Cloud and Mobile Device Security and Protection

Are you using cloud applications?  Are you concerned about security?

There are several good solutions on the market for single sign-on, mobile device management and data loss prevention. In 2015, Gartner named AirWatch to the top right magic quadrant for mobile device management. Our customers have also used Okta, Ping, Centrify and IAMCloud for Indenity and Access Management including single sign-on (SSO).

While Okta, AirWatch and others have great products, we have recently started recommending the Microsoft Enterprise Mobility Suite (EMS) as a completely integrated solution.  In addition to single sign-on, two factor authentication is a major reason to evaluate solutions similar to Azure Active Directory Premium (part of the EMS Suite).  We believe the EMS suite of security products offers a lower total cost of ownership when compared with other solutions, especially for customers under 1,000 users.

Hoping to learn more about EMS?  Are you using AAD Sync, DirSync/Password sync, or Federated Identities and confused about the difference between single sign-on and same sign-on?  Contact us or check out the video below.



The transcription for the YouTube video is below…

Enterprise Mobility Suite (EMS) is a collection of tools from Microsoft that can help enable your organization to effectively address your customers and/or employees the consumerization of IT, bring your own device, and software as service challenges. The current reality is that organizations are struggling to address the explosion of Enterprise Mobility. With or without IT knowledge, many workers are accessing company information via their own personal devices and from multiple locations. According to Microsoft, 29% of today’s global workforce use three or more devices, work from multiple locations, and use multiple apps. 80% of employees admit to have used non-approved software as service applications in their job. Yet a leakage resulting from device loss or theft has been recognized as a top risk for using mobile devices.

In response, the solution by many IT departments has been to lock down access to crucial resources that employees need to get their jobs done. This often leads to frustration or even worse – people going outside of their IT department for solutions to their problems. Workers just want to get their jobs done, often not understanding the risks of circumventing the IT department. The Microsoft Enterprise Mobility Suite tool kit is comprised of three main tools. Microsoft Azure Active Directory Premium, Windows Intune, and Microsoft Azure Rights Management. The combination of these tools enables organizations to allow their workers the freedom to collaborate wherever, whenever, and however they want in order to reach their business goals, all while protecting corporate data and devices. In this video, we’re going to highlight some of the best features of the Enterprise Mobility Suite and how they relate to collaboration in SharePoint Online and Office 365.

The first tool within the EMS tool kit is called Azure Active Directory Premium. If you’re using Office 365, you’re already using Azure Active Directory as the user directory for members of your organization and any users you share content with through SharePoint and other services. Azure Active Directory Premium is the backbone of the EMS toolkit, as it contains any users or groups that you’ve created, either in a non-premise directory that’s been integrated or what has been created in the cloud. Azure Active Directory Premium brings additional features to the table that can be leveraged, such as a custom log-in portal to factor authentication and in some scenarios, a password writeback feature that allows users to reset their password via a mobile device and have that password written back to their on-premises active directory. This can help reduce the burden on IT and can empower users to get at the services they need quickly. As your implementation matures, Azure Active Directory Premium can be leveraged to provide a single identity across many other applications.

The second tool within the EMS tool kit is called Microsoft Intune. Microsoft Intune provides mobile device management, mobile application management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees a consistent company portal that provides access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping keep corporate information secure. Using Intune allows IT to protect endpoints regardless of whether they’re owned by the company or not. If a user leaves the organization, a feature called Selective Wipe can be used to remove data owned by the Enterprise. If a device is lost or stolen, Remote Wipe can be used to remove a user’s sensitive information. Intune can also be configured as a plug-in for a systems center, for organizations that are looking for a complete endpoint management environment, or just in the cloud for organizations that are implementing a bring-your-own-device policy or want to keep a more agile approach to device management.

The final part of EMS is Azure Rights Management. Microsoft Azure Rights Management (ARM) provides a comprehensive policy-based Enterprise solution to help protect your valuable information no matter whom you share it with. This can help you protect valuable content contained in SharePoint libraries or email messages. Your data is kept safe while it’s in the cloud, or if it’s downloaded to a local machine or device. You could also set up templates to help protect against information leakage so that policies can be automatically applied to certain types of PII, PHI, or credit card information. One of the coolest features is the ARM-sharing app allows you to apply protection Ad HOC to any type of file you’re sharing. This allows the Enterprise to feel comfortable sharing information using native tools like Office and collaboration tools like SharePoint, without worrying that someone will share the wrong information with the wrong people.

Now is a pivotal time for IT organizations as they prepare for the future of decentralized applications where identity is the primary key for enabling secure access to content and collaboration tools. Contact us for more information on how EMS and Xgility can help your organization enable your employees with the right tools and achieve transformational results.


Author: Dean Virag

Editor: Alex Finkel and Kurt Greening

Contract Tracking Part II, Invoice Approval

A few months back, a general counsel of non-profit organizations wanted to see examples of how their legal and contracts team could use SharePoint. Our team built this proof of concept to show how SharePoint forms and workflows can be used to build a system to track contracts and invoices against those contracts. This is part two of the video series.  Part one of the video can be found here.


The transcript for the video is below…

Welcome to part two of a two part video series on using SharePoint for contract tracking. Hi, I’m Dean, a SharePoint expert at Xgility and in this video I’m going to demonstrate how to apply invoices against the contracts stored in a contracts library.

First, a quick recap of the first video. In that video, I demonstrated that a SharePoint library is an excellent tool for storing and tracking contracts, metadata and views are essential tools for gaining insights into the status of contracts, the available balance and percentage value remaining of a contract can be tracked, the ability to track changes within Microsoft Word is still available within SharePoint, and that SharePoint will automatically store previous versions of a contract.

Now, onto part two…Applying Invoices Against a Contract. We begin with an accounts payable clerk having already received and reviewed an invoice from Vendor C for Contract 1. The clerk opens the vendors invoice submission form. There, the clerk selects Vendor C from the vendor drop-down and selects Vendor C, Contract 1 from the contract drop-down. Note that the contracts displayed in the drop-down will automatically change based on the vendor that’s selected. Upon selection of a contract, the available balance of the contract will be displayed. This field is for reference purposes only and cannot be overwritten. The clerk then enters the value of the invoice and attaches the invoice to the form and finally clicks submit to add the invoice to the library. When the file is added to the library, an automated email is sent to the invoice approver. In our example, the email message is fairly simple, but please note that the content of the email can easily be changed and you can put whatever you want in it.

Clicking the link in the email will open the invoice form again, but this time to the approval view. Here, the invoice approver can open the invoice and review it, add the decision date, select the approval decision, and add comments about the approval decision. Clicking “Submit Decision” saves the decision information. If the invoice was approved, the invoice amount is automatically deducted from the available balance of the associated contract and the accounts payable clerk is sent an automated notification that the invoice was approved and the check can be cut. If the invoice was denied, both the vendor and the accounts payable clerk are sent automated notifications including the approval decision comments.

That is all there is to it. Now, lets revisit the contracts library to see that the amount was deducted. As you can see, the remaining balance of Vendor C, Contract 1 is now down to $100 and the percent remaining is now well below 20%.

Lets take a quick look at the below 20% remaining view to see if the contract shows up. Click on the below 20% remaining view and there it is. If you remember from the last video, we did not have any contracts that were below 20% remaining, so nothing displayed in this view and now we have something.

In this video I demonstrated a fairly simple but very effective solution for processing invoices against a contract. This is just the baseline solution. There’s so much more that can be done to enhance the visibility and tracking of your contracts using SharePoint.

If you have addition questions are would like help automating your workflow in SharePoint, Office 365, or SharePoint Online please contact us.


Author: Dean Virag

Editor: Alex Finkel

Contract Tracking Part I

A few months back, a general counsel of a non-profit organization wanted to see examples of how their legal and contracts team could use SharePoint.  Our team built this proof of concept to show how SharePoint forms and workflows can be used to build a system that tracks contracts and invoices against those contract.  This is part one of the video series.  Part two of the video can be found here.


The transcript for the video is below…

Welcome to Part one of a two-part video series on Using SharePoint for Contract Tracking. Hi, I’m Dean, a SharePoint expert at Xgility, and in this video I’m going to demonstrate how to use a document library in SharePoint to store contracts and to capture information about each contract. I am also going to demonstrate how to track changes within a contract and how to track different versions of a contract. Finally, I am going to demonstrate how views can be used to gain insights as to the status of the contracts. Let’s begin.

As you can see here, I already have a document library set up and named “Contracts.” In it, I have created several columns for collecting information about each contract. I’m collecting the name of the vendor, the contract status, the contract start and end date, the initial value of the contract, the available balance remaining on the contract, and the percentage of the value remaining on the contract. The balance remaining and percentage remaining are calculated after invoices are processed against a contract. That will be the subject of Part two of this video series.

Adding a new contract to the library is very easy. Simply click “Upload,” choose a file, and click “Okay.” You will then be prompted to add some more information about the contract. This is a very important step, as this additional information is needed when processing invoices against the contract. In this case, I copy the name of the contract and paste it into the title field, then select a vendor from the drop-down and change the contract status if I need to. However, in this case, I am not going to. I enter the contract start and end dates, then enter the initial value of the contract and the available balance, which is the same as the initial value, as no invoices have been processed against this contract as of yet. Then I click “Save” to complete the contract upload process.

Now, lets take a look at how track changes works in Microsoft Word 2013. In reviewing the contract, I see that there are a few changes that the vendor needs to make before I accept it. There’s a line about where the services were rendered that needs to be removed and I also want the vendor to add a title next to Contract 1 at the top of the page. The vendor is going to make the changes and email them to me. At this point, the vendor has made the changes and sent me the updated document, which I have now downloaded onto my computer. I can update the contract by re-uploading it into the library, replacing the existing file. Notice how the name of the updated contract is the same as the original version. There is no need to manually change the name of a contract to reflect different versioning. SharePoint takes care of version control automatically in the background, again, so there is no need to change the name of the file manually. I do have to re-enter the information about the contract and click “Save” to complete the upload process.

Lets open the file in Microsoft Word 2013 and see that the changes have been tracked… Everything looks good. I’m going to accept all the changes and save the document to complete the process. To view the version history of the contract, click in the white space between the two columns to select that contract line item. Then click the Files tab, and click version history. As you can see, there are two versions of the file. The original one the vendor sent and the one that I just uploaded. You can use Version History to use or restore previous versions. In our case, we’re okay. I’m going to go ahead and close the dialogue box.

Right now there are just 5 contracts in the library, so it’s fairly easy to analyze what we have. However, in a few weeks, we’re expecting to have hundreds of contracts, and it will be much more difficult to analyze their status. That’s where list views come in. Views let you non-destructively reorganize what contracts are displayed.  This is similar to a sort in Microsoft Excel. In the library, I have three different views that I’ve created. All Documents, which is the default view created automatically, which shows all of the contracts. The second view is called “Below 20% Remaining,” which shows all of the contracts whose percent remaining is less than or equal to 20%. In this case, there are no results because all of the contracts are above 20% remaining. The third view is called “expiring within 30 days.” That shows you all the contracts whose end date is within 30 days. As you can see, views allow you to look at your information in different ways.

SharePoint libraries are a perfect solution for storing and tracking your contracts. In Part 2 of the series, I will demonstrate how to process invoices against a contract and automatically update its available balance and its percent remaining. Thank you for reading.

If you have addition questions are would like help automating your workflow in SharePoint, Office 365, or SharePoint Online please contact us.


Author: Dean Virag

Editor: Alex Finkel