most of us grew up with the familiar 2-3-year cadence of Windows releases. Windows 95 in 1995, Windows 98 in 1998, Windows ME in 2000, Windows XP in 2001, etc. (and my sincere apologies for mentioning Windows ME for those of you old enough to remember).
So, how is Windows 10 both 5 years old and 1 month old and why hasn’t Windows 11 come out yet? Windows-as-a-Service is the answer to both questions. This agile approach to Operating System development eschews “new” Operating Systems in favor of feature updates to Windows 10. Think of iOS for the iPhone. Apple doesn’t release newly branded iOS’s every couple of years. They are constantly releasing new versions of iOS with new features and enhancements every few months.
The Windows-as-a-Service roadmap consists of feature updates twice a year, one in the Spring and one in the Fall. Each update has a version number that corresponds to the year and month of intended release (e.g., version 2004 was intended to be released in April of 2020). These feature updates are essentially new free versions of Windows 10. Who doesn’t like getting new things for free? Well, there’s always a catch. Actually, quite a few catches.
First and foremost, Microsoft has drastically reduced the amount of time in which it will support a particular OS. While Windows 7 was supported by Microsoft for just under 10 years, Windows 10 will only be supported for 18-30 months depending on the version and feature update (see Figure 1).
So, who cares if a feature update is no longer supported, right? After all, I know a guy that still uses Windows XP on their home PC, and it works just fine. OK, so here’s the most important takeaway; once a feature update reaches end of support, Microsoft no longer releases security patches for it. For that reason alone, it is critically important to keep Windows 10 current.
Many organizations believe these concerns don’t apply to them because they utilize a patch management solution. But here’s the second catch, a feature update isn’t a patch. It’s technically a brand-new Operating System and when deployed you are essentially reinstalling the entire Operating System. For this reason, it is important to take a methodical approach to feature update rollouts by first targeting test workstations and then increasing the deployment volume in phases. This approach can be further streamlined by leveraging Thrives advanced tools to automate and schedule deployments.
In many ways, Windows-as-a-Service can be challenging and difficult to understand. However, a trusted partner like Thrive can offer a simplified solution allowing you to focus on your business instead of your Operating System lifecycles.
Interested in learning more? CONTACT US TODAY!
New Jersey Banker – Financial Firms and COVID-19: Where We Are and How We Move ForwardAs the world tries to navigate the new challenges presented with COVID-19, many businesses shift their operations to remote work. The migration of workloads and data from the office to home has presented new territory for many financial institutions. It’s critical at this time to be aware of where your data is, what new threats it is being exposed to, and how to move forward once this crisis begins to settle.
Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 3In the second blog of this series, we discussed how Access Reviews in Azure Active Directory (Azure AD) provides a guided review of a group of Microsoft 365 users to help determine if their continued access to tenant resources is required. The third and final tool designed to control and audit access to company resources is Privileged Identity Management (PIM). PIM works synergistically with the other tools to help keep a watchful eye on the collaboration space without impeding productivity.
In Part 3, we’ll discuss PIM in detail. This tool is designed to provide just-in-time escalation of permissions to ensure higher permission levels are only available when needed and can be applied with governance in mind.
Privileged Identity Management
Setting up Privileged Identity Management
PIM is designed to support a “least privileged” model by making granular roles available to users requiring elevated functionality. In addition, users with continuous excessive access are vulnerable in the event their account is compromised, so when not-needed users’ accounts have no extraneous permissions. When needed, a user simply requests elevation into a specific role that has been made available to them. Depending on configuration, the assignment is either automatic or requires approval and/or justification.
The first step in configuring PIM is selecting which roles should be available under which circumstances. This configuration is found under Identity Governance, in the Manage section, by selecting Roles. The Roles screen presents a large list of Roles along with a Description of the Role’s intended usage. The screen will also display how many users are currently Active in a Role and how many users are eligible to be activated in the role.
For example, suppose you want to allow an Administrative Assistant to occasionally reset passwords without involving a tenant Global Administrator. To set this up, click on the Helpdesk Administrator Role in the list, or use the search to filter the list. Selecting this Role will list all current assignments for that Role, including Eligible, Active, and Expired. Pressing the “Add assignments” button will begin the process.
The first screen will show you the Role you have selected, with a link to select member(s) to assign to the role. Pressing the hyperlink under the Select member(s) will bring you to a search for all users within your tenant.
