Password Attacks

5 Types of Password Attacks and how you can prevent them

If you think about why password attacks and breaches are so common, the answer to that is simple – people use passwords that are not strong enough or those that can be easily hacked through trial and error. During times like these, the best thing to do is keep our passwords strong. Cybercriminals are clever enough to realize that if they have hacked one of your passwords, they can try the same cracked password in the other accounts that you may or may not have.

The important thing here is to improve your password security so that it puts up additional barriers for the potential hacker to overcome.

 

Here are 5 types of Password Attacks and how you can prevent them:

Man-in-the-middle Attacks, Brute force Attack, Dictionary Attack, Credential Stuffing, Phishing and Keyloggers. Now let’s dive into each of these in detail.

 

Man-in-the-Middle Attacks

Imagine you are at a restaurant with someone (probably on a date or on a business meeting). The conversation is going great, the ambience is amazing; everything is just fine except this one thing. The waiter keeps interrupting you every now and then. Probably eavesdropping or maybe just there to ruin your time. That waiter is a “Man-in-the-Middle”. Someone who is uncalled for and not needed.

Or just imagine, you are there at the restaurant to meet Person A and you meet and have a proper conversation only to realize somewhere in between that the person you are talking to is faking it. It is not Person A but rather Person B. Terrifying scenario, right?

Man-in-the-Middle Password Attacks are just the same.

Three people are involved in this type of attack. The cyberattacker, the initiator (sender) and the receiver (recipient).

In this type of password attack, you’d find the cyberattacker impersonating either the sender or the receiver, most probably through an email. The look and feel of the email would be authentic and there’ll be some minor differences that will be hard to catch.

 

Here’s how you can steer safe from or prevent Man-in-the-middle attacks:

VPN: A private network/tunnel, where confidential information is passed through the encrypted tunnel and man-in-the-middle attacks are very rare in this case. However, the VPN that you subscribed to should be a trusted entity. Don’t just go for any VPN provider.

Encryption: If your router is not encrypted and locked, anyone who connects to your network can have access to the data that is passing through the users connected to the network. Use a strong password on your router/modem.

Extra Security: Enable 2FA or MFA on your home Wi-Fi or router.

 

Brute-force Attack

As the name suggests – a hit-and-miss, trial-and-error of passwords. Usually, an automated approach where a permutation and combination of various passwords is tried one after the other on a system.

At least some accounts could be hacked through this method if not all.

 

Types of Brute Force Attacks

Apart from the general type of Brute Force Attack (which is random guesswork), there are other advanced types such as:

  • Dictionary Attacks:
    A type of brute force attack where every word in a dictionary is typed out as a possible password. It is also used to decrypt encrypted information.
  • Hybrid Brute-force:
    An analysis on which combinations would work
  • Rainbow Table Attacks:
    Passwords typed are stored in hash – this attack targets those. The table is used to guess functions up to a certain length.

 

All these brute-force password attacks use automation and bots to crack passwords since multiple attempts are made.

 

Credential Stuffing

These often have a logic behind them. How credential stuffing works is:

  • Automation methods or bots are set up and it starts cracking into systems faking its IP address by trying different password combinations. There may or may not be multiple bots at work at once.
  • Once this is done the password that has been cracked is tried across multiple websites to see if it has been used somewhere else or not.
  • Once cracked, the password is then saved to be used for future use.

Since the method is quite intelligent, you need to have better preventive measures to tackle this:

  • Using Captcha:
    Remember how you try to access a certain part of a website or somewhere that requires form filling, you are prompted to solve a simple puzzle, or type the alphanumeric that is displayed on the screen. Bots are not always that intelligent hence it becomes difficult for them to crack this stage.
  • Block IPs:
    If you see someone trying to access using the same few IP Addresses, you can prevent that by blocking the IPs. But there is no guarantee to this as the cyber attacker may have multiple such IPs in hand or even if a few are blocked, it may be easy for him to fake his IP address again and try.
  • MFA:
    Enabling multi-factor authentication leads to one more layer of added security. Most probably you will get a code on your email ID or a notification on your mobile device.

