What is Windows Autopilot

What is Windows Autopilot and the purpose it solves

Windows Autopilot is the most helpful in the scenario that we all have been in the last 2 years i.e. Work-from-home. After the initial few months, companies started recruiting again but what remained constant was working from home. Devices were handed over to the new employees in business-ready state, with all the apps and tools that the organization uses. Or if an employee leaves the organization and a transfer-of-ownership of the system has to take place. How does it all work? How is the device given to the employee in a business-ready state? What is the tool which enables that? 

Windows Autopilot is the answer. 

 

What is Windows Autopilot? 

A Zero-Touch experience for the deployment of new devices. The go-to service or method powered by M365, used to deploy new upgrades and keep the device in business-ready state. It simplifies the way devices are deployed. It helps reset and format an existing device and keep it ready for the next user that will be working on the same. 

The entire procedure of custom image files is cut short. There is no need for setting up the device from scratch; everything is automated via the cloud. Autopilot helps reduce time spent on repetitive tasks and you can see an increase in productivity. The onboarding procedure and device management would also be seamless for the organization as well as the employee.

 

What purpose does it solve? 

Configuring the latest Windows OS on new devices is a tedious process. Windows Autopilot was built to help ease the procedure for an IT Admin and buy them more time. OS Deployment used to happen earlier with SCCM, which got rebranded to Microsoft Intune. Ideally, an OS Deployment takes place by reloading OS with Custom Images for which the organization needs to maintain a large infrastructure to save WIM files of each device. 

But with Windows Autopilot, the complexity gets reduced. It automatically joins devices with Azure AD and enrols devices in Intune. 

 

How to get started? 

The IT admin of the organization or the hardware vendor has to register the Autopilot devices they acquire into Azure AD Tenant. The IT just needs to customize the setup and deployment configurations and experience for the end-user by creating an Autopilot profile. 

Post registering and configuring the Autopilot profiles, the global administrator then restricts or provides access.

Once that’s done you ship the device to the employee.

As soon as the employee receives the device, they need to turn on the device and connect to the Internet. After which they need to input the organizational credentials. The device will be recognized by the cloud, it’ll join Azure AD, enrol with the MDM Service and pushes configurations accordingly to get the device back in a fully business-ready state. It would have all the apps the organization uses and the ones that the user may need to be productive. 

 

Windows Autopilot: User-driven and Self-Deploy 

These are the 2 modes under Windows Autopilot: 

In User-driven mode, the user can configure the device provided to him/her and they can convert it into a ready-to-use state. Nowhere is there an involvement of an IT Admin, it is near to Zero Touch Provisioning procedure. The user just has to open/turn on the device, connect it to the Internet and enter. This mode is for an independent/dedicated user. 

Self-Deploy is designed to deploy Windows 10 as a Kiosk on the laptop. This mode is for shared device users. In this mode too, the user has to join Azure AD and enrol the device with an MDM and ensure every policy, certificate or app is deployed and provisioned. A TPM hardware is needed to authenticate a device into an organizations’ Azure AD. 

Reset- Bring/Reset the device back to its default settings. The OS wouldn’t get erased but everything else would. 

Format- Erasing everything on the drive, including the OS. 

Even if a device or system has started malfunctioning, at that time too, a format or reset would be necessary and all of that can be performed with the help of Intune and Autopilot. 

Microsoft Intune helps in building and pushing policies and helps deploy and manage devices and apps. Whereas what Windows Autopilot does is help to provision the device in a ready-for-business state. 

 

Conclusion: 

Windows Autopilot is another one of Microsoft’s tools to make life easier for businesses and IT Personnels’. It is certainly a tool that has the ability to cut short the time it takes to provision a device and eliminate the custom image file fuss. Provides a smooth transition if you want to make the move from the traditional legacy systems to the newer methods. As your business hires more staff in-house and remote, adapting to methods like these will be highly beneficial in the long run.

 

Upcoming:

We keep uploading new blogs every week on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

 

dlp prevent external sharing of Teams Recording

Data Loss Prevention (DLP): Block External Sharing of Teams Recordings

Surely people are gradually getting back to their offices and meetings have started to take place in person. Just imagine, during the lockdown period, you must have conducted a bunch of meetings that had confidential things being discussed. What if the data ever gets leaked and falls into the wrong hands? What if falls in the hands of your competitors and sensitive information gets leaked and they make the move ahead of you?

You need to have a policy set in place which blocks external sharing of data and prevents data leaks. This is where something like DLP comes into play.

 

Earlier:

Microsoft Stream, launched in 2017, was the source where all Teams recordings used to get stored as soon as the meeting ended. At Ignite 2020, Microsoft had made an announcement wherein they said that now tenants can opt to use OneDrive to store the latest recordings. Then 3 months later, it was announced that all recordings will be now stored in OneDrive unless the organization chooses to continue using Stream. But in August 2021, all tenants were switched and the latest Teams meeting recordings will now be stored in OneDrive even if the organization has set to Stream.