Select the user and press the Select button to add them to the list of members eligible for the Role. Selecting Next navigates to the Settings section, where you determine the Assignment type and durations. Leaving the type Eligible will require the user to request elevation when needed, which is the intention in this case. If you want the assignment to be limited in duration, such as covering an employee who is on leave or vacation, you can set dates for the start and end of the assignment by un-checking Permanently eligible and select dates. Selecting Assign will move that assignment into the Eligible list.
Additional settings can be applied to the Role by selecting the Settings button at the top of the Assignments screen for the Role.
From this screen, there are many configuration options to allow for more granular control of how the escalation process is executed, including approval and notification options.
The first section covers the Activation process itself. Here you can set a maximum duration for the escalation, require Azure MFA, justification, ticket information, or even approval. If requiring approval, you can select who provides the approval from this screen as well.
The next section covers Assignment, where you can decide if permanent Eligible assignments are allowed, permanent Active assignments, and whether justification and/or MFA is required for Active assignments.
The final section provides rich configuration for Notifications to be sent regarding this process. Notifications can be enabled for when members are assigned eligible to the role, when they are assigned as Active to the role, and when eligible members activate the role. This last alert would trigger when escalation has occurred. Each section of notification includes three options: Role activation, Notification to requestor, and request for approval. All of these options are enabled by default, with default recipients being Admin, Requestor/assignee, and Approver. Additional recipients can be added for most notifications.
Requesting Elevation
Once a role is configured to be available, a user can request escalation by going to Azure AD, navigating to the Identity Governance screen, and selecting “Activate Just In Time”. There, they will see all Roles for which they are eligible, and have the opportunity to request being assigned to that role. Pressing Activate will start the process to be added to the role.
Depending on configuration there may be approval and / or justification needed for the assignment to be completed. They can also set a Duration, up to the configured maximum, for how long the assignment should be in effect.
Once completed, they will be in the Active roles section until the duration has been met, or they manually Deactivate the assignment.
Summary
Privileged Identity Management in Azure AD Identity Governance provides just-in-time elevation to targeted roles, helping to protect users’ accounts during normal usage, but providing an easy, governed method of escalating privileges when needed. As with the other facets of Identity Governance, PIM provides a healthy balance of productivity and security within the Microsoft 365 platform.
Need a refresher?
Revisit Part 1 and Part 2 of this blog series.
Legal Firm Leverages Thrive’s Robust Cloud Platform to Optimize Application Delivery, Increase End User Productivity and Lower Capital Expenditures. Download Now
CHALLENGE
Shawe Rosenthal, a Baltimore-based labor and employment law firm, was looking to update its IT architecture. The firm wanted more efficiency, security and flexibility, which their aging on-premise systems were unable provide. Meanwhile, their existing managed services provider (MSP) was resource constrained and didn’t have the capability set to move the client towards digital transformation. Shawe Rosenthal recognized that they needed a new, trusted partner to help modernize their IT infrastructure in order to accomplish their goal.
SOLUTION
After completing a thorough assessment of the firm’s needs, Thrive’s engineering team determined Shawe Rosenthal’s IT support structure required better redundancy, higher levels of security and the ability to provide the firm’s partners with seamless remote work access. Thrive approached this challenge with a complete overhaul of the firm’s systems and migration to a fully-customized Hybrid Cloud solution. During the process, Thrive consolidated the existing servers and moved Shawe Rosenthal into a modern Cloud Desktop as a Service (DaaS) platform that not only directly addressed the firm’s needs, but also added the benefits of scalable storage and a comprehensive disaster recovery solution.
RESULT
Shawe Rosenthal is now leveraging ThriveCloud, Thrive’s best-in-class VMware, Cloud Service, housed in a world-class SOC2 Type II-certified data center. In addition to boosting the stability and security of the firm’s IT Infrastructure, their partners now have access to their applications and data from anywhere, anytime and from any device. The robust Cloud solution also reduced capital spending by consolidating servers, resulting in a smaller footprint of on-premise devices and adding an additional level of resiliency.
Thrive now provides 24×7 monitoring, management and support of the Cloud solution – providing the firm with peace of mind that their mission critical legal applications will always available.
“Thrive delivered and continues to deliver the right technology and support to meet our goals and exceed our expectations. We hit a home run by selecting this team to lead and direct our Technology.” ~ Lisa A. Mangus, Administrator
How can Thrive help your business?
Thrive is a leading provider of outsourced IT Infrastructure designed to drive successful business outcomes with our talented engineering teams and suite of Cloud-First, NextGen Managed Services.
To learn more about our services, CONTACT US
Endpoint Security and Response Power Apps vs. SharePoint Framework for FormsOverview
As the capabilities in the Microsoft Power Platform have matured over the last couple of years, Thrive has spent considerable time delivering business process automation solutions using the tools in the platform. With Power Apps, Power Automate, and Power BI, the platform allows us to accelerate the digital transformation process for our customers using the low-code capabilities in the platform. However, when requirements get complicated, a better approach may be to build your form using the SharePoint Framework (SPFx). This is especially true if you are dealing with large amounts of data, fast load time of the form is critical, or the UI requirements are complicated. Using SPFx does require development experience, but with the right skills, you can quickly build out custom forms that can provide a better solution.
The table below provides a detailed comparison of building your form in Power Apps versus using the SharePoint framework. We have also provided a summary of our findings at the end of this post.
Detailed Comparison
| Power Apps | SharePoint Framework | |
List Thresholds |
Currently, when a list has threshold problems, there is no way to easily work around them in Power Apps. The Power Apps will immediately break if already published and will not allow you to publish or save it. All submissions will break. | Structuring the data or applying filters makes it easy to work around List Thresholds and retain functionality. |
Performance |
Even with small-scale forms and applications, the load times for Power Apps can be relatively lengthy. | Performance is exponentially better than Power Apps. Small or large applications will load quickly and navigation in large applications is also extremely fast. |
Simple Forms/Applications |
For forms that we just want to add a couple of easy conditionals, set up some formatting or styling, and so forth, Power Apps is probably the way to go. It requires little to no development knowledge and allows for further customizations by Power users. | For simple forms or applications, we may want to stray away from an SPFx solution. The development overhead and time spent would most likely outweigh the benefits. |
Large Forms/Applications |
Power Apps can get very bogged down by large applications that contain paged navigation, a lot of conditions, several lookups, etc. Maintaining connections between pages, altering conditions, implementing validation, etc. becomes very difficult. | Large forms and applications can be constructed to be exactly what meets the needs of the business. Inline field validation, paged navigation, conditions, etc. can all be implemented with ease. Performance is also fantastic in any SPFx application. |
Dev, Test, Prod |
Power Apps becomes tricky if you want to try to have a development stream. If you have a Power App that is integrated with a SharePoint list or library, it cannot be exported or migrated anywhere else. You would need to continuously rebuild the app from scratch and reconnect all data connections for this work. Canvas apps do allow for exports, but the amount of configuration required for each installation can be painstaking. | Seeing as SPFx solutions are packages, they can be deployed at a tenant wide level or per site collection. This means you can easily spin up a development, test, and prod site collection and have a development stream that can publish updates to any one of these environments with ease without affecting anything you don’t want. Pipelines can be established to further simplify the development stream. |
Migration |
As stated in the previous point, migration can be very difficult or even impossible with Power Apps. | Given the nature of SPFx solutions, migrations can happen with little to no effort moving between site collections, environment, and tenants. |
Validation/Conditionals |
Conditional and validation logic is certainly possible in Power Apps, but only to an extent. Certain fields do not have the innate ability to filter out things such as special characters and implementing logic to do so is tricky. In some cases, the logic may not even have the ability to be implemented. Conditionals are also implementable, but take time and can be very reliant on form loading factors. Rules were removed so there is no central location to manage all of your logic. | Literally any form of conditional or validation is possible in SPFx. Real-time/async validation is implementable. Regex, string validation, number validation, etc. is all easily implementable and scalable. Conditional logic can easily hot-swap visible components to the user. |
Data Connections |
While data connections to other applications in Office 365 are easy enough to set up, they cause some unintended side effects that may result in an undesirable user interface. For example, if you wanted to pre-populate a Manager field in Power Apps, you can do this by adding the Office 365 Users data connection. However, when you add this data connection, it will prompt the user to allow access to this when they load the Power App. This will occur each time they load it if their cache has been cleared and in other instances as well. | While data connections require a bit more set up in SPFx, they can be tailored to do exactly what you need them to do. The sign-in prompt that was mentioned in the Power Apps version of this functionality is no longer an issue. Data connections will migrate with the application should you decide to move it. By default, connections to Teams, Graph, SharePoint, and more are relatively preconfigured for you when creating an application in SPFx. |
