If you’re an MSP, there’s a big change coming in how you manage your client’s Office 365 tenants and Microsoft 365 tenants. Microsoft 365 Lighthouse, now in public preview, is a new way to manage multiple client’s users and devices in a single pane of glass. This article will show you how to set up the preview, how to make sure your clients appear and how to manage settings and policies across all of them. There’s a companion video to this article, with demos of the setup and use of Microsoft 365 Lighthouse on our YouTube channel, or simply watch it below.

Note that Microsoft 365 Lighthouse is a different service than Azure Lighthouse, which lets an MSP manage resources in their client’s Azure subscriptions securely. It makes sense to name the services similarly since the concept of a “service provider managing a client’s cloud service” is the same but it’s bound to cause some confusion. We’ve looked at Azure Lighthouse here:

• • An MSP Go-to-Market Strategy for Azure Lighthouse

• • Azure Lighthouse Core Services

• • 11 Rad Ways Azure Lighthouse Integrates with Azure Services

Just aa Azure Lighthouse has been a game-changer for the business model of MSPs, Microsoft 365 Lighthouse will be a turning point for MSPs as well, with the difference that every MSP I know has all their clients on Office / Microsoft 365, while not everyone uses Azure.

Signing up for the preview

Before we get to the requirements to use Microsoft 365 Lighthouse let’s get it activated in your MSPs M365 tenant. It’s a straightforward process but it can take up to 24 hours, in my case it only took a couple of hours.

Sign into your tenant at admin.microsoft.com and go to Billing > Purchase services > Other services and search for Microsoft 365 Lighthouse public preview and buy a single license for $0. There’s no cost for Microsoft 365 Lighthouse during the preview, cost after General Availability hasn’t been revealed yet but I suspect it’ll be free, just like Azure Lighthouse.

Purchase Lighthouse public preview

After some time, you’ll receive an email to let you know that your tenant has been enabled for the preview.

Microsoft 365 Lighthouse enabled

Microsoft 365 Lighthouse requirements

There are a few things that need to be in place for you to take advantage of Microsoft 365 Lighthouse.

First your MSP must be enrolled in the Cloud Solution Provider (CSP) program, either as an Indirect Reseller or Direct Bill partner.

Secondly, each client must provide Delegated Admin Privileges (DAP) to your MSP.

Thirdly, at this time, each client must have at least one Microsoft 365 Business Premium license and they must have fewer than 500 licensed users. I suspect that some of these limitations will be lifted, probably after General Availability (GA). I’m sure there are many businesses larger than 500 users who are already using an MSP to manage their Office 365 tenant, just as there are many smaller businesses who rely on the advanced security features in Microsoft 365 E5 for instance, but their MSP would like to manage them using Lighthouse. With no inside information, I suspect Microsoft is focusing on this market segment to start with because it’s the one many MSPs focus on as well and converging on Business Premium only also makes sense as it gives a common set of features to manage using Lighthouse.

Fourth, if you want to manage tenant devices, they must be enrolled in Microsoft Endpoint Manager (MEM).

Fifth, for user account data to show up in reports, the client’s tenants must have Azure Active Directory Premium P1, which is included in Microsoft 365 Business Premium.

Sixth, to see devices on the threat management pages they must be running Microsoft Defender Antivirus (built into Windows). This one could be a bit tricky, many MSPs rely on their favorite AV tool and may not want to move to the built-in solution, but (if you’re stuck in the past) know that Defender AV is quite capable these days and is also a stepping stone to the excellent Microsoft Defender for Endpoint (MDE).

The last three on the list won’t stop you using Microsoft 365 Lighthouse but will limit the functionality as mentioned.

In summary:

1. 1. Enroll in the Cloud Solution Provider program
   2. Invite each client to Delegated Admin Privileges
   3. Ensure the clients have at least one Microsoft 365 Business Premium license
   4. Enroll devices in Microsoft Endpoint Manager
   5. Make sure the clients have Azure Active Directory Premium P1
   6. Enable Defender Antivirus

Enrolling in the Cloud Solutions Provider program

I suspect most Microsoft based MSP have already completed this step and my MSP took this step a few years ago so I don’t have screenshots to show you the process but here’s the official documentation.

Your main choice is between being an indirect reseller, where you buy Azure / Microsoft 365 and on-premises licensing through CSP via a distributor or being a direct bill partner. The latter requires you to provide the first level of support for your clients, fully manage customer billing and provisioning and generate at least 300,000 USD revenue in cloud sales in a 12-month period. Here’s the page to get started as in indirect reseller. 

Once enrolled the CSP area in the Partner Center lights up, here you can manage clients.

CSP in Partner Center

Invite a client to Delegated Admin Privileges

I suspect there’s a bit of dirty laundry in most MSPs cupboards (including mine) where they don’t have delegated access to their client’s tenants but instead have Global Admin accounts to login directly to each tenant to do any administration. If that’s the case, please ensure that those Admin accounts have MFA enabled.

To use Microsoft 365 Lighthouse, you need to set up your MSP with delegated admin rights to each tenant, start by clicking the link “Request a reseller relationship” in the CSP portal. Pick your indirect provider, make sure “Include delegated administration privileges” is selected and edit the email before sending it to your client. Note that the recipient must be a Global Administrator in the tenant to be able to action it.

Request a reseller relationship in the CSP partner portal

When a global admin for the tenant clicks the link in the email, they’re greeted with this screen and simply click the Authorize button.

Authorize client for Delegated Admin Privileges

They should now show up under customers in your CSP portal, in my case this was nearly instantaneous.

Exploring the Microsoft 365 Lighthouse portal

Logging on to the Home page

Go to https://lighthouse.microsoft.com and sign in with an account in your MSP tenant with Global Admin credentials and MFA enabled. If the account doesn’t have MFA enabled, you’ll need to enable it before being able to sign in. In case you find this burdensome, understand that you’re effectively accessing all your tenants in one place using Lighthouse so enforcing MFA is a must. I would also suggest that access to Lighthouse should be limited to approved, locked down admin workstations, something you can do using Conditional Access in AAD.

According to Microsoft it can take up to 48 hours before client data starts showing up in the portal, in my experience it took less than two hours.

Home in the Microsoft 365 Lighthouse Portal

On the Home page is an overview of my clients, with tiles for threats (Defender Antivirus), devices with it installed, risky users and device compliance. You can filter this view with the Tenants button in the top left.

User account pages

When I drill into the Risky users tile, I’m taken to the Users part of Lighthouse where there are four tabs, showing accounts that have been flagged as risky, and their current status (At risk or remediated). Clicking View risk detections for an individual account takes me to the AAD portal for that tenant to investigate the risk. The Multifactor Authentication tab shows the tenants status for MFA enablement, and users who aren’t registered for MFA whereas the Password reset tab shows the state of the tenants and accounts for Self-service password reset (SSPR). I can also search across all usernames and when I find a particular user, I can reset their password or block sign-in. Particularly password reset is a very common action for MSP helpdesk staff so instead of having to sign into a particular client’s tenant, find the user and then reset their password, you can do it here for any user.

Risky users blade

Antivirus and Threats

Clicking either the Threat or Antivirus tile takes me to the Threat management area where an overview tab shows me threats (active / mitigated / resolved), devices missing Defender AV and devices overdue for scans. The Threats tab shows a list of active, mitigated, resolved, and allowed threats, whereas the Antivirus protection tab shows me a list of devices, their state, if the AV is up to date, real-time protection state and if any scheduled quick or full scans are due.

Antivirus status across each device

The orange warnings in the screenshot show quick scans that are overdue. Clicking on an individual device brings up its details, plus options to run a quick or full scan, update the signatures and rebooting the device.

Device details in Antivirus view

Note that you can also multi select several devices and run scans on all of them or even reboot all of them in one fell swoop. You can also filter the view of the devices based on device state, threat protection, update status, and any overdue scans.

Devices & Tenants

The Device area has four tabs, Overview shows devices managed by compliance policies in MEM whereas the Devices tab shows the compliance status for each device with the ability to filter the view based on whether the device is corporate or personal, the OS its running and its status. The Policies tab syncs from MEM whereas the Settings tab shows non-compliant settings across tenants. In this area of Lighthouse, I noticed that the data on some tabs were missing, possibly due to the 48 hours not having passed after adding tenant. You can also click an individual device to see details and click a link there to see it in the full Endpoint Manager console.

Device compliance with MEM policies view

The Tenants view shows tenants, including ones that are ineligible for Lighthouse (missing license for Microsoft 365 Business Premium for instance) or ones that don’t have Delegated Administrative privilege yet. You can create and assign tags to different tenants as a way to organize them.

Security and Baselines

There are two specific Role Based Access Control (RBAC) roles associated with the Microsoft 365 Lighthouse, Admin Agent and Helpdesk Agent. The former has permissions to change most settings whereas the latter can view everything but only reset passwords, block sign-ins and update customer contact / website details. Microsoft recommends using Privileged Identity Management (PIM), a feature in AAD Premium P2 (in the partners tenant) to enforce the principle of least privilege so that a Helpdesk Agent can be eligible to be an Admin Agent but must go through a PIM workflow, which can include entering a service ticket, being approved by a supervisor and perform an MFA to elevate to that permission, for a restricted time of a few hours.

Security baselines are a key feature in Microsoft 365 Lighthouse, today you can’t edit them, there are six default baselines:

• • Require MFA for admins (CA report only policy)

• • Require MFA for end users (CA report only policy)

• • Block legacy authentication (CA report only policy)

• • Enroll devices in MEM & Azure AD Join

• • Antivirus policy – a Device Configuration profile

• • Windows 10 Compliance policy

In the Baselines area I can see the Default baseline and apply it to groups of clients. Note that the three Conditional Access policies are report only and thus won’t actually enforce the setting, just give you reports on where it would have been applied. This is a good way to get a grip on the state of MFA and legacy authentication usage across your tenants but in today’s security challenged business landscape it’s vital to move to enforcing MFA and disabling the legacy protocols as soon as possible.

There are two other areas in Microsoft 365 Lighthouse: Windows 365 that gives a view of any Cloud PCs in your client’s tenants and their network connections to on-premises. I don’t have any clients using Windows 365 yet, but it makes great sense to surface this information in Lighthouse.

The final area is Service health, it shows advisories and incidents across Teams / Microsoft 365 / Exchange Online and another 20 services, it’s the same view as in the Microsoft 365 Admin Centre but it makes sense to have it handy in this portal.

Conclusion

This is a public preview, and both the functionality and requirements are a bit limited, but I suspect this will change as feedback comes to Microsoft, particularly now that it’s in public preview. There’s a specific UserVoice for Microsoft 365 Lighthouse – join here.

I think Microsoft 365 Lighthouse will be a gamechanger for MSPs, it’s a shift in how you manage your clients’ digital estates at scale, and I suspect that it’ll find fans in both large and small MSPs. Some questions I have at this stage is the shared MSP model, which works in Azure Lighthouse where you can have one MSP managing your backups and IaaS VMs and another MSP handling your databases. Today that’s not supported in Microsoft 365 Lighthouse.

Another concern is the overlap with third party MSP management tools, and my initial take is that I’m far more likely to trust Microsoft to get security right rather than the RMM software vendors of today (especially given recent news), plus a first-party provided tool is always preferable to me personally. Full disclosure – I don’t use an MSP tool in my business, but I do rely on N-Able Take Control for remote access to devices.

Microsoft 365 Lighthouse isn’t a replacement for a Remote Monitoring and Management (RMM) tool today but once the functionality is expanded I can see this being one of the main tools in your MSP toolbox..

The post How to Manage Multiple Office 365 Tenants with M365 Lighthouse appeared first on Altaro DOJO | MSP.

2020 was a year that will go down in history as a difficult one for most of us, but in the MSP world, there were some silver linings, according to a survey we conducted in February. As it was an unprecedented year, we’ve seen many changes in the MSP market, with some MSP’s finding opportunities for growth. The biggest driving factors for this growth have been remote work and increased adoption of Microsoft 365 tools.

Here’s a summary of the positive discoveries from  our MSP survey:

• 60% of MSPs increased cross-selling 3rd party apps to manage Microsoft 365
• 87% of MSPs growing their Microsoft Office 365 business thanks to the pandemic.
• 2 in 3 MSPs found that Microsoft 365 helped them and their clients work better remotely

The most interesting discovery we’ve found is that 87% of the 325 Managed Service Providers (MSPs) surveyed told us that they saw increased Microsoft Office 365 business last year. See the sources of this extra revenue below:

Sources of increased revenue in 2020 for MSP’s

We conducted the survey between February and March to gauge the effect of COVID-19, and the subsequent shifts of employees increasingly working from home, on MSPs’ Microsoft Office 365 business.

But before we dive in any deeper into the data – a bit about you guys. Who answered our survey? Most of our respondents are located in North America (47.7%), Europe (46.5%) and Australia (3.7%). The vast majority of the people who answered have been in business for a significant amount of time, with nearly three out of every four (72.6%) having been in business for over 11 years. Talk about staying on top of your game. The fact that a similar percentage (75.4%) has 10 employees or fewer, might be a contributor to the success of these MSPs.

Here are more interesting discoveries from our survey:

Do you offer your clients email security services?

As a substantial chunk of the workforce of many companies moved to work remotely from different home offices, the need for email security increased, and the vast majority of MSP’s surveyed jumped on the occasion to offer email security services to their clients.

Microsoft 365 is a great platform to earn more recurring revenue. Do you do any of the following for your clients on Microsoft 365?

The majority of MSP’s have found new opportunities for revenue growth from Microsoft 365. Offering solutions for email security was the most frequently quoted source of recurring revenue, followed by offering help with email inbox management and training.

The increase in remote working gave my business more support volumes

More implementation means more work to support them, right? Well, according to the respondents, it does, but perhaps not as overwhelmingly as you’d think. 67.1% have said they either agree or strongly agree that support volumes have increased, while 27.4% declare that the volume of requests hasn’t changed that much.

70% of MSPs reported increased revenue from remote working

As organizations scrambled to move their teams to remote working, and as some industries were being decimated by the recession that came along with the pandemic, there were other sectors that just shifted gears to ensure business continuity for all, thriving through the chaos. Our industry was clearly one of them – in fact, 70% of MSPs said that they saw an increase in business when their clients shifted to working remotely.

Remote work impact on MSP revenue

This might sound obvious to most, but other industries that should have seen their budgets remain the same went the other way, such as the 52% of UK companies who said that they were reducing marketing budgets.

MSPs working with Microsoft Office 365 were paramount in facilitating this shift to remote working, in fact over half of the MSPs who answered our survey (55%) said that they saw an increase in implementation business for Microsoft Office 365.

MSPs increased their business with the help of Microsoft Office 365

Two thirds of MSPs surveyed felt that Microsoft 365 helped them (and their clients) transition smoothly from office-based working to remote working, and they largely agreed that this transition gave them increased business opportunities, matching the findings of our survey last year, in which 76.6% of respondents had predicted that remote working would be the biggest generator of revenue during the pandemic.

Impact of Microsoft 365 on remote work

Overall MSPs agreed that remote working made it easier for them to upsell extra solutions to their clients. Support volumes increased, too. Over two thirds of respondents told us that they had increased support volumes over the course of the pandemic.

Overall the survey showed quite a rosy picture for MSPs. Over the course of 2020 MSPs implemented more Microsoft 365 solutions than ever before, with clients flocking to collaboration tools like Teams, OneDrive and SharePoint (Cloud).

Most popular tools deployed by MSPs

Revenue streams around Microsoft 365

We also tried to understand some of the ways in which MSPs can generate recurring revenue from Microsoft 356 deployments. This is the holy grail of most businesses, so we’re hoping that you can take a look and get inspired by what you see. 91% of the people who answered the survey told us that they offer email security solutions.

Email security solutions are also used by two thirds of MSPs to generate recurring revenue, whereas around half of MSPs who answered told us that they earn recurring revenue on email inbox management. Some other services that you could think about offering your clients should include training services, process automation, setting up databases and help with specific tools, such as programming in Excel and project management in Planner.

Increased revenue opportunities from third-party tools

MSPs also saw increased revenue opportunities from the availability of third-party tools to manage their clients’ Microsoft Office 365 deployments, such as Altaro’s Office 365 Backup for MSPs.

These tools help both MSPs and their clients to have increased peace of mind, and it is clear that businesses are seeing the value in them: 85% of MSPs use secondary tools to enhance clients’ 365 setup, and 84% of MSPs who chose to go with third-party email security solutions also set up third-party backup solutions for their clients, showing that the opportunities for cross-selling these two services is very high.

How MSP’s manage Microsoft 365

Microsoft and MSPs throughout the pandemic

We also surveyed MSPs about how they felt that Microsoft reacted to their increased needs during the pandemic. The general sentiment was neutral. MSPs felt that their relationship with Microsoft didn’t really change last year, which is actually just what a brand would want to hear, as it shows consistency. MSPs were, by and large, satisfied with the support quality and response times they received from Microsoft, too.

Full data access to MSP Survey Results

If you’re interested, you can see the full data here.

The post 70% of MSPs saw increased revenue as companies work from home appeared first on Altaro DOJO | MSP.

At Ignite 2020, Microsoft announced a new Lighthouse solution for Microsoft 365. Designed for Managed Service Providers (MSPs) this offers a central console where you can manage all your Microsoft 365 (M365) clients in a single dashboard. In this article we breakdown what was announced and why this is a big deal for MSPs.

There isn’t much to go on, apart from a Microsoft blog post, and a short breakout session from Ignite 2020 but the concept is very interesting, especially for MSPs managing clients with high numbers of M365 users and frequent onboarding.

We have also covered more on Microsoft Ignite 2020 – check out our analysis on Satya Nadella’s keynote.

What is Microsoft 365 Lighthouse?

It’s quite straightforward – it’s a single place to onboard new M365 clients, monitor their compliance state across different metrics, and standardize automation and auditing across all of your clients. It relies on the MSP having set up Delegated Access Permission (DAP) with Global Administrator permissions in their client’s tenants and devices being enrolled in Intune.

Device Compliance across five clients

What Does Microsoft 365 Lighthouse do?

In the preview, there are three main areas of focus, starting with device compliance. You can see what policies are applied to devices in each client, how many devices are compliant at each client and you can compare policies across clients.

Compliance policy list

The second solution on offer looks at threats across all of your clients and the protection status of Microsoft Defender Antivirus on all Windows 10 devices. This gives you a single console to see whether there are any active threats, which devices have it deployed and if there are pending actions (scans, required OS updates, reboots etc.) as well as if there were threats that were blocked or quarantined. Also, you can see Conditional Access policies across clients.

Threat management dashboard

Finally, you can manage user access management across all clients. Resetting passwords, blocking access, setting up delegated access to a mailbox or OneDrive for Business, adding a user to a group is done in a single pane of glass. This one feature could be worth it for many MSPs, today you either have to create custom PowerShell scripts to automate these tasks or login to each client’s individual management portal to do this.

As Microsoft gets feedback from MSPs participating in the preview, expect more features to be added such as the ability to see M365 service health across different clients and support requests.

Is Microsoft 365 Lighthouse a Gamechanger for MSPs?

As an MSP I find the concept intriguing but given the scant information, I’m cautious. Microsoft will need to add a lot of features to make this a worthy competitor to existing MSP management solutions on the market. But that may not be their aim, at least not initially, it might just be an additional tool to make it easier to manage multiple M365 tenants in a standardized way.

Further, I find the focus on Microsoft Defender worrying, many MSPs don’t use the otherwise excellent Endpoint Detection and Response tool due to its high cost. I’m really looking forward to seeing how this service evolves over the coming months.

If you’re an MSP and you’re interested in trying out M365 Lighthouse when they expand the preview you need to fill in the form.

More info on Microsoft 365 Lighthouse

Are you looking forward to Microsoft 365 Lighthouse? Let us know in the comments.

The post Microsoft 365 Lighthouse – Simple M365 Management for MSPs appeared first on Altaro DOJO | MSP.

Hello everyone! Today we’re talking about a subject that has garnered many an article and many a discussion over the last several years. That is the questions of whether Hyper-V or VMware is better for your MSP toolbox. Many of you may already have a winner in mind, and that’s fine, I only ask that you keep an open mind. Additionally, you should note that I write this article with the assumption that in both cases you would have technicians that are fully trained and understand each product. It wouldn’t be a fair comparison if you compared a veteran Hyper-V engineer’s deployment vs a novice VMware Admin’s deployment. So, as we talk about both technologies below, engineering know-how will enter into the discussion very little.

Without further delay let’s start by looking at features!

Features

Features have become a part of the VMware vs. Hyper-V debate that has become much more difficult to cover in the past couple of years. This isn’t because one is far better than the other in this area. It’s the opposite! Feature parity between the two is basically a wash these days. For example, both have:

• Enterprise Networking.
• Hybrid Cloud Options.
• 3rd Party Integrations.
• Hyperconverged Options.
• Automation Capabilities
• Containerization Capabilities

Additionally, looking at what both vendors call configuration maximums (the largest amount of resource utilization/assignment the hypervisor/vms can handle) it’s apparent that each vendor’s maximum is so high, only the mega-corporations of the world risk running up to those limits as shown below.

Hyper-V Host Maximums for Example

VMware Host Maximums

As you can see, both options scale-out to ridiculous heights, with both having the ability to serve up just about any virtualization need your customers could come across.

If you’re interested in looking further into these config maximums you can find the Hyper-V Maximums discussed here, and the vSphere ones here.

This hasn’t settled our debate, so let’s move onto the next section Manageability

Manageability

The manageability story for this comparison is a bit murkier than the features section above. Each vendor has a different management story and a slightly different way of doing things. If I had to break it down as quickly as possible with a short answer, I would say this:

With a fully trained team, management of either product is effective for MSPs. However, vSphere is more forgiving for junior engineers and those that may not be familiar with virtualization. I say this with Hyper-V being my hypervisor of choice and due to the following:

In vSphere, you have a single pane of glass tool for managing the entire solution; the vSphere Client. You connect to the vSphere client on a stand-alone host or a vCenter instance and the management experience is largely the same. With Hyper-V, you will use one of several possible tools, including:

• Hyper-V Manager
• System Center Virtual Machine Manager
• PowerShell
• 3rd Party Management Tool
• Azure Front-End (If using Azure Stack)

While these different tools are highly effective, they are all used in different deployment types, and different scales, and it can lead to confusion and frustration for new IT Pros. That difference aside, both of these products are well suited for MSP management. Both have integrations with MSP RMM and reporting platforms, and both can be used in automation scenarios via PowerShell and PowerCLI.

Likely the determining factor here is going to be what your engineering team is comfortable with. If you’re automating as many functions as you can (and you should be) the numerous management tools for Hyper-V is likely a non-issue. So, from an MSP perspective comparing these two tools, we’re still at an even stretch after this section.

Let’s talk about pricing and cost next.

Pricing and Cost

It’s this stage of the discussion where I start to lean towards Hyper-V. From a pure engineering perspective (no talk of sales or margins involved) Hyper-V wins this section hands-down. And I would argue it’s due to one simple fact. With Windows Server licensing you are given virtualization rights to run 2 VMs with a standard edition and the ability to run unlimited VMs with datacenter edition on a licensed piece of hardware. This is regardless of the hypervisor type. This requirement is the same whether you’re running Hyper-V or vSphere, and this is where the determining factor comes from.

The vast majority of your customers are going be running Windows Server. That’s just a fact. If you want to run Windows Server on top of vSphere you still have to buy those Windows Server licenses, and guess what? That Windows Server license comes with Hyper-V and all you need to run a small to a mid-sized cluster already. So, it comes down to a simple question. Why would you pay for the extra licensing for vSphere when you already get what you need for most use-cases with the purchase of Windows Server licenses that you must buy anyway?

For a standard business (Engineering know-how aside) the answer is simple. For an MSP, a little less so. For the aspiring MSP the decision to choose vSphere over Hyper-V comes down to three extra factors. 1 of which I personally don’t like.

1. Adding in vSphere to the deal adds extra profit margin for the MSP
2. vSphere is already the defined virtualization solution in the MSPs toolbox.
3. Chosen Hybrid Cloud Option.

I will concede that all MSPs have a mandate to make money. That’s how the business continues to grow and function and everyone needs to put food on the table at the end of the day. I do, however, have an issue with selling a product (in this case vSphere) for the sole purpose of adding to my profit margin. If that’s the ONLY reason I’m choosing vSphere as an MSP, my customers should look elsewhere because it increases the cost on them for the sole goal of lining my own pocket. You’d be surprised how many times I’ve seen this.

If this describes you, I would argue that when it comes to cost specifically (all other factors aside) doing a given project with Hyper-V will allow you to come in at a lower price point. Sure not as much margin, but long-term customer trust goes a long way.

As for item 2 on the list above, it’s never too late to change your toolset. If this is the sole resistance to changing your core virtualization choice, then I would suggest putting together a proof of concept and going from there.

Item 3 is fairly simple as well. It’s no secret that Hyper-V has native integrations with Azure, and that VMware is closely aligned with AWS. If you have an affinity for one of those public clouds over the other, that may well influence your decision as well.

NOTE: Looking for info on pricing cloud services?

Is Hyper-V or VMware Better for MSPs?

So, we’ve looked at a few different things as part of this discussion, and I’ve found in my travels that these are the three most important areas for MSPs. Ready for the winner?

My answer to which one is better? Surprise! It comes down to which one fits in your company culture better. Are you a historically Microsoft-centric shop and want to use Azure? Then go with Hyper-V? Are you a fan of AWS? Then you likely want to go with VMware. Are you looking for on-prem only and want the lowest cost for your customers? Choose Hyper-V. But please, for the sake of your customers, don’t be the MSP that chooses VMware just to get a little extra margin.

Whatever choice you make, train up your engineers and integrate it into your MSP stack and your chosen solution will serve you well. Both are fantastic and mature products with large companies behind them ready to help if needed.

What do you think? Agree with my assessment? Don’t agree with it? Let me know in the comments section below!

Looking forward to your discussion!

The post Hyper-V vs. VMware – What is Best for Your MSP? appeared first on Altaro DOJO | MSP.

Now that the masses have finally embraced Windows 10 as the next mainstream Windows operating system after many organizations skipped Windows 8 entirely, administrators and managed service providers (MSPs) should include Sysprep in their toolkits.

Windows 10 will likely be used by billions of devices over the next decade, so in response enterprises and service providers are now adopting it.  However, these businesses are facing practical challenges, like how to deploy and maintain customized versions of Windows 10 across thousands of users. IT Departments should always preconfigure their users’ operating systems to ensure that the correct applications are installed for productivity, and the correct security settings are enabled to grant or block access to corporate network resources. This “master copy” guarantees that everyone has the correct configuration on their computers.  It also helps the IT department by reducing their support costs and providing easier ongoing maintenance by simplifying their testing matrix every time that they want to make a change.

The challenge is that an identical copy of an OS cannot be used by multiple users simultaneously as system components like Actively Directory objects must be unique. This means that the master copy must be stripped of any unique identifiers, which is done using a Microsoft utility known as Sysprep (“System Preparation”). This blog will explain how Sysprep works and will also cover some special considerations for use with Windows 10.

Understanding How Sysprep Works

To create this master copy of an operating system, you will deploy the OS, its applications and settings on a computer or virtual machine. This configuration will then be saved as an image file, which is like a blueprint of the system. This master copy should include everything that your users will need, including:

• The OS
• Applications
• Roles and Features
• Productivity Tools
• Third Party Software
• Custom Software
• Security Software
• Security Updates
• Identity Information
• Networks
• File Access
• Licenses
• And all User and Application Settings

This image should then be saved and tested extensively in a production environment to ensure that everything works as expected.

Once this Windows 10 image is ready, it will be used as the baseline operating system which all users will receive when they join the company or update their hardware.  To manage the creation and customization of images, a utility like Microsoft’s Deployment Image Servicing and Management (DISM) or the Microsoft Deployment Toolkit (MDT) will be used to configure Windows image (.wim) files or Hyper-V virtual hard disks (VHDs).  Remember that this the master image itself cannot be distributed because it retains its own unique identifiers within the network, and having thousands of computers with the same security identifier (SID), Active Directory identity, and IP addresses would cause many problems.  For this reason, images need to go through a scrubbing process to remove these characteristics which should not be copied to other computers.  This process is called “generalization”, which is usually done with the Sysprep utility.

When this clean image is then deployed to a client, the unique identifying information which was removed must now be provided for the operating system to function.  This can be entered by the user during the first system boot in Out-Of-Box Experience (OOBE) mode, including the computer name, account information, language selection, and network or domain connections.  Some IT departments will also complete these final setup steps for each user through a privileged audit mode, or by using an answer file.  An answer file is a list of variables which will get automatically entered during installation, such as unique computer names, IP addresses and other registry settings which were stripped during generalization.

Using Sysprep to Create Hyper-V Templates

A Hyper-V template is essentially a pre-configured virtual machine, which is conceptually similar to an image file.  Hyper-V templates allow organizations to redeploy identical virtual machines with the same configuration.  For Windows Server, this is commonly used to scale out a virtualized infrastructure when more capacity is needed.  For Windows client, Hyper-V templates can be used for virtual desktop (VDI) scenarios where end users access a virtualized workstation.  Just like with image files, these templates also need to be generalized to remove any uniquely identifying formation.

Organizations can also use Sysprep with Hyper-V virtual hard disks that contain the parent partition (operating system), effectively turning them into templates.  If an organization is using System Center Virtual Machine Manager (SCVMM), they can use the VM Template and Library features to create a master copy, then they can enter the unique computer information during each deployment of a VM.  Without SCVMM, admins can use DISM with Sysprep to take a VM’s virtual hard disk and generalize the image to create a Hyper-V template.

Using Sysprep with Windows 10

To be able to cope with the demand, administrators and managed service providers (MSPs) really should have Sysprep in their lockers.  Sysprep in Windows 10 generally works the same as with previous operating systems, however, there are a few special considers that admins should be aware of.

• Sysprep will not work if the computer is connected to the Internet, so network access should be blocked after any applications are downloaded from the Internet.
• Windows Store “modern applications” will often cause failures during the generalization process. This appears to happen on the built-in apps which have been recently updated as documented in KB 2769827.  These apps can be added later with a script that will run upon the first boot.
• Users have reported issues when upgrading from the early version of Windows 10 (1507 and 1511) to later version, then Sysprepping this image. It is recommended to start with the most recent public release, or at least version 1607.
• Always consider licensing! During the Sysprep process, the active product key from the image is removed, so a new license must be added after the image has been deployed.  Most enterprises will use Active Directly Activation which will provide a volume product key.  Service providers and MSPs may not be able to use this since they do not want the tenant joining their own domain, so instead, they can configure the template to connect to a Key Management Services (KMS) server to receive its activation keys.  This process is documented in this Microsoft blog by Kirill Kotlyarenko.

Now you can see how Sysprep can help businesses deploy their customized Windows 10 images at scale.  Remember that Sysprep is just one of the tools needed in the deployment process.  For more information and a walkthrough of the entire imaging process, please check out Microsoft’s documentation on how to Modify a Windows Image.

Do let us know below if you have any questions or issues with this process. We’re more than happy to assist!

Thanks for reading!

The post Sysprep Windows 10 & Hyper-V Templates for Quick Deployments appeared first on Altaro DOJO | MSP.

Now that the masses have finally embraced Windows 10 as the next mainstream Windows operating system after many organizations skipped Windows 8 entirely, administrators and managed service providers (MSPs) should include Sysprep in their toolkits.

Windows 10 will likely be used by billions of devices over the next decade, so in response enterprises and service providers are now adopting it.  However, these businesses are facing practical challenges, like how to deploy and maintain customized versions of Windows 10 across thousands of users. IT Departments should always preconfigure their users’ operating systems to ensure that the correct applications are installed for productivity, and the correct security settings are enabled to grant or block access to corporate network resources. This “master copy” guarantees that everyone has the correct configuration on their computers.  It also helps the IT department by reducing their support costs and providing easier ongoing maintenance by simplifying their testing matrix every time that they want to make a change.

The challenge is that an identical copy of an OS cannot be used by multiple users simultaneously as system components like Actively Directory objects must be unique. This means that the master copy must be stripped of any unique identifiers, which is done using a Microsoft utility known as Sysprep (“System Preparation”). This blog will explain how Sysprep works and will also cover some special considerations for use with Windows 10.

Understanding How Sysprep Works

To create this master copy of an operating system, you will deploy the OS, its applications and settings on a computer or virtual machine. This configuration will then be saved as an image file, which is like a blueprint of the system. This master copy should include everything that your users will need, including:

• The OS
• Applications
• Roles and Features
• Productivity Tools
• Third Party Software
• Custom Software
• Security Software
• Security Updates
• Identity Information
• Networks
• File Access
• Licenses
• And all User and Application Settings

This image should then be saved and tested extensively in a production environment to ensure that everything works as expected.

Once this Windows 10 image is ready, it will be used as the baseline operating system which all users will receive when they join the company or update their hardware.  To manage the creation and customization of images, a utility like Microsoft’s Deployment Image Servicing and Management (DISM) or the Microsoft Deployment Toolkit (MDT) will be used to configure Windows image (.wim) files or Hyper-V virtual hard disks (VHDs).  Remember that this the master image itself cannot be distributed because it retains its own unique identifiers within the network, and having thousands of computers with the same security identifier (SID), Active Directory identity, and IP addresses would cause many problems.  For this reason, images need to go through a scrubbing process to remove these characteristics which should not be copied to other computers.  This process is called “generalization”, which is usually done with the Sysprep utility.

When this clean image is then deployed to a client, the unique identifying information which was removed must now be provided for the operating system to function.  This can be entered by the user during the first system boot in Out-Of-Box Experience (OOBE) mode, including the computer name, account information, language selection, and network or domain connections.  Some IT departments will also complete these final setup steps for each user through a privileged audit mode, or by using an answer file.  An answer file is a list of variables which will get automatically entered during installation, such as unique computer names, IP addresses and other registry settings which were stripped during generalization.

Using Sysprep to Create Hyper-V Templates

A Hyper-V template is essentially a pre-configured virtual machine, which is conceptually similar to an image file.  Hyper-V templates allow organizations to redeploy identical virtual machines with the same configuration.  For Windows Server, this is commonly used to scale out a virtualized infrastructure when more capacity is needed.  For Windows client, Hyper-V templates can be used for virtual desktop (VDI) scenarios where end users access a virtualized workstation.  Just like with image files, these templates also need to be generalized to remove any uniquely identifying formation.

Organizations can also use Sysprep with Hyper-V virtual hard disks that contain the parent partition (operating system), effectively turning them into templates.  If an organization is using System Center Virtual Machine Manager (SCVMM), they can use the VM Template and Library features to create a master copy, then they can enter the unique computer information during each deployment of a VM.  Without SCVMM, admins can use DISM with Sysprep to take a VM’s virtual hard disk and generalize the image to create a Hyper-V template.

Using Sysprep with Windows 10

To be able to cope with the demand, administrators and managed service providers (MSPs) really should have Sysprep in their lockers.  Sysprep in Windows 10 generally works the same as with previous operating systems, however, there are a few special considers that admins should be aware of.

• Sysprep will not work if the computer is connected to the Internet, so network access should be blocked after any applications are downloaded from the Internet.
• Windows Store “modern applications” will often cause failures during the generalization process. This appears to happen on the built-in apps which have been recently updated as documented in KB 2769827.  These apps can be added later with a script that will run upon the first boot.
• Users have reported issues when upgrading from the early version of Windows 10 (1507 and 1511) to later version, then Sysprepping this image. It is recommended to start with the most recent public release, or at least version 1607.
• Always consider licensing! During the Sysprep process, the active product key from the image is removed, so a new license must be added after the image has been deployed.  Most enterprises will use Active Directly Activation which will provide a volume product key.  Service providers and MSPs may not be able to use this since they do not want the tenant joining their own domain, so instead, they can configure the template to connect to a Key Management Services (KMS) server to receive its activation keys.  This process is documented in this Microsoft blog by Kirill Kotlyarenko.

Now you can see how Sysprep can help businesses deploy their customized Windows 10 images at scale.  Remember that Sysprep is just one of the tools needed in the deployment process.  For more information and a walkthrough of the entire imaging process, please check out Microsoft’s documentation on how to Modify a Windows Image.

