The last hurdle to utilizing multifactor authentication (MFA) for Office 365 has been resolved: IOS devices.  Iphone and Ipad users can now setup their accounts with MFA.   Up until now users were forced to use long “app passwords” to enable their Outlook, IOS or Android Office 365 email because the standard password and MFA text, email or call would not execute on these devices.   App passwords are less secure than MFA as they are prone to “brute force attacks” in which hackers use computer automation to try thousands of passwords.

Previously, Outlook users were also forced to use app passwords but versions 2013 or later have been able to utilize MFA for months.

 

Here are some tips to get Office 365 to work with Outlook and IOS devices, as well as MACs and Android devices:

“Modern Authentication” is needed for Office 365 deployments to utilize MFA.  All new Office 365 deployments have “modern authentication” enabled by default but older tenants do not.  To enable it see Enable Modern Authentication in Office 365.

After enabling Modern Authentication, in Outlook,  change your app password to the regular password and then respond to the MFA .   On IOS and Android devices you need to completely remove the Exchange account and reinstall using your regular password and then respond to the MFA prompt.  On IOS devices go to settings, passwords and accounts.

 

One  last important step: after enabling MFA on all the user’s devices, revoke all app passwords.

Go to your administrative portal for Office 365, select “Active Users” and then click on the user.  Then click on “manage multifactor authentication” on the bottom right.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Click the check mark to the left of the user’s name.  Then click “manage user settings”.

 

Click “delete all app passwords….”. Finally click on “save”.

 

For any assistance on setting up your devices for MFA, enabling modern authentication in Office 365 and revoking app passwords, call Legal Computer Consultants at 800.646.9199.

 

 

 

 

On January 14, 2020, Microsoft will stop offering security patches and dates for Windows 7.  After January 14, 2020, Windows 7 will continue to operate but without support or new security updates.  Your Windows 7 operating system will continue to operate after support ends. However, your business will be highly susceptible to cyberattacks.  Hackers are aware of the January 14, 2020 deadline and will target Windows 7 PCs for their attacks.

Microsoft has fixed multi-factor authentication (MFA) for Office 365 on iPhones!

Law offices that were early adopters of Office 365 did not have a reliable way to enable multi-factor authentication for iPhones.  Subsequently, these customers were given very long ‘app passwords’ to be used as a ‘backup password’ and maintained by the Office 365 administrator.  This strategy has inherent security concerns.

Microsoft resolved the issue for deploying Multi-Factor Authentication on iPhones (and Outlook 2013 and later)!  Now, after enabling ‘modern authentication’ in the admin console on older accounts, users simply need to remove and re-add their Office 365 email accounts.  The process will employ multi-factor authentication and the old App Password can be deleted.  This strategy significantly enhances security and is recommended.

Contact LCC to enable ‘modern authentication’.

Microsoft invests billions each year in its cloud infrastructure including physical and logical security.   Below are two tours that describe how over a billion people each year utilize Microsoft’s state-of-the-art cloud data centers. Call Legal Computer Consultants for more information on deploying your firm’s operations to the world leading Micrsoft Azure Cloud.  (800) 646-9199.

 

 

Legal Computer Consultants can help you manage your Azure costs in several ways. In this post we will discuss how snapshots of your servers can unexpectedly cause an unanticipated increase in your storage costs.

Best practices dictate that you manage snapshots carefully to avoid extra charges. Microsoft recommends that you manage snapshots in the following manner:
Delete and re-create snapshots associated with a blob whenever you update the blob, even if you are updating with identical data, unless your application design requires that you maintain snapshots. By deleting and re-creating the blob’s snapshots, you can ensure that the blob and snapshots do not diverge.
If you are maintaining snapshots for a blob, avoid calling UploadFile, UploadText, UploadStream, or UploadByteArray to update the blob, as those methods replace all of the blocks in the blob. Instead, update the fewest possible number of blocks by using the PutBlock and PutBlockList methods.

 

 

For more information see this Microsoft support article:   Understanding How Snapshots Accrue Charges.

Call Legal Computer Consultants at (800) 646-9199 to speak to an Azure engineer to help your firm reduce costs on Microsoft Azure.

 

 

Microsoft will roll out Windows 10 version 1903 beginning this month (May, 2019) with enhanced deployment options for IT administrators as well as security improvements. Microsoft plans to release a new “health dashboard” for Windows 10 users. It will show “near real-time” information on the Windows 10 rollout status and known issues across both feature and monthly updates.

