Thursday, October 29, 2015

Phishing - Avoiding malicious emails and links

Phishing attacks trick users into sharing personal information online and are typically done through email, ads, or compromised sites that look similar to sites that you may already use. What we see in our customer base are Google Apps and Gmail accounts that get hijacked and then used to send emails to further compromise more accounts. This normally happens when an end user enters their email address and password into a malicious website from an email link supposedly from a coworker or trusted source. Often this is a faked page that uses legitimate logos and text but normally with errors that may raise red flags for you. Phishing emails are also personalized sometimes which makes it more difficult for the recipient of the email to assess credibility.

An example of a malicious website from an email link. It may look legitimate, but the URL shows it's a hacked website.

There are a number of ways users can protect themselves and their organization from being victim to phishing attacks. The best way is to turn on two-step verification. Enabling two-step verification will require the user to authenticate beyond a username and password. It's an extra step, but ensures that the account is extremely difficult to compromise because even if an attacker has your username and password, they are unable to access your account without a unique, time-sensitive code. Here is how you can enable two-step verification for your Google Account.

Phishing is often successful when a user becomes complacent and too busy or rushed to bother checking the source of an email or site. Being aware and diligent, especially towards unexpected emails or attachments, can help you recognize when you are being targeted for phishing. Always confirm that the URL corresponds to the site you're expecting to see and before you enter your credentials, be sure to check for a trusted domain like google.com or facebook.com and that it's not something like google.xyzname.com or facebook.xyzname.com. If you are the slightest bit unsure, don't enter your login information and contact the person who sent you the email.

Another way to ensure the legitimacy of a site is to check whether the URL begins with https:// (s for secure) and has a lock symbol next to it. The lock means that the site is encrypted, which doesn't necessarily mean it's not hacked, but is a dead giveaway if it is missing.

Many account hijackers will email your contacts attempting to also gain access to their accounts, and then delete all your contacts. To add to the maliciousness, email filters may be used so that you don't see emails from people telling you your account has been compromised.


This phishing website attempts to trick users into giving away their login credentials and propagates by email. User's tend to login without actually looking at the URL first. We've reported the link and Chrome has already blocked it.

Tip: Always check the URL in your address bar, because if it's not from a legitimate root domain like google.com, it could be malicious.

If you do come across a malicious site or link, do not forget to report it. You can follow common advice by "reporting to an appropriate party" but  they typically do nothing. Take action and save your coworkers, family and friends from the bad guys by immediately submitting malicious links to Google. Often within as little as an hour of filing the report, the site will get blocked from Google search and Google Chrome. Firefox is relatively fast also, but Internet Explorer can take weeks to start blocking it.

Lastly, virus scanners rarely catch much in our experience but are still a necessary protection for the occasional time they do prevent problems. We recommend Symantec Endpoint Protection because it provides a cloud based console for monitoring your protection status across the company.


Unfortunately phishing sites still increasingly trick many users into surrendering their personal information and credentials. Hopefully this post has shed light on how you can help yourself and others avoid becoming victims of phishing. For all your technical assistance and needs with Google Apps, make sure to contact our InterlockIT team!

Monday, September 28, 2015

Autodiscover and Outlook

We see lots of confusion in our customer base about the function that Autodiscover serves in both traditional on-premises environments and cloud-based environments alike. At a high level, Autodiscover basically allows you to skip all the back-end configuration work that legacy mail clients need and have the Outlook email client do it all for you.

In environments with Active Directory, getting Autodiscover to work properly can be more trouble than it should be, but with access to group policies and a bit of information, you'll be able to get it working.

What is Autodiscover?

Autodiscover is a service that runs in the background of your Exchange or Office 365 install and can automatically configure profile settings for users running Outlook 2007 or newer, Mac Mail, or mobile phones. It provides access to Exchange features for Outlook 2007 and up clients that are connected to your Exchange messaging environment, and it uses a user's email address and password to provide profile settings to supported clients and devices. If the Outlook client is joined to a domain, the user's domain account is used.

In earlier versions of Microsoft Exchange (2003 SP2 or earlier) and Outlook (2003 or earlier), you had to configure all user profiles manually to access Exchange; Autodiscover negates the need for this manual setup. Extra work was required to manage these profiles if changes occurred in the environment and if this maintenance stopped or fell behind schedule, Outlook clients could stop functioning entirely.

Autodiscover is a function of Exchange (and, in a roundabout way, therefore also a function of Office 365). Outlook clients are coded in such a way that they can take advantage of Autodiscover, but for this to work correctly, Outlook needs to be told where to "find" the Autodiscover information. The order of logic that Outlook uses when trying to retrieve information is:
  • Service Connection Point (SCP) lookup  Outlook will get Autodiscover information from Active Directory. If this fails, Outlook begins its 'non-domain' connections;
  • HTTPS root domain query;
  • HTTPS Autodiscover domain query;
  • HTTP redirect method;
  • SRV record query;
  • Local XML file;
  • Cached URL in the Outlook profile (exclusive to Outlook 2013 and newer).

How does Autodiscover work?

When you install a Client Access Server in Exchange 2013, a default virtual directory named Autodiscover is created under the default website in Internet Information Services (IIS). This virtual directory handles Autodiscover service requests from supported clients under the following circumstances:
  • When a user account is created or updated;
  • When an Outlook client periodically checks for changes to the Exchange Web Services URLs;
  • When underlying network connection changes occur in your Exchange environment.
Additionally, a new Active Directory object named the SCP is created on the server where you install the Client Access Server.

The SCP object contains the authoritative list of Autodiscover service URLs for the entirety of your Active Directory forest. (You can use the Set-ClientAccessServer cmdlet to update the SCP object.)

How to manually override Autodiscover service for your PC

Occasionally, Outlook clients can "find" incorrect Autodiscover settings – we find this is most common when businesses decide to switch to Office 365 from an on-premises Exchange environment. Here's how you can force Outlook to stop looking for Autodiscover
  1. Click Start, and then click run
  2. In the Run dialog box, type regedit, and then click OK
  3. In the Registry Editor, go to the following registry key:
    • HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Autodiscover
    • Create a new DWORD (32-bit) string named "ExcludeScpLookup" and set its value to 1.
You can alternatively use the command prompt to exclude SCP lookups by using following commands:
reg add HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Autodiscover /v

ExcludeScpLookup /t reg_dword /d 1 /f
Hopefully this has helped you get a better understanding of how Autodiscover works for Outlook as well as how to override default priorities.

Thursday, August 27, 2015

How to upgrade Microsoft Azure free trial to a paid subscription

For some reason, it's hard to find instructions on how to convert an Azure free trial into a paid account. If you don't complete this step and your trial expires services like Network Gateways will get deleted.

Here's how to upgrade your free Microsoft Azure trial to a paid subscription.
  1. Log into the admin account that originally set up the free trial.
  2. Click the 'Account' tab along the top.
  3. Under 'subscriptions' you should see Free Trial. Click the yellow bar where it says 'click here to upgrade now.'
  4. Click the 'Yes' button, put in a subscription name and click 'upgrade now.'


That's it! Your Azure account will now automatically convert to a paid subscription without any further interference.

Wednesday, July 29, 2015

Google Drive plugin for Microsoft Office - Open Drive files directly in Microsoft Office

Google recently released a Drive plugin for Microsoft Office that allows you to open files from Google Drive directly in Microsoft Office, without the Google Drive sync client. If you're a Drive loyalist who happens to love using Office, this tool can make your life easier!



The plugin makes it easy to edit Office files stored in Google Drive so you can use the apps that you're already comfortable with. This is especially useful when sharing files with others or accessing your files across devices. Google's idea here is to continue to make Drive into more of an integrated storage tool for its users. Alternatively, you can just use Google's desktop application for Drive to sync locally stored files with Google Drive already, but the new plugin makes this a far more seamless experience for Office users.



The set-up is quite simple and familiar: anyone running Office on Windows can now open Word, Excel, and PowerPoint documents stored in Google Drive, edit them locally in Office apps, and then save any changes back to Drive. This will allow you to keep all your important files in one place, without needing to have a dedicated folder on your computer that syncs everything to the web.

If you have a slow or unreliable internet connection, this plugin can help smooth out the bumps by only syncing what you're currently working on, not everything that's changing behind the scenes.

Try it out today!

Monday, July 20, 2015

Migration is worth it! - Windows Server 2003 no longer supported

Early last year Microsoft announced that it was ending support for Windows Server 2003 but would continue to provide extended support for some additional time. We addressed this in an older post and pointed to an alternative solution, Google Apps.


Here is some breaking news if your business is still running on Microsoft Windows Server 2003:

Last week, Microsoft announced its discontinuation of extended support for Windows Server 2003. So what does this mean? It means Microsoft will no longer provide fixes, updates, or technical assistance. This also means no more security updates, leaving physical and virtual instances vulnerable to any and all new security threats, which have been increasingly damaging.

Businesses that are still running Server 2003 face a number of vital considerations. It’s been over a decade since its release and the computing world has changed drastically since. Although the Windows Server 2003 platform worked well in its time, it’s now become a liability and a limitation for organizations still relying on it. Waiting to upgrade is both expensive and risky as you’re now susceptible to security threats and paying hefty fees to maintain old hardware. It's now time to leave the obsolete server and update your business' infrastructure.


Leaving Windows Server 2003 is an opportunity for change. So where do you go? Windows Server 2012 R2, Microsoft Azure, and Office 365 are all concrete solutions with great benefits, including improved performance, reduced maintenance requirements, increased agility and speed of response to business. Microsoft recommends collaborating with a partner to help execute a successful migration strategy. We have, not one, but two Microsoft Silver Competencies and are here to help you!

Alternatively you could step into the Google infrastructure and perhaps find that it's better suited for your specific business needs.

You now know that you are at the end of your Windows Server 2003's life cycle, contact us today to pave your way to a successful and permanent migration to the cloud! Migration is worth it!

Tuesday, June 23, 2015

Migrating from Google Apps to Google Apps - moving accounts

A common question Google Apps Administrators ask is, "How can I move my old Google Apps data to a new Google Apps account or across domains?"

There are multiple ways of handling this when using Google Apps. Let's take a brief look at a few of them.

Google Apps Migration for Microsoft Exchange (GAMME)

You can migrate email, contacts, calendar, and public folder data from on-premises and some hosted Microsoft Exchange servers. GAMME also allows you to migrate data from a series of PST files and email data from some IMAP servers. You can find more details on how to migrate data from Exchange using GAMME here. However, if you're using GAMME to migrate from one Google Apps account to another, you'll only be able to use it for mail data. [Free]

Migrator by Backupify

Migrator for Google Apps allows you to transfer the complete contents of any single Google Apps account from one domain to another, or to merge all the data in one account with another account on the same Google Apps domain. This migrates Gmail, contacts, calendars, and Drive data. You can also use Migrator to move data between a free gmail.com account and a paid Google Apps account, so if you used a consumer account to "test drive" the Google Apps system but don't want to lose your data, Migrator is your best bet. [$15 per migration - first migration is free]

Google's Data Migration Service

This method is simple and allows you to migrate without having to install any client software. Simply enter some basic information about the environment from which you're migrating, specify what to include in the migration, and select the users whose email you want to migrate. You can even monitor the status of the migration for each user's account in the admin console. Details here. [Free]

You can also move contacts, calendar, and Drive data manually (though Drive data can only be moved within the same Google Apps install automatically; to move it to another domain, use Migrator). It is a bit more time consuming but you can easily see what has and hasn't been moved. Here are the ways to move your data manually: Exporting ContactsImporting ContactsExporting CalendarImporting CalendarTransferring Drive Contents.

What about Google Vault? We recommend exporting the contents in MBOX format and keeping a backup either locally or on a service like Google Drive. This will help you reference the information as needed by opening the mailbox in a client like Thunderbird. In most cases, all important data will remain in the user's account and get transferred into the Vault of the destination user when migrating the inbox. Here is how a Vault export works.

Hopefully this has helped you retain your valuable data. InterlockIT has led many migrations and our team of experts are available anytime to assist.

Thursday, June 11, 2015

Microsoft Cloud touches down in Canada!

Last week, Microsoft made a game-changing announcement: Microsoft will be opening two Canadian data centres that will offer Office 365, Azure, and Dynamics CRM services.

Our team here at Interlock IT has been leading Office 365 implementations since 2010 and has noticed a dramatic increase in interest from our clients in moving infrastructure to the Microsoft Cloud.

There are some compelling reasons to switch your email or Exchange Server to the cloud; whether you want the latest and greatest updates, Microsoft's subscription-based licensing models, or are trying to reduce costly infrastructure overhead. There is also the incentive of exclusive services and capabilities only available through the cloud, like Yammer, an enterprise social networking service, Delve. machine learning and artificial intelligence which helps you discover what's most relevant and important to you, and Office 365 Video, an intranet-style website portal to post and view videos in your organization. It is a mobile-first, cloud-first age in which Microsoft's cloud-centric roadmap for its flagship products will pave the way for you to stay ahead of the competition. This is the platform you want to be on.

However before this great announcement, the fact that infrastructure and data would be based outside of Canada and potentially subject to foreign laws and regulations such as the PATRIOT Act would sometimes dismiss consideration of the cloud for many of our clients. To have data located outside of Canadian borders is violation of some company's policies and therefore a sticking point. This has been a cloud deterrent for many, until now.

Some key points to note:
  • General availability of Azure is anticipated in early 2016, followed by Office 365 and Dynamics CRM Online in late 2016.
  • The data centers are to be located in the Greater Toronto Area and Quebec City (specific locations have not been announced for security reasons.)
  • Microsoft will address data residency considerations (you can specify that your data will only reside in Canada.)
Can existing Office 365 tenants be transferred into the Canadian data centers? Will the pricing model be proportionate? Will performance be as robust? Will updates be released on the same schedule? All these questions come to mind and we anticipate answers in the coming months. Microsoft is finally ready to plant its flag on Canada's growing cloud industry as it hopes businesses will invest more in its ideas than its hardware and we begin to see a new dawn of cloud computing within our borders.

Monday, June 1, 2015

Collaboration at its finest! Office 365 Groups and how it compares to Shared Mailboxes, Distribution Lists, and Site Mailboxes

It's often been said that being social is, as a species, our most defining characteristic. We work and play in groups so we can talk, listen, collaborate, interact, and ultimately accomplish something.

These days, collaborating with colleagues can be a real challenge. You have various conversations happening all the time, a multitude of files stored in various places, and countless meetings to co-ordinate and keep track of. People need to be able to get together quickly in order to organize into a team and get stuff done. Members of a group know and trust each other, converse, and share reports and files.


The new groups in Office 365 can make this all a breeze. Groups not only allow you to collaborate but also extensively increase productivity and efficiency. So what is a group? A group is a shared work space for email conversations, files, calendar events, and more where group members can conveniently collaborate and find the important stuff in a sea of noise. Groups enable your company to work like a regular old offline network by simplifying the collaboration process and by connecting you to the people, information, and tools you need.

Creating a group or joining one that already exists is very easy, but keep in mind that groups are public by default, so while you can connect right away without waiting for permission, anybody else in your organization can as well. (You can also set up private groups, but this is a one-time only option; once you've selected a group's visibility, it can't be changed.) Each group features an inbox to keep everyone in the loop on all the latest discussions, as well as a dedicated calendar and document repository. Once you've subscribed to a group you can take part in any of its discussions from your own Office 365 inbox.


When there is a need to meet, group calendars make it a seamless process. Any group member can create or update events to keep the team involved, even if a group manager isn't available. To track group events, just add them to your personal calendar or display the group calendar next to your own.




Because collaboration usually involves working on content, file sharing is essential. One click is all it takes to upload files to OneDrive for Business and grant group members permissions to use them. You can edit or co-author from Outlook web app using Office online. As you work, the side-by-side conversation lets you discuss the changes without leaving the context of your inbox or document. When you're finished, groups automatically makes the latest version available to every member. You can even take your team with you on the road since groups are mobile- and touch-friendly so you can stay on top of conversations, events, and content from any device.


Microsoft offers a range of email collaboration tools including distribution lists, site mailboxes, and shared mailboxes. Each of these options has a different purpose, user experience, and feature set. It can be a little overwhelming to decide which tool is right for you, so here is a brief outline to help you decide which is appropriate for your business.
  • Group: A shared workspace that works across all applications in Office 365. This includes a shared inbox, calendar, and OneDrive for Business site for storing files. Users can create, find, and join Groups right from their email or calendar. New and existing users with an Exchange Online or Office 365 subscription can use Groups.
  • Shared mailbox: A mailbox for select users to read and send email messages and share a common calendar. Shared mailboxes can serve as a generic email address (such as info@companyname.com or sales@companyname.com) that customers can use to inquire about your company. When the 'Send As' permission is enabled on the shared mailbox, email sent from the mailbox will use the generic address (sales@companyname.com).
  • Distribution list: A distribution list is used distribute email messages to two or more people at the same time. Distribution lists are also known as mail-enabled distribution groups. A variant of the distribution group, called the dynamic distribution group, is a mail-enabled Active Directory group object used to send email to a large and evolving group of recipients. The exact recipients are determined by filters and conditions that you specify, such as all members of a particular region or full-time employees.
  • Site mailbox: A site mailbox includes SharePoint Online site membership (owners and members) and shared storage through an Exchange mailbox for email messages. A site mailbox brings Exchange email and SharePoint documents together. It serves as a central filing cabinet for the project, providing a place to file project email and documents that can be accessed and edited only by site members. In addition, site mailboxes can have a specified lifecycle and are optimized to be used for projects that have set start and end dates.
These tools are designed to help teams collaborate effortlessly, however groups can be used to replace shared mailboxes or SharePoint sites in some instances. Site mailboxes have project documents that are stored on a SharePoint Online site and team members send and receive project related email via the site mailbox. Shared mailboxes are used by users who delegate working on behalf of a virtual identity (e.g. support@companyname.com) and respond to email as that shared mailbox identity. Finally, Groups are generally used by users who want a collaboration workspace for their group messages, files, and calendar that is integrated with the Office 365 services that they already use. 

Office 365 groups is part of the first phase of Microsoft's plan to integrate Enterprise social features across platforms, including Yammer, Lync (Skype for Business), SharePoint, and Exchange Online. Office 365 Groups is the tool to use if your organization does not need a full-fledged social network experience. Groups makes more sense because it's a great alternative to public folders and distribution groups which are normally the go-to tools used for collaboration and collective productivity.

Friday, May 15, 2015

"Traditional" cloud-based hosting vs. Google App Engine

There is no doubt that we live in an era of rapid technological advancement. This means it's fairly easy to get left behind if you aren't adopting new ways if improving IT systems for your business. Using technology to your advantage as a business is nothing new. What matters now is how you implement that technology to work for you in the most efficient and cost-effective way. For example, setting up a web server or providing redundancy to the infrastructure are both examples of things that can now be fully automated. Automation is your friend. Learn to make it work for you and you can achieve wonders.

If you've adopted cloud technology as your business system, kudos to you! Cloud solutions are imperative if you are looking to augment abilities to better meet the specifics needs of your business. A great example of this is developing a custom web application. The question that arises here is whether or not you have the infrastructure to support it. The answer for many businesses is simply 'no.' But before we delve into supporting a custom web application, why would your business consider this? Here are a few good reasons:
  • You want to streamline internal departments and functions, operations, sales and project management.
  • You want to add more functionality to the already existing application.
  • You want to take advantage of web-based applications flexibility and versatility by moving away from the traditional desktop application platform to the web application platforms.
  • You want to gain more clients or better service current clients by offering convenient services and solutions online.
  • You want to build new web applications to offer innovative services or solutions to online users and businesses.
Unfortunately, one of the biggest headaches of supporting a web application is the infrastructure and scalability. Building new infrastructure or upgrading existing infrastructure to meet use requirements costs valuable time and money that could be spent focusing on development and other aspects of your business. Downtime, lost data, unhappy customers, impossible machine configurations, and added complexities are all downfalls of traditional web application hosting. Even with a trained team of server admins, you only end up in a good position to recover from a disaster, not to prevent one from happening in the first place. Virtual private servers and traditional web hosts require far too much maintenance and disaster recovery.


The time it takes to maintain and scale infrastructure can now be designated elsewhere. So how do you save costs and time? The answer is Google App Engine. Google App Engine allows you to develop custom web applications with the ability to host and run them directly on Google's own infrastructure. Once you've created an app, you can easily upload it and Google handles both hosting and scaling. All of which is to say: no more servers to maintain! This means that you get to run on the same hardware stack that Google builds on; that's a huge advantage!

Now some may argue that there are drawbacks to using platform as a service (PaaS) providers like Google's Cloud Platform, and mainly this stems from not "owning" your own environment. To work around this, Google offers Compute Engine, where you get absolute freedom to run large-scale workloads on virtual machines. This combined with Google App Engine gets you PaaS-style functionality while also allowing you to run your own virtual servers.

Google is a powerful innovator in the technical services industry, and Google App Engine brings with it the ability to give businesses in today's market what they require to stay on target with their goals. It's reliable, scalable, efficient, cost-effective, and Google is constantly updating and upgrading their services.

So lets take a look at some of the major advantages that Google App Engine has to offer:
  1. Focus on your business and allow technology to work for you.
  2. Build on a proven hardware stack.
  3. Proven cost savings. for example, you don't need to hire an engineer to manage your servers and you won't have to manage them yourself. You can invest the savings in other aspects of your business.
  4. Multiple storage options.
  5. Powerful built-in services.
  6. Ability to deploy at "Google-scale" (you could scale up to 7 billion requests per day, if you wanted to).
It's important to understand that building your application with these 'cloud services' can bring huge benefits in cost and effort when what matters is delivering a great product. The people at Google are experts at setting up and maintaining machines. They are experts at data storage, data redundancy, and scaling computing power up and down to handle sudden bursts of user traffic. Their state-of-the-art data centres are constantly evolving to keep up with demand, and you don't need to incur any of that additional cost.

Check out this video to get an idea of what we're talking about:



You've now seen the great advantages that Google App Engine has to offer as an excellent content delivery network and so much more. Cloud computing is one of the fastest growing fields and it provides an easy and affordable way to run your applications.

"Traditional" cloud-based hosting and scaling applications on virtual machines comes with a cost. Even if the structure is virtual, you still have to manage it, do load balancing, bring instances up and down, take care of patching software and in general spend a lot of time and resources on just the infrastructure. With Google Cloud Platform, Google takes care of all the heavy lifting and back-end maintenance.

Google is a pioneer in the business of scaling, and now you can use their infrastructure. It doesn't matter whether your application is small scale or large scale, the scalability of Google's infrastructure is basically impossible to match in a traditional environment. Let them handle what they're good at while you focus on other important aspects of your business.

Tuesday, April 7, 2015

Don't Sink! Sync! - Google Calendar Sharing

Realizing that you've missed an appointment at the doctor's office or missed your kid's recital isn't fun. Sometimes there is just so much going on at once that it's hard to schedule and share everything with the people who need to know. You start sinking under all the events, commitments, appointments, and pressure magnetized to your fridge door. This is where Google Calendar comes in to save the day (and week, and month...).

If you already use Google Calendar, awesome! There is so much you can do to schedule events and track available/busy slots of time. With Google Calendar you have the ability to to see calendars that are important to you and share your own. You can send invitations to your events, track RSVPs by email, and even allow others to propose times that work better for everyone. It's all very intuitive and can be done from a single screen, allowing you to manage your business, personal, and other calendars. No more calling and emailing participants numerous times to schedule an event. When you know everyone is free, scheduling is a snap! Sharing is a great feature to help you schedule events, keep you in sync, and save you from missing what's important to you.

Share your Google Apps for business calendar as username@business.com with your personal@gmail.com account and give it rights to make changes. Here's how:
  1. Log in to your Google Apps account and navigate to the calendar at https://calendar.google.com
  2. Click the gear icon at the top right corner, then click Settings.
  3. Click over to the Calendars tab, then click Share this calendar on the right-hand side.
  4. Add your personal@gmail.com address and give it "Make changes AND manage sharing" permissions.
  5. Click Save.
Now you can manage your business calendar while you're signed in to your personal account.
If your business calendar is on an Exchange server, you can share it to your personal Gmail account by following these steps. Note that you cannot make changes to your business calendar from Gmail.
Next, share your personal@gmail.com calendar with your business calendar and with the Gmail accounts of each of your family members, like child1@gmail.com, child2@gmail.com, spouse@gmail.com.

Enabling or disabling calendar sharing is a breeze. Add a couple of email addresses, and if desired, set their permissions (free/busy, see all event details, or make changes) so that they don't have to keep asking you to make changes since you've authorized them to.
  1. Click on the drop-down arrow next to the calendar you want to share.
  2. Click Share this Calendar.
  3. Add the email addresses of people who you'd like to have access and set their permissions.
  4. Click Save.


Once you have shared the appropriate calendars, ask your family members to share theirs with you as well so you can make changes to their calendars when needed.

Now you have the power to see what everyone else is up to (depending on the sharing permissions, of course) and other people can see what you're up to.

You also don't have to constantly check your calendar to see what's coming next in your day. Google Calendar provides several different ways for you to be notified of upcoming events including via text message, an email, or a pop-up. You can also get these notification on your iPhone or Android device if you've set up your Google Account to sync with it. If your kids have a smartphone or tablet, they can be synced to their Google calendar to receive notifications of events. (No more excuses for being late for your soccer practice or kids whining that they didn't know about it!)



With Google Calendar, you can access your schedule online from anywhere. If you forget your laptop or tablet, just open the Google Calendar app on your Android or iOS device to see all your events.

Organizing your schedule doesn't have to be a burden. With Google Calendar, its simple to keep track of all of life's important event all in one place. And the best part is, it's completely free!

Wednesday, March 11, 2015

Two-Step Verification: An added layer of security


You most likely use passwords everyday in your life. Unfortunately, they are not as secure as they once used to be. Even if all your passwords are different across a multitude of accounts, it will do little to ensure security if an attacker gains access to your email. To be blunt, passwords are fundamentally flawed. To add an extra layer of protection from malicious attackers trying to pry their way into your account, consider 2-step verification. 2-step verification ensures security of your account beyond a regular username and password with added authentication.

Authentication is a step of proving that you are indeed yourself, the legitimate owner of the account, before granting access. The problem with standard authentication is that it only relies on something you know, a username and a password. Often, this can be guessed, cracked, or compromised in some wayAttackers, if equipped with these credentials, can easily access the account cloaked as the authentic user, making it difficult to regain control. 2-step verification is built upon something you know such as a password, and something you have like a mobile phone, fingerprint, or key.

This is where Google 2-Step verification steps in. Logging into a Google Account that has 2-step verification enabled, requires a unique, time-sensitive code in addition to the standard username and password (this code can be sent to your phone via SMS or with an application like Authy or Google's own Authenticator). It is an extra step, but it helps ensure that your account is extremely difficult to compromise. Essentially, with Google you are combining two things: your standard credentials and something that only you have access to--your phone. Think of Google's 2-step verification as a layer of security similar to that of a bank's ATM. You insert your bank card (something you have) and input your PIN (something you know). A robber would need to gain access to both of these factors to gain access to your account, plus, with 2-step verification, your "PIN" changes every 45 seconds.


The process to set up your Google 2-Step Verification is user friendly and generally takes about 15 minutes. This small amount of time to ensure maximum security to your invaluable data will save you the stress of having your account compromised.

Signing in with Google's 2-Step Verification is simple.
  1. Go to the sign-in page and enter your username and password like you normally do.
  2. Google's system authenticates your username and password, and if they are correct, you will then be asked for a six-digit code, which you'll get from your phone.
  3. After you turn on 2-step verification, non-browser applications and devices that use your Google Account will require an application-specific password to allow this application to connect to your account -- you only have to do this once for each application or device.
The benefits of 2-step verification are simple: Access to an account depends on a user to consult the source that is not readily available on the computer and is singularly designated in order to gain access to an account. 2-step goes much further to protect your information, as criminals have to work much harder to compromise your accounts.  

Set up 2-step verification on every account you can. In addition to using a secure, unique password for each account you have, it's one of the best and easiest ways you can protect yourself against any kind of data vulnerability.

Monday, February 23, 2015

Automated updates: Making work easier



Why should you choose cloud-based solutions over on-premises systems?

Not too long ago you had to run commands in PowerShell to convert an existing regular mailbox to a shared mailbox in the Office 365 Exchange admin console. This was necessary to migrate data into a shared mailbox, since it's currently not possible to migrate directly into a shared mailbox. The process was a little tedious, boring, and required some valuable time, especially if you have little to no experience with PowerShell.


First, you'd connect to Office 365 from an elevated PowerShell console...
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Then, convert the mailbox and set size quota. Note that shared and resource mailbox sizes increased from 5GB to 10GB in Q4 2013 and increased from 10GB to 50GB in Q4 2014.
Get-Mailbox -identity engineering@domainname.com | set-mailbox -type “Shared” Set-Mailbox engineering@domainname.com -ProhibitSendReceiveQuota 50GB -ProhibitSendQuota 49.75GB -IssueWarningQuota 49.5GB
Assign permissions to specific group to access shared mailbox…
Add-MailboxPermission engineering@domainname.com -User "Engineering Group" AccessRights FullAccess
Finally, remove the Office 365 license. Shared and resource mailboxes do not require a license in Office 365. To remove an Office 365 license from shared mailbox to prevent from being charged for usage, perform the following commands…
Connect-MsolService
$MSOLSKU = (Get-MSOLUser -UserPrincipalName engineering@domainname.com).Licenses[0].AccountSkuId
Set-MsolUserLicense -UserPrincipalName engineering@domainname.com -RemoveLicenses $MSOLSKU
This was the procedure to convert a regular mailbox into a shared mailbox. Now, thanks to automated updates through the cloud, you can have this process completed in a few clicks.

Login to your Office 365 account through the Office portal, and navigate to the Exchange Admin Centre. Once you are logged into your dashboard, click on the Recipients button in the menu on the left. You should now see a list of user mailboxes. Highlight the user mailbox you would like to convert to or from a shared mailbox and click on the convert button as shown in the screenshot below. (You should receive a prompt stating, "Are you sure you want to convert this regular mailbox into shared mailbox?" Click Yes.)

You can also convert a shared mailbox to a regular user mailbox following the same kind of steps. You would go into the shared menu at the top of your recipient list screen and "convert to regular mailbox".

There are many benefits of using a cloud-based solution, one of which is vitally important if you want to save yourself the hassle of setting up your own Exchange server and infrastructure, managing and maintaining desktop Office software, and installing patches and updates every month. The cloud allows you to be free of these restrictions and updates automatically as the example shown above in automating mailbox conversion. Microsoft takes care of all the dirty work so you don't have to. It's like having an IT department that maintains your cloud systems and continues to improve for your efficiency and ease.

On-premises systems will have you waiting and configuring things manually and more frequently. You must consider that implementing the same capabilities as cloud-based solutions requires servers, network infrastructure, IT personnel to install, manage, and update it all (not to mention you still have to buy the software). 

These are just a couple compelling reasons to switch your on-premise system to a cloud-based one. You can now see that cloud-computing is a highly attractive and intelligent proposition if you are looking to make the most of technology today at lower costs and lower risks.

If your current IT provider is still recommending on-premise server solutions, you're not getting good advice! Get in touch with our team at Interlock IT and we'll help make your work easier and more efficient.

Thursday, February 12, 2015

Go paperless! Lighten your business load

You may start off with bank statements, letters, receipts, business transactions, and inventories only to find that you've collected a stack of folders which eventually turn into a shelf full of boxed paperwork.

Well, what if you could evaporate all that weight up into a cloud and reference it at your fingertips, whenever, and wherever?




Thanks to technologies such as Google Drive, going paperless can really help your business. It not only helps clear cluttered workspace in the office, but also saves money and eases your business' environmental footprint. (Not to mention less trips to the printer too!)

Here are a few practical reasons why you should go paperless with Google Drive:

  • Security and Focus: You no longer have to worry about losing or misplacing your documents. No more distractions on your desk
  • Space: Enables you to save valuable office storage space. 
  • Mobility: Allows you to have access to all your documents in one place even outside the office. 
  • Time: Saves valuable time.
  • Money: Save costs ranging from printing paper, photocopying, and printer maintenance.
  • Recovery: Disaster recovery.
  • Peace of Mind: Ensures security and privacy.

Of course, all you need is Google Drive with an account and a scanner. You can also use Android/iOS smartphones or tablets to upload files as PDFs. Here are some Epson scanners that can scan directly to Google Drive with a couple of button clicks!

Google Drive uses OCR (Optical Character Recognition) for easier search results once documents are uploaded to the Drive. Essentially, Drive turns all your scanned documents into searchable text for easier future referencing. OCR also enables you to save time by dismissing you from specifically naming saved uploaded documents. Instead, all you have to do is search a key word or tag from the document you wish to find and its right there at your fingertips.

Additional storage is cheap at $1.99 per month for an extra 100 GB or $9.99/month for an extra 1 TB or switch your organization to Google Apps Unlimited with Unlimited storage for $10/user/month

Drive also allows you to create and collaborate with others like share documents, spreadsheets, and presentations on the fly with complementary Google Docs, Sheets, Slides and Forms. You can even make files available offline when you are not under cloud connectivity.

You may find Google Drive for Work as one of your most valuable investments once you have made the transition to go paperless. You can work without limits. It is safe, secure reliable, easy, powerful, and built to optimize your individual and team productivity.

We have advanced to communicate paperless with instant messaging and email. Why not do the same with organizing documents and files paperless too. It's still early 2015 and not too late to save time, money, and some trees while your at it.

Going paperless is a great idea and our team here at Interlock IT will help you make paper filing a thing of the past.

Monday, December 1, 2014

Fixing conflicts and errors with Active Directory synchronization to Office 365 and Azure

Sometimes user accounts (or objects) that have been deleted and then recreated on your Active Directory will become out of sync with Office 365 meaning changes to passwords and other attributes won't sync properly. Another cause is a change in the configuration of your Azure Active Director Sync utility, such as changing the SourceAnchor attribute.

DirSync is more common in the Office 365 user base because its replacement, Azure Active Directory Sync was recently released in September of 2014. For a comparison of the two tools visit Microsoft's Directory Integration Tools page.

If you have objects out of sync or conflicting you might receive an error message email every few hours when the AAD Sync utility is run.


You should also see the errors in the Event Viewer and Application Logs on the Windows Server running the utility.

In some cases, the Microsoft's own Office 365 IdFix tool can't find the problem, and thus can't fix it.

By reviewing the contents of userdetails.csv output by the PowerShell command:
get-msoluser | export-csv userdetails.csv
we were able to see that the ImmutableID was set incorrectly due to a prior sync configuration or that the on-premises Object ID shown in the error message above was already connected to another user.

Somewhere along the line, Microsoft removed the ability change or clear the ImmutableID attribute without first disabling Directory Sync for the organization so most internet postings we found while looking for a solution are no longer valid. Some postings showed that back in 2012 you could set the ImmutableID from PowerShell. Today you can only clear it to null if Directory Sync is deactivated.

Deleting (setting to null) the ImmutableID attribute on Office 365/Azure Active Directory solved the sync problem for us. You can no longer change it to match but the directory sync utility will re-populate it for you. Here's how to do it.

Start by disabling the Azure AD Sync Scheduler task in Task Scheduler on the Windows Server that runs AAD Sync:


Next Deactivate Directory Sync on your Office 365 Admin console:



In our experience, it actually takes a couple of hours during business weekdays and about 10 minutes on a Saturday night to deactivate, but it could theoretically take up to 72 hours to complete.

Copy the commands below into a new text file and save it as eraseimmutableid.ps1, change the $upn value accordingly and run it:
set-executionpolicy RemoteSigned
Import-Module MSOnline
Connect-MsolService
$upn = "sampleuser@domain.com
$oid = (Get-MsolUser -UserPrincipalName $upn).ObjectID
Write-Output "Before:"
Get-MsolUser -UserPrincipalName $upn | select userprincipalname,ImmutableID,ObjectID
Write-Output "`n`nAfter:"
set-msolUser -ObjectID $oid -immutableID "$null"
Get-MsolUser -UserPrincipalName $upn | select userprincipalname,ImmutableID,ObjectID
Now re-enable the sync service in Task Scheduler and run it manually.

If you still see errors keep looking at the results of userdetails.csv mentioned above. Search for the email addresses and Object IDs shown in the error message email.

Feel free to reach out to InterlockIT.com for assistance with your Office 365 Directory Synchronization configuration and fine tuning.

Thursday, November 20, 2014

Interlock IT earns two Microsoft Silver Competencies!

Cloud Computing is entering its second second stage of hypergrowth in enterprises. Forrester estimates the public services cloud market will grow to $191 billion by 2020, a huge leap from "just" $58 billion in 2013.

Businesses of all sizes are looking to roll out fully cloud-enabled productivity suites with a minimum of disruption to their business. We've seen a huge uptick in demand for cloud-based systems that remove the stress of administering your own email system or file server and let you focus on the things that matter—like finding new clients or executing on projects.
Early in his career as Microsoft's new CEO, Satya Nadella knew that the way forward both for Microsoft and other businesses was "mobile first, cloud first." Shouldn't your business be able to work from anywhere in the world, on any device, at any time?

Office 365 plans start at $5.10 per user per month and for $12.90 per month the desktop versions of the Office suite are included. At that price managing on-premises email servers or paying for hosted Exchange no longer makes sense.


As a Microsoft Partner with Silver-level Competencies in both Small and Midmarket Cloud Solutions and Cloud Productivity, the team at Interlock IT is well-positioned to help you move from your antiquated email system that doesn't work at the pace of modern business.

Wednesday, October 29, 2014

Automating Quickbooks from the Cloud

For all the benefits working in the cloud provides, sometimes migrating every aspect of your business operations to cloud services is not an option.  What do you do when your CRM and Project Management are cloud based, but you need to move data back to Quickbooks on the desktop?

One answer: get in touch with Interlock IT.

Our client had already switched their Contact and Project management to Norada's Solve CRM when they did just that:
I would like to integrate the Solve CRM API with Quickbooks to automate our workflow bidirectionally between Solve CRM and Quickbooks. We use Quickbooks Enterprise Construction Edition.
Our first response was to rule out other options, couldn't we move accounting into the Cloud? Specific features of the Quickbooks Contractor edition were mission critical; there was no direct cloud replacement. Xero, Quickbooks Online, and Freshbooks would not meet their needs at this time.

Enter the Quickbooks Web Connector, a legacy application released by Intuit, the makers of Quickbooks, designed to allow desktop editions of Quickbooks to communicate with web-applications, also known as the Cloud!

Armed with a method of communicating with Quickbooks on the desktop, we dug into the clients specific needs and developed the solution below.

Setting a Revenue Opportunity to "Won" in Solve CRM kicks off the process.
When a revenue opportunity is marked Won in Solve CRM, the following occurs automatically:
    • Instantly create a Customer and Job in Quickbooks with details from the Solve CRM Company record.
    • Add an Estimate to the Job and convert it to a Sales Order, using details from the revenue opportunity.
Details from Company record and Opportunity are synced into Quickbooks.
Now the accounts team can take over and work with the project in Quickbooks, tracking progress and financial details on the automatically created job in Quickbooks.

Finally, our system syncs financial report figures back into Solve CRM, allowing for reports on project finances to be generated entirely from data in the Cloud, avoiding a time consuming manual process of matching Quickbooks reports with Solve CRM Opportunities.

Later, Quickbooks report values are synced back into Solve CRM automatically, simplifying project based reporting.
The technology stack used to implement this solution consists of Google Apps Script and Python on the Google App Engine.  Webhooks triggered from within Solve CRM call out to a Google Apps Script living on Google Drive.  The Apps Script processes the Webhook and determines the required action. If Quickbooks related actions are required, the Apps Script passes the request onto the Google App Engine application, which handles SOAP based communication with Quickbooks, using QBXML.

The Quickbooks Web Connector polls the App Engine application and consumes any new actions that have been passed from Apps Script, returning results to the App Engine. The App Engine then feeds data back into Solve when necessary.

The end result is an integrated solution that saves time, reduces errors, and provides staff access to important financial data direct from Quickbooks!

Try Solve CRM for Free.

Wednesday, September 24, 2014

Updated guide to embedding an image in your Google Apps for Work signature

Earlier this year we posted a guide for using Google Drive to host images embedded in your email signature and it's been one of our most popular articles. However, Google recently changed the behaviour of Drive's image viewer, so this method no longer works. Instead, you now need to use Google+ Photos (formerly Picasa) to upload images and link to them directly. Here's how.

First, if you don't have one already, create a Google+ account with your Google Apps for Work email address by visiting http://plus.google.com. (You'll need to make sure your domain administrator has enabled Google+ for this to work.)


Next, either head directly to Google+ Photos or hover over the Home icon in the top-left corner of the page and click Photos, then click the Upload photos link along the top of the page. Upload the image you'd like to use as your signature, and click Done.


In the Share album dialogue box that appears, type "Public" in the To: box and click Share.


The image should now open in an album view; click the image to open it on its own. Right-click on the image and select Copy image URL (assuming you're using Google Chrome; in Firefox this is "Copy Image Location"). The resulting URL will look something like this when you paste it:
https://lh6.googleusercontent.com/-LDvF-aANinE/VCMjrpWet7I/AAAAAAAAA0U/eE1oYgtVrKo/w150-h70-no/Interlockit_Logo%2B150x70.png
Copy this entire URL into the Add an image dialogue box of the signature editor, and you should see a preview of the image you're about to insert.



If you see the preview correctly, click OK and you're all done! The image you uploaded will now be linked in (rather than attached to) your signature, won't make your messages larger than they need to be, and shouldn't trigger spam filters.

If you're a regular Google+ user, then uploading the image(s) you use in your signature will show up in your Google+ stream and other users will be able to see the posts. If you'd rather not have the uploads clog up your stream, head over to your profile, hover over the photo you want to remove from your stream, click the down arrow in the top-right corner and click Delete post. This will not remove the photo attached to the post, but will stop the upload from showing up in your own or others' streams.