Users: Your largest and weakest attack surface

October is Cyber Security month! When you exclaim that this month’s focus is security to most admin and IT stakeholders, you’re likely to receive a chuckle or an eye roll. They know the truth of the matter. Our mindfulness of security can’t be limited to a singular month. 

It’s an ongoing process that literally never ends.

Who then is Cyber Security month for? I’ll give you a hint. They interface with your organization’s data, devices and services daily and often don’t regard security as their first or even third priority. You got it; Cyber Security month is all about making your users more aware of the threats your organization faces.  

We often spend a lot more time discussing our plans to harden servers, implement new identity security policies or protect our users’ credentials with MFA. Don’t get me wrong, those things are essential in today’s world, but it’s hard not to notice a gap in those strategies. That gap is the users.  

Most experts estimate that 70% – 90% of malicious breaches start with or include some form of social engineering. Our users are every organization’s largest attack surface and softest target. Bad actors know this and are increasingly aggressive and cunning in their attempts. Every user holds something a bad actor would like to get their hands on. 

Take a user who doesn’t need access to any data or systems but needs email to communicate. If that user leaks credentials, it can still be a treasure trove for a bad actor in the form of a global address list harvest or intel derived from exfiltrated emails that allows them to refine and target spear-phishing attempts. When we read about a large breach in the news, we often picture a group coordinating an attack to launch all at once when it’s far more likely that attack started very small and happened over time.

So how do we go about hardening our users? It would be nice if we could just apply a patch or update their firmware, but a more tactful approach is needed. We believe that process is three-pronged.

Communication

Your organization culture around communicating anything IT-related is very important and often overlooked. 

Simply making your users aware of the current threats and where to report them can go a long way to thwarting social engineering. Be consistent with your communications. Set up a shared mailbox so multiple crafting IT-related messages can appear as one unified voice. Apply templates to your emails, so the appearance is consistent. Be concise; not enough or too much information can be harmful. Stick to the who, what, why, and how of the threat. Don’t forget to include where a user should go to report social engineering attempts.

Training

This can mean different things depending on the size of your organization. In smaller organizations, it may mean taking 10 minutes during a company meeting to show examples of social engineering attempts. In larger organizations, it may mean contracting a professional trainer to speak to individual business units or even training leaders in those units to talk about threats to their teams.

Attack Simulation

The benefits of a simulated penetration test against our networks are obvious, but we can also apply this approach to our users. An attack simulation targeting your users with social engineering or a fake malware payload will not only give your organization an idea of its vulnerabilities but is also one of the best ways to raise your users’ awareness. The approach of an attack simulation with training and communication as a fast follow can grab your users’ attention far better than any of these components on their own.

How do I simulate attacks? 

Just like network penetration testing, there are plenty of tools to help you launch attack simulations and parse the data you receive.  

  • Microsoft 365 Defender P2 – If you happen to have Defender P2 or an M365/O365 A5/M5/E5 plan, you have a very robust set of tools for simulating attacks.
  • Choose from a wide variety of templated attacks that help target specific business units, just like a seasoned spear-phisherman.
  • Simulate malware payloads and malicious links with a variety of different delivery methods.
  • Automatically assign pre-built training modules to users that click malicious links or input their credentials.
  • Robust after-action reporting to help you know where to invest in training.   
  • Now Micro Security Awareness Training – If you don’t have Microsoft Licensing, you’re not out of luck, Now Micro has the tools to simulate attacks against your Microsoft or Google environments.
    • Phishing Security Tests
    • Automated Security Awareness Program
    • Security Hints & Tips
    • Automated Training Campaigns
    • Phish Alert Button (Ability to report & delete phishing emails)
    • Phishing Reply Tracking (Track if a user replies to a simulated phishing email & what information)
    • Industry Benchmarks
    • Monthly Email Exposure Check: Monthly reports show which email addresses are exposed on the Internet and are a target for phishing attacks

Recognizing the growing need to protect all your endpoints, including your users, is our focus at Now Micro.  If you have any questions or would like our help, visit our Managed Services page on our website.

Notable Microsoft Teams Announcements!

The Most Notable Microsoft Teams Announcements of 2020 (through Oct) 

The later part of 2020 has seen a flurry of updates, previews and announced roadmap items for Microsoft Teams.  Let us look at the announcements that are likely to have the most impact. 

HealthCare: Virtual Rounding and Care Coordination 

2020 has been a stressful time for health care professional across the globe.  From exposure risks to PPE shortages, healthcare providers are turning to technology to provide solutions.   Microsoft has answered this call by announcing Virtual Rounding and Care Coordination.   

Virtual rounding, a Teams app that aims to reduce exposure while health care professionals do their daily checkups on their patients.  The goal is to limit contact to infected or vulnerable patients by leveraging portable carts equipped with video screen, mics, camera’s, and speakers.  This allows healthcare professionals to maintain distancing when physical presence is not needed for diagnostics or treatment. 

Care Coordination, which began its private preview October 1st, allows healthcare to aggregate patient data, provide care plans and test results and communicate with each other regardless of physical location all in a HIPAA compliant platform.  The introduction of Teams for care coordination aims to improve efficiency while minimizing exposure. 

SharePoint home sites for Teams   

The SharePoint home site experience announced in 2019 allows organization to create a new or migrate their existing intranet sites to SharePoint.  With the increasing ability to embed your organizations apps and resources into Microsoft Teams many organizations are hoping Teams will be come the single pane of glass for all needs.   

So why create a home site to serve as your organizations intranet if it will detract from all the work you have done in teams?  

Enter the SharePoint home site app for Teams.  This home site app allows you to deploy your intranet home site through the Teams client. 

The announcement came to us in September 2020 and we are eagerly awaiting release details. 

https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/innovations-for-workplace-communications-and-employee-engagement/ba-p/1696149

Teams Breakout Rooms 

Many in person conferences and events will include a keynote or introduction meeting that all attendees are present for before breaking into smaller groups for more granular content.  Recreating this experience virtually has proven difficult.  Microsoft Teams breakout rooms hopes to simplify this experience.  

Teams Breakout Rooms will allow meeting organizer to split attendees into smaller groups and bring everyone back together without the need to drop and rejoin multiple meetings.   

The announcement for Teams breakout rooms came to us in July and we hope to see previews or general availability before the end of 2020. 

Advanced Communication Add-on 

2020 has seen an interesting race to provide more attendees, more features, and more video feeds between collaboration platforms.  The majority of normally in person conferences, large presentations and even college orientations have been converted to virtual events.  2020 more than ever has created a need for very large virtual events.   

Microsoft’s answer to this need is the advanced communications add-on.  At release, the advance communication add-on increased the maximum attendees for Teams live events to 20,000.   

Features coming later this year include: 

  • Teams meeting maximum members increase to 1,000 
  • The ability for a Teams meeting to have up 20,000 overflow participants in a view only meeting experience 
  • Custom Lobby Branding 

To take advantage of these features, the organizer of the meeting/live event will need the advanced communication add-on currently priced at $12 per user/month.  Attendees DO NOT need the add-on. There is also a 60-day trial available through the admin center. 

Considering this new and not quite yet saturated market, I would expect to see more feature announcements coming soon. 

https://docs.microsoft.com/en-us/microsoftteams/teams-add-on-licensing/advanced-communications#:~:text=%20Advanced%20Communications%20provides%20enhanced%20calling%20and%20meeting,across%20meetings%20for%20your%20internal%20and…%20More%20

Custom Meeting Layouts 

If you are looking to make a good impression on clients or impress you coworkers with your big presentation, Microsoft may have given you a secret weapon.  Teams custom meeting layouts allow you, the presenter to customize what attendees are seeing.  Microsoft Ignite gave us a preview of new tech allowing you to overlay the presenter on a PowerPoint slide.  Who knows, maybe someday virtual meetings may look more professional than traditional in-person meetings with half the effort! 

Improve Meeting Effectiveness with Now Micro and Intel NUC

Evaluating Services and Hardware for Remote Collaboration 

What Should You Consider? 

