August 24, 2012By Reed M. Wiedower
One of the most anticipated features of the latest version of Windows Intune has been the robust mobile device management. Administrators can finally gain complete control over the mobile devices that are consuming services with very little effort. Enabling this functionality is a simple process that breaks down into three areas, taking less than 30 minutes from start to finish:
1. Obtaining a server with in the same network as your local Exchange client access servers.
2. Provisioning a user account and assigning the necessary permissions via a PowerShell script to manage the process.
3. Installing the Exchange connector on the server and performing a sync.
I’ll walk through the process step by step. The server that’s running the Exchange connector needs to be 64-bit, either Windows Server 2008 R2 or Server 2008, with fairly minimal hardware requirements. In this example we used a small virtual machine running Windows Server 2008 R2. The necessary ports that traffic will traverse are all over port 80 and 443, so you’ll likely not need to make any firewall tweaks to enable functionality. You’ll need to log into the Windows Intune console, browse to the “Mobile Device Management” portion of the Administration subconsole, and then select “Exchange Connector Download”. Once there, you’ll download a zip file to the server and expand it.
Next, now that you’ve identified the server to be used, and downloaded the software, you will need to setup an Active Directory account to run the service. After you’ve created the account, you’ll need to setup a series of permissions for the account which at first glance appear to be onerous. Fortunately, our friends at Microsoft have distilled all the commands into a PowerShell script that takes a few seconds to run from an account with permissions. The only tweak we’ve seen is that the final command in the script doesn’t override the built-in restrictions for adding members to groups, so you may need to run the final command yourself such as this:
add-rolegroupmember -identity WindowsIntuneExchangeConnectorGroupRole -member XXXX -BypassSecurityGroupManagerCheck
Barring that change to the script, it works quite well. Be sure to add the account into the local admins group of the server itself.
Once you’ve provisioned the proper permissions, you’re in a good position to run the installer. Login to the server as the service account you setup, and browse to the installer you expanded previously. Run the executable, which will merely ask for a local client access Exchange server. Unfortunately, the Exchange connector doesn’t work with client access arrays, so you’ll need to select a specific Exchange server, and ensure that should that server be removed from the array for maintenance for a lengthy period of time, that you will lose functionality. The installer will warn you if you try to connect to an array:
Once you’ve selected the CAS server, the installer takes less than a minute to complete, and you’ll see the following screen upon completion:
Intune will immediately begin to synchronize information from your existing ActiveSync clients up into the cloud service. To verify that the sync is properly working, you’ll need to login to the Intune console and expand the “Groups” section, which will let you drill down into the mobile devices currently in use in your organization, ranked by operating system. You can easily customize the “Mobile Devices” group to include mobile devices by simply selecting to edit the group and choosing to select devices that are mobile and from the parent group.
Once you’ve added in this functionality, it will let you begin to upload software to your portal that can then be consumed by alternate OS devices such as Android or iOS. In addition, you can begin to setup ActiveSync policies to granularly control whether devices can access the corporate network. Intune will even allow you to temporarily quarantine mobile devices so that they can be individually approved for access, or to block specific makes and models of devices so that known insecure platforms can be prevented from accessing the network.
Although the process is short, there are a wealth of new opportunities for organizations looking to more heavily leverage mobile devices while retaining a strong, secure network for use by all. Give New Signature a call today to let us show you how Windows Intune and mobile devices can be a perfect match.
August 20, 2012By Craig Zingerline
New Signature is proud to announce the open-sourcing of the work we did last year for the U.S. National Archives and Records Administration (NARA) on their Crowdsource Transcription project. The original site can be seen at http://transcribe.archives.gov and the core functionality behind the transcription engine has now been made publicly available, for free. Full details and downloadable modules are up on Drupal.org.
As mentioned in this post, New Signature teamed up with Viderity to provide strategic consulting, design and implementation of the system and we are happy to report that the pilot was a big success leading NARA to make it an open source initiative that other organizations can use for their transcription needs.
Interested in more information about New Signature, or have a Drupal project you need help with? If so, contact us now.
David Geevaratne, President of New Signature, On Stage With Jeff Turner From Microsoft At XChange 2012By New Signature
IT solution providers are wrestling with the best way to add cloud computing to their areas of expertise, and Microsoft offered attendees at UBM Channel’s XChange 2012 conference in Dallas some advice on how to make the transition. Jeff Turner, Microsoft’s Director of U.S. SMB Channel Marketing provided a keynote address Sunday where he said, “It’s no longer about selling IT value. It’s about selling business value.”
Turner also brought to the stage David Geevaratne, President of New Signature, a Washington D.C. Microsoft solution provider. New Signature has been recognized by Microsoft as the model for a successful cloud computing channel partner. David attributed New Signature’s success to Microsoft’s Cloud Champions program, through which he said Microsoft has “invested” in his company and its work with Office 365, Windows Intune, Dynamics CRM Online and Azure.