Redirects |
Currently, redirecting applications on submission is not possible from Power Apps. This can cause a lot of headaches, particularly in SharePoint integrated Power Apps. | Redirects are completely possible in all manners within SPFx. |
SQL Connections |
Connections to SQL databases are available from in Power Apps. Depending on what needs to be done with them, you may or may not want to use SPFx (driven by the complexity of the app). | SQL connections are also easily implementable in SPFx. They can integrate with non-standard SQL connections such as Azure Cosmos DB, AWS, Firebase, NoSQL DBs, etc. |
Customizations |
Depending on what needs to be customized, you may or may not be able to complete the task in Power Apps. While they give you a wide range of customization options in Power Apps, you will still encounter some limitations in terms of styling, sizing, resolution, etc. | There are essentially no limits to the customizations you can do in SPFx. |
Responsiveness |
While Power Apps can and will work across platforms, it still has a wide range of issues with responsiveness across browser sides. One area of note is when using People Pickers, Date Picks, and Multiple-Choice fields. These components will often be inoperable on smaller devices. In addition, embedded Power Apps will often have scrolling issues where a user cannot scroll to the very bottom of the app on smaller devices. This is currently a known issue. | SPFx applications can be made to be 100% responsive across devices. In addition, SPFx grants the ability to design per device or screen size. For example, you could create a design for phones, a design for tablets, and a design for PCs all in one application. |
Data Load |
Data loading can be tricky in Power Apps. If you are trying to execute actions based on pre-loaded data, there is not much in terms of something asynchronous that will await the response. Many different issues can come up in things like conditions based on pre-loaded information as the information is not ready to be consumed. | Data loading is no issue. Async/Await functionality is easily implementable to ensure that you have the information you need when you need it. |
Summary
Use Power Apps if…
- You do not require storing more than 5,000 records
- The speed of the forms is not a significant consideration
- Your forms are relatively basic, without complex repeating sections or business logic
- You do not need to promote the forms through Development, Test, and Production environments
- You do not have complex conditional or validation logic
- Your forms do not need to redirect to a custom location upon completion
- Responsive design across numerous browser configurations is not critical
- You have power users who can maintain and modify basic forms and functionality
Use SharePoint Framework if…
- You need to store larger amounts of data
- Fast form load and navigation time is critical
- There is complex logic and/or UI design involved
- You need to support a full Software Development Lifecycle or migrate the form to various locations
- You want complete control over the responsive design to support various browser configurations
- Having seamless integration into Teams and/or SharePoint is important
With many of us working from home during COVID-19, one unexpected benefit remote workers may be experiencing is better performance and faster response times to the business applications that are used daily to perform our jobs, such as email in Office 365 or GSuite, Salesforce, Dropbox and many other cloud-based applications. This improved performance may be a result of not traversing across a corporate network to get access to the internet to reach these cloud-based applications. You may have a more direct path to these applications from home than you have from your office, especially if you work at a remote branch office that is tied to a corporate network.
This unprecedented event has proven that the internet is clearly capable of providing enterprise level networking. Surely, each of us has experienced the occasional fuzzy video or audio drop, but by and large, the internet has held up well with the big spikes in network traffic since stay at home orders were put in place.
As organizations will look to cut costs with reduced budgets, Software Defined Wide Area Networking (SD-WAN) provides an opportunity to lower network costs while improving application and network performance for the branch offices to cloud-based applications you’re accessing from home today. SD-WAN enables you to augment or replace your traditional legacy WAN services with lower cost broadband internet services for direct access to cloud-based applications and ensures that performance is not sacrificed in doing so.
Security must still be a key consideration when implementing a SD-WAN solution as enabling direct internet access at branch offices opens the network to more entry points for potential threats. Combining network security and SD-WAN onto a single platform provides the ability to gain improved remote branch application performance while ensuring your critical assets and data are protected from outside threats. A combined Secure SD-WAN platform also reduces equipment costs and management complexity. Organizations with legacy MPLS network infrastructure should take a hard look at the performance and cost benefits a secure SD-WAN solution can provide as more and more applications move to the cloud and out of the corporate data center.
To learn more about Managed Secure SD-WAN, CONTACT US TODAY!
Boston Buisness Journal – Here are all this year’s Fast 50 companies