Events in early 2020 forced nearly every industry to reconsider at least some part of how their employees communicate and collaborate.  Some organizations had a high level of maturity with collaboration and conferencing tools, while others made hasty decisions on tools and hardware to prevent disruptions in the workforce.   

Looking back six months’ later, even if some miracle technology ends the global health crisis tomorrow, the idea of working remotely is most certainly a cat running free of its proverbial bag.  As IT decision makers and admins, it is time to look back at the solutions and decisions we made at the beginning of the year and ask the following questions… 

  • Are our users empowered or hindered by our communications and collab tools? 
  • Are the services and solutions we spun up the best fit and return on investment? 
  • Are the services and solutions secure and compliant? 
  • Have we been able to integrate our existing apps and services into our new solutions? 
  • Do our users have the right hardware and peripherals to leverage the services? 

 In this blog post I would like to highlight a common crossroad that most organizations find themselves at.  I hope to dissect the most popular tools and services on the market and hopefully get the reader to consider somethings they may have not otherwise. 

What Kind of Tool Am I Looking For? 

Let us look at the functionalities that logically separate each tool.  Most tools are not limited to a single functionality, so evaluating what each tool can do and whether you can leverage the functionality now or in the future is important.   

Conferencing/Meeting Solutions 

Conferencing solutions have been a staple in the professional world for over a decade.  However, many organizations found a drastic increase in the number of users that required a meeting/conferencing tool to do their jobs in the early months of 2020.  What defines a conferencing/meeting solution? 

  • Dial-in conferencing 
  • Video and audio meetings 
  • Screen sharing 
  • Meeting chat 
  • Presentation 

Collaboration Tools 

While conferencing/meeting solutions can certainly fall in the realm of collaboration, more purpose-built apps for team collaboration are available.  Some of the features common to tools built for collaboration are… 

  • Persistent chat 
  • Integrated file shares 
  • Document/file co-authoring 
  • Shared notes  
  • Shared application within a collaboration tool wrapper 
  • Whiteboard Persistence 

PSTN Calling Services 

Working remotely can present a challenge to organizations reliant on a on premise resources for telephony.  Ideally, we do not want to be back hauling our VOIP calls through the VPN to our network only to go out to the end destination.  Cloud PBX options have matured rapidly over the past five years.  It is not uncommon to find a VOIP solution integrated with other collaboration tools.  Example of PSTN calling services are… 

  • Cloud PBX – Place calls over the public switched telephone network (Hard or Soft Phones) 
  • Cloud Voicemail 
  • Hunt groups 

What Should You Considering When Selecting a Conferencing/Collaboration Tool? 

Whether you are evaluating a new or existing tool, it is important to identify what considerations will be most pertinent to your choice.  Those considerations can act as a filter and help you to identify which choice may or may not be right for your organization.  

Current Ecosystem 

  • What tools are you already leveraging?  Does your organization have familiarity with a vendor already?  Is there existing cloud infrastructure you can leverage in the new tool? 
  • How will the tool be used?  Considering how existing tools are being used and how they may be used in the future can help you narrow in on the appropriate choice. 
  • Who will be using the tool?  Most organizations do not have the luxury of a single business unit with similar user types.  Often tools that are a good fit in one department, may not lend themselves to another.  Taking stock of the needs of each business unit can inform your selection 

Pricing/Licensing 

  • How much is the tool going to cost?  The pricing a vendor may offer is only a piece of the total cost.  It is important to consider if any other tools can be retired as the new tool is put in place.  An addition in licensing for one tool may result in an elimination or reduction in the licensing for another.   
  • Do you already have licensing or partial licensing?  Many vendors such as Microsoft or Google package total or partial licensing for these tools with licensing you may already own.  It may be possible to pilot or even rollout a new tool with no additional licensing cost. 

Organization Culture 

  • How willing are your users to adopt a new tool?  The tolerance of change is something varies drastically from organization to organization.  Communication, training, and evangelism for technology changes can be the difference between grateful productive user and confused reluctant users. 
  • What is it going take to manage the tool?  Fortunately, the labor investment to manage most cloud tools is minimal when compared to legacy systems of the past.  However, it is important to consider configuration and troubleshooting when factoring management costs. 

Comparing Conferencing Solutions 

Let us look at some of the most popular conferencing solutions.  How do they stack up?   

Comparing Collaboration Tools 

In contrast to the conferencing solutions, a good collaboration tool should be the hub of your organizations business units.  Features like document co-authoring and integrated file shares have been around awhile but are more important in a remote collaboration scenario.  Collaboration tools can also act as a single pane of glass for files, chats and the apps your users need to access.  

Google 

  • Persistent Chat = Google Rooms  
  • File Share/File Collaboration = Google Drive, Document Coauthoring 
  • Notes = Google Keep (collaborative?) 
  • App integration = Support through third party apps like Zapier 

Slack 

  • Persistent Chat = Slack Channels – Public and Private
  • File Share/File Collaboration = File sharing through channel attachments 
  • Notes = no 
  • App integration = no native support 

TEAMS 

  • Persistent Chat = Teams Channels – Public and Private 
  • File Share/File Collaboration = O365 groups backend – Included SharePoint Library for each Team/Channel, Document Coauthoring 
  • Notes = OneNote Shared Notebooks 
  • App integration = Prebuilt app integration for most apps. Free app development tools for customs apps 

Hardware and Device Considerations 

In 2020 we are lucky to have a multitude of services to enable remote workers and drive collaboration even when we are apart.  After we have done our evaluations and made our choices, how do we make sure our users are getting the best out of the tools we have provided?  How do we make sure we are putting our best foot forward to our clients?  

One key area is evaluating the devices these tools will be used on.  We have all been in a meeting where we could not see or properly hear some of the participants.  While sometimes that can be the fault of the service itself or downstream network issues that are out of our control, we can prevent issues that may arise from outdated or legacy devices.  The way we approach collaboration has changed, so it follows that the devices we collaborate on will be changing as well. 

Video 

  • Are the integrated camera’s in our devices sufficient? 
  • Sensor quality? 
  • Low light quality? 
  • Presentation worthy? 
  • Changes in lighting equipment? 

Audio 

  • Integrated microphones and speakers can be problematic 
  • Do your users need to be mobile while collaborating/conferencing? 
  • Headsets or conference speakers? 

Custom Solutions 

As collaboration services integrate themselves into our day to day, looking for ways to improve our interaction with them is a natural next step.  Luckily the choices for purpose-built hardware that pair with almost any service are increasing every day.   

Conferencing Room Hardware 

  • High quality conferencing hardware dedicated to a specific space 
  • Microsoft Teams and Zoom Solutions (Surface Hub, Zoom Rooms) 
  • Audio and video solutions 
  • May include whiteboards or touchscreens 

Mobile Collaboration Stations/Bars 

  • Cheaper alternatives to dedicated room setups 
  • Does not have to be a dedicated to specific space 
  • Offers more options for conferencing and presenting space 

In summary, It’s important, as we push into a new collaboration paradigm that we make sure we select the appropriate tools to enable collaboration but we are also providing the proper training, support and hardware to get a full return out of our investments. 

Using Power BI to Track M365 KPI’s In Your Remote Workforce

Even before the events of early 2020, many organizations and much of the workforce were realizing the benefits of telecommuting.  With a changing world, even the most die hard “butts in your seat” workplace cultures have had to adapt.  For some, trusting their flock to work efficiently and productively with little oversight can be a source of anxiety.  While the shift to working remotely may take some getting used to for everyone, a net positive in productivity is usually the result.   

So, your staff is no longer right outside your office doors and the conversations in the break room are no longer there to give you insight.  How do you measure your staff productivity?  Luckily, Microsoft M365 Usage analytics allow us to pull data from Teams, Outlook, OneDrive, SharePoint, Yammer and more into a sortable, consumable report. 

Prerequisites 

Licensing 

To install the M365 Usage Analytics app, you will need at least 1 Power BI Pro License.  If you would like to demo the app, you can sign up for a free Power BI Pro trial here

If the report is shared with additional users, they will also need a Power BI Pro License to view the report. 

Identities 

All the sorting done by the M365 Usage Analytics app is done by Azure AD user object attributes. It is recommended that you make sure the following attributes are populated and current. 

  • Company 
  • Department 
  • Country 
  • State 
  • City 

Tenant ID 

To connect your organizations data, you will need your Tennant’s ID.  The tenant ID can be easily obtained from the overview page in Azure Active Directory. Directions to obtain your tenant id are included in this post. 

Enable Power BI Reporting For Your Tenant 

In order for Power BI to access your organizational data, you must enable Power BI reporting with-in your Tenant. 

Enabling Power BI Reporting 

  • The link below will bring you to the Services and Add-ins configuration page with in the O365 Admin Portal. 
https://admin.microsoft.com/AdminPortal/Home#/Settings/ServicesAndAddIns
  • Click on “Reports”, select the option to “Make report data available to Microsoft 365 usage analytics for Power BI” and click “Save Changes” 
  • Selecting the option for “Display anonymous identifiers instead of user, group, or sites names in all reports” will obscure user identifiable data in the reports.  This reporting option will still allow you to discern organizational trends without specific user data. 

Retrieving Your Tenant ID 

  • Navigate to Azure Active Directory overview page. 
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview
  • Sign in with an appropriate admin account. 
  • The Tenant ID is located near the top of the page. 

Installing the M365 Usage Analytics App 

  • Navigate to the Power BI Portal and sign in with a global admin account which has a Power BI Pro license. 

https://Power BI.microsoft.com/ 

  • The app automatically creates its own workspace upon installation. For this reason we can begin by clicking “My Workspace” and then “Get” under “Discover Content >> My Organization”.   
  • The easiest way to find the app is to search for “usage” in the search bar.  Once you have found the Microsoft 365 Usage Analytics app, click “Get in now”. 
  • The next screen allows you to review the app’s privacy policy, and terms of service as well as some additional info about the app.  Once you are satisfied, click install. 
  • After waiting for Power BI to Install the app, click the apps icon. 
  • The next Screen gives three options.  You can populate the app with sample data before connecting to your organization’s analytics, explore the workspace created along with the app or connect your organizations data.  If your comfortable pulling in your organizational data, click “Connect” under “Connect your data” 
  • For Power BI to find you data, you will need to input you Tenant ID.  Instructions on finding your tenant ID can be found above. Enter the Tenant ID in the field and click “Next” 

Scheduling Refreshes 

By default, the dataset create does a one time pull.  To see updated data each day or week, you will need to configure the refresh scheduler.  You can also configure alerting on refresh failures.   When the app was installed, a new workspace was created to house the report and dataset.  To access the refresh settings, we will first find and access the workspace.  

  • Click on “Workspaces” on the left had blade and select the “Microsoft 365 Usage Analytics” workspace. 
  • Click on “Datasets” with in the workplace ribbon and expand the ellipses under “Actions”. From the drop-down menu, select “Settings” 
  • Expand “Schedule Refresh”.  Make sure the radio button for “Keep your data up to date” is turned on.  Configure your preferred refresh interval (Daily or Weekly). You can add additional times if you would prefer multiple refreshes per day.  If you wish to alert on failed refreshes, you can configure the notification settings. Click apply when finished. 

Viewing the Report 

  • From the workspace dashboard, select “Reports” from the ribbon and click “Microsoft 365 Usage Analytics”. 
  • You know have all your data in a prebuilt report for consumption. 

Sharing the Report 

  • If you wish the share the report with others, from the “Reports” page, click “Share” in the upper right-hand corner.   

Note: Any user the report is shared with will need a Power BI Pro license to view the report 

  • From the share dialogue, you have the option to add multiple recipients and dictate whether those recipients can share the report.  Deselect the “Allow recipients to build new content…” radio button if you do not wish recipients to have access to the underlying dataset.  

Summary 

Obviously, there is a lot more to cover with the Microsoft 365 Usage Analytics app and Power BI.  I hope to cover manipulating the dataset and building customized reports in a future blog post.  Thank you for reading!