August 15, 2012
Attend The Microsoft Cloud OS Signature Event Series: Introducing Windows Server 2012, Visual Studio 2012, and Windows AzureBy New Signature
We at New Signature would like to invite you to an exclusive, free, one-day event that will help take your career to the next level. There are tracks for the IT Executive, IT Professional and Developer.
The Cloud OS Signature Event Series will give you the opportunity to engage with the Redmond product team experts and check out all the exciting products Microsoft is launching. Get hands-on with the new technology, and learn how to manage and build your modern data center with the Microsoft Cloud OS platform: Windows Server 2012, Windows Azure, Visual Studio 2012 and System Center 2012
Here’s some of what you can expect:
- Learn how Windows Server 2012 delivers agility and innovation from anywhere, all thanks to the Cloud OS
- Discover how Windows Azure and System Center 2012 excel at connecting data and services no matter where you go
- Get to know Visual Studio 2012, and see how our comprehensive family of products can take apps into the next generation
This event is a great opportunity to get a lot of information quickly. Register for The Cloud OS Signature Event Series today.
Attend The Cloud OS Signature Event Series near you.
- September 5: New York City
- September 14: Atlanta area
- September 18: Dallas
- September 19: Minneapolis
- September 19: Houston
- September 20: Irvine
- September 20: Boston area
- September 20: Chicago
- September 25: D.C. area
- September 25: Columbus
- September 27: Detroit
- September 27: Seattle
- September 27: Charlotte
- October 10: Denver
- October 11: San Francisco
- October 11: Philadelphia area
August 14, 2012
Register For The “Creating New Opportunities with Microsoft CRM Online and Microsoft Office 365″ Live Webcast Hosted By Microsoft With Guest Presenter Christopher HertzBy New Signature
Register for the live webcast hosted by Microsoft on Thursday, August 30, 2012 from 1:00:00 PM EDT – 2:00:00 PM EDT for an update on what’s changed and what’s new with Microsoft CRM Online from a product roadmap standpoint. In addition, guest presenter, Christopher Hertz, of New Signature will present how to create new opportunities and share his approach to solution selling using CRM Online and Office 365. Microsoft will also share new resources available to partners including decks, demos, and training offerings.
By New Signature
This month Helios sat with New Signature CEO, Christopher Hertz to learn about his passion on workforce development, organizational growth, and building a culture to motivate and inspire. They have posted this interview to their Helios HR Muses blog. A brief excerpt of the interview is found below:
Helios: What’s your passion as a leader and as an organization?
Christopher Hertz: In one word, it’s professional development. What’s exciting is seeing people grow together. By having passion from the top, I can learn ways that I can improve, the way the workforce can improve, how we can improve as a group through technical certification tests and continuous learning.
August 10, 2012By Peter Day
Everyone knows the importance of security in today’s computing environment. Finding the right answers can be challenging because it first means knowing the right questions to ask. Here at New Signature we have years of experience asking those questions, and developing practical answers to assist our customers.
Here are five questions to start your security discussion internally:
Question one: Are you running the most recent versions of Microsoft Windows or OS X operating systems?
Issue: The most current versions of these operating systems are the ones best serviced with new security patches and are by design more secure than earlier versions, including offering more options for securing and locking down systems.
Question two: How is data destroyed when it’s no longer needed?
Issue: The secure destruction of old data is an important aspect of data security. For example, disk drives from old workstations, laptops, and especially servers, should be thoroughly wiped by a multi-pass process before being recycled.
Question three: Do your staff members help or hinder your security posture?
Issue: Humans are frequently the weakest link in the security chain. However, with some basic education users can be helped to make better, more secure, choices in their computer usage. This might take the form of hands-on formal training for staff, or an orientation on your organization’s Acceptable Use Policy.
Question four: Do you have written procedures for how user accounts are managed?
Issue: It is important for network security that new staff accounts are configured correctly and that departing users are disabled promptly. Staff should be granted permissions needed to fulfill their job roles, but no more.
Question five: How is data stored on hand-held mobile devices secured?
Issue: Organizational data, especially in the form of emails and attachments, probably exist on multiple mobile devices. It is important to review what types of devices store organizational data and how that data is secured on those devices. For example, at a minimum someone should have to enter a password or pin before they can use the mobile device.
Our full list of security questions is much longer and if you’d like us to help you identify more security-focused solutions then please do give us a call. We would be happy to assist and carry out an audit of your IT systems and procedures. We can make concrete recommendations and help you figure out which ones are most important for your environment.
