This newsletter is a curated blog roll of the 8 most important topics published by Microsoft in the previous week.
The post Announcing our Microsoft 365 Newsletter appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>Sign up using this form. Security, Small Business, Microsoft 365 (mailchi.mp)
This newsletter is a curated blog roll of the 8 most important topics published by Microsoft in the previous week. All will be related to Microsoft 365. This newsletter is designed for Microsoft 365 admins and MSP’s.
See a sample below of our pre-release edition. Sign up to get it in your mailbox weekly using the link above.
Your contribution is appreciated.
DonateYour contribution is appreciated.
Donate monthlyYour contribution is appreciated.
Donate yearlyThe post Announcing our Microsoft 365 Newsletter appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>For Managed Service Providers (MSPs), the process of developing a robust set of services transcends mere compilation; it is an art form that requires a deep dive into creative thinking.
The post Crafting Tailored MSP Services: The Art of Creative Solutions appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>For Managed Service Providers (MSPs), the process of developing a robust set of services transcends mere compilation; it is an art form that requires a deep dive into creative thinking. At the core of this endeavor lies the essence of envisioning solutions that not only meet but exceed the needs of our clients. Isn’t that the whole goal of our business anyway?
This journey commences with the exploration of ideas, delving into innovative instincts, and comprehending the distinct requirements of our clients. Only through this foundation of creativity can we effectively leverage tools and technologies to deliver these services. Such an approach enables us to sculpt bespoke solutions that are truly valuable, enhancing the caliber of our offerings, and fostering mutual success. Some of my happiest and proudest moments in business were those times when I could see the improvement in my client’s business as a result of our efforts. We had helped them reach their goals!
I have a phrase for this that runs around in my head and in the heads of my staff that helps to keep our services on the success track.
IT has no purpose other than to make business great!
Amy Babinchak
The creative process in crafting MSP services is a multifaceted endeavor that involves several key stages:
At the genesis of service development lies the phase of ideation and exploration. This stage entails brainstorming sessions, market research, and client consultations to unearth innovative ideas and potential solutions. By tapping into our creative reservoir, we can identify unique service offerings that resonate with our clients’ needs.
Central to the creative process is a deep understanding of our clients’ requirements. By actively listening to their challenges, goals, and aspirations, we can tailor our services to address their specific pain points effectively. This client-centric approach forms the bedrock upon which successful MSP services are built.
Creativity thrives on innovation, and in the realm of MSP services, this holds true. Leveraging our innovative instincts allows us to think outside the box, explore unconventional solutions, and push the boundaries of traditional service offerings. It is through this spirit of innovation that we can deliver cutting-edge services that set us apart in a competitive landscape.
Notice that nowhere in these three key steps is the notion of tooling, automation, or process. While these could be important to the service idea, they are second, third and fourth fiddles to the main endeavor which is to provide an undeniably great service to our clients.
While creativity forms the cornerstone of service development, its realization hinges on the strategic integration of tools and technologies and staff educational development:
Making an objective analysis of the strengths and weaknesses of your staff is necessary. I recommend understanding those through the Gallup Strengths finder. Once you understand the strengths of your staff, you can objectively determine whether they are teachable for the new skills that are necessary to deliver the new service to your clients. It is very likely that you didn’t hire them with the thought in mind that they would be doing this work so it is important to look at the strengths they bring objectively.
It is important to reevaluate whether you have the right staff frequently. Technology changes quickly. Here’s a short video on my thoughts that may help you view your staff in a new light.
The next step is to develop an education program to support the new service delivery. Since many IT professionals are hands-on learners, mentorship and demonstration, are often helpful learning forms to include. However, don’t forget the readers. I am a reading learner. For me, it is the quickest way to turn knowledge into action. Be sure your education program meets the needs of all the types of learners that you have.
Choosing the right tools is paramount in translating creative ideas into tangible services. Whether it be advanced cloud-based solutions, productivity enhancement, or cybersecurity threat preventions, each tool plays a crucial role in enhancing service delivery and optimizing client outcomes. Use tools sparingly so that the tool doesn’t become the service. The service is enhanced by the tool.
By embracing a creative approach to service development, MSPs can elevate the quality of their offerings and drive success for both them and their clients:
The art of developing MSP services is intricately woven with creativity, innovation, and client-centricity. By embarking on this creative journey, MSPs can not only differentiate themselves in a competitive landscape but also forge lasting relationships with clients built on trust, value, and mutual success.
For further insights on MSP service development strategies, consider joining on our peer groups. Visit ThirdTier.net for expert guidance and resources.
All we do is support IT professionals. Security community, MSP Legislation community, EndPoint, Defender and Lighthouse community, Peer groups, courses, papers, Business consulting and more. https://www.thirdtier.net
The post Crafting Tailored MSP Services: The Art of Creative Solutions appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>"The trough of success" perked my ears. Used in context it's a phrase that means, you are continuing to feed on past success and being stuck there at the trough of success is a guarantee of future failure.
The post The trough of success appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>“The trough of success” perked my ears. Used in context it’s a phrase that means, you are continuing to feed on past success and being stuck there at the trough of success is a guarantee of future failure. It was aimed at IT professionals who are mired down in complex group policy and local Active Directory.
This past week, I spent most of my waking hours attending MVP Summit. Nearly all of the content is NDA, so I don’t have much to say about what was presented. But this phrase caught my attention and isn’t a Microsoft secret. It’s simply a useful idiom.
The speaker was imploring IT to modernize. Make a plan, step away from the trough of success and move into the future. Join devices to Entra as a new default, use Zero Trust, just-in-time permissions, dynamic groups, autopilot device rollout and to focus on the end user success, rather than dogma. The way you’ve always done things, is now the old insecure legacy method and it isn’t sustainable in today’s world.
My heart soared! This is how I vision the world of IT too.
It seemed obvious to me but then I have a way of assuming that the future is already here and everything around me is just playing catch up. This is how I operate my businesses. This is how I run my life.
Certainly! Here are some phrases that convey the idea that relying solely on past successes can lead to future failures:
- Resting on one’s laurels: This phrase suggests that one is satisfied with previous achievements and not striving for further success, which can lead to complacency and eventual failure.
- Living in the past: It implies that one is so focused on previous triumphs that they are not adequately preparing for the future.
- Dwelling on yesterday’s success: This indicates that one is not moving forward or innovating, which is necessary for continued success.
- The past is a poor predictor of the future: This phrase reminds us that just because something worked before, it doesn’t guarantee it will work again.
- Success breeds complacency; complacency breeds failure: It’s a cautionary reminder that becoming too comfortable with success can prevent one from recognizing and adapting to new challenges.
These expressions emphasize the importance of continual growth, learning, and adaptation to maintain success over time.
It’s easier said than done but the answer is that you just stop doing it. You don’t enable hybrid-AD because it’s a crutch that is holding you back from successfully leaving the trough. Join new devices to Entra ID. Allow those users to logon first with that credential. Enable modern authentication methods, policies, deployment, and zero trust. Have a plan to replace older devices, migrate system to SAAS ideally and cloud if you have to.
The drum beat of buy, buy, buy more tools because they will solve all of your problems. Get a more complex chart of accounts. Use THIS set of PKI’s. These things haven’t done our industry any favors. Instead, what they’ve done is make everyone the same, feeding from the trough of success. At the same time, there’s a background din whispering “you must change” and its overwhelming to many MSPs. They need a plan that makes them feel comfortable and don’t have one.
If you start abandoning what you’ve done to be successful in the past, it’s scary, but it’s necessary. Technology has changed and the priorities have nearly flipped. Make an orderly plan to get away from what you’re doing today and start with one device, then another, then all of them.
In just a few years of running the orderly plan, you’ll be out of the trough.
All we do is support IT professionals. Security community, MSP Legislation community, EndPoint, Defender and Lighthouse community, Peer groups, courses, papers, Business consulting and more. https://www.thirdtier.net
The post The trough of success appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>In today's meeting, a person I met with was sent a meeting recap from "me". Otter had joined a meeting that I was invited to and then emailed them that person a recap of our meeting. I was very disturbed by this event
The post The invasive Otter appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>Today I was in a meeting and my name showed up as Amy Otter Pilot. This was alarming to me because I was not aware of having an Otter subscription. Apparently, I had a free account because of my curiosity when I was sent a meeting recap from another person. I clicked to see what this was all about. But in today’s meeting, a person I met with was sent a meeting recap from “me”. Otter had joined a meeting that I was invited to and then emailed them that person a recap of our meeting. I was very disturbed by this event.
I don’t have an Otter app installed on my computer, nor is it a browser extension, nor is it an add-in for Outlook. So how is it doing this? OAuth.
What a great follow up to my recent blog post, How to secure your network from OAuth permissions (thirdtier.net). As an administrator, I was left subject to OAuth installation, but you should block your users from setting up OAuth accidentally or intentionally. OAuth permissions are permanent, so they deserve careful control.
There are two parts to removing your Otter account. Part one happens on the Otter.ai website and the second part happens in Defender for Cloud Apps.
Part 1: Visit https://otter.ai, when I did, I was not asked to authenticate it simply opened into my account, the account I was not aware of setting up.
Follow the red balls above. Click on your account and select Account Settings. Look to the bottom on the main panel to find the Delete account option. Once you click to delete your account, you are asked to authenticate. Do that and then your account will be deleted from the Otter account page.
Part 2: Unfortunately, deleting your account from Otter does not revoke its permission to your mailbox. Otter installs itself as an OAuth app in your network but does not remove itself. Below you see the permissions that it has been granted.
To block the Otter OAuth, visit https://security.microsoft.com and scroll down into Cloud Apps and select OAuth Apps. In the main screen, look for Otter and select Block.
Once you’ve blocked Otter, users that have the permissions assigned will get an email letting them know that Otter has been blocked.
Recommendation: Take special care with these meeting services. There are many important issues to consider including compliance, privacy and permissions creep.
All we do is support IT professionals. Security community, MSP Legislation community, EndPoint, Defender and Lighthouse community, Peer groups, courses, papers, Business consulting and more. https://www.thirdtier.net
The post The invasive Otter appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>You will have now prevented misleadingly named apps, potentially malicious apps, apps with misleading publisher names, apps performing unusual amounts of file downloads, the addition of credentials to OAuth, and apps with a strange ISP for an OAuth.
The post How to secure your network from OAuth permissions appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>I guess because I had a section on this topic back in 2021 when I did the Don’t Miss This Setting webinar series, I felt like I had blogged about this before. Turns out I haven’t! So today, I’m going to show a couple of methods for protecting your business from OAuth permission elevation, sketchy OAuth apps, and where to set your preference for who gets to bring OAuth apps into your network. As an added bonus these settings will also help you control Shadow IT. We’ll use the Microsoft 365 tenant with at least M365 Business Premium plus Defender for Cloud licensing.
Let’s start with application consent. In Entra ID, navigate to Identity, Applications, and Enterprise Applications. Then in the Security sections, select Consent and permissions. You should see something very much like the screen below.
My company is small and works with small businesses, so the churn of apps isn’t high. This allows us to easily use the strictest option, that always requires admin consent to approve new app permissions. If you chose the mid-range option, which is Microsoft’s recommendation, then make sure to only allow users to approve the most basic of permissions.
In that case, you’ll select the middle option, and then click on the Select permissions to classify as low impact link.
Select as few permissions as possible to reach your goal. Read only permissions and those with only access to already public information like profiles and email addresses make sense here. Microsoft has suggestions for you choose from, as shown below.
Save your changes.
You will also notice similar and separate settings for Microsoft Teams on this page. Follow the same procedure to set those.
Move down to the admin consent menu item. This is where you will send the admin notification from users that they require assistance to set permissions for a new app.
When an app asks for permissions that the user is unable to grant, there will be a button for them ask for admin consent. In this screen, as shown above you need choose the user, group or role that will be notified. The admin will be notified by email. If you want that to go to your helpdesk then you’ll want to first add your helpdesk email address as a contact, then select the group it is associated to here. In addition, you’ll need to set a number of days before the request from the user expires.
Now let’s create a policy in Defender for Cloud Apps to help us manage OAuth apps. Navigate to Https://security.microsoft.com and browse down through the menu then expand the Cloud apps section. Finally expand policies and choose Policy Templates. You should see a screen like the one below and be in the Policy Templates section.
I always have trouble with the filtering function here. So instead, we are going to search for the templates that are available to help us managed OAuth. Select All Policies and then in the Name field type misleading as shown in the figure below.
Select the policy Misleading OAuth app name. This policy will generate an alert when an oddly named OAuth app appears on your network. Decide where you want the alert to be delivered.
Next, expand the Governance area and check the box for Revoke Office OAuth app. What will happen now, is that if an app triggers this policy, the apps permissions will be revoked, and an alert will be delivered to the admin. Be sure to write a short description, so the admin knows what this alert means. Hopefully they won’t see this alert often and so they will need the memory prompt.
Follow the same procedure for the following policies:
After adding these five alerts and revoke governance actions to the first three, you will have prevented misleadingly named apps, potentially malicious apps, apps with misleading publisher names, apps performing unusual amounts of file downloads, the addition of credentials to OAuth, and apps with a strange ISP for an OAuth.
Finally, clear all filters and then select Disabled in the status section. Give it a moment and any Defender for Cloud policies that are not enabled will be displaced. Verify that all of the policies you created above are enabled.
In the Defender portal, https://security.microsoft.com/, navigate down the menu to Cloud Apps. Select OAuth apps from the menu. This will bring you to the Manage OAuth apps screen shown below.
Here we have a list of OAuth apps that have been approved and are being used in our network. Clicking into an item provides the details of the permissions it has, who is using it, URL to the app, and more.
Once we’ve reviewed that information, we can optionally choose to approve or block the app. When you ban an app, you’ll be offered an opportunity to send the user that approved the app a message. Below you see the default message that Microsoft provides. You do have the ability to customize the message.
You should expressly approve of any authorized apps. Going through and doing this for each OAuth app previously approved in your organization can be time consuming and painstaking. But once you’re done, you’re done. From this point you’ll just manage any new app request as it comes in.
Configuring your Microsoft 365 tenant using Entra and Defender for Cloud apps will help protect you against the growing threat from OAuth apps.
Manage OAuth Apps https://learn.microsoft.com/en-us/defender-cloud-apps/manage-app-permissions?source=recommendations&WT.mc_id=%3Fwt.mc_id%3DM365-MVP-33230
Investigate Risky OAuth apps https://learn.microsoft.com/en-us/defender-cloud-apps/investigate-risky-oauth?source=recommendations&WT.mc_id=%3Fwt.mc_id%3DM365-MVP-33230
Create OAuth app anomaly detection policies https://learn.microsoft.com/en-us/defender-cloud-apps/app-permission-policy?WT.mc_id=%3Fwt.mc_id%3DM365-MVP-33230
All we do is support IT professionals. Security community, MSP Legislation community, EndPoint, Defender and Lighthouse community, Peer groups, courses, papers, Business consulting and more. https://www.thirdtier.net
The post How to secure your network from OAuth permissions appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>Comparing the image creation capabilities of Copilot for Microsoft 365 in PowerPoint, Copilot free and Designer.
The post Free vs Paid Copilot image creation appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>The purpose of this series is to compare the functionality differences between the free version available to everyone and the paid version of Copilot. Today we’ll compare how we can work with images. It’s important that we use royalty free images so using a tool to generate new images, is a great way to do that.
This the 5th part of series which you can find here: How to Copilot – Ultimate Support for IT Pros – ThirdTier
Image creation with Copilot, if you are licensed for Copilot Pro or Business, is available right inside of your Office applications. In PowerPoint you’ll find Copilot on the Home menu, on the far right in the Design section.
To see how this Copilot could help me with image creation, I asked it, create an image that invokes confidence in introverted IT professionals. The image produced is the one you see on right side of the slide below.
I wasn’t entirely happy, so I asked again. This time with more specifics. I asked, create an image that invokes confidence in introverted IT professionals. Do not use words, letters or numbers in the image. The image produced is the one you see on the left side of the slide below.
Ok, I thought, maybe those characters on the ballons are symbols, not numbers or letters. So I asked, create an image that invokes confidence in introverted IT professionals. Do not use words, letters, numbers or symbols in the image
Well. Ok then. Moving on.
Remembering that the free Bing Copilot is now called Copilot Free, let’s see how it does with image creation. I open Bing and I start with the same prompt that we gave Copilot for Microsoft 365 in PowerPoint, create an image that invokes confidence in introverted IT professionals
Copilot Free credits both Designer and Dall-E 3 for its designs.
When I select the image that I want, I am not taken into an editor of any sort. I’m just provided with a larger version. I can use my browser to download it by right clicking and selecting Save image.
Although not graced with the word Copilot in its name. Designer is Microsoft’s front end for Dall-E, Open AI’s image creation tool and you can access it for free at https://designer.microsoft.com. It is still in Beta and cannot be logged into with a business account yet. You will need a personal Microsoft account. Personal accounts are free to create.
We’ll start with the same prompt that we used in PowerPoint. create an image that invokes confidence in introverted IT professionals. In Designer, I received a lot of different options. On the left I have some graphic. On the right I have images for advertising or slides.
As you can see it’s a very different experience from that of Copilot in Powerpoint.
When I select one of the images, I get a learning prompt. Designer helps me by expanding the prompt so I know how to get a full scale images of that thumbnail it showed me and how to do it repeatedly.
When I select the image that I like, I’m given the opportunity to download the image or to customize it. Choosing customize puts me into a simple image editing tool.
You’ll see that since Designer and Dall-E are both essentially the same that it generated similar results. The difference is that Designer is tuned for create marketing images. It’ll add text and offer up different formats appropriately sized for the various social media platforms and marketing tools.
We looked at three versions of image generation, using Copilot for Microsoft 365, Copilot free and Designer. While Copilot for Microsoft 365 didn’t perform as well in image generation as I would have expected, don’t count it out. It’s pretty good a non-image graphics of the sort typically found in PowerPoint presentations. Still, it does seem like a miss.
For the purpose of the blog series, we are still comparing the same two version for now. This is Copilot Free against Copilot for Microsoft 365. You can read up on how they compare and catch up in the series here. How to Copilot (thirdtier.net)
All we do is support IT professionals. Security community, MSP Legislation community, EndPoint, Defender and Lighthouse community, Peer groups, courses, papers, Business consulting and more. https://www.thirdtier.net
The post Free vs Paid Copilot image creation appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>I’m going to leave that right there for you to ponder.
The post MSPs have to change their business model in 2024? appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>You may have seen these 2024 predictions for MSPs put out by Canalys earlier this month. If you didn’t, then start following SMB friend Jay McBain and MSP specialist, Robin Ody both of Canalys. They have great insights. This list is not a top-down ordering of significance. They are simply a list of predictions for 2024 based on Canalys’s research and knowledge of the market.
6, 9 and 10 are all showstoppers but it’s 10 that should send a shiver down your spine.
#10 says that our challenges are going to be new customer acquisition (oh hum nothing new there), upskilling existing staff, and transitioning our business models. Why do we have to upskill our staff and change our business models? And yes, if we’re going to do those things, it’s going to be challenging.
It might even be the most challenging thing we’ve ever done.
What’s new here is the urgency of upskilling your existing staff and transitioning your business model.
It’s all great to say that we need to start offering more advanced security services to our customers but if our staff was hired because they are great troubleshooters, helpdesk problem solvers, and sweet customer service agents, then we don’t have the right people.
And that’s a huge problem that leads to the last item, the challenge of transitioning your business model.
Today, in most MSP’s the priority is to close helpdesk tickets as quickly as possible. But in the new business model the priority will be to implement network hardening as quickly as possible to stay ahead of the criminal element that is out there waiting to pounce on any business that has been left behind.
And the competition, those MSPs that are younger and more agile than you, will be ready to pounce on any MSP that leaves itself behind.
This is our technical debt as MSPs and I agree that it’s our biggest challenge. We won’t be able to cash in on the MDR and security opportunity if we aren’t willing to make that transition.
I’m going to leave that right there for you to ponder.
All we do is support IT professionals. Security community, MSP Legislation community, EndPoint, Defender and Lighthouse community, Peer groups, courses, papers, Business consulting and more. https://www.thirdtier.net
The post MSPs have to change their business model in 2024? appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>A lot has changed in the first 5 weeks of 2024. We now have 4 major and 8 additional Copilots. Which Copilot do you need?
The post Copilot: Which are which? appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>This the 6th part of series which you can find here: How to Copilot – Ultimate Support for IT Pros – ThirdTier
On January 2nd, I started my series comparing the free Copilot available in Bing and the paid version available to subscribers. It is now 5 weeks later.
The new and I think permanent naming for the various Copilots are the four major ones listed below. Here I’m listing them as of February 2024. There will be more, of that we can be certain. Copilot is a major new product line for Microsoft.
Today, there are four major types of Copilot. The words below are mostly Microsoft’s. I’ve added my comments in Italics.
- Copilot Free: This version is available to everyone at no cost. It’s your trusty AI companion that works across various platforms, intelligently adapting to your needs1. This Copilot is found in Bing. It is accessible via Edge and also from your Windows 10 and 11 desktop.
- Chat with text, voice, and image capabilities
- Summarization of documents and web pages
- Image creation in Designer (formerly Bing Image Creator) https:/designer.microsoft.com
- Web grounding
- Use of plugins and Copilot GPTs
- For work: When enabled, commercial data protection is included for eligible Microsoft Entra ID users at no additional cost2
- Copilot Pro: For individuals who want more advanced features, there’s Copilot Pro. It comes with a monthly subscription fee of $20.00 per user. With Copilot Pro, you can supercharge your productivity, boost creativity, and stay connected1. You get everything in the free plan and the items below. This is the version where integration with Office comes into play. Most of the value is that integration.
- Priority model access in peak times
- Faster image creation with up to 100 boosts in Designer (formerly Bing Image Creator)
- Copilot in Word, Excel, PowerPoint, Outlook, and OneNote3
- Copilot for Microsoft 365: If you’re part of a business, consider Copilot for Microsoft 365. It’s priced at $30.00 per user per month (with an annual commitment). This version integrates seamlessly with Microsoft 365 apps like Word, Excel, PowerPoint, Outlook, and OneNote1. This is the small business plan now. You need to have Microsoft 365 Business Standard or Premium. Note that you’ll get billed in advance for the full year. You can buy as few as one license.
- Copilot in Microsoft Teams4
- Enterprise-grade data protection
- Microsoft Graph grounding
- Customization and extensibility through Microsoft Copilot Studio
- Copilot Studio: For those who want to build their own Copilots, there’s Copilot Studio. It empowers you to create custom AI experiences and explore new growth opportunities1.
- Build and run your own copilots across websites and other channels to serve employees and customers.
- Copilot Studio offers graphical development environment to build copilots using generative AI, sophisticated dialog creation, plugin capabilities, process automation, and built-in analytics that work with Microsoft conversational AI tools. This is a developer tool that allows you to customize an AI just for your business. It’ll be used often in sales and customer service scenarios. It’s 200.00 per month for up to 25,000 messages. In addition, there are other toolsets that can be added.
Read all about Copilot and watch some short inspiring video’s on this page. Microsoft Copilot | Microsoft AI
For the purpose of the blog series, we are still comparing the same two version for now. This is Copilot Free against Copilot for Microsoft 365. You can read up on how they compare and catch up in the series here. How to Copilot (thirdtier.net)
All we do is support IT professionals. Security community, MSP Legislation community, EndPoint, Defender and Lighthouse community, Peer groups, courses, papers, Business consulting and more. https://www.thirdtier.net
The post Copilot: Which are which? appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>Microsoft Defender Vulnerability notifications sent an email informing about a new zero-day in Open SSL. I don't use Open SSL intentionally so how am I subject to this zero-day?
The post How am I subject to this zero-day? Let’s use Defender appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>Microsoft Defender Vulnerability notifications sent an email informing about a new zero-day in Open SSL. I don’t use Open SSL intentionally so how am I subject to this zero-day? We’re going to use Defender to find out and then remove the vulnerability.
The question to answer is which of the products that I use, contain this vulnerability? Let’s click on the View recommendations button and find out. Moving to the Vulnerable files tab provides the fastest way to the answer. Zoom contains the dll’s affected by this zero-day. I checked for an update in Zoom and there wasn’t one yet.
If you’re not starting from the vulnerability email, then go to security.microsoft.com, the home of Defender, expand Endpoints, Vulnerabilities and Recommendations. This is where you can find the most current list of vulnerability alerts for your company.
If you are starting from the email, then you’ll be brough straight into the vulnerability section of Defender, where you can begin to take action.
Since there isn’t an update I can apply yet, I use the Vulnerable files tab to provide me with a list of where the files are in my network that I need to delete. This will likely break zoom for the time being. I’ll have to be aware that if I enter another zoom meeting before the update is available that they may very well return to my computer. I’ll make sure to prioritize the installation of updates from Zoom.
Using the path provided, the files are easily deleted. You can do this manually if it’s just a computer or two, or you can use your RMM tool to remove them. Since it’s an application path the storage location will always be the same.
All we do is support IT professionals. Security community, MSP Legislation community, Intune, Defender and Lighthouse community, Peer groups, courses, papers, Business consulting and more. https://www.thirdtier.net
The post How am I subject to this zero-day? Let’s use Defender appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>How do you find the time to learn? How do you find the time for your staff to learn? How do you motivate them to learn? How do you motivate yourself to learn?
The post How do you manage ongoing learning and keep up? appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>Each week on the SMB Community Podcast during one of the early segments we take a question from an MSP. These come from email and from the peer groups that James and I both run separately. This question is one that I take very seriously.
How do you find the time to learn? How do you find the time for your staff to learn? How do you motivate them to learn? How do you motivate yourself to learn? These are the questions.
There’s nothing stagnant about being in business in the IT world. Change is simply a matter of fact, and the rate of change is picking up, dramatically. The CEO of Microsoft said a few years ago that we would see the same amount of change in the next 10 years that we did in the previous 40. Think about where technology was 40 years ago – what was the state of computer networking, mobile tech and apps in 1984? We’re a few years into his 10-year prediction and so far, he’s right. Change is happening and it’s happening faster. This rate of change is causing people a lot of stress.
People feel stress because they don’t like getting uncomfortable and they fear getting left behind. If you get too far behind in this industry, you’ll soon be out of a job or out of business. Imagine getting 5 years behind the times now and that being the equivalent of being 20 years behind in the year 2000!
That’s the kind of change stress that we’re talking about.
Most IT businesses are led by technical people. Most technical people love to learn. Learning is very much like problem solving. In both cases the goal is to figure out how to do something.
I’ll be very bold here and say, that if you don’t love to learn, then you’re in the wrong business. And if you have staff that doesn’t love to learn, then they shouldn’t be working for you. Stagnant staff will bring your business down.
As the technical leader for your business, you should be the smartest person the room. That doesn’t mean that you’re the most knowledgeable person on every topic though. The smartest person in the room knows how this technology, that you’re studying, can be used to the advantage of your client. Always study with the client in mind.
If you have the client in mind when you’re studying new technology, then you’ll always be driving your business forward. That’s your motivation and this what makes you the smartest person in the room.
How do you find the time? You just do because learning makes you happy and relives stress. Take an hour a week. Block it off on the calendar and watch a webinar or two.
Right from the early days of running my MSP, I established a learning schedule for technical staff and wrote it into their employment contract because that it how highly I value skilled staff. They had to be available once a month on a Tuesday evening until 7pm because from 4-7pm we were learning together. We were also eating together and developing bonds.
We work through labs. We attend online courses. We watch webinars. We take certification exams. We do it consistently. We do it together and we all ask questions without judgement.
Tech employees are contractually obligated to learn. But that doesn’t really motivate them. What motivates them is being in a business culture where learning is a priority and where everyone is visibly doing it.
All we do is support IT professionals. Security community, MSP Legislation community, Intune, Defender and Lighthouse community, Peer groups, courses, papers, Business consulting and more. https://www.thirdtier.net
The post How do you manage ongoing learning and keep up? appeared first on Ultimate Support for IT Pros - ThirdTier.
]]>