All recordings will now be explicitly stored in OneDrive for Business and SharePoint Online. As for the Microsoft Stream links, the links will be completely redirected to OneDrive and SharePoint Online.

 

Why did Microsoft move from Stream to OneDrive?

The whole idea behind Microsoft is to make everyday work seamless. Although Stream was created with the purpose of users being able to create, upload, view, store, and manage video files. The issue with Microsoft Stream was that it does not integrate well with the other M365 apps and used to get stored separately.

 

Now, what can you do to ensure that the Teams Recording stays within the organization and isn’t shared externally?

This is where Data Loss Prevention (DLP) comes into play.

 

What is DLP and how exactly does it work?

DLP detects sensitive information through deep content analysis. Even while the analysis is going on, it won’t affect the work of the people who are currently working on the content. In short, it protects confidential, sensitive data to reduce inadvertent risks and prevents users from sharing data and files with people who shouldn’t be having it. DLP Policies are stored and synced to OneDrive for Business, Exchange Online, SharePoint Online Sites etc. Once synchronized, it can block sharing of data and Teams recordings (in this scenario) with people outside the organization.

When creating policies, choose the locations to apply and then create rules where the condition is defined in the form of sensitive info types and then you can choose to encrypt the file, remove it etc.

 

How to build a DLP Policy to prevent sharing of Microsoft Teams Recordings

The rule looks for any file with the property value ProgId:Media.Meeting that is shared with someone outside the organization. The rule action blocks sharing the data or file with people external to the organization. In the below-attached image it shows what the rule conditions look like. Optionally, the rule can allow users to override the block by justifying explaining why they need to share a recording with an external person.

# Connect to Teams and update the meeting policy

Connect-MicrosoftTeams -Credential $O365Cred

# Update the Teams meeting policy for US employees so that their meeting recordings are stored in OneDrive

Set-CsTeamsMeetingPolicy -Identity “U.S. Region Workers” -RecordingStorageMode OneDriveForBusiness

 

 

A step-by-step walkthrough

  • Navigate to https://compliance.microsoft.com/homepagedlp m365 compliance centre
  • Go to Data loss Prevention on the left-hand side
  • Then Data Loss Preventiondlp create policy
  • Using a custom policy here, but one can also use templates.create custom policy
  • Add a name and descriptiondlp name your dlp policy
  • Specify the location which we want to control in this case we need to select the SharePoint site and OneDrive account and the location of the particular path.dlp choose location to apply policy
  • Define the Policy settingsdlp define policy settings
  • Create rules
  • If the user ignores the warning and goes ahead to try and share the recording anyway, they won’t be able to do this because OneDrive for Business blocks the attempt to create and send a sharing link

 

Once you’ve created the DLP Policy, it’ll take up to an hour for it to come into effect. Also keep in mind that once a meeting has ended and a recording is created, it’ll take a few minutes for the new file to get encrypted. So if somebody shares a file before the encryption is in place and shares it with any external party, it is possible for them to view it but as soon as the block is in place, the link shared previously will get nullified.

 

Pros and cons

Pros

  • Provides more visibility and greater control into Data Exchanges
  • Enforce authorization procedures before accessing sensitive data
  • You can’t copy/download and send

Cons

  • Deploying a DLP policy takes a lot of time and effort
  • You need to keep an inventory of all data
  • Require precise data flow policies
  • You need to audit the access levels of each user within your organization

 

 

Upcoming

We keep uploading new blogs every week on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

change username in AD and O365

How to Change Username in AD and O365 without deleting the Profile

Change Username in AD and O365

Read to know how you can change username in AD and O365 without having to delete the profile of the user.

  1. Connect to your DC Server using Admin credential
  2. Then, open AD Users and Computers and select that user needs to be updated name
  3. Right-click and renamechange username
  4. Set the Full name old username to new username and add appropriate Full name, First, Last and Display name (new username)
  5. Make sure the Mail attribute is with a new username by checking in user propertieschange usernames in ad properties
  6. Open Elevated Windows PowerShell in DC Server and run sync command to sync newly added username to O365 by using this command: “Start-ADSyncSyncCycle -policyType Delta”policy
  7. Go to the O365 admin portal using the Admin credential and check the name. You may see the old username but with a new Display name.
  8. Now, connect to DC again and open Elevated Windows PowerShell to sync the same name as the display name in O365 like AD.
    Use this command: Connect-Msolservice and enter Admin credential and then
    run 2nd command: Set-MsolUserPrincipalName -UserPrincipalName oldname@test.onmicrosoft.com -NewUserPrincipalName newname@test.onmicrosoft.com
  9. Go to O365 and check and it must be showing a new name.
  10. Connect user PC/Machine with the new username.
  11. Open Elevated Command Prompt and run whoami in Command Prompt. You might see an old username as a profile path.
  12. Then, login with Admin user in same PC/Machine and go-to C:Users and rename old username with new username.
  13. Open Elevated Command Prompt and run this command to sync “gpupdate /force” and sign outupdate policy ad & o365
  14.  Login with a new user account, we can see that this user logged in with a new user but in c:userstemp profile.
  15. Now, open Regedit in user machine and go to path HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList and check for profile image path C:UsersTemp and rename it with “.temp” instead of “Temp” at the last in the profile listregistry editor AD
    registry editor
  16.  Remove “.back” from the Profile image path C:usersold username to change it with  C:Usersnewuser name.
  17. Login with a new username on PC/Machine and check the user profile path by opening CMD. it should be like C:Usersnewuser profile path.
  18. At last, check any shared drive/network drive path or any path linked (like Roaming Profile etc) from DC. This is to make sure all data appear correctly to the new user profile in the new user PC/Machine. 

Upcoming:

We keep uploading new blogs every week on our website- keep an eye out for those.
Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries.

Microsoft: Go Passwordless

This Wednesday, Microsoft announced that it will let you go passwordless on its MSAs (Microsoft Accounts) now. Another one of the major moves by them indeed. Most passwords being easy to guess and hack had led many to allow sign-in through a password and two-factor authentication via security keys, emails or SMSs. But what about the situation where you have to remember a separate password for each of your accounts? That’s too much of a hassle too. This means that we will be able to sign in to M365, OneDrive, Teams, Outlook, Microsoft Edge, Family Safety etc without the need for a password. 

The passwordless sign-in feature was available only to commercial customers since March 2021 but now will be made available to all Microsoft Accounts. 

Passwords happen to be a loophole and a sweet spot for cyberattackers to infiltrate someone’s privacy. You can use Microsoft Authenticator and Windows Hello App to log in to your MSA. 

Microsoft also says that before downloading the app and going password-less, all your devices should have the latest software updates.
So those using the outdated versions of Windows will not be able to use this feature. 

This feature hasn’t gone live yet but users can expect it to go live in the coming few weeks. Your Azure AD accounts do not have the option of going passwordless but the feature will be available soon. Microsoft has announced that it is working around a way to eliminate passwords for Azure AD accounts as well with admins having the option to choose whether passwords are required, allowed or non-existent for some specific users or a group of users. 

 

Passwords can be frustrating: Go Passwordless

Let’s agree on something, if you’ve set the same password for most of your digital accounts, you are at great risk. If you have different passwords for your accounts, it’s practically impossible for you to remember passwords for each and every one of your accounts unless if you’ve noted it done somewhere. 

Auto-generated passwords are not only difficult to remember but difficult to note down as well. 

Plus, passwords these days urge you to add alphanumerics, and special characters and upper cases. And if you ever happen to forget or reset your password, you can’t go back to a password that you’ve used before. How is a human supposed to remember these?  

This is what had led the tech giant to make this decision of going passwordless on its Microsoft Accounts. 

Easy-to-remember passwords leave you open to the risk of cyberattackers. These attackers can easily steal your passwords through brute-force attacks or buy a list of breached passwords on the dark web. 

And once hackers breach and get their hands on one password in the company network, it’s easier for them to access the passwords of others in the same network. 

 

How can you go passwordless on your MSAs? 

The apps you’ll need before going passwordless: 

  • Microsoft Authenticator App
  • Windows Hello- a biometric-based technology that will enable Windows 10 or 11 users to authenticate secure access to their devices, apps or accounts 

Install the Microsoft Authenticator App and link it to your personal Microsoft account. Visit your Microsoft account and go to the Advanced Security Options> Passwordless Account> Turn On 

Follow the next steps and go approve the notifications received from Microsoft Authenticator App. If you feel that you want to go back and reverse the change, you can do that too. 

 

Will your account be secure? 

When compared to traditional sign-in methods, signing in via security keys, or the Microsoft Authenticator App or biometrics (like fingerprints or facial recognition) prove to be much more secure. 

Will I be able to go passwordless with all my apps? 

You won’t be able to go passwordless if you are currently using any of the below,  

  • Windows 8.1 or earlier 
  • Office 2010 or older versions 
  • Office for Mac 2011 or older 
  • Products and Services that use IMAP and POP email services 
  • An Xbox 360 
  • Some features that use Remote Desktop and Credential Manager 
  • Some Command line and task scheduler services 

  

The Pros and Cons of Passwordless Authentication 

Pros:  

No need to remember your password 

An improved user experience 

  • user can get rid of the password redundancy: The user will not use the same password again and again 
  • A more secure way to sign-in: it will save users from the brute force attack  (a type of cyber attack that will try multiple combinations of passwords

A faster more seamless user experience  

Cons:

Device Theft or SIM Swapping: You can’t do anything if your device or SIM gets stolen. It’s a much scarier situation if the thief is able to access your mobile device, they’ll have access to it all.
we can add as (sim swapping)

OTPs and authentication via the apps don’t ensure safety against all types of malware

Difficult to Troubleshoot: this is windows so might be possible that we can issue with the networking, can be get locked out because of that. 

Upcoming

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

Fetch Office 365 group details

Here’s how you can fetch all Office 365 group details

An O365 Administrator has the right and the duty of managing all the users in the portal. By running this script, a Global Admin can set parameters and at once fetch any data they need from all the groups present in O365. 

The script will connect to Azure AD (Active Directory) first and extract details of each group present in the directory.

The admin can change the parameters as per need and decide on what the output will be. The output will be exported in a .CSV file and will be stored in C Drive. You can also change the storage location path and the file name too. 

 

How to Run the “Fetch Office 365 Group Details” script : 

Step 1 

Open PowerShell as an Administrator 

 

Step 2 

Write command Connect-AzureAD. Press Enter 

 

Step 3 

Post this step, a login window will pop up in which you need to enter the credentials of the organization for whom you need to pull out the data or report

Script- O365 login

Step 4 

Once you successfully log in or connect to AzureAD for your respective user or Organization you can get the information about the Account in which you are logged in, environment, Tenant ID etc… 

Script- O365 Step 4

 

 

Step 5 

After that, you need to copy and paste the script into PowerShell and press enter. 

NOTE:  This is when you can choose the location path for the .CSV file. Mentioned below in ScreenShot. 

Step 5

 

 

Step 6 

Once the script runs successfully, the .CSV file storage path will automatically show up in PowerShell. Once you hit enter, your chosen file name will be exported to the chosen storage path accordingly. 

In this case, we have set C: Drive for file storage and set DATAforBLOG as a file name.

Step 6

 

Script Hub -Explore a library of free Powershell Scripts

To find more such useful PowerShell Scripts, head over to Script Hub in our Resources Section.

 

Upcoming: 

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

 

8 Microsoft Teams Features to ease collaborations in 2022

Microsoft has indeed leveraged the lockdown period to its optimum so much that Microsoft Teams has become an undetachable part of our professional lives now. You use Teams daily, but do you use it only to chat or schedule meetings when there is so much more that you can use it for? Read further to know about some underutilized Microsoft Teams Features which you should be using more.

Microsoft Teams has a feature inside which can increase the collaboration and efficiency of your team. 

 

1) Slash Function 

Want to find something quickly on Teams but it takes forever? Want to change how you appear on teams? Use the Slash Feature that helps you navigate to everything quicker. 

In the search bar, type “/” and you’ll see a list of options like the one shown below: 

Microsoft Teams Features-slash function

Navigate to the one that you want: 

Eg: If you type “/activity” Teams will prompt you to name a person. Once you enter the name of a person, you’ll see their activity in the “Teams” you have in common. 

 

2) Keyboard Shortcuts 

Keyboard Shortcuts are lifesavers.
Want to start a new chat? Alt+N
Want to speed dial? Ctrl+Shift+5 

Want to view all the keyboard shortcuts? Ctrl+. 

Microsoft Teams Features- keyboard shortcuts

For all the Keyboard shortcut lovers, ain’t that convenient? 

 

3) Chat in Native Language 

Members can even chat in their native language within a Teams chat and the “Translate” feature helps translate it. Type in Tamil, Hindi or Mandarin and the translate feature helps convert it to English. Although this is not highly accurate and it has minor errors, you can get a rough idea. 

Microsoft Teams Features- translate

Hover over a message that has been typed in another language, click on the 3 dots that appear over a chat, and click on Translate. 

Microsoft Teams Features- translate2

 

4) Mark as Unread 

Has this ever happened to you where you aimlessly were scrolling through Teams and you unconsciously clicked on a message and forgot about it? And later on, when the person asks you for an update, you realize that you haven’t done anything about it at all. It skipped your mind because it was not bolded (unread message). During times like these, marking messages as unread really helps. Just hover over a message that you’ve accidentally read, click on the 3 dots and select “Mark as Unread”. Voila, your message will now appear unread and you can always go back at it and work on it later.

Microsoft Teams Features- mark unread

mark unread2

 mark unread3

 

mark unread4

 

4) Polly 

An app within Microsoft Teams – If your Teams Meetings are often too boring and the members aren’t interactive, use Polly. Polly is an engagement app that captures instant answers from the ones that are a part of the teams meeting. It lets you create Q&A, Polls, MCQs etc. 

This lets one boost engagement and light up a dull Teams Meeting room. 

To access and use Polly… Within Microsoft Teams Application, Go to Apps > Search for Polly

Microsoft Teams Features- polly app

 

 

5) Create a private channel inside a team 

Let’s assume that you are part of a team that has 50 people of your organization and you had a meeting. But within the team, you want to have a private chat with a few select people about what has been discussed in the meeting. 

Within Microsoft Teams, go to Teams (1) > Your Created Team (here- Sales & Marketing) (2) > Add Channel (3) 

Microsoft Teams Features- Add channel

This form will pop up

Microsoft Teams Features- add new private channel

 

You’ll be asked to Name the channel, there is an option of setting the accessibility to Standard or Private.

new private channel created

 

As you can see, a channel by the name of “Marketing” has been created within the team “Sales & Marketing” 

newly created channel

The benefit of this is, within the group, you can create a sub-group and only the members included in it will be able to view and reply to your message. 

 

6) Channel Calendar 

Let’s suppose you want to arrange a meeting with all members of a Team/Channel and you want the calendar to be shared with everyone. You can do that by clicking the “+” sign.

Microsoft Teams Features- channel calendar 1

In the “Add a tab” dialog that appears, search “Channel Calendar”. This will let you create a calendar that is common for everyone. In the end, the members of the team can then decide if they want to add the created event to their personal calendar or not. 

channel calendar 2

Now that’s one of the Microsoft Teams features that can be useful for a lot of its frequent users.

 

7) Pop-out apps 

Do you want to view your chats but also have an app screen on display at the same time? Well, Microsoft Teams gives you the option to pop-out your apps. 

Right-click on the app and click on “Pop-out App”

Microsoft Teams Features- pop out apps

You’ll see a new tab for the app has now opened up whereas you can simultaneously chat with your team members in the Teams App. 

popped out app tab 

8) Approvals App 

You have a brilliant idea, or a task that you want to get approved- you can now manage approvals within the Teams app itself. Managing approvals has never been easier. Within Microsoft Teams > Apps > Search Bar> Approvals. 

As you can see below, you can keep track of all the approvals you’ve sent and received and you can request a new approval (top right).

Microsoft Teams Features- new Appprovals

 

As you click on that, a dialog box (like the one shown below) will pop up where you can add the type of approval (Basic, e-sign), you can mention the person you want approval from and also mention the reason and/or add attachments.

Approvals tab

Benefit? You don’t have to go to your emails and search and look around for Approvals. All your Approvals can be found in one single dashboard within the Teams App. 

 

Conclusion: 

Now wasn’t that a lot of information (helpful though, right?). Hopefully, you were unaware of at least a few of these Microsoft Teams features and found this article helpful. Stay on loop as we upload such informative blog articles every Wednesday on our website.

Here are links to some of the blogs that we’ve written which may be helpful to you: 

 

install line-of-business (lob) apps

How to Install Line-of-Business (LOB) Apps via Intune

Microsoft Intune (Endpoint Manager) helps create and deploy app protection policies for devices you want to manage. The Endpoint Manager helps manage apps on users’ personal devices. You can decide on which apps you want to protect, the level of protection needed, and how to find enterprise data on the network.

Because of the linking of Microsoft Intune to Azure Active Directory, device management becomes centralized and easy for organizations. This synchronization helps the organization ensure security and create a unified experience for all users in the IT Network.

So to categorize and give an overview of what Microsoft Intune can do, it can:

  1. Deploy Apps and Policies
  2. Configure and Manage Devices and Apps
  3. Secure devices using Policies
  4. Wipe-off data

This article shows how to install Line-of-Business (LOB) Apps (ATERA in this blog post) using Microsoft Intune. This would lead to the installation being silently run in the background on all or selective users or devices simultaneously. The benefit is that it would not impact or interrupt the end users’ work (except when it is a Linux System, as a prompt would be sent to proceed with the installation). 

 

Steps to install Line-of-Business (LOB) Apps via Intune:

Create a policy in Microsoft Intune and then push that policy forward- 

  1. Sign in to the Microsoft Endpoint Manager admin center
  2. Log into the Tenant Portal and go to the Microsoft Endpoint Manager Admin center.
  3. Then, Select Mobile Apps > Apps > Add App
  4. Under “Add App”, Select App Type > Other > Line-of-Business app
  5. In the first tab of “App Information”, go to “Select File”.
  6. In this, you need to select your .msi file. You’ll have to download Atera Agent into .msi format. In the App package file, browse and add your .msi file

    Install App Package file


  7. Once you do this, you’ll be able to see that Intune automatically extracts details from your .msi file. Details like the Name of the App, Platform, The App Version, The File Size,  etc. would be displayed. Click on OK.
    1. In the App Information, fill in the rest of the required details. Provide the Name which indicates the Process and the publisher name in their respective text boxes.App information

  8.  Once you are done with filling in the mandatory details, click on the Next button.
  9. In the second tab of  “Assignments”, you’ll see 3 subsections:

Required section:

Under which you have 3 options Add Group, Add all Users, Add all Devices. You can push the app to get installed in A Group, All Users or All Devices.

Add Group- Let’s you install the apps in a particular Group that you have created
All Users- Irrespective of the device the user is using, the apps would get installed on each users’ device.
All Devices- The apps would get installed on All the devices that fall under the company’s IT network. 

Available for enrolled devices section:

Apps are displayed in the Company portal app and website for users to optionally install. 

Uninstall section

This option uninstalls the app from the selected Groups/User/Device. 

Once you configure as per your requirement click on the Next button. 

 

Assignments tab

The third tab is “Review + Create”,
You can Review the configuration that you did and edit if changes are needed and then click on Create button. 

Once the steps are completed, the Atera agent will be installed in all the selected users’ machines via Intune. For any machines that are offline, the installation will commence once they are back online.

Install Apps via Intune

This procedure was for installing Atera Agent using an .msi file but you can perform similar steps to install any App of your choice.

  1. Once you login to the Microsoft Endpoint Admin Center
  2. Go to Apps> All Apps > Add
    1. You can either select an Apps installation file (like the steps shown above)
    2. Provide a link to the App you want to install
    3. Select an App from the list

Once you click on App Type, you’ll find a list that includes options of Store Apps (Android Store Apps, iOS Store Apps, Microsoft Store App), Microsoft 365 Apps and Other Apps (Web Links, LOB Apps, Built-in Apps etc)

Other

Want to know how you can install Virtual Android Applications via Intune, you can go ahead and read this blog right here.

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

automate outlook profile creation

How to automate outlook profile creations ?

You can automate the process of Outlook Profile creation without the user or admin having to do anything manually. 

ZeroConfigExchange is used to run the entire process with minimal interaction. It is a registry setting and creates a new profile using the SMTP address from your active directory. ZCE automatically configures one or many users with Exchange Online or Exchange on-prem. But to gather the configuration data, the underlying process being used is- Autodiscover. Outlook finds a new connection point made up of the users’ mailbox GUID+@+domain SMTP. 

Autodiscover. What it is and how does it function? 

Autodiscover is a feature of Microsoft Exchange. It was launched in 2007 and started becoming a part of the later versions of Outlook. It helps establish automatic connections between the exchange servers and Outlook. Autodiscover is a virtual directory and it is mandatory for mailbox configurations. No need for scripts and there is minimal user intervention needed. 

 

How does it function? 

When a user logs in to Outlook through a system or the app for the first time, it connects to the domain controller (DC). The DC validates the information/credentials. Post the validation, the DC assigns a URL for the host to contact the exchange servers. After which the outlook client/app contacts the exchange server based on the information received from the DC. 

Autodiscover function
How Outlook gains access to an offline address book and unified messaging

A virtual IIS Directory named Autodiscover is created along with an SCP (Service Connection Point) when a Client Access Server (CAS) is installed in Exchange Servers. The Client Access Server then checks for the user mailbox information and mailbox database located in the servers. After having checked the availability of the information, the data is then passed onto the CAS and then to the outlook client. 

Once the connection is established, it helps Outlook gain access to an offline address book and unified messaging. 

Automate Outlook Profile Configuration based on Active Directory Primary SMTP 

If this policy setting is enabled; whenever a user creates a new profile, his Active Directory’s primary SMTP address is used for the profile creation. The wizard used to configure profiles settings is not displayed to the user. No such user interface appears as the profile is created. 

Whereas, if this policy setting is disabled when a user creates a new profile, the wizard would be displayed and the user can specify an SMTP address of his choice. But if the user clicks on next, the default settings would be applied to it. 

Note: If you want only the first created profile to use the Active Directory Primary SMTP address and allow the other users to enter different SMTP addresses, then use the “Automatically configure profile based on Active Directory Primary SMTP address (one-time only)” policy setting instead. 

Where can this be used?

During E-mail Migration

Let’s say you want to perform email migration. Ideally, when the environment is switched from on-premise to the cloud, outlook profiles have to be created manually. Once you go through the following procedures, you’ll get to automate the entire process of Outlook Profile Creation. Once all this is done, all users in the domain will have a seamless transition from on-premise to cloud. 

New Outlook Profile Deployment:

A new employee joining the organization doesn’t have to configure his outlook e-mail profile. When Microsoft Outlook is installed on a system for the first time, ZCE could be configured via OCT. The user will not be prompted for anything while the process is going on.

Frequently Asked Questions

What is Outlook automation?

You can automate various tasks in Outlook. How can you do that?

Upcoming

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

Outlook Rules not Working- Solutions to fix

Outlook performs pre-defined actions automatically on all the incoming emails. These Outlook rules help filter out e-mails into folders. Some mails directly get permitted to the ‘focused’ folder, some into the ‘other’ folder and some to the ‘spam’ folder.  But this may not always work. Some users do face the issue of these rules not working properly. This blog article is aimed at giving you solutions on how you can fix the “Outlook Rules not Working” issue.

Here are the possible reasons why your Outlook rules may not be working-  too many rules, the file size of these rules could be large, some files/rules may be corrupt, rules are complicated etc. 

If you are facing issues with the ‘Outlook rules not working’ issue, for a mailbox, you need to check the below solutions: 

  1. Outlook Rules must be enabled

Ensure that rules are enabled as per the below steps: 

  • In Outlook, go to Files > Rules and Alerts. 
  • In the Rules and Alerts dialog box, look over the “enabled” checkboxes. Examine whether the concerned rules are enabled or not. If not, enable/ select them. 

 

enabled outlook rules

 

  1. Check if the Outlook Rules refer to a Deleted Folder or File

In case, the rules refer to a mailbox folder that has been deleted, you may face a problem. Check the dependencies of a rule by double-clicking it in the same Rules and Alerts dialog box. If you come across a file that refers to a deleted folder/file, you can replace the folder/file with an existing file. 

 

  1. Reset the SRS File 

If the SRS (send/receive settings) file is damaged in Outlook, that may cause the problem of the Outlook rules not working. You can reset the SRS file as per the below steps: 

  • Go to the location: C:\Users\username\AppData\Roaming\Microsoft\Outlook 
  • Rename the Outlook.srs file to Outlook.srs.old reset the srs file
  • Now, restart Outlook. You’ll see that a new SRS File has been recreated 

 

 

  1. Convert Client-Based Rules into Server-Based Rules

You can divide Outlook Rules into – client-based rules and server-based rules. Client-based rules only work when the Outlook email client is running.  Whereas, rules that work even when Outlook is closed, are server-based rules.

If it is a client-based rule, then it will be mentioned in the list of rules, as shown below: 

convert client-based to server based rules

 

If the rule is client-based, it’s possible that it won’t work in Outlook 2016, 2013, 2010, or other versions. Additionally, Outlook may not run when emails are received. To make the rules work even when Outlook isn’t running, log in to your account via web-based access, i.e. Outlook Web Access, and recreate the rules there.

P.S: Furthermore, out of both server-based rules and client-based rules, server-based rules will be applied first, followed by client-based rules.  

  1. Journaling NDR (This will need to be set on the Exchange Admin Panel) 

The email address is set to where the journaling NDRs (non-delivery reports) are supposed to land. 

Transport rules, inbox rules, MRM (messaging records management) will not work on the mailbox that is set to receive journaling NDRs. This is by design and could be the reason why inbox rules are not working on that mailbox.  

If you want inbox rules to work, then you will need to change the email address to some other email address.  

journaling ndr

To change the email ID, please run the following PowerShell command while connecting to Exchange Online: Set-TransportConfig -JournalingReportNdrTo email 

To completely remove the email address, kindly run the following PowerShell command: Set-TransportConfig -JournalingReportNdrTo $null

 

  1. Delete and Recreate the Rules(Use with caution! This will delete ALL rules in the selected PROFILE) 

You can delete the rules and then recreate them if the above solutions fail, or if the rules are corrupted/damaged. For this, follow these steps: 

  • Close Outlook and go to the Run Command (Win+r). 
  • Enter outlook.exe /cleanrules and press Enter or click on OK. 

outlook.exe/cleanrules

  • Further, you can recreate rules in Outlook by using the Rules Wizard. 

Additionally, you can specifically delete rules that don’t work, instead of all the rules. For this, follow these steps: 

  • Open OutlookFile
  • Go to Manage Rules & Alerts
  • The Rules and Alerts dialog box will open up 
  • Lastly, select the rules you want to delete and click on the Delete option. 

 

clean and recreate rules

 

Upcoming

We keep uploading new blogs quite frequently on our website- keep an eye out for those. Here’s a blog that talks about some hacks that talks about 7 outlook hacks that will help you increase productivity in 2022.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

cloud migration

Cloud Migration: Reasons to migrate and tips to convince your clients

Reasons why you should migrate to the cloud

While we may think the majority of the companies have moved to the cloud, the recent Hafnium attack and many others portray a different story. There are many organizations that still function on on-premise servers and haven’t moved to the cloud. This shows that there are still many who are skeptical about Cloud Migration. The question here is, how secure is the cloud? Is cloud actually safe? 

Let’s answer this question for you then. 

The recent activities are a testament and throw light on how unsafe or vulnerable on-prem servers are. The simple answer to this is, that your data could actually be more secure on the cloud than it is on-prem. 

 

Here are the reasons why Cloud could be more secure

  1. Multi-Factor Authentication: Added layers of security with features like MFA, where before you sign in from a new device, an OTP or a verification mail is sent to verify your identity and ensure that the access is granted to the right person. 
  2. Safe attachments & Safe LinksCloud services, scan an attachment or any link that is being sent from another person. If the file is not secure, a message pops up which warns you to not download the files or open the link. 
  3. Encrypted data: Data and files are encrypted hence you don’t have to worry about your files falling into unsafe hands. 
  4. Quicker Operations: Your SMB will be able to coordinate and work on projects at a greater pace.
  5. Backups have your back: Doesn’t matter if you forgot to save your files, they will be automatically backed up on the cloud. You would never have to worry about losing a file or its content when you are working cloud. 
  6. Seamless Collaborations: A benefit that has come to use during this pandemic. Teammates can work on the same files, make changes, feel more connected, have office meetings online, cloud just makes it more seamless.  
  7. More Storage Space: Microsoft offers its licensed user 1 TB of free storage space on the cloud which would be difficult when it comes to an offline medium.
  8. Your data at your doorstep: You and your team can simultaneously work on the same file no matter where in the world you are. Even if you don’t have your laptop with you, or it’s damaged or corrupted, the cloud will have stored all your data in a safe place.

 

Tips to keep your data and systems safe: 

  • Update Patches regularly, as and when they are released
  • Have a good firewall in place- to keep you away from suspicious traffic
  • Enable MFA
  • Encrypt all your cloud data 

 

Tips on convincing your clients for Cloud Migration

As an MSP, if you want to convince your customers to migrate to the cloud, you must have a fool-proof understanding of the cloud which will help you understand the reason behind your clients’ reluctance, their dismissal and you’ll then have reasons to convince them for the migration. 

Once you frankly discuss the concerns your clients have migrating to the cloud, whether it be due to higher costs, data security etc., you’d be able to give them accurate solutions to mitigate these concerns. 

To give them something to trust, you can start with small changes, and then gradually aim for a complete migration to the cloud. 

Once your clients start using cloud services, there are high chances that they’ll be able to trust the platform better. 

Show them the unsafe world and then show them the safe world and how you can help them transition. Highlight the problems they may face when using an offline medium (higher chances of losing a file and never being able to recover it, limited storage, server hack concerns, etc.) 

Put forth the benefits of the cloud(larger storage space, backups and disaster recovery, constant maintenance, fewer chances of server getting hacked etc.)

Although cloud services may seem expensive initially but over time if you consider the operational costs you may incur in an offline medium, the cloud is a good investment. In order to keep up with the pace of this competitive world, cloud migration will be a saviour in the future.

Be honest with the pros and cons and leave the decision up to your client. 

 

Frequently Asked Questions

What is cloud migration?

It is the process of transferring or migrating any data, databases, apps, servers, virtual desktops or any other such business element to the cloud. It could be a cloud to cloud migration or an on-premises to cloud migration depending on the need.

 

What are the phases of cloud migration?

Discover, Plan, Migrate, Post Migration Support

 

How do you do cloud migration?

Expanding on the answer above would give a clear idea of how one can perform cloud migration:

  1. Discover: A phase where after taking the initial call, there’s a discovery session on what has to be migrated, the amount of data that has to be migrated
  2. Plan: Which migration method will be used, what will be migrated first and the stages in which it’ll be divided
  3. Migrate: As decided, the migration process is kickstarted and is completed in the stipulated amount of time
  4. Post-migration Support: Once everything has been migrated, one usually gives post-migration support for a small period of time to see if everything is running smooth and if any issues arise then remediation can be done immediately

 

What is 7 R’s cloud migration planning/strategies?

The 7 R’s are the migration strategies that have been renamed by AWS. They are –

  1. Re-host: The Lift-and-Shift Model, which is, moving from a dedicated platform to a shared one without any modifications. It is the most common migration method.
  2. Re-platform: Lift and Reshape. To optimize what is migrated to make it cloud-compatible
  3. Re-factor: Decouple and Rewrite. Migrate and Modify the architecture
  4. Re-purchase: Shop and Drop. Switch to another app/product
  5. Relocate: A hypervisor level lift and shift
  6. Retain: Keep the source environment as-it-is
  7. Retire: De-commission and remove the old on-prem server

What is the most common cloud migration model?

The most common cloud migration model is “Lift-and-Shift”.

Conclusion: 

Migrating to the cloud has immense benefits; yes, cloud services may seem expensive but curated packages and the pay-as-you-go pricing, can help cut costs. Packages start from basic all the way to premium, so your client can choose the one that is the most suitable for them. There are different cloud types and models available. Present them the package that you think would be appropriate for their business and then they will be more likely to purchase. 

Migration is an extensive, exhaustive process. Migrating to the cloud while taking care of the daily tasks and simultaneously growing your business can seem daunting, but it is important.

Infrassist utilizes industry-recognized best practices to design, build, deploy, and drive the right cloud solution that aligns with your clients’ needs. We will migrate your data from one cloud environment to another and take the burden off of your IT team.

 

Upcoming

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries.