Medical Center Cyber Security

Medical Centres are a high-value target for cybercrime, and the impacts of a cyberattack on a Medical Centre can be catastrophic. In 2020, during the COVID-19 pandemic, the health sector reported the highest number of cyber-attacks outside the government and individuals.

While large, high-profile attacks can happen to large hospitals and health systems, solo and smaller practices can have a false sense of security that they are too small to target. Unfortunately, smaller practices are often the most vulnerable to cyber-attacks due to their lack of dedicated IT security expertise and access to sensitive data.

Australian health providers have an increased reliance on telehealth and internet-enabled services, making them an ideal target for financially motivated cybercriminals. These attacks generally involve phishing campaigns, business email compromises and ransomware – a form of malware designed to encrypt files and data that render systems and files unusable until a ransom is paid

The Australian Cyber Security Centre recommends the Essential Eight Framework to mitigate the risk of cyberattacks on Medical Centers.

What is the Essential Eight, and how does it apply to your medical centre?

The Essential Eight is a framework recommended by the Australian Cyber Security Centre to help organisations protect themselves against cyber-attacks. It’s designed to protect Microsoft Windows-based networks and systems, but you can apply its principles to several situations and devices. In addition, it includes several mitigation strategies to reduce the risk of cyber threats significantly. This makes it the ideal starting point for a Medical Practice as it outlines several steps you can incorporate into your organisation’s existing systems to improve their security and stability.

When implementing the Essential Eight, the first step is to determine the maturity level that you’re aiming for. There are four levels, Level Zero through to Level Three. A Maturity Level of Zero signifies that an organisation has weaknesses or holes in their cyber security strategy. Levels One through Three recommend security measures of increasing strength and complexity to improve an organization’s cybersecurity.

How to incorporate the Essential Eight into your medical practice

If your medical practice does not already employ the Essential Eight, we recommend starting with Level One. Below are the key components of this framework.

 

Application Whitelisting

Apply application control

Application Control prevents unauthorised applications from being installed or run on a company computer. It’s a zero-trust security approach designed to protect against malware and untrusted applications. For example, in a Medical Centre, this could involve allowing access to only your practice management software, such as Best Practice or Medical Director, and related tools.

A practical method of implementing application control is to use Windows Defender Application Control (WDAC). This tool is included in Microsoft 365 Business Premium, a component of all GCIT managed service plans.

 

Patch Applications

Patch applications

Patch management ensures all systems are up to date with available security patches in a timely manner. Patches are necessary to close vulnerabilities or bugs in your software. In a Medical Practice, this would involve updating programs such as Best Practice & Medical Director with the latest updates.

Practice Management Software like Best Practice and Medical Director will deliver communications when updates are available. However, it’s the responsibility of the Practice Manager or IT Service Provider to ensure these are applied promptly. Patches and updates should be applied within two weeks of release or 48 hours if a security exploit exists.

 

Keyboard Macros

Configure Microsoft Office macro settings

Microsoft Office applications can create and execute macros to automate routine tasks. A macro is a sequence of automated actions that can replace mouse clicks and keystrokes to complete complex tasks. While these can be helpful tools, macros can also contain malicious code used by attackers to run harmful code or download malware.
We can manage the risks of Office macros using Attack Surface Reduction Rules in Microsoft Defender for Business, another Microsoft 365 Business Premium component.

 

Application Hardening

User application hardening

Application Hardening involves reducing vulnerabilities in the applications your company uses. In the context of the Essential Eight’s Level One maturity model, Application hardening refers to security settings in the web browser. Specifically:

  • Web browsers do not process Java from the internet.
  • Web browsers do not process web advertisements from the internet.
  • Internet Explorer 11 does not process content from the internet.
  • Web browser security settings cannot be changed by users.

These settings can be implemented using Security Baselines in Microsoft Intune, another inclusion in Microsoft 365 Business Premium.

 

Patch Operating Systems

Patch operating systems

A patch is a security update that fixes vulnerabilities. Similar to Application Patching, timely Operating System patching ensures your operating system has all current security updates installed.
Patches need to be consistently monitored to ensure systems are up to date. Security updates can be deployed per workstation using Microsoft Update settings. However, your IT provider can also manage them with a Remote Monitoring & Management (RMM) tool. Like many IT service providers, GCIT offers services to control Operation System patching through our RMM tool.

 

Restrict Admin Privileges

Restrict administrative privileges

Administrative Privileges allow a user to create, delete and modify files, settings, programs and other user accounts. A user with administrative privileges can significantly change an IT environment’s configuration and security posture. Administrative rights also allow users to elevate their operations and access sensitive information. Without restrictions on user accounts, malware and malicious code can cause much more damage, especially if the user that triggered it is an admin.

Restricting admin privileges also creates a more stable and predictable workspace, as fewer users can make significant changes to the environment. Your IT Provider should regularly audit your environment’s permissions through consistent access reviews. They should also take a principle of least privilege approach with just-in-time access, ensuring users have the least privileges possible to perform administrative tasks – for only the time they need.

 

Multi-Factor Authentication

Implement multi-factor authentication

When a user logs in to an account, multi-factor authentication requires multiple forms of authentication to prove their identity. This may come in the form of a password plus a generated code sent via SMS, email or authenticator app, or a secondary device that is already logged in and may need to approve access. An example is Apple’s multi-factor authentication which allows users to sign into their accounts using a password and then approve this action on an authorised apple device such as an iPhone.

Multi-factor authentication is one of the most effective security measures a Medical Practice can implement. When implemented securely, it can make stealing credentials that can cause further malicious activities considerably more difficult. Microsoft reports that Multi-factor authentication prevents 99.9% of identity-based cyberattacks. This effectiveness, combined with its ease of use, makes multi-factor authentication a vital first line of defence for any organisation.

 

Regular Data Backup

Create regular backups

Medical Centres need to ensure they back up business-critical information. This isn’t just for quick recovery in the event of a disaster; it’s also a requirement for general practices to achieve accreditation from the Royal Australian College of General Practitioners (RACGP).

Backup is the process of copying files or databases to ensure their preservation in the event of equipment failure, security and cyber breaches or other disasters. For a general practice to achieve accreditation, they must check their backup system at regular intervals – this includes testing its ability to recover data. The loss of critical data can impose a high financial and operational cost on your practice, so having a business continuity plan that includes a reliable and frequently tested backup procedure is vital.

Conclusion

Protecting your medical centre from cyberattacks is one of the most important steps to improve your business’s stability, improve patient trust, and ensure continued operations. However, it’s important to note that the steps outlined above cannot entirely remove the threat of a cyberattack. Still, they can mitigate the risk and hopefully decrease any attack’s severity and long-lasting impacts.

At GCIT, we are specialists in providing Cyber Security services to numerous businesses across Queensland and New South Wales, including many medical centres. Our Award-winning cybersecurity experts can take the stress out of IT Security and make sure your data is secure.

Contact GCIT to find out how we can help your Medical Practice protect against cyberattacks.

.au domain change

What is the new .au domain?

The .com.au country-specific web address has been in use for over 30 years. Like similar country codes such as .uk, it allows web users to identify Australian businesses and commercial entities quickly. In March of this year, .au Domain Administration Limited (auDA) launched a new shorter domain – .au.

The .au direct name is a general-purpose domain open for anyone with a verifiable connection to Australia who wishes to create or manage an online presence.

Unlike .com.au, which requires an ABN or ACN to verify that you are an Australian business to register, a .au domain does not have this requirement, opening it up to the Australian general public. If you currently own a domain name in any other .au namespace, you have priority registration to the .au direct equivalent of your existing domain until 20 September 2022.

What happens if I don’t register my organization’s .au domain before the cut-off date?

If you don’t request a .au domain via priority allocation by 20 September, the domain will become available for registration by the general public on 3 October. After this date, anyone that meets the requirements of registering a .au domain will be able to register one, regardless of whether a .com.au or .net.au equivalent already exists.

What does this mean for my business?

While this new domain offers businesses, organisations, and individuals opportunities to rebrand, extend or change their online presence, it can also pose a significant risk. Cybercriminals can also use this as an opportunity to commit fraudulent activity against your business. By registering your business’ .au name, a cybercriminal could impersonate your organisation by creating a fake online presence. This could include creating a copy of your website or using the .au domain to send phishing emails under your company’s name.

What steps should I take to protect my business or organisation?

While these changes will not inherently cause issues, you can take some steps to protect your organisation. The ACSC recommends that all Australian businesses, organisations, and individuals take advantage of the priority allocation process to register the .au direct equivalents of the existing domain names.

It is common practice for businesses to register the same names across multiple domains, for instance, gcit.com.au and gcit.net.au. When the .au direct namespace domain launched on 24 March this year, the Priority Allocation Process was created. This process allows existing registrants in the .au registry the first opportunity to apply for the .au direct match of their existing domain name/s. To qualify for priority access, you must have registered the domain name before the launch of the new .au domain.

How do I register for a Priority Allocation for a .au namespace domain?

To register the .au direct match of your existing domain name, you must apply for priority status by 20 September 2022 (23:59 UTC 20 September / 9:59 AM AEST 21 September). You can do this either through your current registrar or another accredited registrar. If you use a new registrar, you will need to retrieve a priority token from the Priority ID Token tool. This token enables a registrar to confirm that you are the owner of the matching existing domain name.

What can I do with the new domain once I have registered it?

If you have an existing web presence, one of the easiest things you can do is to create a redirect from the .au domain to your existing website. A redirect ensures that anyone searching for your business will find the correct site regardless of whether they use .au or.com.au. Of course, many businesses already do this with .net.au and .com addresses.

Another option is moving your website to the .au domain and redirecting your current .com.au address. Ultimately the web address you choose for your business will depend on the needs of your business.

To learn more about the new .au domain, visit auDA, the administrator of Australian .au domains.

Many companies are allowing staff to work from home and remote indefinitely, raising questions about how they can protect work data on personal or uncontrolled devices.

As IT experts for working remote Gold Coast IT Support offer the following information to help.

Because we can lose company data in a variety of ways across different devices, we need to apply a variety of protection measures. Let’s take a look at the features in Microsoft 365 that can allow companies to protect their data while users are working remotely.

Use Mobile Application Management

Despite the name, mobile application management doesn’t just apply to mobile devices, it can also protect Windows 10 devices. Mobile Application Management policies can protect company data on both managed and unmanaged devices.

It works by applying protections to the apps your teams use to access company data, like Outlook, Teams, OneDrive and SharePoint.

You can enforce restrictions on these apps to prevent data being saved, cut, copied or pasted.

Mobile Application Management Prevent Copy Paste

You can also require a PIN when the app starts or block the app from running on a jailbroken phone or tablet.

Mobile Application Management Pin Code

This feature can be used to selectively wipe company data from a users device, without affecting their personal files. This is handy for organisations where staff use their personal computers and mobile devices to access company information remotely.

Mobile Application Management Wipe Device

Set up conditional access policies

We can use Conditional Access to enforce restrictions on non-compliant or unmanaged devices. Such as blocking access entirely, or preventing particular actions like stopping users from saving attachments in Outlook on the web or syncing files to OneDrive

We can apply these protections in other ways to apps like OneDrive and SharePoint. Preventing users from syncing data to their personal devices by either blocking access or only allowing limited web only access

SharePoint Prevent Access From Unmanaged Device

Expert IT advice for working remotely

Use Cloud App Security to protect data on third-party apps

These protections don’t just relate to Microsoft 365 apps like OneDrive, SharePoint and Outlook; we can use Microsoft Cloud App Security to apply additional protections to apps like Dropbox Business too. Applying protection to a third-party app like Dropbox Business can prevent users from downloading your company data to unmanaged devices.

Control Dropbox Access Unmanaged Device

Apps like Dropbox Business also provide their own security measures, allowing you to block access and wipe company data when a device next comes online.Wipe Dropbox Device Remotely

Configure idle session time outs

To lessen the likelihood of the wrong people accessing company information on a shared device, we can configure idle session time outs. These will sign users out after a period of inactivity, just like your bank does.

Enable SharePoint Idle Session Timeout

Get alerts on suspicious activities

Cloud App Security includes built-in alerts that trigger on potentially suspicious activities. We can use these to get notified about things like mass deletions, mass downloads and unusual volumes of external sharing

Enable Cloud App Security Alerts

Protect sensitive data with Data Loss Prevention

We can use data loss prevention to restrict or impose conditions on the sharing of sensitive information. These policies can trigger on certain keywords like project names or sensitive information types like credit card numbers, driver’s license details or tax file information. Once a file containing this info is detected, it can display a warning, be blocked from being sent or have encryption applied.

Use Data Loss Prevention

Using Cloud App Security, we can apply additional data loss prevention measures to third party apps like Box and Dropbox Business

Use Sensitivity Labels

But what happens if this all fails, and someone downloads company data to a personal, unmanaged device. To protect against this, we can apply sensitivity labels. These labels define how sensitive a particular piece of content is and in turn can enforce protections on our data. What’s more, these protections apply no matter where it ends up. These baked-in protections can limit who can access the file and what they can do with it. Preventing the wrong people from opening, copying, saving, forwarding or printing sensitive documents or emails.

Protect Data With Sensitivity Labels

In many cases, these protections can be applied automatically by scanning for those same keywords and sensitive information types that data loss prevention uses.

Automatically Classify Content With Sensitivity Labels

As you can probably tell by now, there’s a lot you can do to protect your sensitive data when people are working from home. If you need help with any of this, reach out to us below.

  • This field is for validation purposes and should be left unchanged.

 

Org-Wide Teams in Microsoft Teams let you create a single Microsoft Team that includes all internal users in your organisation. However, Microsoft recommends that you make some changes to the team’s settings to cut down on excess noise and notifications.

What is an Org-Wide Microsoft Team?

An Org-Wide team in Microsoft Teams is just a team that includes everybody in your organisation. Its member list will automatically update as users come and go, and while it currently supports up to 1000 users, there are plans to increase this limit.

How do you create an Org-Wide Microsoft Team?

Creating an org-wide team is quite simple, just choose the Org-Wide team option from the drop-down when creating a new team at https://teams.microsoft.com

Create An Org Wide Microsoft Team

What are some best practices for Org-Wide Microsoft Teams?

If you have a lot of users in your organisation, these types of teams could quickly become very noisy and distracting.

To reduce excess notifications and noise, Microsoft have some best practice recommendations.

Only let team owners post on the General channel

  1. You do this under Manage teamManaging A Microsoft Team
  2. Click Settings, then Member permissions, then select Only owners can post messages.Microsoft Teams Only Owners Can Post In Org Wide Teams General Channel

Disable @mentions for the whole team

You’ll probably want to disable @mentions for the whole team, since that can send a notification to up to a thousand people at once.

  1. You can do this do this under Settings, @mentions, Show members the option to @team or @[team name].

Dont Allow @Mentions In Org Wide Microsoft Teams

 

Automatically favorite important channels

Switch to the channels tab and tick Auto-favorite on the channels you would like to show up by default.

Auto-favourite Microsoft Teams Channels

Also note that while the video above states that the feature is still in development, it has since been marked as launched.

 

The recently implemented Notifiable Data Breaches scheme imposes an obligation for entities to notify individuals whose personal information was exposed in a data breach if they’re at risk of serious harm.

If you don’t comply with the requirements of the scheme, the penalties can be quite severe. The Office of the Australian Information Commissioner can impose fines of up to $1.8 million for organisations, and $360 000 for company directors.

To find out how to assess a breach, as well as how to correctly notify any affected individuals, see this resource on the OAIC Website .

Which businesses need to comply?

While all businesses should take the privacy and security of customer data seriously, not every one needs to adhere to the NDB scheme.

If your business meets any of the following criteria, you’ll need to make sure you’re aware of the new requirements. Please note that this is not an exhaustive list. See the OAIC website for more information.

  • Any business with an annual turnover over $3 million dollars
  • Entities that are Tax File Number recipients, such as:
    • solicitors
    • tax agents
    • accountants
    • share registries and agents of ESS providers
  • Entities that provide any health services, such as:
    • traditional health service providers, such as private hospitals, day surgeries, medical practitioners, pharmacists and allied health professionals
    • gyms and weight loss clinics
    • complementary therapists, such as naturopaths and chiropractors
    • child care centres and private schools.
  • Organisations or small businesses that provide credit, such as:
    • a bank
    • a building society, finance company or a credit union
    • a retailer that issues credit cards in connection with the sale of goods or services
    • an organisation or small businesses that supplies goods and services where payment is deferred for seven days or more, such as telecommunications carriers, and energy and water utilities
    • certain organisations or small busineses that provide credit in connection with the hiring, leasing, or renting of goods.
  • Entities related to an APP (Australian Privacy Principles) entity.
  • Entities that trade in personal information. These are businesses buy or sell personal information for a benefit, service or advantage.
  • Employee associations registered under the Fair Work (Registered Organisations) Act 2009

How to make sure your business is protected

If your organisation is covered by the Notifiable Data Breaches scheme, it’s important to make sure you are taking appropriate steps to protect your customers data.

Our Security First Managed Services offering is designed to help address the requirements of the NDB and the incoming EU General Data Protection Regulation. Find out how.

Connect Azure Functions To Office 365

In the past couple of weeks I’ve uploaded a few scripts to help manage Office 365 customer environments in bulk via delegated administration. These scripts work well for us, though they only work when they’re initiated by a delegated administrator here. Sure, we could set them up on a server as a scheduled task, though in the interest of keeping things in the cloud, we’re moving them to Azure Functions.

If you’re interested, the scripts I’ve posted so far regarding Delegated Administration are here:

What are Azure Functions?

The Azure Functions service is Microsoft’s Function as a Service offering (FaaS). It’s similar to Hook.io, Google Cloud Functions or AWS Lambda if you’ve used any of those. Basically it lets you run standalone scripts or functions of a program in the cloud. One of Azure Functions’ benefits is that you don’t have to look after the underlying infrastructure, you can just add in your code and you’re pretty much done. You can start an Azure function using a HTTP or Azure Storage Queue trigger, or just set it to run on a timer. Azure Functions can run a variety of languages, though in this scenario, we’ll convert a simple Office 365 PowerShell script into a timer trigger function that runs each weekday.

Consumption Plan vs App Service Plan

Azure Functions Consumption Plan vs App Service PlanFor the number of functions we’ll be running, Azure functions are pretty much free with a Consumption Plan. This plan gives you a grant of 1 million executions and 400,000 GB-s of bandwidth, which we’ll be well under. However, Azure functions can also run on top of a paid Azure App Service Plan – which we’ll be taking advantage of.

Why pay for an Azure App Service Plan to run Azure Functions?

One of the limitations of the (almost) free version of Azure Functions is that it’s executions have a 5 minute limit, after which time they are terminated automatically. Apparently this is because the underlying virtual machines that run the functions are regularly recycled. Since some of our scripts have the potential to run longer than five minutes, we need to provision a small Azure App Service resource and then run our Azure functions on top of this. The VM that runs our App service runs continuously and will support long running functions

Here’s what we want to achieve:

  1. Set up an Azure Function App running on an App Service Plan
  2. Connect an Azure Function to Office 365
  3. Modify an existing PowerShell script to run on an Azure function

In another post we’ll look at connecting Azure Functions to Azure Storage to use in reporting via Power BI, and triggers for Microsoft Flow.

How to set up a new Azure Function App

  1. Log on to https://portal.azure.com using an account with an active Azure subscription.
  2. Click the Green + button on the left menu, search for Functions, then click Function AppSearch For Azure Functions And Click Create
  3. Click Create on the bottom right
  4. Complete the required fields for the Function AppComplete Fields To Create Azure Function App
  5. Choose to create a new Resource Group and Storage Account. For the Hosting Plan option, choose App Service Plan, then select an existing subscription or create a new one. In my case, I chose an S1 Plan, which is probably overkill. You’ll be able to get by with something much smaller.Create A New App Service Plan For Azure Functions
  6. Once you’ve completed the required fields, click Create and wait for it to complete deploymentWait For Azure Function App To Complete Deployment
  7. After it’s finished deploying, open your function app and click the + button to create a new function.Create A New Function Within Azure Functions
  8. Choose Custom function at the bottomChoose To Create A New Custom Function
  9. On the dropdown on the right, choose PowerShellSelect PowerShell From Azure Functions Drop Down
  10. Choose TimerTigger-PowerShell and enter a name for your Azure Function.Create Timer Trigger PowerShell Azure Function
  11. For the Schedule, enter a cron expression. There used to be documentation at the bottom of the page on how to format these, though at the time of writing it hasn’t appeared. For a function that runs Monday to Friday at 9:30 AM GMT time, enter the following:
    0 30 9 * * 1-5

    Define Schedule For Azure Function

  12. Click Create, you’ll be greeted with an almost blank screen where you can start to enter your PowerShell script. Before we do this, we’ll set up the Azure function to connect to Office 365, and secure your credentials within the function app.

Set up your Azure Function to connect to Office 365

In this step, we’ll be doing the following:

Define and retrieve your FTP Details

The FTP Details of the Azure Function are needed to upload resources that the Azure Function requires to connect to Office 365.

Download, then upload the MSOnline PowerShell Module via FTP

Azure Functions have a lot of PowerShell Modules installed by default, though they don’t have the MSOnline module that lets us connect to Office 365. We’ll need to download the module on our local computer, then upload it into the Azure function. This method was borrowed from this article by Alexandre Verkinderen.

Secure your Office 365 Credentials within the Function App

Right now, Azure Functions don’t integrate with the Azure Key Vault service. While we can store credentials within the function, these credentials are stored in plain text where anyone with access to the function can view them. This method was borrowed from this article by Tao Yang.

How to define and retrieve the FTP credentials for your Azure function app

  1. Click on the name of your function on the left menu.Click Azure Function Settings To Retrieve FTP Details
  2. Click Platform Features at the top, then click Deployment CredentialsOpen Platform Features
  3. Define a username and password for your FTP CredentialsSet Deployment Credentials For FTP Access
  4. Next under General Settings, click Properties.Open Properties Under General Settings
  5. Copy the FTP Host Name and make a note of it. You’ll need it to connect to the function’s storage via FTP and upload the MSOnline ModuleCopy FTP Host Name And User Details For FTP Deployment

Download, then upload the MSOnline PowerShell Module via FTP

  1. Open PowerShell on your computer, then run the following command. Make sure there’s a folder called ‘temp’ in your C:\ drive.
    Save-Module msonline -Repository PSGallery -Path "C:\temp"

    Save MSOnline Module For Office365 PowerShell On Local PC

  2. Wait for it to download, then make sure it exists within C:\tempWait For MSOnline Module To Download
  3. Open Windows Explorer, and connect to your function via FTP using the FTP Hostname and credentials we retrieved earlier.Connect To Your Azure App Service Via FTP Credentials
  4. Navigate to site/wwwroot/YourFunctionName then create a new folder called binCreate Bin Directory Under Azure Function
  5. Open the bin directory, and upload the MSOnline folder from your C:\Temp DirectoryUpload MSOnline PowerShell Module To Bin Directory In Azure Function

Secure your Office 365 Credentials within the Azure Function App

  1. On your computer, open PowerShell again and run the following commands. When you’re asked for your password, enter the password for the delegated admin account that you’ll use to manage your customers Office 365 environments. Make sure you press Enter again to run the final command to output the EncryptedPassword.txt file.
    $AESKey = New-Object Byte[] 32
     $Path = "C:\Temp\PassEncryptKey.key"
     $EncryptedPasswordPath = "C:\Temp\EncryptedPassword.txt"
     [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($AESKey)
     Set-Content $Path $AESKey
     $Password = Read-Host "Please enter the password"
     $secPw = ConvertTo-SecureString -AsPlainText $Password -Force
     $AESKey = Get-content $Path
     $Encryptedpassword = $secPw | ConvertFrom-SecureString -Key $AESKey
     $Encryptedpassword | Out-File -filepath $EncryptedPasswordPath

    Run PowerShell Script To Secure Password
    This will create two files on in your C:\temp folder. An EncryptedPassword text file and a PassEncryptKey file. Be sure to delete the EncryptedPassword file once we’re done.Locate Secure Password And Key In Temp Folder

  2. Return to the FTP connection and create a directory called keys under the bin directory
  3. Upload the PassEncryptKey file into the keys directory.Upload PassEncryptKey To Azure Function Via FTP
  4. Return to your Azure Function Platform Settings, then open Application Settings.
  5. Under Application Settings, create two new Key-Value pairs. One called user, which contains the username of your delegated admin account, and another called password, which contains the contents of your EncryptedPassword.txt file. Once you’ve added this, be sure to delete the EncryptedPassword.txt file from your computer.
  6. Before you leave Application settings, update the Platform from 32 bit to 64 bit.Update Azure Function Platform To 64 Bit
  7. Wait for the settings to apply, then return to the Develop Section of your Azure FunctionWait For Azure Function Web App Settings To Apply

Modify your Office 365 PowerShell script for Azure Functions

  1. Update the variables at the top of the script to ensure they match the function name, Module Name and Module Version.For your existing scripts, you may need to update your Write-Host references to Write-Output.This sample script is a modified version of this one. It will set the default password expiration policy for all of your customers’ domains to never expire.You can use this one or create your own script under the # Start Script comment
    Write-Output "PowerShell Timer trigger function executed at:$(get-date)";
    
    $FunctionName = 'SetPasswordExpirationPolicy'
    $ModuleName = 'MSOnline'
    $ModuleVersion = '1.1.166.0'
    $username = $Env:user
    $pw = $Env:password
    #import PS module
    $PSModulePath = "D:\home\site\wwwroot\$FunctionName\bin\$ModuleName\$ModuleVersion\$ModuleName.psd1"
    $res = "D:\home\site\wwwroot\$FunctionName\bin"
    
    Import-module $PSModulePath
    
    # Build Credentials
    $keypath = "D:\home\site\wwwroot\$FunctionName\bin\keys\PassEncryptKey.key"
    $secpassword = $pw | ConvertTo-SecureString -Key (Get-Content $keypath)
    $credential = New-Object System.Management.Automation.PSCredential ($username, $secpassword)
    
    # Connect to MSOnline
    
    Connect-MsolService -Credential $credential
    
    # Start Script
    
    $Customers = Get-MsolPartnerContract -All
    $PartnerInfo = Get-MsolCompanyInformation
    
    Write-Output "Found $($Customers.Count) customers for $($PartnerInfo.DisplayName)"
    
    
    foreach ($Customer in $Customers) { 
    
    	Write-Output "-----------------------------------------------"
    	Write-Output " "
    	Write-Output "Checking the Password Expiration Policy on each domain for $($Customer.Name)"
    	Write-Output " "
    
    	$domains = Get-MsolDomain -TenantId $Customer.TenantId | Where-Object {$_.Status -eq "Verified"}
    
    	foreach($domain in $domains){
     
    		$domainStatus = Get-MsolPasswordPolicy -TenantId $Customer.TenantId -DomainName $domain.Name
    
    		if($domainStatus.ValidityPeriod -eq 2147483647){
    
    			Write-Output "Password Expiration Policy is set for $($domain.name) already"
    
    			$PasswordsWillExpire = $false
    
    			$MsolPasswordPolicyInfo = @{
    
    				TenantId = $Customer.TenantId
    				CompanyName = $Customer.Name
    				DomainName = $domain.Name
    				ValidityPeriod = $domainStatus.ValidityPeriod
    				NotificationDays = $domainStatus.NotificationDays
    				PasswordsWillExpire = $PasswordsWillExpire
    			}
    
    		}
    
    
    
    		if($domainStatus.ValidityPeriod -ne 2147483647){
    
    			Write-Output "Setting the Password Expiration Policy on $($domain.Name) for $($Customer.Name):"
    			Write-Output " "
    
    			Set-MsolPasswordPolicy -TenantId $Customer.TenantId -DomainName $domain.Name -ValidityPeriod 2147483647 -NotificationDays 30
    
    			$PasswordPolicyResult = Get-MsolPasswordPolicy -TenantId $Customer.TenantId -DomainName $domain.Name
    
    			if($PasswordPolicyResult.ValidityPeriod -eq 2147483647){
    
    				$PasswordsWillExpire = $false
    				Write-Output "Password policy change confirmed working"
    			}
    
    			if($PasswordPolicyResult.ValidityPeriod -ne 2147483647){
    
    				$PasswordsWillExpire = $true
    				Write-Output "Password policy change not confirmed yet, you may need to run this again."
    			}
    
    			$MsolPasswordPolicyInfo = @{
    
    				TenantId = $Customer.TenantId
    				CompanyName = $Customer.Name
    				DomainName = $domain.Name
    				ValidityPeriod = $PasswordPolicyResult.ValidityPeriod
    				NotificationDays = $PasswordPolicyResult.NotificationDays
    				PasswordsWillExpire = $PasswordsWillExpire
    
    			}
    
    		}
    	}
    }
    
  2. Click Run to manually start the script. You should see following output under LogsAzure Functions Output Log

What Is Microsoft 365 Business Premium

On April 21, 2020, Microsoft rebranded it’s small and medium business Office 365 products to Microsoft 365. This resulted in a name change for the popular Microsoft 365 Business product as well, which is now called Microsoft 365 Business Premium. GCITS provide Office 365 Support on the Gold Coast and Brisbane.

Note that the pricing and makeup of the plans haven’t changed, just the names.
Previously calledNow calledWhat it has
Office 365 Business EssentialsMicrosoft 365 Business BasicCloud Services
Office 365 Business PremiumMicrosoft 365 Business StandardCloud services and desktop apps
Microsoft 365 BusinessMicrosoft 365 Business PremiumCloud services, desktop apps and advanced security

We’ve been advocates of Microsoft 365 Business Premium for a while now. We believe it’s the best value Microsoft 365 product around for businesses with under 300 users. As providers of Micorsoft 365 support here on the Gold Coast and Brisbane, we can assist you in the easy management of this terrific resource.

Want to know how to protect your data in Microsoft 365 Business Premium? Download our free guide to learn what features to switch on.

 

So why do we think you should go with Microsoft 365 Business Premium over Basic or Standard?

For us, it comes down to the Microsoft 365 Business Premium’s advanced security and compliance features.

Security and Compliance features of Microsoft 365 Business Premium

Microsoft 365 Business Premium includes advanced security features that are not present in the lower tier plans. These include:

Malware and Phishing protection with Office 365 Advanced Threat Protection

Microsoft 365 Safe Links and Safe Attachment policies protect against known and zero-day malware. Anti-Phishing policies protect users against phishing attacks using mailbox intelligence and machine-learning enhanced sender reputation checks.

Enhanced security for identities with Conditional Access

Conditional Access policies help balance security and productivity by applying the right security measures at the right time. For instance, if Microsoft 365 detects a risky sign-in from an unexpected location or non-compliant device, it can prompt for multi-factor authentication or block access to the user.

Enforce encryption on devices using Microsoft Intune

We can use Microsoft Intune to protect data on devices in the event of loss or theft. Microsoft Intune can configure Windows BitLocker, Apple’s File Vault, and encryption settings on Android and iOS devices.

Classify and protect confidential information with Azure Information Protection

Azure information protection helps companies use sensitivity labels and policies to classify and protect data. Built-in labels include Personal, Public, General, Confidential and Highly Confidential.

Depending on what label is applied, a policy can be used to protect it. These policies can enforce encryption, apply watermarks, prevent it from leaving your organisation and more.

Control company data on PCs with Windows Information protection

Many people use the same computer for both work and personal tasks. Windows Information protection tags files as ‘Work’ if they are generated by, or saved from, a corporate app. Files tagged as ‘Work’ are subject to the controls defined in your Information Protection policies. These files can:

  • be encrypted
  • prevented from being uploaded or shared via unmanaged apps
  • remotely wiped without affecting personal data.

Control access to sensitive emails with Information Rights Management

Information Rights Management allows your team to apply restrictions like “Do Not Copy” for specific documents and emails. When a recipient receives the email or document, they’ll be unable to forward, save, print or copy it.

Prevent sharing of sensitive info with Data Loss Prevention

Data Loss Prevention policies monitor the types of data that are uploaded to and shared outside your company. This info could be tax file numbers, credit card information, drivers license details and many more. When sensitive information is detected, the Data Loss Prevention policy can encrypt the message, notify the sender, alert an admin or block the message from being sent or file uploaded.

Remotely wipe company data and enforce security on devices with Microsoft Intune

Microsoft Intune lets us enforce security requirements on the devices that access company data. These could include requiring a strong password and encryption on phones and only allowing access via company-approved apps. When employees leave the company, Microsoft 365 can remotely wipe company data from the device without affecting personal info.

Unlimited archive for email

Microsoft 365 Business Premium provides practically unlimited storage for your email. Alongside the standard 50GB mailbox, users can access an unlimited archive of their email in Outlook.

Office 365 Support Gold Coast and Brisbane

Our expert assessment will have you supported the right way.

Want to enable advanced security in Microsoft 365 Business Premium?

While you get all the above features with Microsoft 365 Business Premium, you still need to configure them to suit your business and requirements. You can outsource the security of your cloud environment to GCITS. Get in touch for an expert assessment, and we can ensure the ongoing state management of these essential security policies.

  • This field is for validation purposes and should be left unchanged.

Skykick automates the migration of email from other platforms onto Office 365, though occasionally it needs a bit of help.

This is especially true when moving from Google Apps or Google for Work to Office 365. These mailboxes can bloat in size due to how both systems manage email folders.

Office 365 (Microsoft Exchange) stores email in folders, while Google gives email labels. The difference is, in Exchange an email can be in only one folder, while in Google an email can have multiple labels. When migrating from Google for Work to Office 365, SkyKick will create Exchange folders for every Google label, and migrate emails that are assigned multiple labels into multiple folders.

This results in a bunch of duplication on the destination system.

When you’re using Skykick to migrate large mailboxes from Google for Work, you may occasionally receive a message advising that the mailbox may exceed the storage limits on Office 365. While this message appears, synchronisation will be paused.SkyKick May Exceed The Maximum Allowed in Office 365

In order to resume the migration for this mailbox you’ll need to do the following:

  1. Confirm you’re using the right retention policy
  2. Enable archiving on the mailbox.
  3. Ensure the archive is running.
  4. Mark the alert as completed.

What are Exchange Retention Policies?

In Exchange, each mailbox is assigned a Retention Policy that contain the retention settings for mail within the mailbox. Retention policies are made up of Retention Policy Tags.

Retention Policy Tags outline how long Exchange is going to keep a user’s mail before performing a specific action on it. For Retention Policy Tags, this action can be PermanentlyDelete, DeleteAndAllowRecovery or MoveToArchive.

You can also create Retention Policy Tags that only affect a specific type of folder, for example DeletedItems or JunkEmail. For a full list of options, see this Technet Article: https://technet.microsoft.com/en-us/library/dd335226(v=exchg.160).aspx

Why create your own Retention Policy?

When archiving is enabled on a mailbox, the default policy is to archive anything older than two years. This may be enough to get the migration running again, but just in case it’s not, you can create a new Retention Policy Tag with a shorter archive time limit, apply it to a new Retention Policy, then apply the policy to the user you want to archive mail for.

Alternatively, you can edit the default policy (known as Default MRM Policy) or its tags, though this will affect all users that have archiving enabled.

You can create a new Retention Policy and Retention Policy Tags via PowerShell or via the Exchange Control Panel. In Exchange Control Panel, these actions are performed under Compliance Management. In this tutorial we’ll be working in PowerShell.

Setting up a Retention Policy in PowerShell

This new Retention Policy will move any mail older than 1 year into a users archive. It will have one tag.

  1. Connect to Exchange Online via PowerShell as an Exchange Online Administrator
  2. Run the following PowerShell cmdlet
    New-RetentionPolicyTag "1 year move to archive" -Type All -RetentionEnabled $true -AgeLimitForRetention 365 -RetentionAction MoveToArchive

    Create New Retention Tag

  3. Create the new Retention Policy and link the tags
    New-RetentionPolicy "One Tag Policy" -RetentionPolicyTagLinks "1 year move to archive"

    Create New Retention Policy

  4. Assign a retention policy to a user
    Set-Mailbox -Identity UserAliasOrEmail -RetentionPolicy "One Tag Policy"

    Apply Policy To The User

  5. Confirm the Retention Policy was applied correctly by running:
    Get-Mailbox -Identity UserAliasOrEmail | ft Name,RetentionPolicy

    Confirm Policy Is Applied

Enable Archiving on a mailbox.

Once you’ve assigned the policy, you can enable archiving on the user’s mailbox. This can be done in the Exchange Control Panel under Recipients, Mailboxes on the right menu.

  1. In Powershell, you can run the following cmdlet while connected to Exchange Online.
    Enable-Mailbox -Identity UserAliasOrEmail -Archive

Ensure the Archive is running.

  1. The Archive won’t run immediately, though you can force it along. You can check the size of the archive using the Get-MailboxStatistics cmdlet.
    Get-MailboxStatistics -identity UserAliasOrEmail -Archive
  2. The default cmdlet return is to display the Name, ItemCount, StorageLimitStatus and LastLogonTime of the mailbox. To see more info, append ‘| fl *‘ (minus the quotations) to the cmdlet.
    Get-MailboxStatistics -identity UserAliasOrEmail -Archive | fl *
  3. Your archive will probably be empty right now. To start the archive, run the following cmdlet.
    Start-ManagedFolderAssistant UserAliasOrEmail

    Force Archive To Run Using StartManaged Folder Assistant

  4. Now, if you run the Get-MailboxStatistics cmdlet a few times more, you’ll see the ItemCount increasing. Providing of course, that there’s email older than a year in the mailbox.Confirm Archive Is Running
  5. You can also append ‘| fl *‘ to the end of the cmdlet to get the available statistics for the user’s mailbox too. Try it a few times and watch it reduce as items are archived.
    Get-MailboxStatistics -Identity UserAliasOrEmail | fl *

    Get All Mailbox Statistics

    Get-MailboxStatistics -Identity UserAliasOrEmail -archive | fl *

    Archive Size

Mark the alert as complete

Once your archive has begun processing, you can return to SkyKick and mark the alert as complete. The migration for the mailbox will kick off again.

Improvements to Azure AD Identity Protection have launched, making it easier to identify and manage identity risks in your organization.

What is Azure Active Directory Identity Protection?

Azure AD Identity Protection uses machine learning to identify signs of suspicious activity or issues that might cause you to have a compromised identity in your organization. We can use Azure Identity Protection to configure policies that impose conditions on sign-ins or users that are deemed risky by Microsoft 365. We can also use it to manage, investigate and remediate risk alerts when a suspicious sign-in or user is detected.

Azure Identity Protection can generate alerts based on the following risk events:

  • Atypical travel
  • Anonymous IP
  • Unfamiliar sign in properties
  • Malware linked IP addresses
  • Leaked credentials
  • Azure AD Threat intelligence (activities that match known attack patterns)

The leaked credential alert is especially useful because it will let you know whether some of your users have credentials that are exposed on the dark web or in another breach. We use this in conjunction with the Have I Been Pwned API to alert our customers to compromised credentials.

Where can I find Azure Active Directory Identity Protection?

  1. Sign in to portal.azure.com
  2. Open Azure Active DirectoryAzure Identity Protection In Azure Portal
  3. Scroll down to Security on the left rail
  4. Open Identity Protection.Open Azure Identity Protection

What’s new in Azure Active Directory Identity Protection?

Azure Identity Protection has been updated with new controls for managing, investigating and remediate issues with our identities.Azure Identity Protection Improved Controls

We can use these improved controls to manage risk events in bulk, easily confirming a compromised user or dismissing alerts. These new controls are handy for larger organisations who generate many alerts each day. Azure Identity Protection Managing User Risk Events In Bulk

For each alert, we can drill down and see more information on the user’s recent activities. We can see other user sign-ins and risk detections, as well as reset passwords, confirm compromise, block access and investigate further in Azure ATP. Choosing to investigate further opens up Cloud App Security, providing more insight into the user’s recent activities that contributed to the alert.Azure Identity Protection User Risk Event Details

What license do I need for Azure Identity Protection?

Azure Identity Protection is included in Azure AD Premium P2 license. Azure AD Premium P2 is available under the following licenses:

  • Azure Active Directory Premium P2  standalone SKU
  • Microsoft 365 E5
  • Office 365 E5
  • Enterprise Mobility Suite E5

You get some limited reporting on risky users, risky sign-ins and risk detections in Azure AD Premium P1, which is included in Microsoft 365 Business Premium.

Since Microsoft licensing can change, see here for up to date licensing requirements.