Tag Archives: suite

Baramundi Management Suite

The Baramundi Management Suite (which begins at $25.90 per device) is a relative newcomer to our mobile device management (MDM) review roundup. It’s also notable for the fact that the software comes in the form of a virtual machine (VM) intended for either local installation on a server in your data center or for use in the cloud as a server instance in either Amazon Web Services (AWS) or Microsoft Azure. While it might be a solid enough MDM competitor for many small to midsize businesses (SMBs), the Baramundi Management Suite suffers from some unneeded complexity as well as a dependence on Microsoft back-office platforms for full functionality. It’s these issues that keep it behind our Editors’ Choice winner VMware AirWatch for now.

Similar Products

On the plus side, the MDM function is just one part of the bigger picture in the Baramundi Management Suite. Similar to Microsoft Intune, the Baramundi Management Suite also handles some desktop management chores for Microsoft Windows and Apple OS X-based desktops, up to the installation of a new operating system (OS). The downside here is that full functionality requires integration with an external Microsoft Active Directory (AD) domain and a Microsoft Exchange Server for sending email notifications. The first is something we encounter often, but the second has become something of a limitation now that many SMBs are going with hosted email services such as Google G Suite instead of an in-house email server. Our trial system didn’t have access to either of these platforms so we were unable to test all of the features, including the sending of email messages for device enrollment. Additionally, on the MDM side, Windows-based devices also required AD support, which means that shops without AD and Microsoft Exchange will only be able to manage Android and Apple devices with the Baramundi Management Suite.

Installation and Device Enrollment

Installing the Baramundi Management Suite consists of provisioning a VM, which was accomplished by the company for our test instance in the Microsoft Azure public cloud. The same could be accomplished in AWS should you choose to go that route. Connecting to the system uses a remote desktop session to connect you into a Windows Server environment. The one advantage to a VM approach is the consistency of deployment for the management infrastructure across multiple cloud services and on-premises, which means you’ve got easy access to redundancy and scalability should you need it.

To enroll either an Android or iOS device, you simply download the Baramundi Mobile Agent application from the appropriate store and follow the in-app instructions. Baramundi provides a Quick Response Code (QR code) that contains the server and account information so you don’t have to type this in. The agent includes a QR scanning capability, which removes the need for any additional apps. On iOS, the app installs the appropriate certificates to get you securely connected to the server.

We were able to register an iOS phone, a Samsung Galaxy S8+ smartphone, and a Samsung Galaxy Tab S3 device. The Baramundi Management Suite does support the Samsung Knox platform and the ability to block (black list) or allow (white list) specific apps. Only those apps which have been white-listed will be allowed should a user choose to install them. We did find some limitations to this capability depending on the version of Knox you’re using but it shouldn’t be an issue with updated phones.

Management Interface

Opening the Baramundi Management Suite console presents a dashboard that shows the status of Windows devices. The dashboard for mobile devices shows compliance status and rules violations. The Compliance Overview block includes clickable links to take you to another section of the management interface with more detailed information. The graphics displayed are static, meaning you can’t click an image and drill down for further details like you can in other products like VMware AirWatch and SOTI MobiControl. You also can’t modify the dashboard screens.

Like most of the other products in this roundup, the Baramundi Management Suite uses the concept of device profiles to configure specific settings. One difference from products such as and SOTI MobiControl is that the Baramundi Management Suite uses the concept of a universal profile to apply the same basic settings to all platforms. Creating a profile consists of settings collected into groupings they call “building blocks.” For example, one building block addresses restrictions on hardware such as the camera. Other building blocks include settings for Wi-Fi access points and virtual private network (VPN) credentials.

Once a profile has been created, it must be deployed by using a job. Jobs perform a number of different actions, including installing or uninstalling an app or profile; locking, unlocking, or wiping a device; and compiling a hardware or software inventory. Performing an action such as a device lock or wipe requires several steps, including creating a job to accomplish the task and then deploying it to a specific device. This seems more cumbersome for mobile devices than simply right-clicking and choosing “Lock Device” as in other systems such as SOTI MobiControl.

Viewing individual devices lets you see pertinent information about the device and perform specific tasks such as assign a job or edit the owner details. A Device Actions menu item on the page only let you deactivate the device. To do anything else requires creating a job. Creating a new job happens under the Jobs section. The Baramundi Management Suite includes a number of standard jobs to do things such as take a hardware and software inventory or distribute an app. Initiating a device wipe requires a number of steps to first create the job and then assign it to a specific device. This amount of effort would become quite tedious for most administrators after the first few device wipe requests.

Reporting was one strong area for the Baramundi Management Suite. A long list of pre-defined reports gives you access to most of the pertinent information. Creating new reports requires a full version of Crystal Reports which is an additional cost but does offer a robust report building tool. On the downside, the Baramundi Management Suite interface was not as intuitive as other products, like and SOTI MobiControl. It’s also missing features such as geofencing, geolocation, or mobile expense management (MEM). The geolocation feature is a significant one when an employee loses his or her device.

Pricing

The base price for a single Baramundi Management Suite device is $25.90 plus a yearly maintenance cost between $3.50 and $5.50 depending on contract length. While that sounds like a lot, it actually puts the Baramundi Management Suite among the cheapest of all the products we tested, along with AppTec360 Enterprise Mobility Management.

Overall, we liked the Baramundi Management Suite, though we did find that it offers only the basic functionality that we’d expect out of an MDM product. However, it does manage that at a very low cost. Still, it doesn’t fully compare with the capabilities found in the other products in this roundup, notably our Editors’ Choice winner VMware AirWatch. Simple administrative functions, such as wiping a device, require far too many steps when compared to all of the other products in our roundup. Plus, its reliance on Microsoft for full functionality makes life hard on companies that have opted for different cloud-based back-office platforms.

New Microsoft Pix features let you take bigger, wider pictures and turns your videos into comics – Microsoft Research

Microsoft has released two new features with today’s update to Microsoft Pix for iOS, an app powered by a suite of intelligent algorithms developed by Microsoft researchers to take the guesswork out of getting beautiful photos and videos.

The first of these features, Photosynth, helps create photos that take in more of the perspective or scene you are standing in front of, whether it is wide, tall, or both. It does this by allowing you to freely pan and capture from side to side, up and down, back and forth, and even go back to the start to include any parts of the scene you may have missed.

“The idea came after some frustrations I had when trying to take a picture of Snoqualmie Falls. I didn’t want to have to choose which part of the scene to capture, and I wanted it all with detail. Photosynth means you no longer have to choose. I can now capture the whole scene in a way that feels natural. As with all Pix features, we have also worked to give the best image quality by introducing more intelligent ways to compute exposure and stitching,” said Josh Weisberg, principal program manager within Microsoft’s AI & Research organization in Redmond, Washington.

Photosynth, originally a popular platform for turning digital pictures into 3D panoramas, was launched by Microsoft in 2008 and decommissioned in 2017. Photosynth in Pix shares similarities with the original, leveraging some of the underlying technology, with more features inspired by the original to come. Photosynth in Pix allows for faster and smoother capture, while also making use of Pix’s auto-enhancement capabilities which improve white balance, tone correction and sharpness.

The second feature, Pix Comix, was developed during Microsoft’s OneWeek hackathon and makes use of the core Pix feature Moment Capture in an innovative new way: identifying the most interesting frames in a video to generate a comic strip. Pix uses its deep learning model to score and select three high-quality frames, searching specifically for non-blurry photos, faces with eyes open and interesting scenes.

Pix Comix performs this AI processing on device, selecting the best frames and formatting them into a comic strip. From there, you can add and edit speech bubbles that can be moved, rotated and resized to tell your own story.

Listening and responding to customer feedback on Pix remains a top priority as the app continues to improve and its AI capabilities are further developed. Today’s release marks another step forward in Pix’s commitment to turning that user feedback into new ways to make your pictures even better.

Related:

Announcing the Reddit Solution Template | Microsoft Power BI Blog | Microsoft Power BI

Today, we are excited to announce a new suite of Power BI solution templates for brand management and targeting on Reddit through a thrid-party API relationship with SocialGist. These templates complement existing brand-oriented solution templates available for Twitter, Facebook, and Bing News.

The Reddit solution template suite combines AI with interactive visual analytics to reveal how different brands are performing across the Reddit platform, from companies and CEOs down to individual products. Behind the scenes, it uses Azure services and technologies from Microsoft AI and Research to support rich exploration by sentiment levels, key words, and author communities. All you need to get started are the list of brands you want to track and an Azure subscription – the solution template will automate and take care of everything else.

image

Actionable Insights

With Reddit solution templates, you can easily track mentions of your brand, identify communities that talk about your products, and discover key influencers within those communities. You can also do the same for your competitors and their products!

The templates provide direct answers to the questions about who is talking about which brands, what are they saying in terms of text, sentiment, and keywords, and where on Reddit are they saying it. The templates also reveal new opportunities to drive customer engagement, whether through the identification of new community segments, top posts worthy of promotion, or trends in post volume or sentiment that require a timely response.

“With more than 330 million monthly users posting, commenting and voting across 138,000 active communities each day, Reddit is home to the most diverse and authentic conversations on the internet; and as such, an increasingly valuable source of brand and consumer insights,” says Alex Riccomini, director of business development and media partnerships at Reddit. “We’re excited to partner with Microsoft to bring Reddit’s vast data to Power BI, making it easier and more flexible than ever to customize, collect, and consume business-impacting insights from the Reddit community.

Together, the Power BI solution templates for Reddit offer unique brand insight and customer targeting opportunities powered by the highly-engaged and rapidly-growing Reddit community.

Multiple Workbook Experiences

1. Overview – This workbook shows the big picture for selected brands and the key influencers and communities talking about them.

pic2

Analyzing sentiment over time

2. Targeting and Activation – This workbook reveals how communities relate to brands across the Reddit platform and highlights key influencers.

pic3

Lookalike community analysis

3. Advanced Analytics – This workbook enables deep analytic exploration of Reddit posts, comments, and user activity relating to selected brands.

image

Deep dive analysis with free-text search

Try it out & let us know

Go ahead and check out the Reddit solution template. You can try out an interactive sample report, watch a demo video or just go ahead and set things up! The team is always interested in any thoughts or feedback – you can reach us through our alias (pbisolntemplates@microsoft.com) or by leaving a comment on the Power BI Solution Template Community page.

CyberSight RansomStopper

Your antivirus or security suite really ought to protect you against ransomware, along with all other kinds of malware. There might be an occasional slipup with a never-before-seen attack, but those unknowns rapidly become known. Unfortunately, ex post facto removal of ransomware still leaves your files encrypted. That’s why you may want to add a ransomware protection utility to your arsenal. The free CyberSight RansomStopper stopped real-world ransomware in testing, but can have a problem with ransomware that only runs at boot time.

Similar Products

RansomStopper is quite similar to Cybereason RansomFree, Trend Micro RansomBuster, and Malwarebytes Anti-Ransomware Beta. All four are free, and all detect ransomware based on its behavior. Since they rely on behavior, it doesn’t matter whether the ransomware is an old, known quantity or a just-created zero-day attack. Like RansomFree, RansomStopper uses bait files as part of its detection methodology. However, RansomStopper hides its bait files from the user.

Getting Started

Installation went quickly in my testing. After the download, I completed the process by entering my first and last name and email address. Once I responded to the confirmation email, the product was up and running.

The product’s simple main window reports that “You are protected from ransomware.” Buttons across the bottom let you view security alerts, processes RansomStop has blocked, and processes you’ve chosen to allow. Another button lets you check for updates, if you didn’t select automatic updates during installation. Simple!

CyberSight also offers a business edition. Added features include email alerts, centralized administration, and detailed reports. The business edition costs $29.99 for a single license, though the price drops to as low as $10 per seat with volume licensing.

Ransomware Protection

When RansomStopper detects a ransomware attack, it terminates the offending process and pops up a warning in the notification area. Clicking the warning lets you see what file caused the problem. There’s an option to remove programs from the blocked processes list—along with a warning that doing so is a bad idea.

Waiting to detect ransomware behavior can sometimes mean that the ransomware encrypts a few files before termination. When I tested Malwarebytes, it did lose a few files this way. Check Point ZoneAlarm Anti-Ransomware actively recovers any encrypted files. In my testing, it did so for every ransomware sample. ZoneAlarm’s only error was one instance of reporting failure when it had actually succeeded.

For a quick sanity check, I launched a simple fake ransomware program that I wrote myself. All it does is look for text files in and below the Documents folder and encrypt them. It uses a simple, reversible cipher, so a second run restores the files. RansomStopper caught it and prevented its chicanery. So far so good.

Caution, Live Ransomware

The only sure way to test behavior-based ransomware protection is by using live ransomware. I do this very cautiously, isolating my virtual machine test system from any shared folders and from the internet.

This test can be harrowing if the anti-ransomware product fails its detection, but my RansomStopper test went smoothly. Like ZoneAlarm and Malwarebytes, RansomStopper caught all the samples, and I didn’t find any files encrypted before behavioral detection kicked in. Cybereason RansomFree did pretty well, but it missed one.

I also test using KnowBe4’s RanSim, a utility that simulates 10 types of ransomware attack. Success in this test is useful information, but failure can simply mean that the behavior-based detection correctly determined that the simulations are not real ransomware. Like RansomFree, RansomStopper ignored the simulations.

Boot-Time Danger

Keeping under the radar is a big deal for ransomware. When possible, it does its dirty deeds silently, only coming forward with its ransom demand after encrypting your files. Having administrator privileges makes ransomware’s job easier, but getting to that point typically requires permission from the user. There are workarounds to get those privileges silently. These include arranging to piggyback on the Winlogon process at boot time, or set a scheduled task for boot time. Typically, the ransomware just arranges to launch at boot and then forces a reboot, without performing any encryption tasks.

I mention this because I discovered that ransomware can encrypt files at boot time before RansomStopper kicks in. My own fake encryption program managed that feat. It encrypted all text files in and below the Documents folder, including RansomStopper’s bait text file. (Yes, that file is in a folder that RansomStopper actively hides, but I have my methods…)

I reverted the virtual machine and tried again, this time setting a real-world ransomware sample to launch at startup. It encrypted my files and displayed its ransom note before RansomStopper loaded. From my CyberSight contact I learned that they’re “testing several solutions” for this problem, and that an update in the next few weeks should take care of it. I’ll update this review when a solution becomes available.

RansomFree runs as a service, so it’s active before any regular process. When I performed the same test, setting a real-world ransomware sample to launch at startup, RansomFree caught it. Malwarebytes also passed this test. RansomBuster detected the boot-time attack and recovered the affected files.

To further explore this problem, I obtained a sample of the Petya ransomware that caused trouble earlier this year. This particular strain crashes the system and then simulates boot-time repair by CHKDSK. What it’s actually doing is encrypting your hard drive. Malwarebytes, RansomFree, and RansomBuster all failed to prevent this attack. RansomStopper caught it before it could cause the system crash—impressive! To be fair to the others, this one is not a typical file encryptor ransomware. Rather, it locks the entire system by encrypting the hard drive.

Querying my contacts, I did learn that boot-time ransomware attacks, including Petya, are becoming less common. Even so, I’m adding this test to my repertoire.

Other Techniques

Behavior-based detection, when implemented properly, is an excellent way to fight ransomware. However, it’s not the only way. Trend Micro RansomBuster and Bitdefender Antivirus Plus are among those that foil ransomware by controlling file access. They prevent untrusted programs from making any change to files in protected folders. If an untrusted program tries to modify your files, you get a notification. Typically, you get the option to add the unknown program to the trusted list. That can be handy if the blocked program was your new text or photo editor. Panda Internet Security goes even farther, preventing untrusted programs from even reading data from protected files.

Ransomware crooks need to take care that they’ll be able to decrypt files when the victim pays up. Encrypting files more than once could interfere with recovery, so most include a marker of some kind to prevent a second attack. Bitdefender Anti-Ransomware leverages that technique to fool specific ransomware families into thinking they’ve already attacked you. Note, though, that this technique can’t do a thing about brand-new ransomware types.

When Webroot SecureAnywhere AntiVirus encounters an unknown process, it starts journaling all activity by that process, and sending data to the cloud for analysis. If the process proves to be malware, Webroot rolls back everything it did, even rolling back ransomware activity. ZoneAlarm and RansomBuster have their own methods for recovering files. When the anti-ransomware component of Acronis True Image kills off a ransomware attack, it can restore encrypted files from its own secure backup if necessary.

Give It a Try

CyberSight RansomStopper detected and blocked all my real-world ransomware samples without losing any files. It also detected my simple hand-coded ransomware simulator. And it blocked an attack by Petya, where several competing products failed.

RansomStopper did exhibit a vulnerability to ransomware that only runs at boot time, but my sources say this type of attack is becoming less common, and CyberSight is working on a solution. Other free products had their own problems. RansomFree missed one real-world sample, and Malwarebytes let another sample encrypt a few files before its detection kicked in. RansomBuster fared worse, missing half the samples completely (though its Folder Shield component protected most files).

Check Point ZoneAlarm Anti-Ransomware remains our Editors’ Choice for dedicate ransomware protection. It’s not free, but at $2.99 per month it’s also not terribly expensive. If that still seems too steep, give the three free utilities a try, and see which one you like best.

Determine if an Exchange Online migration makes sense

it just concerns moving email to the cloud. But there is a whole product suite to consider as part of this process.

The decision to shift from an on-premises email platform is not easy. Before the organization commits to this move, look at the transition from both a strategic and a technical perspective. There are a series of questions that should be answered before making the decision to switch to Exchange Online.

Is Exchange Online right for this organization?

Remember that Exchange Online is part of the Office 365 suite and is more than just email. The platform’s services address many business needs, such as file shares, document sharing, collaboration tools and simple word processing. And with certain licenses, if you buy Exchange Online, you own many of these other tools as well.

With that in mind, review the business issues below to see if an Exchange Online migration makes sense for the company:

  • The employees work in silos and require a tool to tear down these walls.
  • While emails don’t include client information, the system should automatically check that sensitive information is not sent.
  • Security is a priority. A lot of effort is made to keep that technology up to date.
  • Some employees get 250 email messages a day and must work collaboratively with other teams.
  • Company data sits in many different places, including email. Data management must be simplified.

While email is definitely part of the challenge, it’s not the only tool that runs teams and organizations. These hurdles should not hold up an Exchange Online migration. If email is a priority, consider making this phase one of the project, and then, deploy the additional tools your organization needs in different phases of the project at a later date.

Work out a path to a solid migration

Once the business works out the strategic approach, dive into the technical considerations for a smooth Exchange Online migration. First, find answers to the following questions because they will influence the user experience (UX), design and amount of time to deploy.

Should the UX be seamless, or will users log in with different credentials for Office 365 email?

Answer: I find larger organizations do not want users to log in separately, whereas smaller ones are more flexible in this area. That said, most businesses want a seamless UX. A business that wants to give users more streamlined access to resources should discuss how to implement Azure Active Directory Connect to set up password sync and single sign-on. Federation is not required, but organizations that already have it implemented find it is a good option for them. If federation is not in your environment, then look at other options.

Does the business need a failback plan?

Answer: Organizations often see a migration to the cloud as one way, but a failback plan should be included in the planning process. Ask yourself this: Would your organization migrate its on-premises Exchange deployment to a new server without a failback plan? For most companies, the answer is typically no. The only exception tends to be the very small business that just wants to be in the cloud and not maintain costly on-site infrastructure. With a failback option, the migration will be done in hybrid mode with the Hybrid Configuration Wizard. The ability to fail back mailboxes or migrated components if an unexpected issue arises provides a measure of stability for the business.

Does the business need to back up email data in Exchange Online?

Answer: This question seems straightforward, but the answer is complicated. If the business is OK without the ability to restore a mailbox, then this might work. The Deleted Item Recovery feature keeps messages for 30 days, and the retention hold options can be used to retain messages beyond 30 days. Does the organization need a way to restore a mailbox when it’s gone or recover individual items beyond 30 days? With answers to those questions, the company can then work to produce the correct technical implementation that best supports its email requirements.

Consider what the business uses in its on-premises deployment and whether that should apply in the cloud. Each organization is different from a technical perspective, so there is more to think about. These questions will help prepare the groundwork when the time comes to make a decision about an Exchange Online migration.

Ceridian Dayforce HCM updates, more unveiled at Insights 2017

The Ceridian Dayforce HCM suite will become the hub of an HR tech ecosystem built around integrating outside applications with Dayforce.

Ceridian said its new Dayforce Software Partner Program, which the company expects to be ready by the end of the year, will enable customers to more easily use specialized HR applications, even if the customer is already using the Ceridian Dayforce HCM platform.

“Essentially, we’re building an ecosystem for partners, whether they be software partners or systems integrators, to be able to extend or enhance the Dayforce product,” Jim Jensen, senior vice president of global partners and alliances, told SearchHRSoftware in an interview.

Comparison to Salesforce ecosystem

Jim Jensen, CeridianJim Jensen

Jensen compared the Ceridian plan, unveiled at the company’s Insights 2017 user conference, to a nascent version of what Salesforce has developed into an expansive customer relationship management ecosystem, with hundreds of co-developers, partners and customers using the giant CRM vendor’s underlying technology.

Essentially, Ceridian will make its APIs available to partners and customers that want to extend Ceridian Dayforce HCM data across other HR tech applications. Ceridian also sees the concept as a service-oriented architecture built with the same code, Jensen said.

In addition to the partner program, Ceridian said it will have a native United Kingdom payroll system by the end of 2017; the vendor now has U.S. and Canadian payroll versions. The HCM vendor also unveiled a new learning module, Dayforce Learning, which uses content from learning management system vendor Docebo.

Specialized applications

As for the partner program, Jensen said in addition to its potential to widen Ceridian’s market reach, it will give Ceridian Dayforce HCM users the opportunity to add the applications they prefer, while remaining with Ceridian’s recruitment, onboarding, benefits and talent management tools.

He cited Cornerstone OnDemand as an example, saying customers could perhaps choose a hybrid approach by using Cornerstone’s established learning management system alongside Ceridian’s learning module. Or, users could opt for Cornerstone or another vendor’s HR subsystem.

Essentially, we’re building an ecosystem for partners, whether they be software partners or systems integrators, to be able to extend or enhance the Dayforce product.
Jim Jensensenior vice president of global partners and alliances at Ceridian

Also, Ceridian envisions the partner system partly as relieving it of the burden of building customized third-party integrations.

“We kind of have to do it new each time, and the customers [have] to pay for that,” Jensen said. “And so we thought what if we flip the model, build this platform and this ecosystem and the plumbing, and give partners the power and the tools to build, manage and administer the integration to us?”

Ceridian is planning to charge partners annual subscription rates ranging from $10,000 to $20,000, depending on the level of integration.

Jensen said Ceridian has about 25 customers signed up for the program and expects to quickly add another few dozen. “It’s moving quick,” he said.

Analyst sees Ceridian progression

Ceridian’s moves show the vendor is serious about growing strategically, said Brent Skinner, principal analyst for HCM at Boston-based Nucleus Research, who was briefed on the partner program and other new Ceridian Dayforce HCM capabilities.

“The software partner program is the next logical step for Ceridian with Dayforce,” Skinner said. “Ceridian is executing faithfully on an extremely aggressive product roadmap.”

Skinner noted that other full HCM suite vendors that are among Ceridian’s competitors already have similar programs.

“So, this is a big milestone for Ceridian,” he said.

Skinner said Ceridian’s alliance with Docebo makes Ceridian a kind of HR tech “omnivore,” able to provide its own learning technology, while also playing well with others, such as Cornerstone and Skillsoft.

As for the native U.K. payroll application, Skinner said few vendors other than ADP “are truly viable options when it comes to global payroll.”

Ceridian — which said it would soon release native payroll capabilities for Australia and other countries in Asia, the Middle East and Europe — showed it is moving in that global direction, Skinner said.