Category Archives: Web

Resolved: Office 365 and Active Sync for Mobile Devices

Quick recap:

You’ll recall some time ago we had a client who was experiencing issues with Office 365 and Active Sync.  Well the issue did get worse, eventually it was affecting our own users, but less often and less severely.

The quick fixes we previously posted, were quick, but only temporary.

It took several weeks of back-and-forth, mostly because the issue was intermittent. I had to do much logging with devices and sending those logs to MS operations team for review.  Eventually they did find a reason and issued a patch to the application.  My understanding is this was a global issue and the patch was applied to everyone.

A key takeaway for us at WorkAround in this situation is communication.  We often recommend Office 365 to our clients as a robust, powerful office solution, but it’s important to remember that when the service is down, or throwing bugs, we the admins, have deferred control over the problem resolution to the upstream provider (in this case Microsoft). That said, we have less sway to achieving resolution to the problem, it’s certainly not in our direct control.  So we must communicate with the client before hand that this will be the case. Furthermore during an outage we must keep the client abreast of all we are doing, and ensure communications channels with the upstream provider are strong.

Thanks to Microsoft for working to a satisfactory resolution on this issue.

Office 365 and Active Sync for Mobile Devices

Some clients have been having issues (especially on their Blackberry’s) with getting their emails from Office 365.

The Problem

Randomly, but fairly frequently, email stops flowing to your mobile device from your Exchange Active Sync account on Office 365.  Your device will prompt you to re-enter your password.  It’s a minor nuisance to re-enter your password every couple days but as long as you get prompted it’s not a horrible issue.

The worse problem is that on BB10 devices, the prompt could take hours to come!  At the time of this writing my Android device prompted for my new password about 8 hours ago, my BB10 device has not prompted me yet!

The (Potential) Solution

I found this quick fix on a blackberry message board which seems to be working so far, but it only applies to BB10 devices.

If your mail server setting defaulted to m.outlook.com when BB ‘set up” the account,

  1. go into the email account settings (from the settings icon) open your email account,
  2. select the advanced set up icon at the bottom of the screen (beside the trash icon)
  3. scroll down to server address change it to outlook.office365.com

In early testing this seems to be causing fewer drops in connectivity.

Let me know if this works for you, and let me know if you have any other insight on these nuisance dropsies.

Note: on my  Android device the server was correctly set to outlook.office355.com and that account still drops, however my other O365 account it set to pod12345.outlook.com (where 12345 is a 5-digit number I didn’t feel like going to look up again right now) and it has not been affected with the dropsies.  I don’t recommend you change your server setting to the pod server because this is an old setting and I don’t believe it’s supported any longer.

How I Got Phished

Yes, it’s true, it happened to me.  I got phished.  In my defense, it was late at night and I wasn’t paying close attention to what I was doing. And in that moment of carelessness my password was compromised.

Wikipedia defines phishing as:

Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware.

Phishing scams are extremely common, and in fact spam filters stop the majority of them from even getting to our inbox.

So I took the bait late one night in the following fashion: I was online, socializing, surfing. I got an email which appeared to come from a legitimate photo sharing website (on which I have an account as do several of my friends and family) that said “someone” had shared some photos with me. Here’s clue # 1: it didn’t say who just “someone” the real site is specific about who is sharing the photos in order to prevent spam. So I clicked on the link to see the photos.  Clue #2: the log in page was very similar to the normal log in page for this website – but it was just a little different.  I actually thought to myself “hmm, I wonder why the log in page is different than usual?”

Clue #3: I proceed to enter my username and password and they failed (no biggie, sometimes late at night my fingers can’t keep up with my brain and I mistype stuff) so I tried again and the password still failed.  Now I check for Clue #4:  the website I’m on is not actually “www.photosharingsite.com” but “www.photosharingsite.com.you.are.being.phished” (actual URLs changed to protect the innocent  – but you get the picture).  So you can see how on first glance it looks like I’m on “photosharingsite.com” but I’m really not.

How to recover from a phishing attempt

So how is it I survived to write this cautionary tale for you?  So after two failed log in attempts it took me about 2.3 seconds to realize that I’d been phished.  So I closed my browser to leave that page and make sure it’s not doing more naughty things (such as collecting cookies or keystrokes), cleared my cache, including cookies, opened a new browser and went directly to the legitimate “photosharingsite.com” logged in and changed my password.  Then for the next couple of days I tested that log in and my activity to make sure the breach wasn’t exploited.

If you have been phished immediately do the following:

  1. If your password was compromised, then log in to the legitimate site and change the password right away.
  2. If you use the same password in multiple places, then change them in all those places.
  3. If you gave up financial information, notify your bank, the government and credit bureaus right away.  There are several tools that they use to prevent identity theft and fraud that will help protect you.
  4. If you gave up health info then notify your health insurance provider and your local health authority in order to prevent identity theft or medical fraud.

What did I learn from this exciting adventure?

  1. Never, never, never open a link you receive in email!  If you think that’s a bit excessive, talk to any security expert and the majority will tell you they never open a link they receive in their email (or Instant Messages for that matter).
  2. Use different passwords for all your accounts. I know this sounds crazy because I have several dozen accounts all over the web. But luckily for me the password I used at this photo sharing site was unique, so I only needed to change it once.  If it was the same password I use everywhere, then I’d have to change my password at dozens of sites.
  3. Never, never, never, give up personal information (especially health or financial information) online.  Your bank, your doctor and the government already have all that info, they don’t need it again and they won’t ask for it. So if you’re being asked, it’s likely a phishing scam.
  4. If you’re going to ignore rule #1, (but don’t because that’s how you get viruses too!)  firstly be extra sure you trust the sender (an email with your banks logo is not enough to trust).  Then, before you click, hover over the link to see the true address it links to: most browsers and mail clients it comes up at the bottom of the window.  Make sure that link goes to where it says it does.  Finally Triple check the link you end up at before entering any info.  That is, check the address bar of your browser, not just the link in the email message.

One moment of carelessness caused me about 2 hours of grief and that was just over a simple photo sharing site.  If I had given away personally identifiable information, especially financial info, I could have been in for months of grief to ensure my identity and my finances were intact.

Office 365 – Ask Us How

 

Collaboration in the cloud

  • Be more professional…
  • Be more productive
  • Be more efficient…
  • Save money…
  • Ensure Security…
office365

COLLABORATE BETTER

In many organizations, employees send documents as email attachments and then save and edit them on their local drive.  Keeping track of which computer holds the most recent version of a document can be a nightmare.  Information gets lost and changes are not tracked.  Information sharing in Office 365 is simplified across your organization with Microsoft SharePoint®.

WorkAround will help create a readily accessible team space for sharing and editing files by many people in different locations, by designing and deploying a custom online SharePoint site for your organization, based on your business structure.

In addition to sharing documents online, virtual meetings are easy with shared calendaring and audio, video, and onscreen sharing, allowing everyone to communicate more effectively with colleagues, partners, and customers.

LOOK PROFESSIONAL

Small businesses and professionals need a strong web presence that is easy to maintain.

WorkAround can assist you in designing a professional looking website. Using Office 365 tools we will help you create a site that better represents your company.   We will teach you how to maintain your website and keep it up-to-date with information to prevent your website from becoming stale.

In the past, smaller organizations have been limited by generic web-based email.  You can strengthen your company image with domain-based email that reflects your organization.  We will handle all the DNS registration and configuration to get you started.

WORK WITH WHAT YOU KNOW

You will be more productive using the tools you’ve grown accustomed to using. Work with all the full-featured functionality of the programs you’re already familiar with and use most often—including Microsoft Outlook®, Microsoft Word, Microsoft Excel®, and Microsoft PowerPoint®. Stay efficient with convenient access to your email, calendar, and contacts across multiple platforms and devices whether in the office or on the go.

WORK FROM VIRTUALLY ANYWHERE

Your employees are working remotely and they need important information that is readily available to them when working outside of the office environment.  They need consistent and easy access to the productivity tools and documents that are required to stay ahead of the competition.  With Office 365, they can view and edit documents using a PC or Mac across a broad range of browsers, or from a mobile device, including Windows® Phone, Symbian, iPhone, BlackBerry, and Android.

SAVE MONEY

All these services are available in the cloud.  You no longer need to purchase new servers, update software and renew licenses.  For a low monthly fee, you remain up-to-date with the latest versions in a secure and easily accessible environment.

SECURITY

Office 365 invests in state-of-the-art security, reliability, and recovery technology to ensure that your files and messages are secure, your data is safe, and you are always able to access and work with your information. Office 365 offers

  • A guaranteed 99.9% uptime Service Level Agreement
  • Data centers with SAS 70 and ISO 27001 certification
  • Geo-redundant, enterprise-grade reliability and disaster recovery
  • Multiple data centers and automatic failovers to ensure your data is safeguarded
  • Up-to-date antivirus and anti-spam protection

 

We use Office 365

Contact us to get a free trial!

 

DNS Ownership

The Domain Name System (or DNS for short) is a simple technology that we use every day, but most people probably have little idea how it functions. Like any good infrastructure technology, it is invisible when it is working smoothly. Its main purpose is to translate simple names like www.workaround.ca into a lower level numeric address like 67.226.157.50.  DNS is a lot like associating a name with a street address. If I want to go to the CN Tower, I’m going to use the name (CN Tower) and not the address (301 Front St. W). Without this service, we would need to remember low level IP addresses and the usability of the world wide web would disappear.

One of the few times that you might need to worry about DNS is when registering your domain name for use on the Internet. Like any directory service, DNS works by requiring end users to register and maintain their own directory entries. There are two parts to managing a DNS entry:

  • Registering the name
  • Hosting the name

Registration of domain names is handled by large organizations such as ICANN and CIRA. In general, you will interface with these organizations through a second-tier organization that will handle the registration for you.

Hosting the domain name refers to actually having a server on the Internet that responds to requests for name translations. This can be done by a third-party company, or you can host a DNS server within your own infrastructure. For most small to medium companies, the additional overhead of managing an external DNS server and having to deal with security and denial of service issues isn’t cost effective. You will almost certainly use an external DNS hosting provider and that provider will amost certainly handle the registration for you.

One of the complications that can arise when working with an external web design firm, especially if they also host your web site, can come in the form of implicit DNS registration. In these cases, the web design firm may register your domain for you and essentially own that domain. You can determine if this is the case by doing a whois search on your own domain names. Someone from your organization must be the administrative contact for the domain, even if the technical contact is from an external company. This will allow you to control the administration and transfer of the domain, if necessary.

While outsourcing domain ownership can seem like less of a headache when you’re trying to get a new site onto the Internet quickly, it can be a major problem if you need to part ways with your provider down the road. One of the issues with DNS hosting is that your domain name system is responsible for more than your web site. DNS services are also potentially used for e-mail delivery, server auto-discovery, or SMB services offered by Google or Microsoft. In addition, domain control is usually required if you need to obtain security certificates for secure access to your web servers. If another company has control of your domain registration and hosting, it can cause problems or delays if you need to make changes to these settings.

For this reason, we recommend our clients always register and host their own DNS entries through a trusted DNS hosting company that is not tied to a specific web design partner. This gives them maximum flexibility if they need to switch design firms or hosting companies.

If your web design partner currently owns your domains, you should have them transferred to a third-party DNS hosting company to avoid future problems with domain control and ownership. This is usually a painless process and your current provider should not obstruct this move. Your domains are your property and possession is nine tenths of the law. Due to built-in protections for domain ownership and to prevent fraud and domain hijacking, it can be a long process to get control of your own domains without co-operation from the current owner.

Once you do have control over your own DNS registrations and hosting, ensure:

  • You maintain your own passwords and access to DNS modifications. If your DNS provider allows you delegate access to your domains, that’s great. Otherwise, don’t give up your credentials to a third party.
  • Make sure you renew your domains when they are up for expiry. This means you should always make sure the contact information in your whois record is up to date and accurate. You should receive notification e-mails when your domains are up for renewal.

DNS is largely invisible if it is set up properly and maintained on an annual basis. With some small upfront effort, you can ensure that your domains operate smoothly when changes are required.