Monthly Archives

June 2017

Virtual Server Hosting

By | Uncategorized | No Comments

What is Virtual Server Hosting

Windows Azure Pack brings Windows Azure technologies to the datacenter, addressing a number of key requirements for service providers and enterprises who want to embrace the service provider model for delivering IT services.

Windows Azure Pack is compatible with Windows Azure Virtual Machines, providing the same consistent experience and workload portability. Service providers and large enterprise organizations can offer both customized service offerings as well as standardized parameters for tenants. Virtual Machines offers customers the ability to choose from a library of virtual machine templates based on Windows Server and Linux guest operating systems.

Seacom has datacentres in SA and Kenya with servers that can be customised, i.e. size, capacity, etc. These server can be bought through a webstore

What is a webstore?

A First for Cloud webstore is an online partner branded shop which enables resellers to sell cloud services to your end-users. Cloud services from the top global cloud providers and vendors are supplied through the First for Cloud Catalogue, and resellers have the ability to select which services they want to resell via their own branded First for Cloud webstore.

How does it work?
SEACOM virtual server hosting infrastructure is located in South Africa. These virtual servers have redundant connectivity, backup generator and secure access. You can access your virtual servers remotely via Internet and not having to worry about installation and maintain it yourself in your office and or worry about load shedding.
Windows Azure Pack provides a multi-tenant, self-service cloud that works on top of your existing software and hardware investments.

Key benefits

  • Uncapped traffic – full duplex 10Mbps or 100Mbps (inbound: Internet to server and outbound: server to Internet)
  • Dedicated CPU core per vCPU – no CPU core over-subscription
  • Dedicated memory to your virtual server – no memory over-subscription
  • High performance storage – SAN technology
  • 1 free static public IP address per virtual server
  • Guaranteed up-time availability of 99.95%

Pricelist

Pricing – South Africa
Pamoja Light  Workload (2 x Cores, 4GB RAM, 100GB Storage, 1 x Network cost, 1 x management cost., Windows Svr OS) R1014.90
Pamoja Medium Workload (4 x Cores, 8GB RAM, 250GB Storage, 1 x Network cost, 1 x management cost, Windows Server OS) R2038.95
Pamoja Advanced Workload (8 x Cores, 16GB RAM, 500GB Storage, 1 x Network cost, 1 x management cost, Windows Server OS) R3989.02

Prices listed are Recommended Retail Price – Margin already added for reseller

Pricing – Africa
Pamoja Light  Workload (2 x Cores, 4GB RAM, 100GB Storage, 1 x Network cost, 1 x management cost., Windows Svr OS) $84.58
Pamoja Medium Workload (4 x Cores, 8GB RAM, 250GB Storage, 1 x Network cost, 1 x management cost, Windows Server OS) $169.91
Pamoja Advanced Workload (8 x Cores, 16GB RAM, 500GB Storage, 1 x Network cost, 1 x management cost, Windows Server OS) $332.42

Prices listed are Recommended Retail Price – Margin already added for reseller

For more information on First for Cloud’s range of Websore solutions, please contact Dana.Cinman@firstdistribution.co.za

SUPER APPLICATIONS – Benefit from Intelligent Applications

By | Uncategorized | No Comments

Help your Customers license a business basic necessity in a way that best suits their environment and their budget

For our Topic, Benefit from Intelligent Applications, we will look at providing Office as a Service.

Microsoft Office is a complete Office Suite of applications, servers and services developed by Microsoft. The very first version of Office contained Microsoft Word, Excel, and PowerPoint. Over the years Office applications have grown substantially with features, where Office is positioned as a development platform for line- of – business software under the Office Business Applications brand.

What is the Difference between Office 365 and Office 2016?

Office 365 is a subscription service that ensures you always have the most up- to – date tools from Microsoft. There are Office 365 plans for Home and Personal use, as well as Small and Mid-sized Businesses. Large enterprises, educational institutions and Non- profit organisations.

Office 2016 is sold as a one- time purchase, which means you pay a single, up- front cost to get Office applications for one computer. On – time purchases are available for both PCs and Macs. One – time purchases don’t have an upgrade option, which means if you plan to upgrade to the next major release, you will need to buy it at full cost.

Office Licensing Scenarios offered to First Distribution SPLA and/ or CSP Resellers:

Scenario

You have a customer that is a Booking keeping firm with a total of 10 users. You are the Managed Service Provider and need to set up Office on their basic file server for all users to access when they require any Office application.

How is Shared Computer Activation Enabled?

If you have an Office 365 plan that includes Office 365 ProPlus, you can use shared computer activation. Make sure you assign each user a license for Office 365 ProPlus and that users log on to the shared computer with their own user account.

NOTE: You also can use shared computer activation to install Visio Pro for Office 365 or Project Online Desktop Client on a shared computer, if you have a subscription plan that includes those products.

To enable shared computer activation when you deploy Office 365 ProPlus, you need the following:

TIP: To determine which version of Office 365 ProPlus is installed on a user’s computer, go to File > Account in any Office 365 ProPlus program. The version is listed under the Office Updates section.

  • You can download the Office 365 ProPlus software to your local network by using the Office Deployment Tool.

The Office Deployment Tool, combined with a simple text file, is used to install Office 365 ProPlus on the shared computer, and to enable shared computer activation for that computer. Add the following lines when you create the text file.

<Display Level=”None” AcceptEULA=”True” />

<Property Name=”SharedComputerLicensing” Value=”1″ />

After Office 365 ProPlus is installed, you can verify that shared computer activation is enabled on that computer.

    Service Provider License Agreement (SPLA) Cloud Solution Provider Program
How can you Offer Office On-Prem Service Provider will have to have an active SPLA agreement with Rental Rights Addendum.

This amendment allows you as a partner to provide your customers with rental laptops including Office Software as a Service.

Fully installed Office applications:
Office apps that are included: Word, Excel, PowerPoint, Outlook, Publisher, and OneNote on up to 5 PCs or Macs per userNow includes the new Office 2016 apps for your PC and Mac.
As a Service (hosted) Use of Windows Server Remote Desktop Services

The delivery of a Desktop Application, such as Office, that is used by providing direct or indirect access to server software that hosts the graphical user interface, such as Windows Server (using the Windows Server Remote Desktop Services functionality or other technology), requires a Windows Server Remote Desktop Services SAL.

To translate this in simpler terms, to license Office as a hosted Solution, you have to install it on a server and have remote access into the server.  This would require not only Office, but RDS and Windows Server

Shared Computer Activation

Shared computer activation lets you to deploy Office 365 ProPlus to a computer in your organization that is accessed by multiple users. For example, several nurses at a hospital connect to the same remote server to use their applications or a group of workers share a computer at a factory.

Deploy Office 365 ProPlus by using Remote Desktop Services:
If you use Remote Desktop Services (RDS) to provide shared computers to users in your organization, you can install Office 365 ProPlus on those computers. But, you have to use the Office Deployment Tool and enable shared computer activation to do the installation.

The following are two common RDS scenarios:
* Install Office 365 ProPlus on an RDS server.
* Install Office 365 ProPlus on a shared virtual machine.

Cost Windows Server Licensed by Cores:
Minimum Requirement of cores: 8
Price per license: $3,89
Basic Server (2 Quad core Proc) : $31,12 per month
Licensed by Cores:
Minimum Requirement of cores: 8
Price per license: $3,89
Basic Server (2 Quad core Proc) : $31,12 per month
Licensed by Processor***:
Requirement: License all physical Processors. If shared environment, Number of VMs x Number of processors
Price per License: $15,58
Basic Server (2 Quad core Proc): $31,16 per month
Licensed by Processor***:
Requirement: License all physical Processors. If shared environment, Number of VMs x Number of processors
Price per License: $15,58
Basic Server (2 Quad core Proc) : $31,16 per month
Remote Desktop Services $4.44 per user per month $4.44 per user per month
Office License Office:
Office Standard: $10.92 per user per month
Office Professional Plus: $14.90 per user per month
Office 365 ProPlus: $10,21 per user per month

For more information on Microsoft Cloud Solution Provider Partner Program, please contact us on Microsoft.csp@firstdistribution.co.za

SUPER BACKUP – Not All Backups Are Made Equal

By | Uncategorized | No Comments

Not All Backups Are Made Equal

At First for Cloud, not only do we offer the best Cloud services, enabling you to focus on your business, instead of the business of IT, but we also provide multiple tools in which to ensure that your business’ IP and collateral are securely backed-up.  The Azure Cloud is your “go-to” Cloud service, but getting data into the cloud, backing up that data and migrating from on-premise to the cloud can be an arduous task often seen as daunting and nigh-on impossible.

Azure Backup and Acronis Backup offer the flexibility to use the Azure Cloud as the repository – with the obvious benefit of being able to “spin up” virtual servers as an when needed (testing, DR, Site Recovery etc.).  First for Cloud offers Acronis as a terrific backup option for either migrating existing on-premise data to the Azure Cloud, and if required to continue to use as an on-premise to Cloud backup solution.

We’re going to touch on the Azure and Acronis Backup options and outline the benefits of this solutions!

Option 1
talks to Azure Backup, either from on-premise to the Azure Cloud, or from within the Azure Cloud,

Option 2
talks to using a 3rd party Backup tool – in this case, Acronis, to back up your data.

Azure & Acronis Backup/Migration Solutions

On-Premise to Azure Cloud and Within the Azure Cloud

Compelling cloud-based backup alternative to tape

Due to business or compliance requirements, organisations are required to protect their data for years, and over time the data grows exponentially. Traditionally, tape has been used for long-term retention. Backup gives you a compelling alternative to tape with significant cost savings, shorter recovery times and up to 99 years of retention.

Highly secure and reliable backup as a service

Your backup data is highly secure over the wire and at rest. The backup data is stored in geo-replicated storage which maintains six copies of your data across two Azure data centres. With 99.9% service availability, Backup gives you operational peace of mind.

Efficient and flexible online backup services

Backup is efficient over the network and on your disk. Once the initial seeding is complete, only incremental changes are sent at a defined frequency. Built-in features such as compression, encryption, longer retention and bandwidth throttling help boost IT efficiency.

VALUE PROPOSITION

  • One restore mechanism for all backup sources –The Restore-as-a-Service model of Azure Backup unifies the approach for recovering individual files and folders backed up from sources in the cloud or on-premises. You can use instant restore, whether you are backing up on-premises data to cloud using Azure Backup agent or protecting Azure VMs using Azure VM backup.
  • Instant recovery of files –Instantly recover files from the cloud backups of Azure VMs or on-premises file-servers. Whether it’s a case of accidental file deletion or simply validating the backup, instant restore drastically reduces the time taken to recover your first file.
  • Open and review files in the recovery volumes before restoring them –Our Restore-as-a-Service approach allows you to open application files such as SQL, Oracle directly from cloud recovery point snapshots as if they are present locally, without having to restore them, and attach them to live application instances.
  • Recover any combination of files to any target –Since Azure Backup provides the entire snapshot of the recovery point and relies on copy of items for recovery, you can restore multiple files from multiple folders to a local server or even to a network-share of your choice.
AZURE BACKUP PRICING

(Web List: Resellers will have a discounted price, but this shows the kind of pricing you can ask)

 THE BACKUP PRICING TIERS

Block Blob Storage – LRS


Data Stored Per Protected Instance per Month                                  Price


Instances up to 50GB of data                                                                       R 73.15 per protected instance
+ Storage consumed


Instances between 50GB to 500GB of data                                            R 146.30 per protected instance
+ Storage consumed


Instances greater than 500GB of data                                                      Increments of R 146.30 for each 500GB
+ Storage consumed


