Office 365 – Desktop Update Best Practices

When it comes to cloud migrations, most customers dedicate efforts to the migration only to then realize there is more work to be done.  Enterprise customers have been accustomed to Microsoft version releases every couple of years.  However, subscription-based cloud services update often.  Large enterprises managing desktops and applications often dedicate teams to test and deploy updates.  Consumers who manage their own devices and smartphones are accustomed to seeing their system and apps update automatically and more often.

As an Office 365 subscriber, organizations should be aware of subscription channels and their update frequency.  Information Technology users should be on the First Release Deferred Channel with monthly feature updates.  The rest of the enterprise should run the Deferred Channel, which updates three times per year.  Consumers and Windows insiders are kept current with monthly builds.

Great news!  Starting this September, the updates will move to a semi-annual model.  Microsoft announced these changes in a blog and then shared the support article with this helpful chart:

Windows 10 will also follow the same model starting in September and then March as well.  While this change is confusing, it seems Microsoft is listening to customers who have been managing the update frenzy as they try to keep current and secure with the Microsoft cloud.  Having to deal with this twice a year for the desktop OS and Office apps sounds almost blissful.


Are you thinking of moving from a subscription based model for Microsoft applications such as Word, Outlook, PowerPoint and Excel?  If you are interested in migrating, but concerned about the change, the team of experts at Xgility can help.  For a free 30 minute consultation, please contact us.

Why an Accurate Active Directory Profile is Critical

When was the last time you updated your work profile?  In some cases the answer is never, as you may be thinking, “Isn’t that IT’s job and didn’t I complete several HR forms when I joined the company?”  Chances are you’ve updated your LinkedIn profile more frequently than your company bio.  Many of us spend a lot of time on social media sites, including Twitter and Facebook, telling the world (or a few friends) all about you.

You may want to think more about your work profile as Microsoft just announced an updated profile experience coming soon to Office 365.  Items such as your manager, teammates, and documents can be surfaced right from your name.   Leveraging the Office Graph and the same engine behind Delve, the new profile experience can make a connection quick and easy.

While some of this profile data is a result of your uploading and sharing of information in Office 365, your primary stats are stored in your company’s Active Directory.  With Office 365, a copy of your AD is synchronized with Azure and for startups and small businesses, their primary directory is Azure AD.  Either way, it is important for your profile to be complete.  In fact, many SharePoint workflows break as the approving manager is not available in the user’s profile.

Xgility has partnered with a new startup company founded by former Microsoft Product Manager and former Nintex CEO, who help organizations collect profile data.  The company is called HyperFish and we’re excited to help our customers improve their employee profile data with this service.

As the administrator, I let Hyperfish analyze my company directory and then schedule their machine learning HyperBot to help collect missing profile data.  Using our company brand, we set the tone of the communications and channels to communicate.  Here it is in action:

At Xgility, we like to come up with new ways to help our customers increase collaboration and productivity.  For our customers, keeping active directory up-to-date may be part of skills tracking, knowledge management, or automated workflows.  If you have ever needed to text a coworker at the last minute due to a conference room change, you will appreciate this tool.  Microsoft has some work to do to make it easier to do skills tracking in active directory, but we believe there are exciting things to come.  Making sure your directory and profile is complete and up-to-date will set the foundation for transformational results.

If you would like to view the PowerPoint presentation on this topic, from SharePoint Saturday DC, you can view it here.

Try the free active directory analyzer and photo tool or contact us for a free 30 minute demo.



Author:  Chris Ertz

Editors:  Kurt Greening and Alex Finkel

Does Our Government Contractor Need to Move to Gov-Cloud?

If you work in the DC Metropolitan area, you are aware that there are thousands of companies who serve the needs of the Federal Government.  If you doubt these numbers, FOIA lists contractors in SAM.  Government Contractors often have to adhere to many of the same security and compliance standards of the Federal Government, especially when accessing, sharing, and storing sensitive or classified material.

GAO has released guidelines for government contractors including, but not limited to, having a business continuity plan, virus protection, encryption, and using two-factor authentication.  Requirements for two factor authentication are pushed down to defense contractors through three DFARS clauses.  The DFARS clauses require defense contractors (and all of its subcontractors) that possess or transmit controlled unclassified information from DoD to fully implement NIST 800-171 and provide the DoD CIO with a certification memo.  The requirement for 2 factor is imbedded in the controls in 800-171.

We expect these requirements to continue to become more stringent as the Federal government evaluates cyber security risks and our enemies target government contractors.  Many small and medium government contractors have found that the cloud can be both more cost effective and more secure.  As government contractors evaluate the move to the cloud, many have asked us which cloud?

Microsoft built a Government datacenter for Office 365 and Azure services for .gov agencies, but government contractors with commercial .com were not allowed to use those services without a letter of approval from a government agency.  Most agencies were reluctant to provide that letter unless the contractor was a building a SaaS application that would host government data.  As contractors assisted agencies in the migration to the FedRAMP approved services, contractors wondered how this could impact their internal cloud migration and relationship with their government customers.  Contractors no longer need to worry because Office 365 Enterprise and Microsoft Azure are now in scope for FedRAMP at the Moderate Impact Level.

At Xgility, we’ve migrated Federal, State, and Local agencies as well as Government Contractors to Microsoft Cloud platforms.  These customers are achieving new levels of productivity and security in the cloud.  We agree with Microsoft that Office 365 offers more security than on-premises services and since you need multi-factor authentication to participate in this ecosystem, Office 365 has you covered there too.

Xgility Gov Cloud Office 365


If you would like to learn more about Microsoft’s Cloud or would like a 30 minute free consultation, contact us.



Author:  Chris Ertz

Editors:  Alex Finkel and Kurt Greening

Top Budgeting Mistakes When Comparing Office 365 to SharePoint and Exchange On-Premises

  1. Under-Estimating the Cost of SharePoint 2016 On-Premises

This is the most common mistake I see.  First, many information technology managers forget that SharePoint 2016 does not have a foundation license and therefore will need to purchase Standard or Enterprise client access licenses.  Second, information technology managers should budget for four or five servers to install SharePoint 2016 just to meet the minimum hardware requirements.  A single server is unlikely to meet the production needs for most organizations, this cost gets compounded when you look at the long term cost of server refreshes, warranty extensions, and future upgrades.  Third, information technology managers underestimate the administrative work required to keep a SharePoint farm healthy.


  1. Forgetting About Identity Management in the Cloud

Many organizations are already looking for ways to extend their Active Directory and identity management solutions to cloud applications, as well as share limited internal resources with external customers, vendors, and partners.  Office 365 has these capabilities “baked in” with secure external sharing, Azure Active Directory, and other cloud identity management tools.  Replicating these kinds of tools on-premises not only increases your hardware and expertise requirements, but can open you to additional security threats if not enabled and managed correctly.

Microsoft has made it easier to extend your Active Directory with tools like Azure Active Directory Connect which allows you to enable same sign-in and single sign-on technologies easily.  There are also technologies like EMS and Azure Active Directory Domain Services which create additional benefits that can actually make the cloud more secure than applications that once ran in your data center.


  1. Believing that Hybrid is Less Expensive than Cloud Only

We consulted with several customers this quarter who believed that running hybrid would save them money.  They were trying to avoid paying for licenses in the Microsoft cloud for some users.  In most cases, since you can’t match the scale of Microsoft, your organization can’t match the value they provide.  There are great reasons to run Hybrid such as unique security and compliance requirements or custom applications that you don’t want to re-write to run in the cloud.  Cost should not be the factor driving your organization towards hybrid Exchange or SharePoint.


  1. Not Including the Cost of Software You Can Stop Using

Hopefully you are running spam filtering and virus scanning software for your on-premises collaboration server environment.  Microsoft takes care of these for you in Office 365.  Email archiving software is not typically needed due to the large mailboxes sizes in Exchange Online.  Microsoft provides backup software and high availability as well.  Your team should also calculate whether or not you can reduce spending on conferencing services or products like WebEx or GoToMeeting and replace them with Skype for Business (included in many Office 365 plans).

With real-time reporting of the features and components that your organization is actually leveraging, you can make better decisions about what technologies to invest in, rather than rubber stamping additional hardware investments year after year.

Software you pay and don't use Office 365


  1. Cost of Managing External User Access

SharePoint Online provides access for unlimited external users.  Since external users utilize their company Office 365 or personal Microsoft credentials, your staff won’t be in the password reset business.  SharePoint on-premises provides external access via VPN or forms-based authentication (you need a license for users that are part your active directory).


  1. Budgeting for Migration Tools

If you are going to skip a version of SharePoint or a migration to Office 365 in most cases, you will need a migration tool.  A migration tool will also make moving to exchange online much easier.  Cutting over all users to Exchange Online at the same time will also reduce the complexity of the migration.

We hope this article will help you avoid some of the most common budgeting mistakes around Microsoft collaboration software. Please contac us if are considering moving to Office 365.

Author:  Kurt Greening

Editors:  Stephen Heister and Alex Finkel

InfoPath and SharePoint Designer Replacements: What Are My Options?

Our managed services team frequently gets asked about options to replace InfoPath and SharePoint Designer.  InfoPath forms libraries still work in SharePoint Online and SharePoint 2016, but many of our customers are looking to decrease their use of InfoPath in SharePoint due to the long-term roadmap.  SharePoint Designer 2010 and SharePoint Designer 2013 workflows also still work, but Microsoft announced there would be no SharePoint Designer 2016 at Ignite in 2015.  At Ignite 2016, Chris McNulty from Microsoft re-affirmed support for InfoPath and SharePoint Designer until 2026 while other technologies mature.

  1. List Forms

Out-of-the-box SharePoint has a list form that can be edited in the browser.  While limited, this may meet the need for basic forms to enter data in a list.  In the past, it was common to use SharePoint designer to build a custom list form or use InfoPath.  Another more modern option is the use JSLink to build a custom form or customize list views. InfoPath and SharePoint Designer Replacements 1

  1. Nintex

Nintex is a great 3rd party forms and workflow designer for both Office 365 and SharePoint Server.   Recently, they simplified their pricing to provide one model for both SharePoint Server and Office 365 based on number of workflows.  InfoPath developers have complained that Nintex does not offer an exact one-for-one replacement of all features in InfoPath.  Our team has had to train InfoPath developers that the design philosophy for Nintex Forms and Workflows should be different from some of the ways InfoPath and Designer have been used in the past.

InfoPath and SharePoint Designer Replacements 2


  1. Flow and PowerApps

On August 1st 2016 Chris Ertz from Xgility presented on Flow and Power Apps at the Reston SharePoint user group.  These are two features are currently in preview with Office 2016.  In the demo, he used flow to pull data from CRM into a SharePoint list to create a proposal.  Chris also demonstrated how PowerApps can connect to data sources such as SQL, Excel, or a SharePoint list.  While both PowerApps and Flow are promising, they are new.  Office 365 users may notice that the new document library look has flow in the ribbon.

InfoPath and SharePoint Designer Replacements 3


  1. Custom Development

.NET Developers as part of Xgility staff can use Visual Studio to build custom forms.  The disadvantage is that creating and editing the form will require a developer.  For some requirements a custom form is the best option.

InfoPath and SharePoint Designer Replacements 4


  1. Structured Documents in Word

Structured Documents can be part of a special template in SharePoint known as a content type.  The document information panel is no longer a feature in Word 2016, but a structured document can be used to fill in metadata and can be used as a simple form.  This might be used with documents such as proposal templates or status reports.


  1. Themes, Templates, and JavaScipt

In the past, SharePoint developers would create custom master pages using SharePoint designer.  In SharePoint online, our team is more likely to use Themes due to concern that some customizations can break due to Office 365 updates.  We have also successfully used templates like those available from bindtuning.

Themes, Templates, and JavaScript InfoPath Replacement


Do you have a business application in mind and are wondering the best way to build it in SharePoint?   Our managed services team provides training and direction through regular governance.   If you want to know more about your options, please contact us.

Security, Information Protection, and Governance in the Cloud

Trust in the cloud continues to grow as the capabilities of the cloud mature, in some cases, beyond what IT teams could accomplish On-Premise.

Information Protection

Take Windows Rights Management Services for example.  First introduced in Windows Server 2003, it gave administrators the ability to enforce company policy directly in file servers, emails, and documents in SharePoint.  If a document was marked read only, editing capability was restricted by Word.  Emails can be restricted and users could not forward or reply all.   Windows RMS adoption was low until it became Azure RMS, a service that could be activated by a few check boxes through your Azure portal connected to Office 365.


As with any collaboration platform, as users start adding content and permissions are granted, those in charge want to maintain rule and gather insight into the system to make sure everyone is using it effectively within company regulations.  In April of 2015, Microsoft published the Office 365 Management API and several software companies aligned their suite of compliance tools to gather insight to activity in Office 365.  Xgility has implemented products such as:

  • Metalogix – with ControlPoint and Sensitive Content Manager you have the ability to manage permissions and set activity alerts for behavior(s) such as downloads of suspicious amounts of files or actions based on specific content.
  • Varonis – to classify on premise file servers and SharePoint servers through agents. Now with support for Office 365 with their DatAdvantage product.
  • AvePoint – with DocuAve Online, you can report SharePoint Online permission abnormalities or unauthorized changes.

If you have Office 365, you have seen the evolution of compliance and audit capabilities in the service.  Now its own app in the launcher, the Office 365 Compliance Center has consolidated the DLP, reporting and industry compliance documents under one easy to navigate admin center (as long as you believe the new admin portal layout is easy to use).



As expected, Microsoft arrived later in market but is closing the feature gap with its recent announcement of Cloud App Security, a June 2016 addition to the E5 suite.  If you are an Office 365 admin, you can preview this service from the compliance center,  It turns on the service from another domain, which connects through the Office 365 Management API.  Cloud App Security can also discover other SaaS applications and apply a series of pre-configured policy templates.   Here is how Cloud App Security works:

Microsoft Office 365 Cloud App Security Process



So, a few years ago, most organizations were grappling with policy enforcement on local file servers.  Nowadays, as the Microsoft cloud matures, businesses can control user behavior with corporate data in non-sanctioned cloud storage:

Office 365 Cloud App Security Compliance Check

Look out savvy iCloud subscribers, your company is watching!


Ask us

Would you like information protection advice or more customer evidence?  Just this month, a mid-sized law firm stated how Office 365 is Protecting sensitive information: Kelley Drye believes that its data—and that of its clients—is even more secure today through Office 365 than it was before. “In the past, we didn’t have insight into what happened to information after we emailed it to outside parties. Now with Office 365, we have a better sense of who has access to matter-related information and who has looked at or modified it,” says Flournoy. “Having peace of mind that we’re protecting client information is extra important in our industry.”

If you want to continue the conversation about security please contact us.

Why is Enterprise Software Underutilized?

With the megatrends of cloud computing and managed services transforming IT, why is Enterprise Software still underutilized?  Wall Street continues to report the quarterly market growth of Amazon,, and Microsoft’s cloud business but the journey to the cloud for customers to realize the value of software as a service continues to lag.  Here are three reasons we believe there is a gap between what customers are buying and the value they are receiving from enterprise software.


  1. Cloud Services do not require significant budgets

Most organizations categorize cloud subscriptions expenditures under operational expenses, where traditionally they have been capital expenditures with large up front budgets for licensing and hardware.  As a result, normal project considerations, including deployment and training, are overlooked since the service is just “turned on.”

  1. The Executive Sponsor typically has moved on to other initiatives

In my experience, software sales reps will typically build a relationship with a “C” level executive that has the “juice” to make a large purchase.  These executives are typically very busy and after the deal is done they leave the implementation to IT staff or project managers to complete the project.

  1. Information Technology Staff needs more training in adoption best practices

Traditionally, IT staff have been focused on the support (break fix) or rollout of new technology.  With the cloud, this model has changed.  Many articles cite an IT skills gap that has been created by the speed at which technology is changing.  This is being fueled by the consumerization of IT as well as cloud technologies.


So, is it time to outsource your IT department or stop buying cloud software?  That is not what we are recommending.  Moving to the cloud is almost always a great choice.  We believe that cloud software offers a great opportunity to change focus to a productivity value created by enterprise software.  The experts at Xgility have experience and skills developed over a large customer base and our managed services can help you transform your IT department and/or your business.

If you want to know more about our proven mythology for the adoption of Microsoft cloud software such as Office 365, Azure, SharePoint, or Enterprise Mobility Suite (EMS), let’s talk.  Our Managed Services team can also show you how to use the latest tools for adoption tracking.




Author:  Kurt Greening

Editors:  Alex Finkel and Chris Ertz

Cloud and Mobile Device Security and Protection

Are you using cloud applications?  Are you concerned about security?

There are several good solutions on the market for single sign-on, mobile device management and data loss prevention. In 2015, Gartner named AirWatch to the top right magic quadrant for mobile device management. Our customers have also used Okta, Ping, Centrify and IAMCloud for Indenity and Access Management including single sign-on (SSO).

While Okta, AirWatch and others have great products, we have recently started recommending the Microsoft Enterprise Mobility Suite (EMS) as a completely integrated solution.  In addition to single sign-on, two factor authentication is a major reason to evaluate solutions similar to Azure Active Directory Premium (part of the EMS Suite).  We believe the EMS suite of security products offers a lower total cost of ownership when compared with other solutions, especially for customers under 1,000 users.

Hoping to learn more about EMS?  Are you using AAD Sync, DirSync/Password sync, or Federated Identities and confused about the difference between single sign-on and same sign-on?  Contact us or check out the video below.



The transcription for the YouTube video is below…

Enterprise Mobility Suite (EMS) is a collection of tools from Microsoft that can help enable your organization to effectively address your customers and/or employees the consumerization of IT, bring your own device, and software as service challenges. The current reality is that organizations are struggling to address the explosion of Enterprise Mobility. With or without IT knowledge, many workers are accessing company information via their own personal devices and from multiple locations. According to Microsoft, 29% of today’s global workforce use three or more devices, work from multiple locations, and use multiple apps. 80% of employees admit to have used non-approved software as service applications in their job. Yet a leakage resulting from device loss or theft has been recognized as a top risk for using mobile devices.

In response, the solution by many IT departments has been to lock down access to crucial resources that employees need to get their jobs done. This often leads to frustration or even worse – people going outside of their IT department for solutions to their problems. Workers just want to get their jobs done, often not understanding the risks of circumventing the IT department. The Microsoft Enterprise Mobility Suite tool kit is comprised of three main tools. Microsoft Azure Active Directory Premium, Windows Intune, and Microsoft Azure Rights Management. The combination of these tools enables organizations to allow their workers the freedom to collaborate wherever, whenever, and however they want in order to reach their business goals, all while protecting corporate data and devices. In this video, we’re going to highlight some of the best features of the Enterprise Mobility Suite and how they relate to collaboration in SharePoint Online and Office 365.

The first tool within the EMS tool kit is called Azure Active Directory Premium. If you’re using Office 365, you’re already using Azure Active Directory as the user directory for members of your organization and any users you share content with through SharePoint and other services. Azure Active Directory Premium is the backbone of the EMS toolkit, as it contains any users or groups that you’ve created, either in a non-premise directory that’s been integrated or what has been created in the cloud. Azure Active Directory Premium brings additional features to the table that can be leveraged, such as a custom log-in portal to factor authentication and in some scenarios, a password writeback feature that allows users to reset their password via a mobile device and have that password written back to their on-premises active directory. This can help reduce the burden on IT and can empower users to get at the services they need quickly. As your implementation matures, Azure Active Directory Premium can be leveraged to provide a single identity across many other applications.

The second tool within the EMS tool kit is called Microsoft Intune. Microsoft Intune provides mobile device management, mobile application management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees a consistent company portal that provides access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping keep corporate information secure. Using Intune allows IT to protect endpoints regardless of whether they’re owned by the company or not. If a user leaves the organization, a feature called Selective Wipe can be used to remove data owned by the Enterprise. If a device is lost or stolen, Remote Wipe can be used to remove a user’s sensitive information. Intune can also be configured as a plug-in for a systems center, for organizations that are looking for a complete endpoint management environment, or just in the cloud for organizations that are implementing a bring-your-own-device policy or want to keep a more agile approach to device management.

The final part of EMS is Azure Rights Management. Microsoft Azure Rights Management (ARM) provides a comprehensive policy-based Enterprise solution to help protect your valuable information no matter whom you share it with. This can help you protect valuable content contained in SharePoint libraries or email messages. Your data is kept safe while it’s in the cloud, or if it’s downloaded to a local machine or device. You could also set up templates to help protect against information leakage so that policies can be automatically applied to certain types of PII, PHI, or credit card information. One of the coolest features is the ARM-sharing app allows you to apply protection Ad HOC to any type of file you’re sharing. This allows the Enterprise to feel comfortable sharing information using native tools like Office and collaboration tools like SharePoint, without worrying that someone will share the wrong information with the wrong people.

Now is a pivotal time for IT organizations as they prepare for the future of decentralized applications where identity is the primary key for enabling secure access to content and collaboration tools. Contact us for more information on how EMS and Xgility can help your organization enable your employees with the right tools and achieve transformational results.


Author: Dean Virag

Editor: Alex Finkel and Kurt Greening