Some Helpful Warnings for the Next Generation Sync Client from Microsoft
As our company has continued down the path of extending our own usage of Office 365 we recently decided to implement Mobile Device Management for Office 365. Since all of our clients have very keen interest in security we figured it only made sense to implement as many of the security features in Office 365 that our clients would also be focused on.
As we noted in our recent post, How to Keep your Company Files from Walking Out the Door, MDM is a very valuable component of your security policy as it relates to your employee’s mobile devices. It provides 2 really key features that all companies will find incredibly valuable:
- The ability to keep your employee from connecting to your corporate IP with any mobile device that has been jailbroken since these devices leave themselves and ultimately your company open to the considerable threat of external attacks.
- The ability to either process a full wipe or a selective wipe of any device that is under your firm’s MDM management. This means that if a mobile device is lost or stolen you can immediately remove all your company’s IP from the device which again is key to security. The full wipe which your employee may prefer in the lost or stolen scenario will also ensure none of their personal info is available to the person who has their device.
As we progressed beyond MDM to start experimenting with the combination of MDM with other Office 365 applications like One Drive / SharePoint Online we started to discover some significant changes that Microsoft has made to how their file storage and sharing system is setup. In the latest version of One Drive Microsoft has now eliminated any differentiation between One Drive and One Drive for Business as well as SharePoint. The Next Generation Sync client now syncs all of the files related to your Microsoft Account regardless of which platform the files are from. Ultimately this strategy makes complete sense. You still have the ability to selectively decide which files you want to synchronize or not, but now you have the key advantage of not having to maintain separate versions of the sync client for your personal one drive versus your business one drive assuming they are registered under the same Microsoft User Account. Of course with any Microsoft update, some pain must also be incurred. In this case, Microsoft has no easy way to allow you to migrate the folders that were previously synced to SharePoint Sites with the New OneDrive folder setup. What this means is that you will need to repeat the process of setting up the sync client for all the folders you want to sync locally and you will also need to disconnect the old SahrePoint folders and then delete them once you have setup the new sync folders with the Next Generation Sync Client.
In the latest version of One Drive Microsoft has now eliminated any differentiation between One Drive and One Drive for Business as well as SharePoint. The Next Generation Sync Client now syncs all of the files related to your Microsoft Account regardless of which platform the files are from. Ultimately this strategy makes complete sense. You still have the ability to selectively decide which files you want to synchronize or not, but now you have the key advantage of not having to maintain separate versions of the sync client for your personal OneDrive versus your business OneDrive assuming they are registered under the same Microsoft user account. Of course with any Microsoft update, some pain must also be incurred. In this case, Microsoft has no easy way to allow you to migrate the folders that were previously synced to SharePoint Sites with the New OneDrive folder setup. What this means is that you will need to repeat the process of setting up the sync client for all the folders you want to sync locally and you will also need to disconnect the old SharePoint folders and then delete them once you have setup the new sync folders with the Next Generation Sync Client.
Of course with any Microsoft update, some pain must also be incurred. In this case, Microsoft has no easy way to allow you to migrate the folders that were previously synced to SharePoint Sites with the New OneDrive folder setup. What this means is that you will need to repeat the process of setting up the sync client for all the folders you want to sync locally and you will also need to disconnect the old SahrePoint folders and then delete them once you have setup the new sync folders with the Next Generation Sync Client.
It is important to note that the sync client like the previous version is still a bit buggy and will crash from time to time. However, it seems to restart itself and resume working correctly whenever it does go down. In addition, this new sync client does appear to work much more quickly which is probably the best part of the new sync client.
In summary, the Next Generation Sync Client from Microsoft does appear to be a major enhancement to Microsoft’s overall push to take over the File Storage marketplace from vendors like Box.com and Dropbox, or your old school network drives. The ease of use and efficiency of the application is certainly superior to the prior versions. However, you must go into this update with the understanding that these key steps must be taken:
- You will need to manually disconnect your old SharePoint sites and delete those folders if you had this already setup.
- You will need to manually setup on the Next generation Sync Client all the folders and files you want to sync again.
To learn more about FinServ Consulting’s Office 365 and Microsoft related services, please contact us at info@finservconsulting.com or (646) 603-3799.
About FinServ Consulting
FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.
How to Keep your Company Files from Walking Out the Door
In one of the more infamous data breaches, the Department of Veteran Affairs exposed 26.5 million PII (Personally Identifiable Information) records of its military veterans and personnel when a laptop containing this data was stolen from the home of an employee. Imagine if this situation occurred at your fund, where your employee’s mobile device containing your investor list was stolen. Not only would there be potential monetary damage, the reputational damage and loss of trust would be immeasurable.
With the proliferation and rapid technological advancement of mobile devices today, it is only becoming more difficult to secure your data. Having a robust Mobile Device Management (“MDM”) toolset that integrates seamlessly with your productivity files (i.e. emails, spreadsheets, presentations, etc.) and meets your organizational needs is a key step to begin securing your data. Microsoft has been rapidly catching up in providing solutions to key areas of concern for CTO’s. In many cases where only 3rd party vendor solutions covered the gaps Microsoft has now either built or acquired and integrated key solutions that provide the key security requirements for the financial services industry. Office 365, Microsoft’s cloud version of their ubiquitous Office suite, offers built-in MDM functionality (MDM for Office 365) that is included with any commercial Office 365 subscription (Enterprise, Business, Education, and Government).
The Microsoft Office suite continues to be the dominant player for desktop productivity tools. With the continued rise of cloud based services, Office 365 offers the path of least resistance for adoption in moving Office to the cloud. Furthermore, as the MDM tools are embedded into Office 365, this results in a tight and seamless integration with your firm’s Office productivity files. This cloud based tight integration offers the robust MDM functionality evidenced in the following scenarios.
Authorized Devices – Before an employee can access your firm’s Office files such as the company financials in Excel, the device must be authorized to access Office 365. Authorization is applied on multiple levels from the device type itself (Android, iPhone, etc.) to properly configured device security settings (your company domain) to having the device enrolled in MDM for Office 365. The best part is this can now be achieved without the costly and labor intensive solutions like VPN.
At-Risk Device Detection – The BYOD (Bring Your Own Device) environment is here to stay and employees will continue to want to use their own devices to access company related information. Before allowing your research analyst to access proprietary research files on their personal device, it is critical to ensure that their device has not been “jailbroken” (factory operating system settings edited). “Jailbroken” devices are at risk as there is a greater chance of such a device being compromised. These devices can be identified and prevented from accessing Office 365.
Remote Device Wiping – Device wiping can be done as a full wipe or a selective wipe. Should your CEO lose their device, the device can be wiped completely resulting in a device that has been restored back to its original factory state. For terminated employees, selective wipes can be applied to their devices to ensure that all corporate information is removed from the device.
On the vendor level, Office 365 MDM offers several compelling factors as follows:
Vendor Reputation – Microsoft is a premier vendor with a history of excellence and stability. They are not going away anytime soon
Product Cost – Office 365 MDM is offered free as part of the Commercial Level subscription to Office 365
Employee Adoption / Comfort Level – Office 365 MDM is tightly integrated with Office and Office is the productivity suite that your employees are familiar with
Technological Fit – Office 365 MDM is cloud based and is reflective of the trend towards cloud based services. With cloud based services, you will gain advantages in not having to maintain hardware and software upgrades
Scalability – As your firm continues to grow and has additional security needs, Microsoft also offers more robust MDM features through its Intune product. MDM for Office 365 is a subset of the Intune product and as such, any upgrade to Intune will be seamless and allow you to maintain a single vendor relationship
As a free product offered with its Office 365 product, Microsoft offers a truly compelling MDM solution that will protect your firm’s data. The tight integration with Office 365 files results in greater data security for both the data itself and your employee’s mobile devices. Office 365 MDM is a subset of their full MDM product, Microsoft Intune. Intune offers additional capabilities such as managing Windows PC’s and application deployment to devices. Intune itself is the MDM component of Microsoft’s EMS (Enterprise Mobility Suite) product which also offers document encryption, identity management and threat detection. Microsoft EMS has been recognized by Gartner as a Visionary in their Magic Quadrant for EMM Suites report. In future posts, we will go over the added benefits of using Intune in connection with your Office 365 platform.
FinServ is dedicated to researching how funds can benefit from cloud based technologies. Using our extensive industry knowledge in combination with a partnership with Microsoft, we continue to vet how these solutions are secure enough for funds to meet their stringent security and regulatory requirements.
To learn more about FinServ Consulting’s Office 365 and Microsoft related services, please contact us at info@finservconsulting.com or (646) 603-3799.
About FinServ Consulting
FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.
Is Office 365 Coming to a Hedge Fund Near You?
At the FinServ Consulting CTO Roundtable held this past May, we hosted 12 CTO’s from some of the top hedge hunds in the US. Of those 12 CTO’s, 11 were seriously considering a move to Office 365. The remaining CTO was already on Office 365.
Office 365, and in general cloud based office suites, have long been speculated to be taking over from the traditional MS Office client based applications. However, due to the cautious nature of the financial services industry (especially around email) it seemed like this would never happen at Hedge Funds. Over the past year FinServ has seen this tide significantly turning and Office 365 coupled with Azure AD FS are becoming a hot topic with many CTO’s. Many Hedge Funds are currently contemplating the move to Office 365, but still need to get comfortable with some key aspects of the platform. Here are the main concerns we are hearing from our clients and some of the potential solutions that they are considering.
1. Microsoft’s 99.98 % up-time for email is not good enough. How can I guarantee that our people are never without email?
Answer: As one of our client’s noted 99.98% up time means Microsoft could be down for one day every full year and that is far too much for his firm to tolerate. As of now it seems that the most common choice of a backup email insurance policy amongst our client base is Mimecast. If Microsoft has an outage Mimecast would enable a client to keep their email up and running by acting as a backup email system.
2. Single Sign-On is critical to our firm. We need a secure way to ensure that our employees can access all their applications without having to memorize a number of passwords or be prompted to re-enter passwords just to access Office 365.
Answer: This one can be a lot trickier and the key to the solution seems to be with Azure AD FS as the best solution. While vendors like OKTA claim that they are a superior solution to Azure AD FS the addition of another vendor to layer on top of the Microsoft solution does not seem necessary in this particular instance. The huge advances in capabilities that Microsoft has shown with Azure AD FS combined with its ability to integrate with so many common vendors means that single sign on should be easily attainable through Microsoft alone. The biggest area to focus on is simply ensuring that your AD FS setup for your users and groups is clean and well-organized prior to migration. There are many tools available from Microsoft that aid in ensuring that your AD FS is in good working shape to supoprt the move to Office 365.
3. How strong is Microsoft on Mobile Device Management (“MDM”)? If someone leaves our firm or if the device is lost or stolen can I wipe from a device the information related to our firm?
Answer: The short answer is a definitive yes. Microsoft, if configured, can allow you to totally manage your user’s devices so that you can selectively wipe only certain portions of the user’s device. You can use Azure AD FS as your source of inventory for all devices, which can control enrollment into Intune, access to Office 365 and connections to corporate resources.
4. We have heard a lot about SharePoint Online being a major new piece of Microsoft’s overall strategy for collaboration, but what are its real capabilities and how secure is it?
Answer: This is certainly a loaded question, and there are many topics to cover when a client asks this question. First, it is key to ensure that the client understands what SharePoint Online is, and how it works with One Drive for Business. While SharePoint Online offers Document Libraries and many other great features, for teamwork and collaboration, the One Drive for Business Sync Client is one of the major behind the scenes critical components of this solution. Microsoft has been rapidly enhancing this solution to ensure that it is secure enough to enforce key security standards, so that the financial services industry can finally start to embrace the overall solution for document, and file management. Microsoft’s approach to encryption keys is a major part of this solution, as is the ability to lock down access to the One Drive for Business and SharePoint folders by domain. Microsoft’s Data Loss Prevention (“DLP”) features can all be setup through configuration screens on Office 365, but it does need to be performed very carefully in order to ensure that the system is setup without the risk of data loss, or the risk of an employee’s sharing something that goes against your firm’s data sharing policies. The good news is this is all already in the solution and you just need a skilled and experienced partner to help configure this in your Office 365 setup. The bottom line is most if not all Hedge Funds are in the process of looking at, or are moving to Office 365. The compelling cost and resource savings of outsourcing this part of a funds infrastructure is too compelling. With that said, there are many answers that the CTO’s and fund executives want answered especially around security (including data loss prevention and up time) before they take the plunge. FinServ Consulting has partnered with the top experts in the field to gather all the critical answers that will allow our clients to make this move in the most effective and secure way possible.
To learn more about FinServ’s Office 365 and Microsoft related services, please contact us at info@finservconsulting.com or (646) 603-3799.
About FinServ Consulting
FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.
Working Around SharePoint Online Limitations
As we embarked on using OneDrive for Business / SharePoint Online as our File Storage and Document Management system, we came in with our eyes wide open. Having integrated and worked with many document management systems in the past like Documentum, Worksite MP etc we understood the capabilities and benefits of a robust and well engineered document management systems. We also understood that regardless of how good the technology is, the success of any document management system will hinge on how you use it, and what processes you put around the governance and usage of that system.
With that said SharePoint Online / OneDrive for Business does have some significant limitations especially on the sync client side of the system. The limitation of only being able to sync locally to 5,000 files and folders for SharePoint Online document libraries and site collections and 20,000 files and folders for One Drive For Business sites can be very disruptive if you don’t plan properly for it.
After some frustration, and trial and error I realized that the only real way around this was to setup separate site collections at the level whereby people have a common collaboration group and set of files for documents that are actively being worked on.
Chances are that unless you are a huge organization it is fairly easy to break your documents into groupings of 5,000 or less. As I was going through this, I also remembered that SharePoint was not really started as a document management system but rather a collaboration engine. While Microsoft has done a great job of building out its document management capabilities and support on the platform it does make some sense to still treat these collections as spots for document collaboration and not just a file storage.
This will force you hoarders to be expeditious on what files you save in these libraries and to keep your folder setup relatively simple, but I would argue that those are all best practices in terms of file / document management anyway.
The OneDrive for Business sync client can also be quirky and temperamental, but this too can be worked through once you learn how to use some of the key features, like repair and stop syncing a folder options in the sync client tool. It’s kind of like my snow blower it is hard to keep it working all the time, but once I have it going it does a great job. Same with SharePoint online. It may take some time to get all the syncing setup and flowing but once you do it works really quite nicely.
We decided that we would use OneDrive for Business as a personal file system because it is not as collaborative and is not quite as easy to share items. This seemed to fall in line with Microsoft’s advice on when to use SharePoint Online vs. OneDrive for Business. As we continue down this path I am sure we will run into more limitations as Microsoft continues to build this platform out. However if there is one company I would put my money behind getting the solution right while having the best integration with the office suite it would have to be Microsoft. So, as a summary of the key limitations:
- Limit to only be able to sync 5,000 files or folder combinations in a single Site Collection or Document Library in SharePoint Online.
- Limit to only be able to sync 20,000 files or folder combinations in a single OneDrive for Business library.
- The sync client can stop working at times and will need to be repaired or sometime you will need to stop syncing a folder, delete the folder and then setup the sync to that document library again.
- The newest sync client does not work with SharePoint Online sites according to Microsoft so you probably need to use the 2013 OneDrive for Business sync client, or you can have both installed at once according to Microsoft although I was not able to set both up at once.
- There seems to be some compatibility issues between Office 2016 and the sync client, we suggest sticking with Office 2013 until all the bugs are worked out likely in the end of Q2 2016.
To learn more about FinServ Consulting’s Office 365 and Microsoft related services, please contact us at info@finservconsulting.com or (646) 603-3799.
About FinServ Consulting
FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.
A Useful Tool for File Migration when Implementing One Drive for Business
One of the limitations of SharePoint Online and One Drive for Business is the special characters that are not allowed in file names and folders you upload to the Server. For a more detailed explanation of this see this link (Microsoft Help on File Name & Folder Restrictions).
This can be a daunting challenge since the limitations include characters like # and % which are very commonly found in many file names and & which many people use in file names and folders. Fortunately there are a set of tools that are very inexpensive to allow you to do mass changes to cover these scenarios. The tool we used is called File Renamer Deluxe by Sherrod Computers. There is a Free basic version, but like most Free basic versions the usefulness of the tool is very limited and to do what you need to do easily you really need the deluxe version which costs about $30. The Deluxe version will allow you to scan folders and subfolders through a familiar file explorer type interface and find file names that contain those special characters.
You can then use the program to do a global find and replace on those characters so that all the offending characters are replaced with non restrictive ones or in our case we just chose to replace with a space. The program even has a nice preview feature which will allow you to see the new file name after the change before actually making the change which for the really careful people is a nice feature.
Of course this tool is not just useful for getting rid of special characters. The tool can also be used to modify files names that people either made too long or when they used words you want to change or remove.
Having gone through the process of loading tens of thousands of files onto SharePoint Online / One Drive for Business I can strongly recommend taking this first step of cleaning up your names of files and removal of invalid characters as a huge time savor and high value added activity in the preparation of your migration plans.
To learn more about FinServ Consulting’s Office 365 and Microsoft related services, please contact us at info@finservconsulting.com or (646) 603-3799.
About FinServ Consulting
FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.
Document Versioning, Why is it a Struggle?
I was recently in a meeting with a client discussing a document management implementation. I was caught off guard when the client suggested that version control was not needed. I was more surprised because the comment came from someone in the legal area where black-lining and versions are core to the legal review and markup process.
It made me wonder why people go to such lengths to create their own version methods which are very manual and prone to error when core software like SharePoint and other document management / file management softwares now have built in version control.
You have the people who name their files v1, v2, v3, vf or vffinal (I have to admit this used to be me too). You have people who put their initials or some real detailed descriptor of version in the file name.
It’s strange that people would do this when inherent versions in systems like SharePoint automatically support major or minor versions just when you click save and allow you to revert back to any version if you realize you should not have made an update, and even see the differences in various versions, or delete any unwanted version(s).
It would seem that with all these capabilities people would be frothing at the mouth to leverage these tools and capabilities but people seem far too often to want to stay in the dark ages when the cotton press is waiting for them.
With co-authoring, Microsoft has taken simultaneous document updates and versions to a new level of allowing multiple people to work on a document at once while still maintaining the integrity of the document and being able to track each person’s changes.
This would seem to be the holy grail of change management and always knowing no matter what you or somebody else does you can see what they did, and undo any updates if you want, or simply go back to an older version.
It seems people have their hearts set on over-engineering manual solutions because of past horrible experiences where they forgot what version they were working on or lost all the work they had done for a whole day. Scarred by these incidents they don’t embrace all the new capabilities that the software firms have gifted us.
I suggest it is time to stop fighting progress and give into the modern conveniences we have been provided by software like SharePoint Online and Office 365. By embracing these technologies we can see another period of enlightenment and heightened efficiency at work!
To learn more about FinServ Consulting’s Office 365 and Microsoft related services, please contact us at info@finservconsulting.com or (646) 603-3799.
About FinServ Consulting
FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.