STORAGE PRICES
  • These are the costs of storing your data in Block Blobs.
  • The prices shown below are the monthly charges per GB of data stored.
  • These prices vary based on the access tier of Block Blob storage (Hot or Cool*) and the redundancy option that you choose, as well as the amount of data you store.
  • Locally Redundant Storage (LRS)
    Makes multiple synchronous copies of your data within a single datacentre
  • Geographically Redundant Storage (GRS)
    Same as LRS, plus multiple asynchronous copies to a second datacentre hundreds of miles away
  • Read-Access Geographically Redundant Storage (RA-GRS)
    Same as GRS, plus read access to the secondary datacentre

Pricing Per Month

LRS GRS RA-GRS
Cool Hot Cool Hot Cool Hot
First 100 TB R 0.1463 R 0.3511 R 0.2926 R 0.7022 R 0.3658 R 0.8924
Next 900 TB R 0.1463 R 0.3394 R 0.2926 R 0.6774 R 0.3658 R 0.8617
Next 4,000 TB R 0.1463 R 0.3262 R 0.2926 R 0.6525 R 0.3658 R 0.8295

AZURE FAQ

How does the pricing model work?
The new pricing model for Azure Backup has two components:

  • Protected instances: This is the primary billing unit for Azure Backup. Customers pay for the number of instances that are protected with the Azure backup service
  • Storage: Customers can choose between Locally Redundant Storage (LRS) or Geo-Redundant Storage (GRS) for their backup vault. The net price for Storage depends on the amount of data stored with the service.

These two components appear as separate line items on the monthly Azure bill.

What is a protected instance?
A protected instance refers to the computer, physical or virtual server, or database you use to configure the backup to Azure. An instance is protected once you configure a backup policy for the computer, server, or database, and create a backup copy of the data. Subsequent copies of the backup data change the amount of storage consumed, but additional backup copies don’t add to the number of protected instances. Some common examples of protected instances are virtual machines, application servers, databases, and personal computers running the Windows operating system. For example:

  • A virtual machine running the Hyper-V or Azure IaaS hypervisor fabric. The guest operating systems for these virtual machines can be Windows Server or Linux.
  • An application server with physical or a virtual machine running Windows Server and workloads with data to backup. Common workloads are Microsoft SQL Server, Microsoft Exchange server, Microsoft SharePoint server, Microsoft Dynamics, and the File Server role on Windows Server. To back-up or protect these workloads, you’ll need Azure Backup Server or System Center Data Protection Manager, DPM.
  • A personal computer running the Windows operating system.
  • SQL Server which includes all databases on the server.

If you choose to backup a virtual machine hypervisor fabric and its guest workload, the hypervisor fabric and the guest workload are treated as separate protected instances and are charged independently.

Are all protected instances priced the same?
No, from a billing perspective, instances are classified into three categories based on the size of the instance. The price per protected instance depends on the categorization of the instance in the pricing table above. Note that the prices in the above table do not include Storage which is a separate charge.

Do I need to pay for restores and network egress?
Customers will not be charged for any restore operations or outbound network bandwidth (egress) that is associated with restore operations.

Which customers will get this new pricing?
The new pricing will be applicable to all Azure Backup customers.

How can I isolate one server’s data from another server when restoring data?

All servers that are registered to the same vault can recover the data backed up by other servers that use the same passphrase. If you have servers whose backup data you want to isolate from other servers in your organization, use a designated passphrase for those servers. For example, human resources servers could use one encryption passphrase, accounting servers another, and storage servers a third.

What’s the minimum size requirement for the cache folder? 
The size of the cache folder determines the amount of data that you are backing up. Your cache folder should be 5% of the space required for data storage.

Can I “migrate” my backup data or vault between subscriptions? 
No. The vault is created at a subscription level and cannot be reassigned to another subscription once it’s created.

Recovery Services vaults are Resource Manager based. Are Backup vaults (classic mode) still supported? 
All existing Backup vaults in the classic portal continue to be supported. However, you can no longer use the classic portal to deploy new Backup vaults. Microsoft recommends using Recovery Services vaults for all deployments because future enhancements apply to Recovery Services vaults, only. If you attempt to create a Backup vault in the classic portal, you will be redirected to the Azure portal.

Can I migrate a Backup vault to a Recovery Services vault? 
Unfortunately no, you can’t migrate the contents of a Backup vault to a Recovery Services vault. We are working on adding this functionality, but it is not currently available.

Do Recovery Services vaults support classic VMs or Resource Manager based VMs?
Recovery Services vaults support both models. You can back up a classic VM (created in the Classic portal), or a Resource Manager VM (created in the Azure portal) to a Recovery Services vault.

I backed up my classic VMs in a Backup vault. Can I migrate my VMs from classic mode to Resource Manager mode and protect them in a Recovery Services vault?
Classic VM recovery points in a backup vault don’t automatically migrate to a Recovery Services vault when you move the VM from classic to Resource Manager mode. Follow these steps to transfer your VM backups:

  1. In the Backup vault, go to theProtected Items tab and select the VM. Click Stop Protection. Leave Delete associated backup data option unchecked.
  2. Migrate the virtual machine from classic mode to Resource Manager mode. Make sure the storage and network information corresponding to the virtual machine is also migrated to Resource Manager mode.
  3. Create a Recovery Services vault and configure backup on the migrated virtual machine usingBackup action on top of vault dashboard. For detailed information on backing up a VM to a Recovery Services vault, see the article, Protect Azure VMs with a Recovery Services vault.
Migration and Backup to Azure Cloud

Data protection is a critical requirement for any business or institution that runs on Microsoft products and services.
Acronis offers the most comprehensive Microsoft backup and recovery solutions for every operating environment, platform and application.

Acronis protects the complete Microsoft technology stack:

  • Windows Server®, Windows®PC, laptop and Surface® data
  • Microsoft business applications, including Office 365®
  • Microsoft Hyper-V®
  • Microsoft Azure Virtual Machines (VMs)

Acronis offers the world’s first data protection solution for:

  • Microsoft Windows Server 2016
  • Microsoft Exchange®2016 and SQL Server® 2016
  • Microsoft Hyper-V Server 2016, including Resilient Change Tracking (RCT)

Acronis drives value for the Microsoft Azure Cloud:

  • Accelerates Azure Storage utilization
  • Migrates any server to Microsoft Azure
  • Offers optional service package planning and pre-configured service packages for Windows Azure Pack and Microsoft Azure Stack

Acronis offers a range of solutions that provide rich Microsoft-specific functionality for resellers and end-users of Microsoft products and services.