August 3, 2012By Jim Banach
One of the best features about Office 365 is its rolling update schedule. Because of the controlled nature of the cloud environment, Microsoft is able to deploy new features to its services at a much more rapid pace than you would ever see with any in house installation. With its most recent update, we have new features that both end users and administrators will enjoy.
Soft Delete Functionality
Previously if you had accidentally (or even on purpose) deleted an account from Office 365, it was gone and you needed to open a service request to get the data back. With soft delete recovery, you now have 30 days to recover the account and its associated data. This is great for those situations where you expired an old account and then someone realized that they didn’t get all the data they needed out of it.
One of the major feature differentiators between Lync on premise and Lync on line up until this point has been the lack of true enterprise voice features (making calls to the phone network, voicemail service etc.) With Lync to phone, Microsoft is starting to bridge that gap.
Microsoft partnered with VoIP provider Jajah to offer phone services for Office 365 users. Once you are signed up, you assign the number to your account in office 365 and away you go. You will be able to make and receive phone calls using Microsoft Lync and any number of supported USB devices. You also get all of the call forwarding and simultaneous ringing features that are available in Lync on premise.
I’ve been using this personally for a while now and enjoy the ability to be able to be reached at one number no matter where I am. Just like my email, I have access to it no matter where I go.
While still not a full PBX replacement (you don’t get the advanced features such as Response Groups and Auto Attendants), there are some scenarios where it is very useful right now
Small Offices or Branch Offices – In these scenarios, users may not be tied into a central corporate phone system or they may not have a phone system at all and be using their personal cell phone to make phone calls. Using Lync to Phone would allow the user to make a call with a Company Branded number wherever he had an internet connection. Away from your PC you would be able to setup call follow me and have calls reach you on your cell. If you wanted to make an outbound call, you can use the Lync app on your phone and be able to mask your personal cell phone number.
Road Warriors – Always travelling and never tied to one desk for too long, road warriors have different needs than your average employee. Using Lync to phone, Road Warriors have one number they can be reached at no matter where they are from one single number. They also will get all the benefits of Exchange UM such as voicemail transcription and advanced follow me features and call rules.
Lync-to-Phone is the natural evolution and progression of technology we have come to expect from the Office 365 team. While not everything for everyone just yet, it shows what is possible and gives us a great feeling for what is to come in Lync Online 2013
July 31, 2012By Peter Day
What is Social engineering?
A social engineer is someone who intentionally deceives in order to gain information or access he or she is not entitled to. This information might be passwords or credit card details, and the access might be to a computer system or a building. Social engineers rely on their knowledge of human nature to manipulate people into doing things they shouldn’t. One strong element of human nature is a general desire to help those who are in trouble. Social engineers play on this strength and exploit it to get people on their side and help them out. People are often also susceptible to stories that allegedly help them out in some way and will provide information if they think it will ultimately benefit themselves.
Why does it matter?
A social engineer can get information on passwords, daily security codes, accounting codes, business structure and much more. For example: in a call to an organization Bob the social engineer might find out the name of an IT manager as well as when he is out on vacation by pretending to want to book a sales meeting with him. Then during that vacation, Bob could turn up at a field office appearing to be from the local ISP and saying that the IT manager booked him that day for some urgent upgrades in the server room to speed up the Internet connection. Everyone wants faster Internet right? Even if they had thought of it, no one at the field office would be able to reach the IT manager to verify the appointment. Bob has the Global ISP Inc uniform and looks the part, so they direct him right to the server room. This is a simple example, but the message is this: an accomplished social engineer can effectively bypass all the physical and technological security you have put in place for your computer networks.
What can I do?
To protect yourself from social engineering attacks, you should encourage your staff to follow these simple rules and to be nice but firm. We want to trust people because that is an essential part of doing business, but we want to verify too. For example:
- If you would not normally give out certain information, then don’t make an exception.
- Verify and cross-check identity of requester. Ask for a call back number so you can verify where they are calling from.
- Ask yourself “why does this person need to know that information?”
- Be wary of a scenario that allegedly benefits you, especially when it is unexpected.
For further information:
For a more thorough exploration of the subject, the following book is well worth reading “The Art of Deception: controlling the human element of security” by Kevin D. Mitnick & William L. Simon. And if you are concerned about the security of your computer systems and procedures then contact New Signature to discuss having a Strategic Security Audit.
July 30, 2012By David Trejo
Microsoft has announced the preview release of a managed, business version of SkyDrive called SkydrivePro that integrates seamlessly with Windows 7/8, Office 2013, and Office 365. The new service will be managed through SharePoint Online and provides the benefits of cloud-based personal file storage without the need for onsite infrastructure. While this is great news for current SkyDrive users, it is especially exciting for our small business customers that have held off on cloud-based file storage due to manageability, security, and convenience concerns. We will keep you posted as the service is made generally available.
For more information on the upcoming service, visit the SharePoint Blog: