Scappman is Now Exclusively for Partners!

If you are a new direct customer, please explore Patch My PC for your software management needs.

Microsoft Intune Dictionary

microsoft intune dictionary

Microsoft Intune is a comprehensive cloud-based solution for managing mobile devices, PCs, and applications across corporate and personal boundaries. Intune provides a range of features to help organizations secure and manage devices, protect their data, and enable productivity. In this article, we will explore the different terms and definitions associated with Microsoft Intune. Admin permissions or Directory Roles define the administrative scope for users and the tasks they can manage. Types of administrators: Global Administrator accesses all administrative features in Intune. By default, the person who signs up for Intune becomes a Global admin. Global admins are the only admins who can assign other admin roles. You can have more than one global admin in your organization. Password Administrator resets passwords, manages service requests, and monitors service health. Service support administrator opens support requests with Microsoft and views the service dashboard and message center. They have “view only” permissions except for opening support tickets and reading them. Billing administrator makes purchases, manages subscriptions, manages support tickets, and monitors service health. User administrator resets passwords, monitors service health, adds and deletes user accounts, and manages service requests. The user management admin can’t delete a global admin, create other admin roles, or reset passwords for other admins. Intune Service administrator has all Intune Global administrator permissions except permission to create administrators with Directory Role options. Android Device admin is the old management method of Android devices with limited functionality in application management requiring elevated administrative permissions in order to perform certain tasks. It has been deprecated since Android 9.0. Android Enterprise is an initiative to enable the use of Android devices and apps in the workplace. The program offers APIs and other tools for developers to integrate support for Android into their enterprise mobility management (EMM) solutions. App configuration policy is the settings that are supplied automatically when the app is configured on the end-users device, and end-users don’t need to take action. The configuration settings are unique for each app. App logs is a file with reporting that includes a record of activities that generate a change in in the app. App protection policy is the rule that ensures an organization’s data remains safe or contained in a managed app. A policy can be a rule that is enforced when the user attempts to access or move “corporate” data, or a set of actions that are prohibited or monitored when the user is inside the app. App types in Microsoft Intune: Apps from the store (store apps) – applications that have been uploaded to either the Microsoft store, the iOS/iPadOS store, or the Android store are store apps. The provider of a store app maintains and provides updates to the app. You select the app in the store list and add it by using Intune as an available app for your users. Apps written in-house or as a custom app (line-of-business) – applications that are created in-house or as a custom app are line-of-business (LOB) apps. The functionality of this type of app has been created for one of the Intune supported platforms, such as Windows, iOS/iPadOS, macOS, or Android. Your organization creates and provides you with updates as a separate file. You provide updates of the app to users by adding and deploying the updates using Intune. Apps on the web (web link) are client-server applications. The server provides the web app, which includes the UI, content, and functionality. Additionally, modern web hosting platforms commonly offer security, load balancing, and other benefits. This type of app is separately maintained on the web. Note that Android does not support web apps. Apps from other Microsoft services – application that have been sourced from either Azure AD or Office Online. Azure AD Enterprise applications are registered and assigned via the Microsoft Endpoint Manager admin center. Office Online applications are assigned using the licensing controls available in the M365 Admin Center Apple Automated Device Enrollment ADE lets you create and deploy policy “over the air” to iOS/iPadOS and macOS devices that are purchased and managed with ADE. The device is enrolled when users turn on the device for the first time and run Setup Assistant. This method supports iOS/iPadOS supervised mode, which enables a device to be configured with specific functionality. Apple push certificate is required for Intune to manage iOS/iPadOS and macOS devices and enroll users’ devices via Company portal or Apple’s bulk enrollment methods (Device Enrollment Program, Apple School Manager, Apple Configurator). Application deployment is the process of installing, configuring, and enabling a specific application or set of applications through Microsoft Endpoint Manager. Assigned groups are used when you want to manually add specific users or devices to a static group. Autopilot is used to set up and pre-configure new devices to get them ready for productive use. In other words, it allows your organization to take a device that is fresh out of the box (straight from OEM), and send that device to your user/employee for immediate use. Auto-enrollment is triggered by a group policy created on your local AD and happens without any user interaction (possible for Windows 10/11 devices). Azure Active Directory (AD) is Microsoft’s cloud-based identity and access management service, which is used by Endpoint Manager for identity of devices, users, groups, and multi-factor authentication (MFA). Azure Active Directory PowerShell is a module IT Pros commonly use to manage their Azure Active Directory. The cmdlets in the Azure AD PowerShell module enable you to retrieve data from the directory, create new objects in the directory, update existing objects, remove objects, as well as configure the directory and its features. Azure AD Connect is a tool for connecting on-premises identity infrastructure to Microsoft Azure AD. The wizard deploys and configures prerequisites and components required for the connection, including sync and sign on. Bring-your-own-device BYOD is a policy that allows employees in the company to use their personally-owned mobile device (phones, tablets, and PCs) for work-related activities. Bulk enrollment is joining a large number of new Windows devices

Top 5 Challenges of patch management

top 5 challenges of patch management

One of the better cybersecurity practices is updating software regularly. Regardless of your industry, it’s essential to keep your software up to date to protect your organization from breaches. According to a study conducted by Ponemon Institute for ServiceNow, 60% of cyberattacks are caused because applications are not up to date. Despite the importance of patch management, many companies are still struggling to patch applications effectively. Companies face some challenges when it comes to patch management, but they aren’t impossible to overcome. Common Patch Management Challenges 1. Time-consuming According to the Ivanty report (2021), 71% of IT and security professionals find patching complex and time-consuming. To prove this, let’s discuss the patch process cycle. Organizations must continually identify and assess vulnerabilities, monitor and test patches, and deploy the patches to their systems. Based on the Ivanty survey results, IT & security professionals spend 53% of their working time each month detecting and prioritizing vulnerabilities and 19% testing patches. The biggest problem here is how to find out if there is an update available. Many people think of something like Patch Tuesday with Microsoft. However, it’s not like that in most cases – there is no system. And let’s consider this: for example, Chrome releases a full OS update about every four weeks. Minor updates, such as security fixes and software updates, happen every 2–3 weeks. Only for patching Google Chrome, an IT specialist must go through the patch cycle 2-3 times a month. But what about other applications? On average, a company uses 110 applications (Statista, 2021). It’s difficult to calculate how much time IT admins should spend on patching all the software to prevent the companies from breaches. 2. Lack of IT Inventory Management Another common patch management challenge is the lack of understanding of what software companies’ endpoints actually have. This problem has become harder to deal with as companies move to remote work. Implementing asset control and an accurate inventory system is a good solution. With a detailed asset list, it’s possible to have a complete picture of your company’s IT infrastructure and what endpoints and applications are vulnerable. This makes it easier to prioritize assets and applications for faster patch deployment. To address this challenge, you can use Microsoft Threat and Vulnerability Management tool (TVM), one of the security pillars of Microsoft Defender for Endpoint. It aims to identify vulnerabilities and misconfigurations in real-time and prioritize them based on the need of the threat landscape. Read more about Microsoft TVM in this blog. 3. No desire to deploy every patch Implementing an inventory management solution can cause another challenge – only highly prioritized vulnerabilities will be patched. This doesn’t solve the problem entirely – your company’s endpoints are still at risk, and there is no guarantee that you won’t be hacked. 4. Patch failures 72% of managers are afraid that applying security patches right after release could “break stuff.” That’s true: there is a risk that some things can go wrong with updating software. This can occasionally happen, even if the vendor extensively tested a patch before a patch was released to the public. Sometimes, the reason for a patch failure is that you install the patch and forget to reboot the system. To address this challenge and not “break everything,” you must test the updates first in a test environment and then deploy them. 5. Vulnerability management It’s essential to remember that patching does not always mean managing vulnerabilities. Even if all the patches are deployed, a new vulnerability can always become a hole for some of these flaws. Once the patch is deployed, new vulnerabilities will likely appear, and you patch it again. Patching is a catch-up game where you’ll always be behind. How can you automate patch management? Use Scappman! Scappman is a 100% cloud solution that automatically installs all the necessary updates for your applications. Scappman automates the whole cycle of patching: Scappman scraps the installed applications for the new version, and if it’s available, Scappman tests it, creates a package, uploads it to Intune, and installs it to the assigned users. There are more than 500 third-party applications in Scappman App Store that Scappman keeps an eye on. They are always up to date and secure to use, so you can be sure that hackers can’t use steal or encrypt your data. To know more about Scappman and how it helps you save valuable time and keep endpoints in your organization secure just in 2 steps, book a demo with us.

Top 5 MSP tools for Microsoft Intune

top 5 msp tools for microsoft intune

At SCAPPMAN, we just wanted to show you the top 5 tools that can be helpful for you as an IT service provider. Microsoft Endpoint Manager is one of those fantastic products by Microsoft that has been around for almost 11 years. The cool thing is that excellent apps are being built that upgrade MEM to MEM 2.0. The top 5 tools for Microsoft Intune are Lansweeper, Micke, Remote Support tool, Admin by request and Scappman of course. Lansweeper: IT Asset Management Software It wants to know your IT environment and what assets are on your corporate network. It does this in 3 steps.  Step 1: Discovery The Lansweeper Deepscan discovery engine will find any asset on your corporate network without needing you to install any software on them. It has no limit to the effects it can have on the environment or resources. Step 2: Inventory Lansweeper offers a complete and insightful overview of the hardware, software, and users that enables a straightforward exploration of your network. Launder all network tasks, projects, and decisions by managing one source of truth.  Step 3: Analytics Be on top of things at all times with your IT. Be able to answer any questions, thanks to your over 400 built-in network reports and the ability to create or modify these reports, so they suit your needs. A tool that helps MSPs mitigates risk and enables you to control your IT assets. We think one of the most astonishing combinations together with SCAPPMAN. Micke: IntuneManagement with PowerShell and WPF UI PowerShell scripts use this Microsoft Authentication Library (MSAL), Microsoft Graph APIs, and Azure Management APIs to manage objects within Intune and Azure. The scripts have a simple WPF UI, and they are used for operations such as Export, Import, Copy, Download, Compare, and more. You can find the Github info here: Admin by request: to be or not to be an admin Administrator rights, I think we never entered a company where this wasn’t an issue. The issue is: that you must allow users to maintain local admin rights or manual labor called unlimited remote installs.  Admin by request can quickly deal with this for you without requiring much time and effort and allow you to use your IT resources this way freely. Again, it’s best to mitigate risk if your security principles say that you should grant your users the least amount of privileges required to carry out the task. This security rule is why local administrator rights were given, but eventually, users will request elevated rights. That’s why PAM (Privileged Access Management) system was created like Admin by Request.  Remote Support Tool or Remote Help with Intune and Microsoft Endpoint Manager Finally, it’s here in public preview, the tool remote help. The tool’s title is self-explanatory, connecting your users’ devices with support staff. You, as an MSP, can make configurations directly and take actions on the users’ devices. Yes, and it’s possible to take complete control of the device when the user permits it.  Scappman: it’s all about multitenancy and saving your time In addition to all the tools above, we don’t want to leave out our tool. We think we’re the best solution if you are an MSP with multiple customers and need a multi-tenancy automated patching software solution.  We think that automated updates in Intune will help your life as an MSP significantly better. You can use it for yourself, but you can also resell it. It’s up to you. You can find all the info about our MSP program here. 

Why browsers never stop updating and you should care as an IT Manager

why browsers never stop updating

Last week it happened again. Chrome had another zero-day exploit and had to update to Chrome version 99. It feels like every week, there is a new update to Chrome. And what we see – in a couple of days, update version 100 came out. And it’s not just Chrome. Microsoft Edge, Mozilla Firefox, Opera all browsers continuously improve and secure themselves via patches and updates. Of course, this would be easier if you wouldn’t have to do this yourself, but your MSP or IT manager would take care of these automatic updates. He could always automate these patches via SCAPPMAN; sorry for the shameless plug. Why should you update browsers? There are 2 main reasons why your browsers should be always up to date – security and functionality. 1. For functionality reasons We all have had an experience when an app or software stopped working on the device because OS was out of date. The same story with browsers. When being on the website from an older browser, sometimes certain features on a page will stop working for you. Or you’re unable to use the page at all. As with all tech-related stuff, coding languages get updated too. They become more advanced and even though the website may look the same, it’s no longer compatible with its outdated interpreter. 2. For security reasons Browsers are only a tiny piece of software in your IT environment, but it’s the ones that can create the most damage in that environment. It’s the gateway for your users to explore information on the Internet. But it is also the gateway for exploiters to go into your network. These people with bad intentions prefer that gateway since it’s the one that users are using daily. So they (the hackers) are constantly looking if these browsers have flaws that they can exploit. The security patches alone are why you should always make sure you’re running a current web browser version. Outdated browser versions leave you vulnerable to attacks that expose your confidential information to suspicious websites. You have automated software that detects these bugs for Chrome. But the question is, as an IT manager, do I have the tools to see if we have the latest version. We wrote a whole topic about Vulnerability Management. But the best thing you can do against these bugs is to automate the updates. So then, you don’t have to worry about these updates anymore. In conclusion, any browsers will keep on updating, and it’s up to us to keep an eye on it since the browsers are trying to keep up with the hackers and vice versa. And in many companies, it’s the only forceful way to get into their network and reach company critical data. That’s why browsers will keep on updating.

A New Way of Third-Party Patch Management for Microsoft Intune

automated patching trend

“How can I automate third-party application installations and updates for Intune-managed devices?” A lot of IT professionals asked themselves this question. The interest in an automated patching solution has been growing over the last 5 years. This can be explained by the fact that the process of application updating in Microsoft Intune is rather challenging and time-consuming. Firstly, you should detect the latest version of the application, download it, and test it before pushing it to the users. If the update is secure and works, you should create a package with the latest version of the app. For Microsoft Intune, you should wrap the file into .intunewin, upload it to Intune and deploy it to the assigned users. As soon as you find out that there is a new update available, you must go through the entire process again. And again. Read how to manage and update applications in Microsoft Intune here. Normally, around 100 applications are used in companies (small and big), which means you must monitor 100 applications for updates. Most companies do not have the resources to do this. That’s why we created Scappman. Scappman is a 100% cloud & agentless solution that automatically installs all the necessary updates for your applications. Scappman automates the entire process of uploading the application and updating it in the Microsoft Intune environment. With Scappman you can not only manage and deploy more than 800 third-party applications from Scappman App Store but also add and manage your own custom applications. What does Scappman do? Scappman scraps the installed applications for the latest version and if it is available, Scappman tests it, wraps the application installation file into .intunewin and uploads it to Intune and installs it to the assigned users. It is that straightforward. How to start your automated app journey with Scappman? To start a 15-day free Scappman trial, navigate to portal.scappman.com and click on the register button. To be able to use Scappman you need to sign in with your Microsoft account, accept (and read) the terms and conditions, accept permissions to register Scappman in Azure AD, and fill in the info about your company. Once you have finished all these steps, you have access to the Scappman portal. How to deploy third-party applications and updates within Scappman and Microsoft Intune With Scappman there is no need to package the application and upload it to Intune environment. In Scappman App Store you can choose applications you want to install, deploy, and keep up to date (there are more than 800 third-party applications available). While configuring the installation process you can customize installation settings: choose language and bitness, add dependencies, use custom pre-install, install and post-install commands, enable update rings for the app, and configure assignment (type, user & group assignment). You also have an opportunity to upload your own app to manage and update and request a public/private app and Scappman will package it for you. That’s pretty much it. Scappman will take it from here. Scappman reports for Microsoft Intune Third-Party Patching In terms of reporting, we provide you with a clear overview of your installations, managed Windows devices, and licensed users. On Dashboard, you can see the familiar update rings but for the application deployment and updates. In Reports, you find the information about the applications, like the version installed, and their status (installed, failed, postponed, pending, not applicable, not installed, or outdated).

Spring4Shell: are you at risk?

spring4shell

A newly discovered zero-day vulnerability in the Spring Framework for Java is definitely drawing the attention of the IT community. With a critically high threat level (the CVSS score is 9.8 out of 10.0), vulnerability CVE-2022-22965, or Spring4Shell, is already being compared to Log4Shell due to the similarity in the method of exploitation. According to the first assessments, Spring4Shell affected over 16% of companies worldwide, with the most impacted region being Europe, with an impact of 20% of businesses. In the first days since the vulnerability was detected, more than 37 K attempts to exploit this vulnerability were confirmed. What is Spring4Shell? Spring4Shell is a zero-day Remote Code Execution (RCE) vulnerability caused by an error in the mechanism which uses client-provided data to update the properties of an object in the Spring MVC or Spring WebFlux application. The Remote Code Execution (RCE) Vulnerability can be easily exploited by sending a specially crafted HTTP request to a server running the Spring Core Framework. Exploited software and impacted systems As we mentioned in December, the majority of applications are built in Java. When it comes to Spring Framework, half of Java applications use it. Any system using Java Development Kit (JDK) 9.0 or later, especially those using TomCat, and using the Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and earlier versions are vulnerable. 10 software vendors are confirmed to be affected because of Spring4Shell: Blueriq BMC Software Cisco JAMF NetApp PTC SAP SE SolarWinds Spring VMware The vulnerability primarily affects devices with a lot of direct connections. In fact, cybercriminals also take advantage of connections where they can use an executable file. Also, all IoT devices running Java can be affected. This issue can also pose a personal risk because the vulnerability can hit Android or Windows OS smart-home appliances. And even home cameras. How to find vulnerable to Spring4Shell device To find the affected device use Threat and Vulnerability Management functionality of Microsoft Defender for Endpoint. TVM monitors overall security posture of the company’s endpoints and provides real-time insights about detected vulnerabilities. On the Weaknesses page, you can search for the CVE-2022-22965 to find vulnerable devices. Read more about Microsoft TVM here. How to mitigate Spring4Shell The best and only solution to reduce the impact of this threat is to patch it. An update is available for CVE-2022-22965. Administrators should upgrade to versions 5.3.18 or later or 5.2.19 or later. If the patch is applied, no other mitigation is necessary. If you’re unable to patch the CVE-2022-22965 vulnerability, you can implement this set of workarounds published by Spring: Search the @InitBinder annotation globally in the application to see if the dataBinder.setDisallowedFields method is called in the method body. If the introduction of this code snippet is found, add {“class.*”,”Class.*”,”*.class.*”, “*.Class.*”} to the original blacklist. (Note: If this code snippet is used a lot, it needs to be appended in each location.) 2. Add the following global class into the package where the Controller is located. Then recompile and test the project for functionality: import org.springframework.core.annotation.Order; import org.springframework.web.bind.WebDataBinder; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.InitBinder; @ControllerAdvice @Order(10000) public class GlobalControllerAdvice{ @InitBinder public void setAllowedFields(webdataBinder dataBinder){ String[]abd=new string[]{“class.*”,”Class.*”,”*.class.*”,”*.Class.*”}; dataBinder.setDisallowedFields(abd); } } We’re happy to confirm that all the third-party applications in the Scappman App Store are secure, up to date and not vulnerable to CVE-2022-22965.

Match Made in Intune heaven called Windows Autopatch and SCAPPMAN

windows autopatch and scappman

Of course, people who regularly follow our blog have heard of Autopilot, but this is Autopatch. An automated software update service for companies with Windows Enterprise E3 licenses or above will launch in July. What does Windows Autopatch do? Windows Autopatch is a managed service that will patch and update drivers and firmware for Windows and Microsoft 365 apps. This will result in automatic updates for Microsoft Teams, Microsoft Office, etc. What do you need for Windows Autopatch to work? You will need an Intune subscription, an E3 license, and an Azure AD (active directory). Remember, Windows Autopatch will only work on PCs running Windows 10 and Windows 11. We love that Microsoft is taking the same route as ours and believe that an updated computer is a safe computer. Just look at their takeaways on why they started on Windows Autopatch. “The development of Autopatch is a response to the evolving nature of technology. Innovations in hardware and software enhance usability and productivity. Changes like the pandemic-driven demand for increased remote or hybrid work represent particularly noteworthy moments but are nonetheless part of a cycle without a beginning or end. Business needs change in response to market shifts. Security postures must be hardened as new threats emerge. Enterprises must continually respond to stay competitive, enhance protection, and optimize performance.” We love that Microsoft introduced the term gaps. Those gaps can be two things. Security gaps and productivity gaps. Their phrasing is as follows: A security gap forms when quality updates that protect against new threats are not adopted in a timely fashion. A productivity gap forms when feature updates that enhance users’ ability to create and collaborate are not rolled out. As gaps widen, it can require more effort to catch up. Why is Windows Autopatch and Scappman match made in heaven? While Microsoft, from July 2022 onwards, takes care of their software and applications, SCAPPMAN can take care of your third-party applications and your applications already today. To use SCAPPMAN, you will need the exact requirements. You connect your Microsoft Intune to our SCAPPMAN portal, and you are good to go. So, Microsoft takes care of their own, and we will take care of the rest. Are you interested in starting today? Book a demo or start a free trial.

Everything you need to know about a new 7-Zip vulnerability

everything you need to know about a new 7-zip vulnerability

UPD: CVE-2022-29072 is disputed. A couple of days ago a new vulnerability was discovered by GitHub user Kagancapar in the popular 7-Zip file archiver, which allows gaining administrator privileges on Windows. The vulnerability has not been fixed yet, as the latest version of the application 21.07 has been released on 26/12/2021. A few words about 7-Zip 7-Zip is a free and open-source file archiver with high compression based on bzip2, PPMd, LZMA2, and LZMA algorithms. 7-zip is one of the three most popular file archiving applications, whose popularity is only rivalled by giants WinZIP and WinRAR. In addition to own .7z-format archives, the archive manager also supports other packer formats commonly used under Windows, such as .rar, .zip, .tar, .wim, .xar etc. The file archiver is available for Windows OS; localizations are available for 87 languages. CVE-2022-29072 vulnerability: how it works and whose fault is that 7-Zip vulnerability or CVE-2022-29072 is an active zero-day vulnerability and is characterized as allowing privilege escalation and command execution for Windows when a file with the .7z extension is dragged to the Help > Contents area. In simple terms, someone with access, even limited, to your computer is able to gain high-level control to run their own commands or apps. The problem lies in the 7-zip.chm helper files that are executed via the Windows HTML helper function (hh.exe). So, CVE-2022-29072 is tied to Windows, as it was caused due to interaction of 7-zip with the Windows help application. The vendor hasn’t said much about vulnerability other than refusing to take responsibility for it, meaning that it depends on Microsoft Help in Windows. However, according to Kagancapar, even if you drop the malicious file, this triggers a heap overflow in 7zFM.exe. This means that it’s 7-Zip who should solve the problem. How to mitigate the 7-Zip vulnerability To mitigate CVE-2022-29072, the person who discovered the vulnerability, Kagancapar, recommends deleting the 7-zip.chm file: 1. Open the 7-Zip installation directory or folder on the system. Usually, it’s C:\Program Files\7-Zip or C:\Program Files (x86)\7-Zip. 2. Find the 7-Zip.chm file – this is the help file. 3. Delete this file to remove it from your system. There is a possibility that you get a notification “File Access Denied”. If that is the case, select Continue. If you follow these steps and delete the help file, 7-Zip functionality won’t be reduced, and your endpoint will be secured. 7-Zip CVE-2022-29072 mitigation from Scappman But there is a much simpler and faster solution to mitigate the 7-Zip vulnerability. We are happy to introduce the 7-Zip CVE-2022-29072 mitigation tool from Scappman! All you need to do is find the application in the Scappman App Store, click on Install, customize the installation settings (if you want to), assign it to all or specific users and … that’s it!

Top 5 Challenges for Managed Service Providers in 2022

top 5 challenges for managed service providers in 2022

It has never been a better time for IT-managed service providers than now. With the increasing adoption of cloud-based services and the need to protect organizations from cyber threats, more and more companies are turning to outsourcing IT tasks and working with MSPs. When working with a new partner, companies are likely to go through many challenges. Here are some of the critical challenges MSPs are facing now: 1. Managing security issues According to the Kaseya survey in 2022, dealing with advanced security threats is one of the biggest challenges for MSPs. Indeed, along with the constantly advancing technologies, hackers are not wasting time. Ransomware, DDoS attacks, and other malware have threatened myriad companies and affected even the most prominent businesses, resulting in huge losses. Around 50% of MSPs reported that a significant part of their clients fell victim to a cyberattack within the last 12 months. Thus, it doesn’t matter which industry MSPs are in, and they must stay up to date on the cybersecurity landscape. 2. Cloud migrations Due to the COVID-19 pandemic, remote work and cloud adoption are at their peak. For this reason, many businesses are turning to MSPs for help with cloud migrations. With the rapidly growing number of security vulnerabilities, demand for help with cloud migration is increasing steeply, as the Cloud is seen as an effective way to boost data security and improve collaboration. Now the exploding vulnerabilities of the remote workforce demonstrate that demand for help with cloud migration is increasing steeply, as the Cloud is viewed as an effective way to boost data security and improve collaboration and business resiliency during the pandemic. According to Microsoft, providing cloud migration solutions, being a Cloud MSP is the key to success: “Cloud MSPs differentiate themselves by building a practice around dev-ops, automation, and cloud-native application design. They use the best existing cloud features while designing new solutions in order to meet their customers’ unique business demands”. But selling cloud solutions requires an entirely new approach, so extra training and specialization for sales and marketing teams are required, which can be costly and time-consuming. 3. Finding reliable partners To achieve MSP’s growth goals, they must find reliable partners to help them with the resources, solutions, and tools. These solutions could apply to network management, endpoint management, invoicing, customer support, marketing, etc. Scappman has a Partnership program for resellers and MSPs that brings application management to a NEW level. Read more about Scappman Partnership Program here. 4. Automation tools To stand out as an MSP, you should automate as many processes as possible. Automation makes life easier for MSPs, increasing their productivity and reducing operating costs to focus on other important things like customer support. Using automation tools allows MSPs to: • Reduce the time IT consultants spend handling routine, repetitive tasks • Free up techs for revenue-generating activities • Reduce the costs for service delivery Thus, choosing the right automation solution is vital for MSPs businesses, as it can directly impact the company’s results. Scappman is a 100%-cloud solution that automatically installs all the necessary updates for your clients’ applications. You don’t have to worry about client updates; Scappman will take care of them so that you can focus on other things. For MSPs, we created unique functionality like multi-tenancy and white labelling. 5. Customer retention In an increasingly competitive managed services market, retaining clients is just as important as finding new ones. It is getting more complex every day as new MSPs emerge and challenge existing MSPs with lower prices for the same service bundles. What is the tip in this case? Provide additional value to your customers: address their concerns and establish trust through transparent, constant communication.

What is Patch Management Policy

what is patch management policy

Referring to a system for controlling threats inside your environment with a well-documented patching program, A Patch Management Policy implies a step-by-step approach. It looks like we can only talk about patching and updating applications at SCAPPMAN; well, it has a bit of truth in that because that’s our core business. But we also love to talk about how we can help companies tighten their security and make sure they are ready for a zero-day exploit. That’s why it’s so important to not only make sure your employees are up to speed with the latest tricks by ransomware hackers, etc. But also have a policy in place that makes sure that all of your hardware keeps safe from software code that can be flawed. You can see that 66% of all the attacks are coming from gaps in the software code.  With the new software components from Microsoft Intune, it’s relatively easy to create a Patch Management Policy. Now let us show you what’s important.  Make an inventory of hardware devices, including BYODs. Make an inventory of company software. Do a complete company survey on which programs are being used outside of the approved company software, think about WeTransfer, Image resizer software, etc.  Make sure a team is responsible for carrying out this policy.  Suppose you don’t have Patch Management Software in place like SCAPPMAN. Make sure you have a team that monitors and keeps a lookout for zero-day exploits or other exploits.  Have a process of patching and updating software in your company.  A crucial aspect of this is testing, a test environment where you can safely test if the patches and updates are working.  Have a monthly recurring schedule on when you’ll patch and update the software. A patching schedule would be ideal.   Have documentation of what has been patched and updated. Also, documentation on how many devices and how many BYODs are up-to-date.  You see that creating this kind of safe heaven or trustworthy system is not easy. You’ll need to take many steps with many people to ensure that everything is up and running and secure. You see that many tasks can be automated. That’s where SCAPPMAN comes in. We automate patch management, and together with partners such as managed service providers, you’ll reduce the number of steps significantly to create this kind of Patch Management Policy. Connect your Microsoft Intune account with SCAPPMAN SCAPPMAN takes care of the inventory of hardware & software. Configure SCAPPMAN and create a patch management policy with your MSP or SCAPPMAN. Let SCAPPMAN patch and update your inventory automatically. Automation and digitalisation will be critical.