Complete Business Protection
Protect entire Windows- and Linux-based cloud VMs and instances, as well as applications with proven disk-image backup technology

World’s Fastest Recovery
Improve flexibility of your IT with recovery of your cloud workloads to the same or dissimilar hardware, including to different cloud, or any on-premises physical system or virtual machine

Flexible Storage Options
Assert control over your cloud workloads and data by storing your backups in secure and reliable Acronis Cloud Storage, or on-premises disk storage, NAS, SAN, or tape devices

Intuitive, Scalable Management
Reduce IT workload and overhead by easily adding protection of your cloud workloads into a touch-friendly, web-based management console

Innovative Data Protection
Safeguard your cloud workloads from ransomware attacks with Acronis Active Protection™, the only backup technology that detects and prevents unauthorized encryption of files and backups

ROE = 13.61

Acronis Hosted List Price Discount Tier 1 Discount Tier 2 Discount Tier 3 Discount Tier 4
Partner Tier Emerging Market Authorised Gold Platinum
Developed Market Authorised Gold Platinum
Monthly Commitment or Actual Bill R 3,403 R 13,610 R 27,220 $ 54,440 R 108,880
Price / GB / Month R 1.31 R 1.02 R 0.95 R 0.88 CUSTOM
GB / Month 2,500 13,333 28,571 61,538 CUSTOM
Service Provider Hosted List Price Discount Tier 1 Discount Tier 2 Discount Tier 3 Discount Tier 4
Partner Tier Emerging Market Authorised Gold Platinum
Developed Market Authorised Gold Platinum
Monthly Commitment or Actual Bill R 3,403 R 13,610 R 27,220 $ 54,440 R 108,880
Price / GB / Month R 0.82 R 0.61 R 0.54 R 0.48 CUSTOM
GB / Month 4,167 22,222 50,000 114,286 CUSTOM
ACRONIS BACKUP INTO AZURE CLOUD STORAGE

Please contact First for Cloud for a full backup solution:
microsoft.csp@firstdistribution.co.za

ACRONIS KNOWLEDGE BASE

https://kb.acronis.com/

Question
I have a VMware infrastructure and I was considering Acronis as backup solution for my virtual machine.
I would to back up my VM on my on-premise NAS repository and after, in a second shot, send data to the cloud.
Is it possible to send the backup data to an Azure subscription and then (1) recover a single file, or application data, from Azure to my datacentre, without importing all the backup file in advance (in other word, read from my on prem datacentre, the backup file which is on Azure); (2) is it possible to convert the backup (which is stored on Azure) into a virtual machine directly on Azure in order to power it on?

Answer

  1. Set up Cloud Storage on Azure using Acronis Storage Gateway with Azure backend and register it in you Acronis Backup Cloud partner group.
  2. Create a new Customer group and associate it with the new Azure Cloud Storage. Create a new account within the new Customer group.
  3. Install an Agent for VMware using account from the new Customer group.
  4. Configure a VM backup with following settings:
    1. Entire machine backup
    2. Application-aware feature enabled > specify application credentials for later application-level recovery
    3. Destination: network storage on NAS
    4. Replication enabled: to Cloud Storage

Once you complete the first backup, data will become available on you local storage and in Azure. Then you can perform following recovery operations by selecting the required recovery point:

  • single file recovery
  • application data recovery
  • recovery to new VM on a local hypervisor / to new physical machine
  • run as VM

In order to recover a backup into a VM on Azure, do the following, as described in the documentation:

  • Create a new VM in Azure with Windows/Linux OS installed in it. Make sure to preserve the disk layout as in the source VM that you previously protected
  • Install an agent for Windows/Linux into the new VM
  • Using the newly installed Agent, select the backup that you would like to recover, and proceed with “Recover to physical machine” procedure

ACRONIS USE CASE
Protecting Hybrid Cloud and Azure with Acronis Backup 12
http://www.acronis.com/en-us/resource-center/resource/145/

For more information on Microsoft Cloud Solution Provider Partner Program, please contact us on Microsoft.csp@firstdistribution.co.za

SUPER Productivity – Business happens anywhere, at any time

By | Uncategorized | No Comments

Bring in Business 24/7 with Microsoft Bookings

  • View and manage your Bookings calendar.
  • Create and edit bookings.
  • See real-time availability and whereabouts of your staff.
  • Respond to customers with bookings quickly and easily.
  • Get directions to your next booking.
  • Access your customer list.

For many businesses, small and large, where people do not have the luxury of having assistants and receptionists, simple tasks like booking meetings and appointments become time consuming which affects overall employee productivity. Dealing with aligning schedules and frequent customer queries can overshadow the core functions employees need to perform on a daily.

Many Cloud based services were designed and taken to market to help businesses and employees cope with the stress of booking customer appointments, establishing customer contact management systems, and managing the workload amongst employees however, for the average small business, some of these technologies that could solve a business pain point and hindrance, come at a fee that many cannot afford.

With Microsoft Bookings, your customers like, Hair salons, Nail bars, beauty SPAs, Dentists, Doctors, Car Service Centres, Psychologist, Travel agents, Attorneys, Financial advisors, etc, can improve their appointment booking processes and focus on what really matters to their unique businesses.

What are the benifits of Microsoft Bookings App:

Delight Customers

  • With Bookings, you can provide your customers with a self- booking service. Your customers’ clients can book appointments online 24/7. They will be able to select the time and the service they require, even select their preferred staff member. Once completed they will receive an email confirmation with a calendar invite that they can easily add to their personal calendars. Depending on their business policies, cancellations and rescheduling can also be handles online directly from the email confirmation.
  • With clients that still prefer calling to book their appointments, their staff members will still be able to manually enter the appointment into Bookings as well as send and receive appointment confirmations and reminders.