 

Phishing

A Social Engineering attack. This type of attack is meant to steal user data such as credit or debit card details. Quite similar to a man-in-the-middle attack, the cyber attacker impersonates themselves as a trusted entity and fools the target into opening an email or a link in a message which is meant to steal data.

Here is how you can prevent phishing attacks:

  • If something sounds too good to be true or if the sender is unknown, you have to do a thorough verification of their email ID.
  • Look for spelling mistakes in the domain name within the email ID.

There are different types of Phishing password attacks such as:

 

  • Smishing:
    The name is coined from 2 words: SMS + Phishing= Smishing. Nasty attack and a type of phishing where the attacker masks himself to be a prestigious, trustworthy institution like a bank with the aim of asking for confidential information. Usually, through that one SMS, the user is asked to reply back with details on that number or by asking to click a link within the SMS.

 

  • Spear Phishing:
    When an email seeks unauthorized access to sensitive information. This type of attack is not usually sent by a mere hacker but somebody who could be known and just wants to retrieve some financial or confidential information. These also appear to come from a trusted source.

 

  • Whaling:
    Whale = The Giant fish. You receive an email from someone who seems like your boss, with very minor spelling errors and you send them sensitive information that they have asked for

 

Keyloggers

Now this one’s is mean. Keylogger is nothing but one of those password attacks where a spyware keeps track of the user’s activity. Cyberattackers use this type of attack to steal sensitive data. Keyloggers can steal the data either by connecting the targeted PC or mobile it to a hardware device or through software.

The attack through software occurs when people fall trapped by clicking a malicious link or attachment. Malware gets installed in their device and it automatically fetches sensitive data.

 

Password Best Practices

  • Your email should have a mix of uppercase, lowercase and numbers and special characters in them.
  • It should be lengthy. The longer the better. Might as well take a few extra seconds to type a long password rather than face the risk of losing data.
  • Once you do all this, make sure you rest your passwords in a timely fashion.

 

Frequently Asked Questions

What is Password Spraying?

You must have noticed that if you mistakenly type incorrect passwords at a stretch, your account could get blocked for some time. So, Password Spraying- a type of Brute Force Attack but a unique one, is wherein if the attacker has set a constant password for eg: abc123, and instead of trying a new password every time, the attacker keeps changing the username. In this way, the account will not get blocked as well.

 

What is Spear Phishing?

When an email seeks unauthorized access to sensitive information. This type of an attack is not usually sent by a mere hacker but somebody who could be known and just wants to retrieve some financial or confidential information. These types of password attacks also appear to come from a trusted source.

 

What helps protect from Spear Phishing?

  • Never click links or open or download attachments from unknown sources
  • You can block email addresses that look fishy
  • Update your system software to the latest build
  • Enable 2FA

 

What is a common indicator of a Phishing Attempt?

  • A logo that looks very similar to any popular brand out there
  • A name or an email address which sounds similar to a reputed organization
  • Malicious link or attachment
  • Shorter Content
  • Spelling Errors

 

How long does it take to crack an 8 digit password?

Less than 8 letter Passwords that have only numbers or only letters can be instantly cracked. But a password that has more than 8 characters takes longer (years if not less) to crack, if it is a mix of alphanumerics, different cases and special characters.

Upcoming

Do keep an eye on our blog section since we keep uploading a new blog every week.

 

 

Update esmc

Here’s how you can quickly update ESMC using the ESET Web console

What is ESMC?

ESMC stands for ESET Security Management Centre – it enables you to centrally manage all ESET products on servers, workstations and mobiles. Using the web console you can manage tasks, deploy ESET Solutions, enforce security policies and respond to issues arising through the remote computers.

 

To manage remote devices and to update ESMC-

  1. Login to the ERA (ESET Remote Administrator) Portal using a web browser (Google Chrome preferred).
  2. To check if an update is available, or to update the product, go to the help button (question mark) > Update Productupdate section
  3. Once you click on it, you will get an update popup. The popup will suggest and prompt you to take backup of all ESET Certification authorities (CA), Peer certificates and ESMC database.certificates
  4. To take backup of the above certificates, click on the open certification authorities (ca)or click on peer certificates  It will take you to certificate locations respectively where you can export them one by one.

 

Why take a backup of these certificates on ESMC?

As part of the installation/update process, ESMC needs a peer certificate for agents and a peer certificate authority and a certificate authority (CA). All these certificates are used to authenticate all the ESET Products that have been distributed under your license. For example, you can create a server certificate which will be required for distribution of ESET Server products.

  1. To export the certificate, click on one of the certificates and select “Export Public Key” It will download the certificate automatically. Follow the same steps for all certificates.

For database backup, click this link, which is suggested by ESET support. Or you can click on the OPEN DOCUMENTATION option to direct yourself to this link

 

Steps to take backup of the database



After taking backup we can go for an update. For that, Click the UPDATE button. An update of your ESMC Server is scheduled – in Client Tasks you can find a new client task that upgrades ESMC components on the computer where ESMC Server is installed. To update other ESMC components on the devices connected to ESMC Server to the latest version, you can trigger the Security Management Center Components Upgrade task directly from the update popup window.

 

Note: 

  1. After triggering the task you will lose connectivity of ESMC Console for some time until the ESMC upgrade process is done.
  2. Verify the updated version by going to appwiz.cpl or by login into the ESMC portal again and going to Help> About.
  3. Verify the connectivity after upgrading the ESMC by login into its Portal.
  4. Make sure that ESET Protect Server and Web console version (8.0) must be the same after update (refer given below SS) otherwise, it throws an error.

 

Some frequently asked questions:

What is ESMC console?

The traditional ERA Console has now been replaced by the ESMC (ESET Security Management Center) Web Console. It is the primary online interface that allows you to virtually administer and manage your clients and network from anywhere.

How do I access ESET management console?

If you are on a local ESMC Server: Open an ESMC-compatible web browser and type https://localhost/era in the address bar and you’ll be able to access the ESMC Web Console.

If your ESMC Server is accessible to outside connections: Open your web browser and type https://%yourservername%/era   Here you need to replace %yourservername% with your actual IP address or name of your web server

 

Which are the core components in Esmc 7 that must be installed?

For a perfect deployment, we recommend the following core components to be installed:

ESMC Web Console

ESET Management Agent

ESMC Server 

 

Is ESET Free?

ESET isn’t free but you can get a 30 day full-featured, free trial across all its 3 categories: Essential Protection, Advanced Protection and Ultimate Protection

Can you protect multiple devices using the free trial?

No. You can cover only 1 device during the trial but once you purchase the product, multiple devices can be secured via the ESET product of your choice.

Will ESET work if there is another pre-installed cybersecurity software?

It is best to uninstall any other software in the same category for this to work optimally.

 

Upcoming: 

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

 

Sophos SSL VPN – Save Password

Sophos SSL VPN is a VPN software that establishes a highly encrypted and secure tunnel for remote workers to connect to. The end-to-end encrypted tunnel requires both an SSL Certificate and a username and password combination for authentication and to create a secure connection.

 

Sophos SSL VPN Client does not allow to save the username and password credentials by default. However, there is a workaround to save the username and password.

 

 

How to Save Password in a Sophos SSL VPN Client

  1. Create a text file with username in one line and password in the next line
  2. Save the file name as Password.txt
  3. Save it to the path location “C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config”save credentials sophos ssl vpn 
  4. Run Notepad with Administrative Privileges
  5. Open the configuration file in the above location. Scroll down to the line “auth-user-pass” and update that to:
    auth-user-pass password.txt

 

That’s it! You should now be able to just double click the Sophos SSL VPN Client icon and it will log in automatically without you having to enter the credentials.

 

Disclaimer:

However, we would like to bring to your notice that we do not endorse this. because if your systems’ security gets compromised for eg: A hack, then it could fall into the wrong hands.

Upcoming:

We keep uploading new blogs every week on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

 

Linux Server- Backup Directories & Files

Linux Servers are one of the most flexible and safe servers providing high-end security. Many admins and developers use Linux Servers to keep backups of their data and files. This blog explains how you can back up the individual files and directories in a Linux Server. 

For demonstration purposes, we’ll be working on Ubuntu, one of the most popular Linux Servers. Folders in Linux are addressed as Directories.

Step 1: 

Creating Directories- If you do not have any directories created yet, create a directory as per the below screenshot. 

The mkdir function helps create new directories. We have created a directory named FileforBackup

linux server- mkdir

 

The ls function will show you the created directories and files. 

linux server- ls

 

Step 2: 

Create files-  create multiple files inside the directory by using the cat command. 

linux server- cd

 

 

Step 3: 

Create one more directory to store the backed-up files so we can store the entire directory or file in the specified location. We have named the directory as “Storage Location”

linux server- directory for backup

 

If you want to take backup your files to any external disk or external storage by using the mnt command mount the external device and you can specify the external device path. 

Step 4: 

In this step, we can find the path of directories by using PWD command. 

  

mnt function

Step 5: 

By using rsync command, you can easily can take backup. 

Use the -a (archive) option to preserve attributes of files.

The -v (verbose) option forces rsync to list the files as they are being copied.

The syntax should be as follows: rsync specifiedpath destinationpath 

 the syntax

  

Step 6: 

You can find the backed-up file in your destination path. 

rsync function

Lastly, complete the backup process by using the rsync command. 

In the same way, we can back up the entire machine to any specified location as well.

Note: If you use any external hard disk or any external storage device to make a backup you should mount that device in any specified location.  

 

How we can help:

Our server team can help with the installation, configuration, deployment and monitoring of Windows/UNIX/Linux based servers. Want to migrate or do an audit of your server? We help you with all your server needs along with proactive support for the server and IT infrastructure.

Lets-encrypt-winacme

Let’s Encrypt- Upgrade Win-Acme Version 1 to Version 2 

Win-Acme has reached end-of-life (EOL) for Version 1. Any renewals running on v1 will not work and it’ll have to be upgraded to win-acme v2. Followed by, the certificates being imported from v1 to v2. This blog will walk you through how you can upgrade win-acme version 1 to version 2.

Let’s Encrypt is a non-profit Certificate Authority that provides TLS certificates. These are free certificates to protect the traffic between your website (domain) and visitors. TLS stands for Transport Layer Security and SSL (Secure Socket Layer) is its predecessor. 

TLS Certificates are digital or private key certificates and files that are used to certify the ownership of a public key. 

The Certificate Authority (CA) signs and certifies indicating that they have indeed verified it and that it indeed belongs to the owners of the said domain. 

 

https

What information is carried by a TLS or SSL certificate? 

TLS or SSL Certificates contain: 

  • Domain Name 
  • Sub-domain Name 
  • Organization Name 
  • Name of the CA
  • Date of Issuance and expiry 
  • Digital Signature 

 

Port 80- Indicates HTTP- connects users to an unencrypted network 

Port 443- a default port for a secure encrypted protocol- Indicates HTTPS- connects users to a secure network. The port enables encrypted communication to pass between the server and the browser. 

 

What is Win-Acme? 

Win-Acme (Automated Certificate Management Environment) is an ACME client for Windows, hence win-acme. It is used with Let’s Encrypt, which was formerly known as letsencrypt-win-simple (LEWS). 

If you are considering using Let’s encrypt, win-acme will provide you with an automated and reliable way to renew the certificate. 

Ultimately, the most important aspect of any ACME client is the automatic renewal of the certificate. Win-acme creates a single scheduled task to renew all certificates on a server. This task does all the work to renew the certificate as soon as the first certificate is created.

 

This article will walk you through how you can perform the update: 

    1. Download win-acme v2.1.18
    2. Extract the contents of the zip file to a folder in the C drive
    3. Open the destination folder and run the file named “wacs.exe” (shown below) with administrative privilegesupgrade win-acme setup file

      win acme 2

    4. Select Option “O” followed by Option “I”. O will help manage renewals and I will import scheduled renewals from the previous version of win-acme. This will give you a list of options. You can go with the default options unless there are any settings that you need to modifyupgrade win-acme option O

      wacs3

    5. Now that you have imported the renewal tasks to the new client version, you can view and manage the renewals using option “A”.  Or you can directly select Option “R” which shows the number of renewals that are currently due.

Final step- upgrade to winacme version 2

Post-renewal and upgrade of Win-acme 

Post the renewal initiation, it will ask for the email address that you would like to receive your notification on, for any reminders and notifications.  

As with the previous version, make sure that port forwarding for port 80 and port 443 has been set up to the server.  on the IP address being resolved on the hostname for certificate SAN (Subject Alternative Name). Otherwise, the verification by Let’s Encrypt will fail and the certificate renewal will have an error. 

 

Upcoming

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

Fetch Office 365 group details

Here’s how you can fetch all Office 365 group details

An O365 Administrator has the right and the duty of managing all the users in the portal. By running this script, a Global Admin can set parameters and at once fetch any data they need from all the groups present in O365. 

The script will connect to Azure AD (Active Directory) first and extract details of each group present in the directory.

The admin can change the parameters as per need and decide on what the output will be. The output will be exported in a .CSV file and will be stored in C Drive. You can also change the storage location path and the file name too. 

 

How to Run the “Fetch Office 365 Group Details” script : 

Step 1 

Open PowerShell as an Administrator 

 

Step 2 

Write command Connect-AzureAD. Press Enter 

 

Step 3 

Post this step, a login window will pop up in which you need to enter the credentials of the organization for whom you need to pull out the data or report

Script- O365 login

Step 4 

Once you successfully log in or connect to AzureAD for your respective user or Organization you can get the information about the Account in which you are logged in, environment, Tenant ID etc… 

Script- O365 Step 4

 

 

Step 5 

After that, you need to copy and paste the script into PowerShell and press enter. 

NOTE:  This is when you can choose the location path for the .CSV file. Mentioned below in ScreenShot. 

Step 5

 

 

Step 6 

Once the script runs successfully, the .CSV file storage path will automatically show up in PowerShell. Once you hit enter, your chosen file name will be exported to the chosen storage path accordingly. 

In this case, we have set C: Drive for file storage and set DATAforBLOG as a file name.

Step 6

 

Script Hub -Explore a library of free Powershell Scripts

To find more such useful PowerShell Scripts, head over to Script Hub in our Resources Section.

 

Upcoming: 

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

 

Disconnected Domain Controllers

Disconnected Domain Controllers- Here’s the Solution

Windows Server 2016 standard with Server Essential role installed as PDC displayed a critical alert saying “Disconnected Domain Controllers” 

 

An introduction – Domain Controllers

The role of a Domain Controller (DC) is to authenticate and validate users and their level of access on a network. Whenever a user in the network logs in to the domain, the DC validates their credentials based on which they are either denied or allowed access. 

Often there are 2 Domain Controllers in a network, a Primary Domain Controller (PDC) and a Secondary/Backup Domain Controller (BDC). Both of them should be in sync. The PDC maintains the main directory database to validate the users on their network. Whereas the BDC contains a copy of the same. If ever there is a problem in the PDC or the database in it gets compromised, the BDC can be used. 

 

The issue – Disconnected Domain Controllers in Windows Server Essential 2016

After a recent password change, the server running the Windows Server Essential was not receiving any signal/heartbeat from the domain controller. Here’s a screenshot of the Windows Server Essential Dashboard which displays the Critical Error of disconnected domain controllers.

The error message

Possible Causes 

  • Lack of network connectivity 
  • Missing DNS entries 
  • Root hits missing or resolution issue 
  • PCNS issue 
  • PCNS target missing 
  • Time synchronization issue 
  • Integration break between an on-premise server with O365 in Server Essential 

 

If the PCNS (Password Change Notification Service) Target is missing: 

  • Go to the Start Menu and launch the ADSI. Edit MMC and connect to the Default naming context [DC01.domainname.local], DC=domainname, DC=local => CN=System => CN=Password Change Notification Service

    ADSI
    adsi next step
  • The attribute field would be empty (If it exits take back up & delete it)connection settings

  • Navigate to the path:
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\SchCache and rename the *.sch files

    rename .sch files
  • Navigate to the path %LOCALAPPDATA%\Microsoft\Windows\SchCache and rename the *.sch files


  • Restart the Password Change Notification Service

PCNS

 

 

Now, 

Go to path C:\Program Files\Microsoft Password Change Notification

Then, open Command Prompt,

command prompt


 

Add PCNS target manually by running the below command:

“C:\Program Files\Microsoft Password Change Notification>pcnscfg.exe ADDTARGET /N:ESSENTIALS_PWD_SYNC_DC01 /A:PDC01.domain_name /S:ESSENTIALS_PWD_SYNC/ PDC01.domain_name /FI:”Domain Users” /F:3 /I:60 /D:False /WI:30”

 

  • Now PCNS Target should be added successfully
  • Check the target list by running the “pcnscfg.exe list” command. There must be a target that was added as per the above command


    Now the disconnected domain controller alert should be resolved.
     

 

Upcoming: 

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

 

 

Infrassist Technologies Pvt. Ltd. is ISO 27001:2013 Certified

Infrassist Technologies Pvt. Ltd. is proud to announce that we have been certified with ISO 27001:2013 for the second consecutive year. This certification is proof of our persistent efforts to serve our clients and safeguard their data.  

The adoption and establishment of an Information Security Management System (ISMS) enable us to preserve confidentiality, integrity and availability of information by applying a risk management process. The system is a part of our organizations’ processes and overall management structure. This gives a surety to us, our customers and prospects that we have an appropriate system in place to ensure minimized risks and efficient management. The ISMS at Infrassist conforms to the standards and the processes in place are adequate for the risks identified. 

Our ISO 27001:2013 certification shows that we provide 24x7 superior Network Monitoring and Managed Security Services to clients for Data and Information Protection. 

 

What is in it for our clients? 

This certification ensures that our clients can count on us for the safety and security of their data, which is our utmost priority. Your data is in safe hands.

An ISO 27001 Certification helps us:

  • Keep confidential data secure and allows secure exchange of information. 
  • Minimize risk exposure 
  • Have a competitive advantage 
  • Show that we are consistent in our service delivery 
  • Protect the company, its assets, shareholders and directors 

However, we don’t stop here. We assure you that we will maintain this standard and go above and beyond to ensure that your data is safe. We also promise to continually improve our Information Security Management Systems and abide by its norms and specifications to retain the trust and exceed the expectations of our valuable clients. 

Besides, in case you want to view our ISO certificate, feel free to reach out to us. 

 

 

Enable Automation via Scripting

Reasons why you should Script and Automate  

What is Scripting and Automation? 

Many organizations prefer automation not to reduce their staff count but because they want to do more with their existing staff. Enable Automation via Scripting and it can save time and reduce man-hours on repetitive tasks. The mundane IT tasks will not coincide with employees’ routine tasks. The admin can run a script and operate and execute a single operation for multiple workstations. A Script contains a launch point, a source code, variables and syntaxes which has binding values. 

 

Why Scripting and Automation? 

Let’s assume that XYZ Organization has 100 people in their organization, and there is a need to install a particular software on all systems, you can do that by running a script.  

Application Installation Script helps you do that. This script can be modified according to your organizational needs; one has to change the URL and name the software they want to install. Run the PowerShell script and it will install the software silently and the employees’ work will not be hampered. 

Assume that XYZ Organization wants to clean up all temporary files and junk files from their users’ system, XYZ can execute the action, at once by running the Disk Drive Cleanup Script. 

Have multiple users been moved from or left your organization but their user profiles are still active? With the Delete Unwanted User Profiles script, you can delete User Profiles that have remained inactive for X number of days. The days can be modified according to your needs 

These are just a few of the many functions a script can enable you and your organization. 

 

Benefits 

  • You can automate your mundane tasks 
  • Save Time 
  • Increase employee productivity 
  • Reduce Manhours on repeated tasks 

 

Why Script Hub? 

The main aim behind creating a webpage/ a Script Library is because we want it to be a one-stop-shop for all your scripting needs. The PowerShell Automation Scripts we have uploaded on our Script Hub Web page range from Scripts to clean up C drive to scripts that create bulk users in the active directory. 

And if you do not find a script that you were looking for, you can even send us requests citing your requirements. Enable Automation via Scripting using our PowerShell scripts to smoothen your operations, while we take care of all the back-end technicalities. 

We’ll be adding new scripts to our Script Hub on a monthly basis. Our Script Library also gives you an option to Subscribe, so that every time a new script gets uploaded on our website, you’ll get notified. 

 

Disclaimer 

Our intention is to make our Script Hub a one-stop destination for you to find various Scripts. Our Scripts are a culmination of scripts and syntaxes we have gathered from various sources over the Internet. Although all the scripts uploaded on our website have been tried and tested by our team of engineers, we do not guarantee seamless execution. PowerShell Scripts don’t work on a one-size-fits-all concept, with the intricacies of Managed Service Providers (MSPs), it can be rather difficult. Some scripts might work well for one and not for another. We suggest you run a scan before executing this in your system. 

 

Microsoft Viva

Microsoft VIVA- The new Employee Experience Platform

Microsoft has always taken a step towards enhancing workplace collaborations and communications. A platter filled with tools that fulfil all your business needs that lets you stay in touch with everyone, ease collaborations and tools that enable every employee to receive constant updates, whether it be Microsoft Teams, SharePoint or OneDrive. Aligning with the idea of sharing and collaborating, Microsoft has come up with a new tool, a new product named Microsoft Viva. platform designed to help people collaborate efficiently, gather knowledge, learn & engage. 

Let’s know more about the tool. 

 

Microsoft VIVA 

Aimed at enhancing an employees’ remote work experience by connecting and collaborating, Microsoft Viva is an “An AI-powered solution that discovers, organizes and surfaces what matters”. It will act as an Employee Experience Platform (abbreviated to EXP) aimed at increasing employee productivity, proper communications and prompting employees to take a break.

 

How can MSPs benefit from Microsoft Viva? 

With the onset of COVID-19 and workplaces shifting to individual houses, collaborations, learning, sharing insights, has been difficult. Although Microsoft Teams has made it very easy for geographically dispersed employees to connect and communicate, with VIVA, Microsoft has taken a step ahead. The entire workforce was forced to work-from-home during the pandemic and so were MSPs. A platform like Viva could prove really helpful and was designed keeping in mind seamless collaborations and learning to take place. All these Apps would be made available through Microsoft Teams which has over 115 million users on a daily basis.

To enhance the employee experience, Microsoft has teamed up with SalesForce, Headspace, Coursera, edX, Cornerstone OnDemand, Slack, LinkedIn, Workday, Skillsoft, Zoom, glint, SAP SuccessFactors and many more. 

VIVA has been bifurcated into 4 modules, Viva InsightsViva TopicsViva Connections and Viva Learning. Prices of each will be disclosed as and when they release them. They’ll be rolling out the modules over the next 3-6 months as an add-on to the m365 subscriptions.  

Viva Insights and Viva Topics are available for purchase as an add-on to all Office 365 and Microsoft 365 plans. You can see pricing here.

 

Viva Insights: 

Tenants who have enabled Viva Insights will be able to download the Insights App within their Microsoft Teams. 

There’ll be three tabs within Insights- Home, Stay Connected and Protect Time. The Home dashboard will have focused time- to help you focus on your core tasks and aiming at personal well-being there’s a tab for guided meditation. At the end of your workday, you’ll be shown an overview of your calendar for the next day, prompted to reflect on your day. Helping you wrap up your day in a mindful way. 

The Stay Connected feature will help pin people and will show you AI-based task suggestions clubbed with reminders regarding follow-ups.

The Protect Time feature will help block times for an individual so that he/she can focus. 

The weekly emails from Microsoft’s Cortana will help the employee set aside time for Learning, Connecting etc. The mail will also give Links to take up LinkedIn Learning courses. 

 

Viva Topics: 

Viva Topics will be available within Microsoft Teams itself.  Viva Topics will help an individual learn something new. During the communications that take place within teams if there is something that is new or unknown to the employee, they can simply hover over the word or the topic, which will then show you a Topic Card that shows a brief summary of the word. Along with the brief summary, the employees will also be shown who the experts are in the field and a list of related documents. When expanded, Related Topics, discussions, a repository of files related to the topic, etc. will be shown. 

These Topic Cards would be made available not only in Teams but also OutlookSearch and other M365 Apps. Users can also add and create new topics. 

 

Viva Connections: 

Think of it as a gateway to your digital workplace. It is “built on M365 capabilities like SharePoint to provide a curated and branded employee destination.” The content shared can be customized for specific roles within the company. Viva Connections will be rolling out in the near future: stay tuned for more news on this one at Microsoft Ignite 2021!  

 

Viva Learning: 

Being part of an organization that enhances ones’ skillset and knowledge, is what every employee wants. Where you learn every day and it aides an employees’ career growth. Viva Learning creates a central hub for learning within Microsoft Teams. The Learning Hub would help people discover, share, pin, recommend and learn from online educational platforms. 

On Viva Learning, employees can learn from online learning platforms like Coursera, edX, LinkedIn Learning, Pluralsight, Skillsoft and many more. Courses will be recommended to an individual with the help of AICurated courses would show the right content at the right time, to increases the chances of people viewing the course. 

 

Below we have answered some questions that you may have regarding the platform

Should one use Viva? Is it the same product, packaged differently? 

Yes, Indeed. Viva will be integrated with Microsoft Teams to enhance the employees’ experience. The platform is a culmination of various Microsoft features bundled and integrated into Teams. Microsoft Viva will be a one-stop-shop for an organizations’ needs.

 

How will it enhance productivity? 

Productivity will be improved because all different tools and functions offered in M365 will be available in a single platform- Microsoft Teams. You won’t have to juggle between different apps or software. 

 

How is Microsoft Viva different from Microsoft Teams? 

It is different from Microsoft Teams in a way that many different features have been combined into the Teams Platform. The usual employee conversation and collaboration would still be intact with the benefit of enhancing conversations through learning, knowledge and prioritizing what’s important.  

 

In how many languages is Microsoft Viva available? 

Currently available in English, Microsoft will extend support in Spanish, French and German in the second half of 2021. 

 

As Viva Learning acts as a central hub for courses from Coursera, edX, Pluralsight etc., does one need to buy these courses or will they be available for free? 

Let’s say a Marketing Course was circulated in Viva Learning but there is a course fee to access and join the course; the user will have to pay extra. But since some LinkedIn Learning, Microsoft Learn offer lots of free courses, those course videos can be consumed for free. 

 

How useful is Microsoft Viva for Small & Medium Business (SMBs)? 

Although SMBs can use it, take their 30-day trial and see if they find it beneficial or not. But considering the prices of $5/per user/per month, it could be expensive for SMBs. Businesses that have a large workforce, big teams and a huge budget could find Microsoft Viva to be really useful.  


 

Upcoming

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries.