12 months ago, Microsoft announced that they were changing their Transport Layer Encryption requirements for connections to Office 365.
Initially, they planned to stop the use of TLS 1.0 and 1.1 in March 2018, however they extended this to 31st October 2018 which is fast approaching.
So how will this affect you?
As of October 31, 2018, Microsoft Office 365 will no longer support TLS 1.0 and 1.1.
All Office 365 Services as of 31st October 2018 will have to use Transport Layer Security (TLS) 1.2 or later to be able to connect without issues to the Office 365 Services, this may require updates to browsers and client-server software.
If you connect to Office 365 via a Browser and are using any of these browser versions then you should upgrade to a later version:
Android 4.3 and earlier versions
Firefox version 5.0 and earlier versions
Internet Explorer 8-10 on Windows 7 and earlier versions
Internet Explorer 10 on Win Phone 8.0
Safari 6.0.4 / OS X10.8.4 and earlier versions
If you are using Windows 7, then you need to check that TLS1.2 is the default secure protocol for WinHTTP, This Link can help you with this.
If you want more information on how to remove TLS 1.0 from your systems then this document may help.
If you need specific assistance then please get in touch with our Technical Team who will try to assist you.
Microsoft has issued the latest update video for Office 365 changes and enhancements for July.
You can see the update here
We suggest that you have a look at the video is a great way of keeping yourself abreast of the latest developments and it only takes a few minutes.
Interesting bits this month include changes to the Ribbon in the Online Office Products that are being rolled out, new information that can be linked to and from the planner, changes to Teams including the inclusion of Skype calls, and also changes in Sway (not widely used - Sway can be thought of as "Instagram for Office") so if you are into photographs as part of your daily life, then this could be relevant to you.
As we do the administration for the majority of our clients on O365, the final section on changes to the Admin Centre may not be so relevant but the changes are there anyway,
All in all, we like these updates, they are bite-sized bits of information that can make sure that you are taking advantage of the tools that you have available.
Office 365 Updates – What is included this month ?
More and more of our clients (the vast majority) have now moved to Microsoft Office 365 which either is a replacement email server solution or alternatively a subscription to all the Microsoft Office products and every update.
For those who have the software inclusive version ( Business Premium ) the updates for all the office products are regular and quite extensive, however the contents of the update and extension of the features included in all the applications (Word / Excel / Outlook etc) are often numerous so, where can you get information on the latest application updates, features and a basic understanding of how the updates can be used to improve your productivity ?
Microsoft produce and release a monthly video on the updates to the Microsoft Office 365 products, this is usually 10 minutes, but is well worth a look (over a cup of coffee) on a monthly basis.
This months update (May 2018) contains information on changes to Excel, Outlook, Planner (did you know about planner?), Sharepoint, Microsoft 365 and Microsoft Score - a new product that can help to look after your organization's Security to ensure you are secure and compare your business with other businesses in similar industries.
The Office 365 Monthly Update is a great resource to keep abreast of the latest options and features ..
The latest update can be found here .. , this is for May 2018.
A recent vulnerability has been found in the way that WPA2 encryption works that makes it possible to gain access to wireless networks that use WPA2, it has been named Krack (short for Key Reinstallation Attack).
Firstly some things to remember, the person gaining access to the system has to be physically near to your WiFi network so if your WiFi does not extend outside the building then the attacker has to be within your four walls.
Secondly, you can upgrade the firmware on the majority of major systems already, visit the vendor's website and download and install the firmware that has been patched.
For your information, the websites for popular devices are shown below:
Espressif Systems: LinkFortinet: Fortinet's support forumHostAP:LinkIntel: linkLinux: linkNetgear:linkMicrosoft:linkMicrochip:linkMikroTik:linkOpenBSD:Errata60 , Errata61Ubiquiti Networks:Link,
The best way to stay protected is a regular update of all systems and software.
In a purely generic way, using https or adding an SSL certificate does not stop your website being hacked
We have helped a few of our non-hosting clients with their websites recently after they had been reported as being hacked by Google. In two cases in the past fortnight for clients who were hosted by different providers, they have been told by their hosting provider that to stop them being hacked and to remove the message from the Google search results, they should purchase and install a SSL certificate and then their site won't be compromised (hacked) again.
Let me reiterate, for these sites, who are using the ever popular WordPress CMS, having an SSL Certificate will not stop a BOT from using a hole in one of your plugins, or an exploit in the base CMS Code to inject additional unwanted code into your site. In the same way that it won't stop an unauthorized person from logging into the admin area if they can guess your username and password combination.
What an SSL Certificate will do is make a secure route for any information between a remote browser and your website, this will stop anyone from monitoring the stream of data as it passes over the internet and extracting from it things like usernames and passwords, credit card details and similar. This is why online shops are strongly advised to install an SSL Certificate so that the user can confirm that they are the business that they wish to purchase from, and also that any information sent cannot be read on the way to or from the website, especially the payment portal.
This is short and sharp as a blog post as I am frustrated in that someone offering a hosting service could misrepresent the value of an SSL Certificate, there are excellent reasons for having one, in 2014, Google notified webmaster via the Webmaster Central Blog that sites with SSL would gain better ranking than those without, this single statement probably increased sales of SSL certificates to non-commerce websites by a factor of 100 overnight as people clamour to get the highest ranking they can, if you are taking information from clients ( of providing it if you are a client) then to encrypt the connection being used is a better security policy than not.
If you want to protect your website and you are using one of the common CMS Systems ( WordPress, Joomla!, Drupal etc ) then the best way to protect yourself is to always use the latest versions of the core CMS system, always check and update any plugins that you use, be careful of using old plugins that are not updated and scan your site for problems on a regular basis, there are systems that will do this for you, or just get to know your website and do it yourself ..
In conclusion - get an SSL Certificate, it's good for your website and its ranking on search engines, but please don't be misled into thinking that it will protect you from the malicious code that looks for holes in websites, or guesses your username and password, it most certainly won't!
As usual. feel free to get back to us with any questions or queries, we are always happy to help - 01948 820787
We host a considerable amount of domains, websites and look after DNS for our client base and as such we have to make changes at times to create links to new sites and services.
One of the questions that I get asked is why are these changes not instant?
I thought it would be useful to explain the basics of how these changes happen and how the Domain Name System or DNS works. This is not a definitive guide to DNS as it is a very complex subject and there are a lot of excellent books and resources that will explain in great detail the bits and bytes of what is an amazing system of data transfer and update of records that probably shouldn't really work!
DNS - The Very Basics
For the non-technical, a few words on what DNS is there for:
If you consider that the internet works on numbers, all the computers, servers and machines connected to the internet have a unique number ( or IP Address ), let me be clear, when you are connected at your office or at your home, then you will have a local address, your router or modem which connects your internal network to the internet has one of these unique numbers as until recently they have been in short supply.
It is a fact that the vast majority of human beings are not good at remembering numbers. Imagine if you had to remember that the website for your favorite shop was at an address that looked like 18.104.22.168 (just made up!), then I suspect that you would fail to remember and you would need to write it down, this is why we have books of telephone numbers or we have to save them in our digital phone books, most people can't remember the numbers but they can remember the names.
If you take this idea of a phone book, the DNS System works in a similar way by taking a name e.g. www.abcompany.com and turning this into a number 22.214.171.124 which is then used to make the connection, so you can, therefore, think of DNS in simple terms as a "phonebook" of websites and their unique IP Addresses.
Having got the basic concept of what DNS is. the obvious thing would be to think that there is one big "phone book" of names and addresses that everyone can access, but as there are now expected to be over 1 billion websites online in mid 2016 (source: NetCraft Web Server Survey - [and its data compiled by Pingdom]. Netcraft Ltd. ) and as such a single database of entries is not sustainable and of course with all your eggs in one basket like this the system would not be robust enough.
The way that the DNS system covers this is to use a distributed system of thousands of servers running DNS software and each providing details for a smaller number of domains.
The next stage is to understand how a computer makes a query, again this is at a very high level and not meant to be anything else!
DNS - A simple query
If we quickly go through a query for www.abcompany.co.uk and see how this makes a connection
You type into your web browser www.abcompany.com
- The first thing that happens is that your computer looks at which DNS server is assigned, this is set to "obtain automatically" in the vast majority of cases so will use the server that your ISP provides, this is called the "recursive resolver" as it knows which other servers to contact in order to get the information required for this domain.
This first server sees that you are looking for a .com site and it therefore knows that the first place to go for information on a .com is one of the "root servers" that are located across the world and can be considered the ultimate place to start looking. Again in very simple terms, all that is initially asked is about ".com" , the query is then referred to a Top Level Domain server (know as a TLD Server) which then looks up the domain name itself , in our case this is abcompany.com this TLD Server then returns the IP Address (number) of the Nameserver that is assigned to that domain name, for the sake of argument, lets say this is IP Address 126.96.36.199 (again this is not real!) and in fact if possible it will return both the older IPv4 address shown and a newer IPv6 Address which is being used to allow room for all the new systems that are connecting to the internet every day ( but that's another post !)
So we have now been directed to the Nameserver for the domain, and it is here that the final IP address of the website you are looking for will be provided, the query is passed through and the ip corresponding to the request is identified, in this case we have not got a prefix, in a domain records you can have just abcompany.com or you can have www.abcompany.com or xyz.abcompany.com and these are called "A" Records and each can have a different address.
You now have the final piece of the puzzle and your browser can now go to the ip address and show you the information you have requested.
This all happens in a few milliseconds ( ideally ) or can be a second or two which is why you can sometimes get a delay before a site is shown.
DNS - Making Changes
So you now know that there can be lots of systems around the world that need to be updated with any changes to your DNS settings, for example, you add a new "A" Record or make a change to a corresponding IP Address, all the relevant systems have to be updated with this new information, this is called "propagation" and this is the bit that takes time, but not generally in the way that you would think.
Each DNS record is actually a Text File containing the information on the domain that you need, and example of a DNS File is shown below:
; Database file abcompany.dns for abcompany.com zone.
; Zone version: 2017071801;
@ IN SOA nameserver1.i7net.co.uk. root.i7net.co.uk. (
2017071801 ; serial number
900 ; refresh
600 ; retry
86400 ; expire 3600 ) ; default TTL
; Zone NS records
@ NS nameserver3.i7net.co.uk.
nameserver3.i7net.co.uk. A 188.8.131.52
@ NS nameserver2.i7net.co.uk.
nameserver2.i7net.co.uk. A 184.108.40.206
@ NS nameserver1.i7net.co.uk.
nameserver1.i7net.co.uk. A 220.127.116.11
; Zone records
@ A 18.104.22.168
ftp A 22.214.171.124
www A 126.96.36.199
We can see that at the top of the file, there is a serial number and this is the basis on which a DNS record is updated.
When any change is made to the Zone Records then this number is incremented so in this case the next change will make the serial 2017071802 then 03 at the end and so on.
The Primary DNS server for the domain which is the one that you make changes on, will then notify any secondary servers that a change has been made to the record and they in turn will access this primary domain server and update their records accordingly. This usually happens within a few minutes, so why does it take so long to see the change everywhere?
Propagation and Caching - the long wait
The function of delivering a DNS Entry from a file is quite laborious so to speed up the process, the vast majority of ISP's use a system of caching where they only read from the file every few hours or in some cases days and it is this one thing that delays the appearance of your change.
If you change your nameservers, for example, you move to a new providers, then the TLD servers need to be updated with this information and as these are all over the world and there are further lower levels of domain servers which also help out the main TLD servers, this can take time for all of them to be updated.
The default expectation is that all Domain servers should be updated within 72 hours of a change, in reality, we find that the majority of changes to a .uk ( .co.uk / .org.uk etc ) take a couple of hours for the majority of updates, but this is not guaranteed and when you consider the caching at the ISP then the updates can appear much longer.
Can I speed things up?
We often make changes and need to see a fast update to DNS to check that everything is working, there are several ways of achieving this.
If you set your local DNS Server setting to use the name server allocated to your domain then you should see any changes immediately, however you must set a secondary to one of the global DNS servers, a common one would be at Google (IP 188.8.131.52 or 184.108.40.206) , or if you are a bit old school, then you can update your hosts file on your local machine with the entry you want to check, but please do not attempt this if you don't know the potential effect of any hosts file change !
I hope that this explanation assists with your understanding of why DNS can take time to change, but if you want any further information then feel free to get in touch.
I have been working on a few SharePoint sites in the past weeks and one of the questions that keep coming up is how you can find out which of your users has access to different areas and sites within your SharePoint environment.
Obviously when you move to SharePoint, there are issues of data security both with the protection of sensitive data and also ensuring that people have access to the information that they need.
If you are familiar with normal Windows access rights (shown below), you should understand the use of Users and Groups to control access to files and folders within any Active Directory implementation, and the same outline principles are there with Sharepoint. (more…)
We often get asked for the limits on Microsoft 365 Email so thought it would be relevant to put these into a technical blog for easy access:
Microsoft has put some limits on the accounts to prevent abuse of the service (e.g. sending unsolicited email from their servers), this is not unusual with any provider and for normal business use, these should not be prohibitive in any way. If you want to send out thousands of emails an hour, then Microsoft Office 365 is not the service for you.
The only restriction that we can see that may cause issues is the total size of an email as we have clients who regularly send larger files than the 25Mb limit, but we have alternative options for this requirement that are both inexpensive and reliable.
Basic Limits with a Microsoft 365 Account
Max Mailbox size for a single account is 50Gb
Size of a single e-mail message. The total size is 25Mb
Number of file attachments allowed in an e-mail message is 125
Number of text characters allowed in the subject line of an e-mail message is 255
Number of message body parts that are allowed in a MIME multipart message is 250
Number of forwarded e-mail messages that are allowed in an e-mail message is 30
Number of message recipients allowed in the To:, Cc:, and Bcc: fields is 500
Number of e-mail messages that can be sent from a single e-mail client per minute is 30
Number of recipients for e-mail messages sent from a single mailbox in a 24 hour period is 1500
Hardware is not a fan of hot weather, the temperatures that are acceptable on Desktops, Laptops and Servers can be above 38 Deg C, however, it is not a good place to be.
We had a call out for a Server that wouldn't power up this morning, it was very possibly heat related as the unit was in a cupboard and was full of dust from some recent electrical work in the same cupboard, lots of drilling and no dust collection!
It's always a good idea to keep servers in the coolest place in your office (assuming that you haven't got a dedicated room with security and air conditioning) so in order to be cool, try and keep them away from windows, out of direct sunlight and where there is a good air flow.
The cupboard under the stairs can be a very hot place when there is no air circulation and I have seen many systems that are putting out alarms because of internal heat because they are in cupboards, under stairs or have been used as a handy place to pile papers, magazines and general office rubbish!
We only think about being too hot ourselves when we get a mini heatwave, but get that office thermometer that's used to tell you when it is far too hot to work and sit in near your server for 24 hours and see how hot it is, if you are above 30 Deg C then have a look now at how you can help it to survive the hot spell!
We have found a problem with the Fujitsu D556 SFF PC where is the system is left for any length of time, it can freeze and the only way to restart is to power off the system and restart, obviously all data that has not been saved at this point is lost.
The problem is related to the BIOS and Graphics Driver and is only seen on some systems.
There are 3 possible fixes for this problem, for non-technical readers, item 2 is the one to start with, you can use the Fujitsu Desk Update facility to get the latest BIOS and Drivers for your system and these are also available from the Fujitsu website.
1) Update the BIOS:
The fix (a microcode update for the processor) for this issue was implemented in the BIOS release R1.14.0 / R1.15.0
2) Update the Graphics Driver:
Updating the graphics driver “Intel HD Graphics” to the version:
32-bit: 220.127.116.1174 - 18.104.22.16874 - PV - 32bit (13/06/2016)
64-bit: 22.214.171.124.4474 - 126.96.36.19974 - PV - 64bit (13/07/2016)
3) Change a BIOS Setting:
If the BIOS setting “Package C State Limit” is set to ‘Auto’ change it to ‘C0’, this BIOS item can be found under Advanced – CPU Configuration