Save Time

  • Bookings includes an easy-to-set-up, customizable, web- based booking page that can be embedded into websites, added to Facebook pages, or accessed via a unique Office 365 link.
  • Their staff members can record customer preferences, manage staff lists and schedules, define their services and pricing, set business hours, and even customize how services and staff are scheduled. Their clients will have all the information they need without taking valuable time away from their staff.

Decrease no-Shows

  • With Reminders built into Bookings, staff and customers know about upcoming appointments with key information and appointment link. Their staff members’ calendars will automatically update with new appointments and cancellations.

Manage Appointments Anywhere

  • Bookings includes a mobile app that offers flexibility, convenience, and control with:
    • Full access to their calendar and booking details
    • Ability to manually book appointments through the app to capture customer requests while on-the-go
    • Quick access to email, call or text customers when needed

For more information on Microsoft Cloud Solution Provider Partner Program, please contact us on Microsoft.csp@firstdistribution.co.za

SUPER SECURE – Microsoft Security as a Service

By | Uncategorized | No Comments

If Disaster Strikes…It’s Already Too Late

Microsoft Security as a Service – An Overview

In essence, security is the often overlooked side of IT that ends up costing more than we can afford.

With Microsoft, you can rest easy knowing that your environment, should you choose, be water tight!  Security as a Service, or SECaaS, is something that every single organisation should be looking at – regardless of size, complexity or vertical.  Security affects everyone, not just IT shops, ISPs and Telcos and it will affect you and your organisation today if it’s left alone!

True statistic…
Most companies don’t know they’ve been “hacked” for about 200 days after the attack!

“One reason these attackers can do so much damage is that the average time between a malware infection and discovery of the attack is more than 200 days, a gap that has barely narrowed in recent years.” – https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government/

What is Security as a Service (SECaaS)

  • Security as a service (SecaaS) is a cloud computing model that delivers managed security services over the internet. SecaaS is based on the software as a service (SaaS) model but limited to specialized information security services.
  • A business model in which a service provide integrates their security services into a corporate infrastructure on a subscription basis.
  • Security Services include authentication, anti-virus, anti-malwares/spyware, intrusion detention, and security event management, amongst many others.
  • The Cloud environment providers various services for protection i.e. to protect an individual computer or an organisational network.
  • The various applications and/or products that they offer will fall under the banner of SECaaS

Prevent identity compromise
Help protect against compromise while uncovering potential breaches.

Secure apps and data
Boost productivity with cloud access while helping keep information protected.

Expand device controls
Deliver enhanced security across both company and personal devices.

Safeguard infrastructure
Enforce policies that help keep cloud resources and hybrid environments safe.

Microsoft builds security into their products and services from the start. That’s how Microsoft can deliver a comprehensive, agile platform to better protect your endpoints, move faster to detect threats, and respond to security breaches across even the largest of organizations.

Out of the entire Cloud Security stack, the often most overlooked aspect of how access is granted and used, is through mobile devices – laptops, tablets and phablet, mobile phones – so we’re going to take an in-depth look into Microsoft Enterprise Mobility + Security – and specifically, Microsoft Intune – dealing with Mobile Device Management (MDM) and how your security is bound to be compromised by a lack of secure MDM policies.

Microsoft Intune & Microsoft Enterprise Mobility + Security

Intune is a cloud-based enterprise mobility management (EMM) service that helps enable your workforce to be productive while keeping your corporate data protected. With Intune, you can:

  • Manage the mobile devices your workforce uses to access company data.
  • Manage the mobile apps your workforce uses.
  • Protect your company information by helping to control the way your workforce accesses and shares it.
  • Ensure devices and apps are compliant with company security requirements.

Intune integrates closely with Azure Active Directory (Azure AD) for identity and access control, and Azure Information Protection for data protection.

Together, Office 365 and EMS enable your workforce to be productive on all of their devices while keeping your organization’s information protected. Office 365 with EMS is a complete, integrated suite for enterprise mobility inclusive of productivity, identity, access control, management, and data protection. It gives you an effective way to deploy and operate a mobility solution in your organization.

Manage all the devices in your mobile ecosystem
With support for iOS, Android, Windows, Windows Mobile and Mac OS X devices, Intune allows you to manage your diverse mobile environment in a secure and unified way.

Management choice
Utilize Mobile Application Management (MAM) without requiring the device to be enrolled for management. This is particularly important for scenarios where IT wants to keep corporate data safe without managing a user’s device.

No infrastructure required
Eliminate the need to plan, purchase, and maintain hardware and infrastructure by managing mobile devices from the cloud with Intune.

Flexible licensing
Spend less time counting devices with per-user licensing for Intune. Intune is also included as part of Enterprise Mobility + Security, the most cost-effective way to acquire Intune, Azure Active Directory Premium, and Azure Rights Management.

Unparalleled management of Office mobile apps
Maximize mobile productivity for your employees with access to corporate resources on Office mobile apps they know and love. Keep your corporate data safe by preventing leakage of company data all without intruding on user’s personal devices.

Data protection
Secure corporate data, including Exchange email, Outlook email, and OneDrive for Business documents, based on the enrollment status of the device and the compliance policies set by the administrator.

Enterprise integration
Extend your existing System Centre Configuration Manager infrastructure through integration with Intune to provide a consistent management experience across devices on-premises and in the cloud.

Global presence with 24/7 support
Get answers to your questions with Microsoft support available online and by phone worldwide – included with every Intune subscription.

How Does Intune Work?

Intune provides mobile device management (MDM) and mobile app management (MAM). Intune’s MDM and MAM features then contribute to the EMS suite of data protection and compliance scenarios.

How you’ll use the MDM/MAM features of Intune and EMS data protection depends on the business problem you’re trying to solve.

For example:

  • You’ll make strong use of MDM if you’re creating a pool of single-use devices to be shared by shift workers in a retail store.
  • You’ll lean on MAM and data protection if you allow your workforce to use their personal devices to access corporate data (BYOD).
  • If you are issuing corporate phones to information workers, you’ll rely heavily on all of the technologies.
 Intune Mobile Device Management (MDM) Explained

MDM works by using the protocols or APIs that are available in the mobile operating systems. It includes tasks like:

  • Enrolling devices into management so IT has an inventory of devices that are accessing corporate services
  • Configuring devices to ensure they meet company security and health standards
  • Providing certificates and Wi-Fi/VPN profiles to access corporate services
  • Reporting on and measuring device compliance to corporate standards
  • Removing corporate data from managed devices

Sometimes, people think that access control to corporate data is an MDM feature. We don’t think of it that way because it isn’t something that the mobile operating system provides. Rather, it’s something the identity provider delivers. In our case, the identity provider is Azure Active Directory (Azure AD), Microsoft’s identity and access management system.

Intune integrates with Azure AD to enable a broad set of access control scenarios. For example, you can require a mobile device to be compliant with corporate standards as defined in Intune before the device can access a corporate service like Exchange. Likewise, you can lock down the corporate service to a specific set of mobile apps. For example, you can lock down Exchange Online to only be accessed by Outlook or Outlook Mobile.

Intune Mobile App Management (MAM) Explained

When we talk about MAM, we are talking about the set of things our solutions enable IT Pros to do with mobile apps, such as:

  • Publishing mobile apps to employees
  • Configuring apps
  • Controlling how corporate data is used and shared in mobile apps
  • Removing corporate data from mobile apps
  • Updating mobile apps
  • Reporting on mobile app inventory
  • Tracking mobile app usage

We have seen the term MAM used to mean any one of those things individually or to mean specific combinations. In particular, it’s common for folks to conflate the concept of app configuration (that is, using technologies like managed app configuration on iOS) with the concept of securing corporate data within mobile apps. That’s because some mobile apps expose settings that allow their data security features to be configured.

That, in combination with operating system features for protecting data (for example, MDM features such as Windows Information Protection on Windows 10), gives a lot of protection to data on mobile devices.

When you use Intune with the other services in EMS, you can provide your organization mobile app security over and above what is provided by the mobile operating system and the mobile apps themselves through app configuration. An app that is managed with EMS has access to a broader set of mobile app and data protections that includes:

Intune Mobile App Security

Providing app security is a part of MAM, and in Intune, when we talk about mobile app security, we mean:

  • Keeping personal information isolated from corporate IT awareness
  • Restricting the actions users can take with corporate information such as copy, cut/paste, save, and view
  • Removing corporate data from mobile apps, also known as selective wipe or corporate wipe

One way that Intune provides mobile app security is through its app protection policy feature. App protection policy uses Azure AD identity to isolate corporate data from personal data. Data that is accessed using a corporate credential will be given additional corporate protections.

When a user logs on to her device with her corporate credentials, her corporate identity allows her access to data that is denied to her personal identity. As that corporate data is used, Intune, along with other EMS technologies, controls how it is saved and shared. Those same protections are not applied to data that is accessed when the user logs on to her device with her personal identity. In this way, IT has control of corporate data while the end user maintains control and privacy over personal data.

EMM With and Without Device Enrolment

Most enterprise mobility management solutions support basic mobile device and mobile app technologies. These are usually tied to the device being enrolled in your organization’s MDM solution. Intune supports these scenarios and additionally supports many “without enrolment” scenarios.

Organizations differ to the extent they will adopt “without enrolment” scenarios. Some organizations standardize on it. Some allow it for companion devices such as a personal tablet. Others don’t support it at all. Even in this last case, where an organization requires all employee devices to be enrolled in MDM, these organizations typically support “without enrolment” scenarios for contractors, vendors, and for other devices that have a specific exemption.

You can even use Intune’s “without-enrolment” technology on enrolled devices. For example, a device enrolled in MDM may have open-in protections provided by the mobile operating system. (Open-in protection is an iOS feature that restricts you from opening a document from one app, like Outlook, into another app, like Word, unless both apps are managed by the MDM provider.) In addition, IT may apply the app protection policy to EMS-managed mobile apps to control save-as or to provide multi-factor authentication.

Whatever your organization’s position on enrolled and unenrolled mobile devices and apps, Intune, as a part of EMS, has tools that will help increase your workforce productivity while protecting your corporate data.

Common business problems that Intune helps solve

The following list of business problems link to more detailed information about the solutions we can provide. Only the last item requires MDM enrolment as part of the solution:

Next Steps

Dive into the technical requirements and capabilities of Intune.
Microsoft Intune Document Repository

https://docs.microsoft.com/en-us/intune-classic/

Intune FAQ

Introduction
This TechNet Wiki article lists frequently asked questions about Microsoft Intune. There is also an every-growing list of Intune resources in the Microsoft Intune Survival Guide.

General

  1. How can I know when the Microsoft Intune service has been updated?
  2. Log on to your account at manage.microsoft.com. In Administration Overview select View Service Status. The location of your tenant and the maintenance schedule are listed there. For details of the service updates see Windows Intune Service Updates   on TechNet.
  1. If a user renames a device within the Company Portal app will that name change in Intune or Configuration Manager?
  2. No, that name change is only for the user’s convenience.
  1. Is there a remote assistance functionality in Intune for mobile devices?
  2. No there isn’t. Third party apps such as Lumia Beamer,Bomgar, and TeamViewer could be helpful.

Accounts

  1. If I start evaluating Intune and create a new tenant for the trial, can I add O365 to the evaluation using the same tenant? 
  2. Yes. Just sign in using a global admin from your existing Intune tenant/subscription –
    i.e. globaladmin@<company>.onmicrosoft.com.
  1. If I assign MDM authority to Intune during a trial subscription, does that make it difficult to switch to another company’s service if I change my mind about Intune?
  2. Though it’s difficult to imagine you not sticking with Intune, the MDM authority choice does not affect your ability to move to another service. It’s specifically about choosing Intune or Intune + Configuration Manager for MDM.
  1. Can I use my existing Office 365 domain name for my subsequent Windows Intune account?
  2. Yes, if you sign in with the organizational ID which is associated with your existing O365 tenant and verified domain when you’re either create their Intune trial or activate your licenses. Intune will then use the same domain/users/etc. as in your O365 account. Note that each O365 user would have to be enabled as an Intune user, using an Intune license. This would have to be done by the global administrator who manages the tenant.

Enrollment

  1. Where can my end users learn how to enroll their devices?
  2. You can provide that information to your end users using information from the Microsoft Intune Enrolment Instructions.

Mobile Device Management (MDM)

  1. Can Intune detect whether a device is jailbroken?
  2. Yes, for some operating systems. For information on how to manage jailbroken devices, see Manage device compliance policies on TechNet.
  1. Can I selectively wipe corporate data from a device?
  2. Yes. For information about selective wipe see Help protect your data with remote wipe, remote lock, or passcode reset using Microsoft Intune.
  1. Is there a way to block certain websites on the mobile device browser through Windows Intune? 
  2. Not on the native browser of any platform. However, you can control the URL whitelist and blacklist policies on the managed web browser on iOS and Android devices. For more information see Manage Internet access using managed browser policies with Microsoft Intune.
  1. Can we restrict a user from uninstalling an app?
  2. Generally, no. However, on a supervised iOS device you can prevent a user from uninstalling an app that was distributed using the Apple Configurator. For information about using supervised mode in Microsoft Intune, see Manage devices using configuration policies with Microsoft Intune.
  1. Is there a way to manage mobile data usage?
  2. Not directly, but you can ensure that WiFi is the preferred method for connecting by pushing WiFi profiles to the devices, as described in this TechNet article. Also, some platforms (for example, iOS and Android KNOX) enable the ability to control settings such as voice and data roaming.
  1. Is there a way to prevent a user from unenrolling a device? What if it’s a company-owned device?
  2. In general, no. However, using custom Windows Phone settings, you can enforce this on Windows Phone 8.1. Also, for iOS devices that are supervised and enrolled in Apple’s Device Enrollment Program (DEP), it is possible to prevent a user from unenrolling a device.
  1. Can I switch my chosen MDM authority?
  2. You can switch from Intune to Configuration Manager, from Intune to O365, and from O365 to Intune. To do so, make a request to Microsoft Support. You cannot change the MDM authority from Configuration Manager to Intune.

Windows Phone

More Windows Phone Q&As can be found on TechNet.

  1. Can I sideload a Windows Store app?
  2. Publicly available apps cannot be sideloaded. Even though you are able to download the XAP, you cannot upload it to Intune because it is a public XAP, encrypted and signed with the developer’s code-signing certificate. Only apps you develop and sign with your own code-signing certificate can be sideloaded.
  1. Do Windows Phone Store apps distributed through the Company Portal require that the end user have a Microsoft Account?
  2. Yes, the end user will not be able to obtain the apps without a Microsoft Account. The exception is sideloaded, private LOB apps, which can be deployed to a device without a Microsoft Account.
  1. Is a Microsoft Account needed on a Windows Phone 8.1 in order for it to be managed by Intune?
  2. No. However, it will be needed to install most apps from the public store.

Android

  1. How long does it take to encrypt an Android device?
  2. This depends primarily on the speed of the device’s processor and the amount of total and used memory, and is not a function of Intune.

iOS

  1. When deploying iOS apps via Windows Intune, if the application’s IPA and Manifest file have been uploaded; does the device need an AppleID specified to continue installing?
  2. No. When Intune is providing the bits (IPA uploaded to Intune), the applications are sideloaded and don’t require an Apple ID.
  1. Is there a way to enable the installation of applications on iOS without allowing access to the Apple Store?
  2. No, but you can enable the App Store and use blacklisting/whitelisting of apps on iOS to keep an eye on what users are doing. Sideloaded LOB apps don’t require access to the Apple App Store.
  1. Do Apple Store apps distributed through the Company Portal require that the end user have an iTunes account?
  2. Yes, the end user will not be able to obtain the apps without an ITunes account.

App Deployment

  1. How can I add a recommended app?
  2. In Microsoft Intune, these are called “featured apps” and are documented in Deploy software to mobile devices in Microsoft Intune
  1. Can I get additional cloud storage for apps I want to deploy?
  2. Yes. You can read about this in Get started with app deployment in Microsoft Intune on TechNet, in the section Cloud storage requirements.

Security

  1. Can BitLocker be enforced by Intune?
  2. The OMA-DM agent in Windows 8.1/RT allows you to read (get) the encryption status. You cannot set it. This is true for Microsoft Intune and for other mobile device management services.
  1. If I encrypt a Windows 8 tablet using BitLocker, may I enforce full device wipe if a user consecutively fails logon several times? 
  2. There is no option for full wipe on Windows 8.1/RT devices for any mobile device management service, including Intune. Intune provides selective wipe for those devices. For more information on wipe/selective wipe in Intune, see http://technet.microsoft.com/en-us/library/jj676679.aspx.

Company Portal

  1. Can I customize my Company Portal?
  2. Yes. In the Intune admin console, go to Admin>Company Portal for those settings

Troubleshooting

  1. How can I troubleshoot mobile device enrollment?
  2. Information for admins to provide to their end users about troubleshooting enrollment is available here.

Microsoft Intune with Configuration Manager 2012

  1. Can I do a selective wipe on devices?
  2. If you are using Configuration Manager 2012 R2 or later with Intune, you can do a selective wipe that removes company data. For more information see How to remote wipe mobile devices using Configuration Manager with Microsoft Intune.
  1. If I’m using Configuration Manager together with Intune, can I still use the Intune Admin Portal?
  2. You can, but only PCs with the Intune agent installed will be manageable from that portal. There is also some other useful information in the portal regarding alerts about the service, service status, etc. but any device management settings there won’t apply to enrolled devices.
  1. Is it possible to change the MDM authority from Configuration Manager to Intune and from Intune to Configuration Manager? How?
  2. You can change it from Intune to SCCM by making a request to Microsoft Support. You cannot change it from Configuration Manager to Intune.

Holistic, identity-driven protection
Help guard your data from attacks on multiple levels using innovative, identity-driven security techniques.

Productivity without compromise
Preserve the mobile and desktop experiences your workers need to stay working with familiar apps and tools.

Flexible, comprehensive solutions
Do more with less—protect users, devices, apps, and data with intuitive mobile management on a future-ready platform.

Who Uses Microsoft EMS?

The person who uses Microsoft EMS most frequently will be your “IT Guy”; the person in charge of setting up network security, employee devices, employee permissions, etc.  Alternatively, EMS can be configured by a Microsoft Partner.

Every person in your organization is a Microsoft EMS “user”, but they should never know what it’s doing – it just works.

Control identity + access in the cloud
Centrally manage single sign-on across devices, your datacenter, and the cloud.

Get identity-driven security
Comprehensive, intelligent protection against today’s advanced attacks.

Manage mobile devices + apps
Securely manage apps and data on iOS, Android, and Windows from one place.

Protect your information
Intelligently safeguard your corporate data and enable secured collaboration.

Virtualize your desktops
Efficiently deliver and manage Windows desktops and apps on all devices.

Do you have Office 365?

Expand your Office 365 management and security capabilities with Enterprise Mobility + Security. Read the at-a-glance

EMS FAQ

Microsoft provides global pre-sales, billing, subscription, and technical support for Enterprise Mobility + Security (EMS). Administrators can request support through the Office 365 portal or by contacting Office 365 Support.

Answers to common EMS support questions

Q: Do I need to purchase an Azure support plan to submit an Enterprise Mobility + Security support request?
A: Support is included with Enterprise Mobility + Security. You can submit support requests for Azure Active Directory Premium, Azure Information Protection, and Microsoft Intune through the Office 365 portal. The Office 365 portal provides the intended support experience for EMS, but you can also submit Azure Active Directory Premium and Azure Information Protection support requests through the Azure portal without purchasing a support plan by choosing a Subscription with technical support included.

 Q: How do I get Intune support?
A: Enterprise Mobility + Security customers can submit support requests for Intune using the Office 365 portal. Learn more about Intune support options.

 Q: I am not able to submit a support request through the Office 365 portal. Is there a phone number to call for support?
A: Go to Office 365 Support to find the support phone number for your region.

 Q: How do I get support with Volume Licensing, Volume Licensing Online Service Activation, or if I need to have the activation email resent?
A: Contact Microsoft Volume Licensing Support for support with these issues.

Q: If I purchased my Enterprise Mobility + Security licenses through a Microsoft partner, should I contact them for support?
A: Yes, your Microsoft partner should be able to provide you with support directly. Contact your Microsoft partner first to understand the level of support they can provide.

Q: I previously owned Intune but renewed my Enterprise Agreement with Enterprise Mobility + Security licenses. How do I handle license management?
A: Go to the Azure portal for license assignment. Please follow the instructions in your welcome email to manage your new Enterprise Mobility + Security licenses.

 Q: I previously had an Office 365 subscription but renewed my subscription through Enterprise Cloud Suite (ECS), which includes Office 365 and Enterprise Mobility + Security. How do I handle license management?
A: Go to the Azure portal for license assignment. Please follow the instructions in your welcome email to manage your new Enterprise Mobility + Security licenses.

Additional help for other questions

For more information on Microsoft Cloud Solution Provider Partner Program, please contact us on Microsoft.csp@firstdistribution.co.za

Cloud Catalyst – Assisting partners in their journey to the cloud

By | Uncategorized | No Comments

Assisting partners in their journey to the cloud

What is Cloud Catalyst:

Aimed at assisting partners in their journey to the cloud through four key areas, the Cloud Catalyst Programme enables partners to benefit from this programme regardless of their current level of cloud involvement.

Partners can choose to attend in all areas, or only the courses and assistance in areas which they require. Assistance will be provided via 1:1 sessions, classroom-style learning, and live and on-demand webinars.

Technical assistance will also be available across all platforms and throughout all aspects of cloud technology, ranging from assistance with architectural diagrammes such as moving on-premises workloads into the cloud, to implementation assistance for managed service providers and hosters.

Solutions for partners will span from monthly license aggregation, to providing the ability for partners to resell IAAS, PAAS AND SAAS solutions from leading global and local providers.

The four pillars of the Cloud Catalyst Programme are:

Education and Tech Assistance
  • Product Training
  • Technical Training 101
  • Cloud Architect Assistance
  • Technical Resources

Marketing Pack

  • Get Started
  • Reseller Introductory Mailer
  • Reseller Press Release
  • Webstore Campaign
  • Social Media Posts

About Your Brand:

  • Your Corporate Identity and what is says about you?
  • Reflecting your companies vision
  • Living the brand – brand value alignment
  • Brand stability – company stability
  • Online reputation management – Attention to detail

Analytics:

  • Digital is all about ROI
    • Measurements
    • A general analytics scenario
  • Collecting the data
  • Tools
    • Google Analytics
    • Hoot Suite social media analytics

Online Selling and Ecommerce

  • Trust and Customer comfort
  • UI & UX
  • Conversion – the transaction
  • Plan (Based on Digital marketing foundation. Webinar – Digital marketing)
    • Yearly calendar
    • Promotions
    • Channels
    • Maintenance
  • Support

Digital Marketing Strategie:

  • Building the foundations
    • Platform
    • Online marketing channel setup
    • Brand (Short)
  • Maintenance
    • Content Marketing
    • Social media management
    • eMail marketing
  • Campaigns
    • ROI
    • Real time Retail
    • Brand building and Awareness
Business Transformation
  • Optimising your cloud business model
  • Optimising your cloud sales model
  • The competitive advantage
    • Adding your IP
    • Adding your services
  • Coopetition
  • The New World
  • Where are we heading
    • Hype vs Reality

For more information on First for Cloud’s range of Websore solutions, please contact Dana.Cinman@firstdistribution.co.za