See full article in Redmond Magazine at Windows 10 Version 1903 Arriving in May with Enhanced Controls. 

Properly implemented, Office 365 Advanced Threat Protection (ATP) helps protect against sophisticated threats hidden in email attachments and links, and it provides cutting-edge defenses against zero-day threats, ransomware, and other advanced malware attempts.

 

Call Legal Computer Consultants today to learn how Advanced Threat Protection can help your firm protect itself from advanced threats.

(800) 646-9199

If your firm needs to comply with regulatory standards for retaining your data, the Office 365 Security & Compliance Center provides features to manage the lifecycle of your data in Exchange Online. This includes the ability to retain, audit, search, and export your data. These capabilities are sufficient to meet the needs of most firms.

However, some firms in highly regulated industries are subject to more stringent regulatory requirements. For example, firms that deal with financial institutions such as banks or broker dealers may be subject to Rule 17a-4 issued by the Securities and Exchange Commission (SEC). Rule 17a-4 has specific requirements for electronic data storage, including many aspects of record management, such as the duration, format, quality, availability, and accountability of records retention.

To help these firms better understand how the Security & Compliance Center can be leveraged to meet their regulatory obligations for Exchange Online, specifically in relation to Rule 17a-4 requirements, Microsoft has released an assessment in partnership with Cohasset Associates.

Cohasset validated that when Exchange Online and the Security & Compliance Center are configured as recommended, they meet the relevant storage requirements of CFTC Rule 1.31(c)-(d), FINRA Rule 4511, and SEC Rule 17a-4.

Click below to download the report by Cohasset.

Office 365 Exchange Online Cohasset SEC 17a-4(f) Assessment

Highly regulated industries are often required to store electronic communications to meet the WORM (write once, read many) requirement. The WORM requirement dictates a storage solution in which a record must be:

  • Retained for a required retention period that cannot be shortened, only increased.
  • Immutable, meaning that the record cannot be overwritten, erased, or altered during the required retention period.

In Exchange Online, when a retention policy is applied to a user’s mailbox, all of the user’s content will be retained based on the criteria of the policy. In fact, if a user attempts to delete or modify an email, a copy of the email before the change is made will be preserved in a secure, hidden location in the user’s mailbox. Retention polices can ensure that an organization retains electronic communications, but those policies can be modified.

By placing a Preservation Lock on a retention policy, an organization ensures that the policy cannot be modified. In fact, after a Preservation Lock is applied to a retention policy, the following actions are restricted:

  • The retention period of the policy can only be increased, not shortened.
  • Users can be added to the policy, but no user can be removed.
  • The retention policy cannot be deleted by an administrator.

For more information on how the Security & Compliance Center can be leveraged to meet your regulatory obligations for email with Office 365 Exchange Online, Contact Legal Computer Consultants at (800) 646-9199.

Microsoft announced the public preview of Windows Virtual Desktop on Microsoft Azure. Windows Virtual Desktop is a desktop and app virtualization service that runs on the cloud rather than on your Windows 7 or Windows 10 computer. Law firms can migrate case management, time and billing, accounting and other software to any type of device while maintaining the look and feel of a Windows desktop.  Firms can leverage the built in security, compliance and Windows desktop functionality configured directly by Microsoft.

This is a dramatic change for Microsoft which previously did not license Windows desktops on any public cloud, including Amazon Web Services and its own Azure Cloud.

For Windows 7, Microsoft is extending support for 3 additional years after the current January, 2020 end of support date.

Public preview is a precursor to general availability which is expected to be in the latter half of 2019.

 

Azure Sentinel is a cloud-based security information and event management (SIEM) service.  SIEMs normally require a substantial upfront investment in hardware, software and infrastructure costs.  With Azure Sentinel there are no upfront costs, you only pay for what you use.  Azure Sentinel uses the power of artificial intelligence to ensure you are identifying real threats quickly and eliminates the need to spend time on setting up, maintaining, and scaling infrastructure.  

Azure Sentinel provides intelligent security analytics at cloud scale for your entire Law Firm. Azure Sentinel makes it easy to collect security data across your entire firm from devices, to users, to apps, to servers on any cloud.  For more information see video below .