What is Cyber Essentials certification you may ask? It’s a scheme started by the UK Government and managed by the National Cyber Security Centre (NCSC), for organisations to show that they take security seriously.
Certification is proof that we take our values seriously. Cybersecurity is such a huge issue today with companies routinely in the news relating to data breaches, ransomware attacks, and more. Being Cyber Essentials certified is by no means a golden ticket or a way to eradicate the threat of cyber attack but for us, it’s a step to showing customers that we take what we do seriously.
For Arcible to become Cyber Essentials certified, we didn’t just throw some security controls on top of what we do. Security always has and always will be part of what we do from the ground up. Our Arcible Vision service is a key example of this using secure management processes to help you manage your Microsoft Azure estates or the work we do with customers implementing Microsoft 365 security features such as Microsoft Defender, Cloud App Security, and more.
If you’re interested in finding out more about how Arcible can help your business be more secure while staying productive, contact us for more information.
If you’re interested in your business becoming Cyber Essentials certified and need assistance to get your technical controls in place to meet the programme requirements, our Arcible Assist service could benefit you with ad-hoc support and assistance.
Paying for certificates isn’t the done thing when you can get free certificates from Lets Encrypt. Free certificates from Lets Encrypt come at a different price and that is lifetime as the certificates are only ever valid for 90 days. If you’re still manually buying and installing certificates annually then you don’t want that four times a year so we automate the process end-to-end. This has been working perfectly since about 2018 for us, however, a recent alert about a certificate expiring made us sit up and look at this case of Azure App Service Lets Encrypt renewal failures and the resolution.
After a bit of tinkering to get it correctly installed, at the interval you set, a WebJob that runs against the App Service website will automatically retrieve a new certificate from Let’s Encrypt and apply it to your site. You have the option to define an alerting email address during the set-up process when things go wrong which in today’s case, proved important.
What was the problem?
What alerted us to a problem was the email notification to one of our monitoring mailboxes to report that the certificate was going to soon expire. We’ve never had this alert before because, for 3 years, this has worked without issue and never once failed to renew the certificate in time.
Looking at the logs for the WebJob in the App Service, we saw an error Unable to complete challenge with Lets Encrypt servers.
We took a look at the Issues log on the GitHub repository for the project behind the extension and it transpires that we were running version 1.0.4 of the extension and that other users reported that version 1.0.6, released just days ago, had no such issues.
Resolving the problem
Resolving the problem was a trivial task. First, we head into the Azure Portal at https://portal.azure.com and we navigate to our App Service instance where the extension is installed.
From the Extensions page, we can see that we have version 1.0.4 installed and that it is reporting that there is an update available. Drilling in to the extension itself, we can simply hit the Update button to update to the latest version of the Extension. Doing so took a matter of seconds and reported back 1.0.6 as the version okay.
From here, you can go to the WebJobs page to view the status of the Let’s Encrypt WebJob. This correctly shows as a Continuous job and the current status is Running which are both correct.
If you dig into the Extension, you have the option to view the log files. Here, we can see the previous failures that have occurred. In our test site, this now correctly showed as successfully completing and in the TLS/SSL Settings page for the App Service, we can see that new certificate has been issued and applied to the site.
We’ve now applied the same change to our production site and when the next instance of the WebJob runs, it will successfully issue and apply the new certificate as it has done for our test site already.
Do you want to get away from paying for certificates or automate any of your processes?
As this article hopefully illustrates, you can have nice things for free. The power of automation has saved us many hours over the 3 years that we’ve been using it and the solution turned out to be a simple one.
Simple isn’t always the name of the game though and your savings through automation could be many times more than ours.
Contact us at Arcible to find out how we could help you save time and money through automating routine business processes to streamline your business and give you and your staff more time to focus on what’s important.
If you interested in learning more about our services such as modernising existing services or maybe you want to explore moving to Microsoft Azure for your website or other applications, take a look at what we can offer.
Recording meetings of online meetings is a common occurrence to allow people to refer back to them later or to allow people unable to join catch up. A less common requirement is the ability to do one to one call recording in Microsoft Teams. Until now, the ability to perform the recording of one-on-one calls was governed by the same Meeting Policy as the ability to record multi-participant calls, however, this is changing and breaking out to a new, separate setting.
Yes, you read that right. If all you need is a way to show a couple of static web pages you could run a static website for less than the cost of a coffee for the entire year. Although the focus here is a small, simple, and static website, you can apply the same logic to larger sites or even if you need a way to serve up static content over HTTP, not just a website.
What do we mean by a static website?
In web terms, there are primarily two types of website: those which are static based on traditional Hypertext Markup Language (HTML) files and those which are dynamic, calculating different content server-side or retrieving information from a database.
Here, we’re talking about the former. Using the Static Website feature in Azure Storage, we can serve up HTML, JavsScript, and Cascading Stylesheets (CSS).
At Arcible, we take monitoring our services seriously and we take security seriously too. We use multiple products for the monitoring of our services; we consider security at all times and factor it into multiple layers of our operations. We’re releasing this article both as reassurance for our customers and for your information about Arcible and the Solorigate SUNBURST threat.
Arcible does not use the SolarWinds Orion product or any SolarWinds products to conduct our business either internally or externally with customers. Based on our current understanding and knowledge of the issues, Arcible does not believe that it is impacted by the SolarWinds threat, however, we continue to remain vigilant and review our security tools.
Microsoft Stream is an odd service. It’s fantastic in its own right but limitations built within it and it’s positioning as a Microsoft 365 outsider has always been problematic. For Microsoft Teams, Microsoft Stream as the location for meeting records brought its own set of challenges. With change approaching, let’s explore how this is moving to use OneDirve and SharePoint for Microsoft Teams meeting recordings.
Microsoft Stream sure has a time and place. We think, for example, that it’s a fantastic platform for sharing videos internally such as corporate messaging, training, and more. But that is also it’s Achilles Heel. It is limited to internal use only and you cannot share recordings [directly] from Microsoft Stream with external users.
When you participate in a meeting with people from multiple organisations and the meeting is recorded, that goes to Microsoft Stream for the organisation of the meeting organiser. If you’re outside that organisation, the only way you can access that is if someone downloads the recording video file and shares it with you by manually copying the file to their OneDrive or SharePoint or worse, emails you the file.
Last week, a customer contacted us about an issue they were receiving persistent, unsolicited calls in Microsoft Teams from a phone number. The customer needed a way to block incoming calls from that number and we figured that this was one worth sharing for all to see.
Block incoming calls features in Microsoft Teams
One of the more hidden features in Microsoft Teams is the ability to block incoming calls from a number or a range of numbers at the organisation level. This isn’t something that’s visible or available in the Microsoft Teams Admin Center and requires the use of PowerShell.
Whether it be a laptop that takes so long to boot you can make a coffee and drink it or whether it’s a logon process that is so slow it’s time for the user to take their next break already, we’ve all seen and heard of performance issues before. As IT or as someone making financial decisions about hardware purchases for end-users, knowing that what you have or what you buy is good is important and for that you need data and we can use Endpoint Analytics in Microsoft Intune exactly for this purpose.
As the usage of Microsoft Teams continues to grow across organisations around the world, our reliance on PCs and digital devices grow. Under normal circumstances, that’s all well and good but what if you’re internet goes down? Microsoft Teams isn’t all about the app and that’s why dial-in Audio Conferencing with Microsoft Teams is an important and often overlooked facet of the service.
Whether your Internet is down, you live in an area with poor mobile data coverage which means you can’t use a mobile device with the Teams app, or whether you need a screen break but still want to participate, Audio Conferencing could be your ticket.
If you are a developer planning on using the Microsoft Flight Simulator APIs or whether you run some kind of aviation playground, running Microsoft Flight Simulator is going to be a must which may mean being able to run Microsoft Flight Simulator on a work device.
I’m a big aviation fan and while I don’t fly myself (the PPL is a dream for one day), simulations are the closest I’ll come for now. For anyone interested, the picture on this post is of me flying the Cessna 172 over Farnborough Airport, not too far from us in Basingstoke.
When I tried to install Microsoft Flight Simulator on a PC that was domain-joined as my Arcible work device, I couldn’t even get it installed. To download and install Microsoft Flight Simulator through the Xbox Store requires the new Xbox app for Windows 10. For this app to work, you need to be able to sign-in with your Xbox Live account and that was failing.