Do let us know below if you have any questions or issues with this process. We’re more than happy to assist!

Thanks for reading!

The post Sysprep Windows 10 & Hyper-V Templates for Quick Deployments appeared first on Altaro DOJO | MSP.

When it comes to infrastructure management MSPs really have a rough go of it if you think about it. Most internal IT Organizations have a flat network or at least multiple networks connected with the proper routing and network translation. These connectivity options make the management and patching burden for those internal IT departments much easier to wrap their hands around. MSPs don’t really have this luxury.

The typical MSP management story looks much like figure 1 below, in that you have multiple disparate customers, each with their own networks, subnets, and WANs. Maybe some of them even share the same IP scheme (192.168.1.0/24 anyone?). Some of them may have connected VPNs back to the MSPs. Most will not. Some will be using a collocated datacenter, and some will be using the public cloud. This can make management at scale difficult, because not only do MSPs have to actually reach the endpoints/servers they are looking to manage, it must be done in a way that management of one system is easy and does not affect the management of the others.

Figure 1: MSP Managing Multiple Sites with Multiple Similar or Dis-similar network segments

How to Manage Hyper-V at Scale

This article is going to focus on the few tools that are available that can help MSPs manage Hyper-V at scale specifically. Hyper-V is a core service that many MSPs leverage today, and if you can’t manage it effectively at scale, it can become difficult, like many solutions. Also, like other solutions, there isn’t magic “one-size-fits-all” answer to this issue. What works for one MSPs workflows and processes, may not for a different MSPs, you’ll have to review the tools available and make your own judgments.

Before we start listing tools, it is worth noting that you’ll likely only have to do this with your larger customers. Most SMB customers running Hyper-V will be low touch customers. In those situations, simply RDPing into the customer’s environment and making changes as needed will be enough. The tools mentioned below will likely be needed in those situations where you have a customer that is larger, has customized virtualization needs, or makes changes frequently.

Let’s take a look

Hyper-V Manager and Failover Cluster Manager

This is likely the simplest option. Many are apt to just discard these tools in the scope of this discussion, but I would suggest otherwise. I’ve seen many MSPs who make it a common practice to setup VPN tunnels between their larger customers and their management location. As long as it’s done properly you can make sure that there is no “cross-talk” between customer networks.

Once established Hyper-V Manager and Failover Cluster Manager (FCM) can be used just like they normally would if you were on-prem at the customer’s location. You may notice some latency, but nothing that is deal-breaking.

The problem with this option is that the MSP has to take care that their own network does not become compromised by an outside attacker. If that happens, said attacker could potentially have access to all of the customer networks attached via VPN, which would obviously be VERY bad. You could help mitigate this by creating a separate “Management Network” that your engineers have to connect to first before attempting to manage customers.

The other issue with this approach is when we’re talking about managing “at-scale”, these tools don’t lend themselves well for that. When managing things at scale, you’ll want to be automating certain tasks, and these tools don’t really allow for that.

System Center Virtual Machine Manager

This tool is something of a step up over the above. While I’ll be the first to tell most organizations that you don’t need SCVMM to use Hyper-V, and will actively advocate that they don’t use it, my stance is a bit different for MSPs. You’d still use the VPN setup for your customers as I mentioned above, but SCVMM does a better job of maintaining customer and “cloud” separation. In SCVMM you would define a private cloud for each customer that consists of their Hyper-V deployment and their associated infrastructure (Storage, Network…etc). You would then see them as abstracted resources to be consumed within VMM for each customer location. It’s more to manage, but it does a better job of managing multiple locations in this fashion.

One question that I’m commonly asked at this point is what about running SCVMM over WAN? I wouldn’t recommend it. Any management traffic of any kind I’m opposed to it traversing the public internet. At a bare minimum, it should go through an encrypted VPN tunnel. Even if you only establish said VPN tunnel when there is a management need.

One other thing to note. VMM is not a tool that requires little overhead. There are some fairly significant system requirements and ongoing maintenance. If you want something that provides as good of control, but with less overhead, take a look at the next two options.

Your RMM Package

No MSP is complete without an RMM package such as Connectwise Automate or Continuum. Both tools (and others) provide the hooks and mechanisms to provide some management and monitoring overhead of your Hyper-V systems. Many MSPs will opt for this option because it already fits in well with their existing workflows and processes. Additionally, VPNs are often not a requirement here because most RMM platforms have been designed to avoid that requirement.

The capabilities are not uniform across all RMM platforms, and you’ll want to take a look at your own platform’s documentation to see exactly what type of management options there are for Hyper-V.

NOTE: Interested in RMM platforms and other MSP tools? Check out our MSP tool comparison guide!

PowerShell

Regardless of that, one thing all of these platforms have in common is the ability to manage and execute PowerShell scripts against managed endpoints, including Hyper-V Hosts. The Hyper-V PowerShell Module is VERY mature, and anything you can do in the management GUIs (and more) can be done using PowerShell. For example, all the below common tasks can be done using PowerShell:

• Start/Stop VMs
• Take Checkpoints
• Configure Virtual Machine Settings
• Configure Hyper-V Host Settings
• Configure vNICs and vSwitches
• Manage VHD(X)s
• Deploy new VMs
• Migrate VMs
• Etc….etc…..

You can script any Hyper-V task/function you desire and then use your RMM toolkit to deploy and execute said script. Need some ideas on what sort of things to do? Jeff Hicks, one of our Altaro Hyper-V authors, has some amazing articles on using PowerShell to work with Hyper-V.

Wrap-Up

Choosing and standardizing on one of the options listed here can make managing customer virtualization infrastructure easier and more effective. You’ll want to research each option and find out which one is right for you and your customers. Keep in mind though, what works for you may be a combination of all these options!

What about you? Do you have any management stories about trying to manage Hyper-V for your customers? What worked? What didn’t? We’d love to hear in the comments section below!

Related posts:

4 Reasons Why You Shouldn’t Drop Yout Toolset So Quickly

5 Essential Tools for Managing Customer Documentation

4 Reasons You Should Add Azure to Your MSP Toolbox

The post How to Manage Hyper-V at Scale for MSPs appeared first on Altaro DOJO | MSP.

Windows Server 2019 has been out for roughly 6 months now, and with the obligatory (for many MSPs) grace period out of the way, many MSPs are finally starting to put 2019 into production. While this is good news, I do find that most MSPs simply rip and replace, and keep things exactly the way they are, just with the newer version OS. Looking at or using new/improved features often gets pushed to the side in the quest to simply bring customers up to the latest version. This guide will break down the essential features of Windows Server 2019 that every MSP should be using.

Windows Server 2019 includes A LOT of enhancements and fixes. Microsoft focused their efforts on many different items, but when I start thinking about this release through the prism of a service provider I start thinking about what features are most valuable to those organizations, and ultimately their customers.

Note: If you run or manage virtual environments that have one or more physical machines or legacy servers that have not been virtualised you can now use Altaro Physical Server Backup to protect these physical machines and keep them safe. Altaro Physical Server Backup is a free server backup software solution created to satisfy this need, with the added bonus that it’s free. Download Altaro Physical Server Backup

Below I’ve put together a list of 4 Windows Server 2019 features that every MSP should be using, and my reasoning why. Let’s take a look!

1. System Insights

Predictive analytics is something that is immensely useful for MSPs. You want to know when your customers are going to run tight on resources, so you can proactively respond to that need. Yes, your RMM platform may provide this function somewhat, but those types of applications usually depend on things like internet connectivity, and centralized repositories for logs…etc. System Insights runs and stores its data 100% locally. This allows it to continue working even if there is a network outage.

Additionally, System Insights is included with Windows Server, so even though young-in-the-tooth MSPs who may not have an RMM platform yet, can take advantage of what it has to offer.

Figure 1: System Insights CPU Forecasting – Photo from docs.microsoft.com

Note: Currently System Insights is available in the Windows Server 2019 Insider Preview Build

Additional information on system insights can be found here.

2. Server Core App Compatibility Feature on Demand

I’ve been a huge fan of Windows Server Core since it first came out in the Server 2008 R2 Days. I come from a Linux background so the idea of having a Windows Server with just the components I needed installed was wildly appealing. While I’ve continued to push that idea, I find that many MSPs still aren’t onboard with the idea. There are many reasons why. Mainly it comes down to supportability. While an MSPs senior engineers may be comfortable managing stuff from the command line, Level 1 and 2 technicians may not be. Sure, you can manage the box remotely, but not everyone knows how to troubleshoot connectivity solely from the command line. This is where the Server Core App Compatibility Feature on Demand comes into play.

Sure, it’s a mouthful to say, and it’s not readily apparent by its name what it does, but this is a tool worth looking at. Essentially this adds some of the underlying UI prereqs to Windows Server Core without installing the full-blown desktop experience. Now you can run tools like:

• Microsoft Management Console
• PerfMon
• Device Manager
• Disk Management
• Cluster Manager
• Etc…etc.

The enables your team to have better local management of Windows Server Core without having to install too much extra on the endpoint itself.

More information on how to install this feature can be found here.

3. Storage Migration Service

Windows Server 2008/R2 End of life is fast approaching and MSPs are still scrambling to get customers migrated off of the OS. For many MSPs, doing the migration isn’t simple. It involves data transfer and potential downtime, along with finer details like DNS changes, device map changes….etc.

The Storage Migration Service is a new service in Windows Server 2019 that is accessed via Windows Admin Center. This tool is designed to assist in migrating data from older server to new ones, and the best part is it’s included at no extra cost! It even works with operating systems as old as Windows Server 2003. Yes, that’s is not a typo. Windows Server 2003 is a supported OS for migration with the Storage Migration Service.

If you’d like a bit more information or even a short Demo on this service, I conducted a webinar a short while that that included a demo of the Storage Migration Service.

4. Storage Spaces Direct

For the last item on our list today we’ll be talking about Storage Spaces Direct (or S2D for short). S2D is a Hyper-Converged Infrastructure offering in the Windows Server Stack. For those that aren’t aware, Hyperconverged Infrastructure (of HCI for short) is a method of running compute and storage within the same cluster node. This cuts down on the amount of hardware needed and allows you to scale storage and compute at the same time while using cheaper commodity hardware.

Many MSPs will scoff at the suggestion of using S2D over a traditional SAN vendor such as EMC or NetApp but pause to consider how much those SAN vendors have cost you over the years. Storage isn’t cheap, and it gets eaten REALLY fast in most cases. Many smaller MSP customers can’t afford a traditional SAN. S2D is one option for closing that gap.

Additionally, the performance capabilities of S2D have gotten quite good in the past few years, and the management experience has improved dramatically. 3 years ago, I would have told you S2D wasn’t ready for prime-time. Now I’d give you a much different answer.

If you’ve looked at S2D in the past and discarded the notion, I would highly recommend you reconsider today. The offering has become quite mature and is highly scalable.

Wrap-Up

By no means is this a full list of new features in Windows Server 2019. Again, I feel that the ones listed here simply have more value to MSPs specifically than others. Using these new tools and sticking with the trends in the industry will allow you to keep a leg up on your competition and stay competitive in the MSP market in the days to come.

What about you? What are your thoughts on this list? Have you used any of these features to date? We’d love to hear if you have! Let us know in the comments section below!

The post 4 Windows Server 2019 Features Every MSP Should Be Using appeared first on Altaro DOJO | MSP.

Building a web scraping tool can be incredibly useful for MSPs. Sometimes there isn’t always an API or PowerShell cmdlet available for interfacing with a web page. However, there are other tricks we can use with PowerShell to automate the collection and processing of a web pages contents. This can be a huge time saver for instances where collecting and reporting on data from a web page can save employees or clients hundreds of hours. Today I’m going to show you how to build your own Web Scraping tool using PowerShell. Let’s get started!

We are going to scrape the BuildAPCSales subreddit. This is an extremely useful web page as many users contribute to posting the latest deals on PC parts. As an avid gamer such as myself this would be extremely useful to check routinely and report back on any deals for the PC parts I’m looking for. Also, because of the limited amount of stock for some of these sales, it would be extremely beneficial to know about these deals as soon as they are posted. I know there is a Reddit API available that we could use to interface with, but for the purpose of demonstrating making a web scraping tool we are not going to use it.

Web Scraping with Invoke-WebRequest

First, we need to take a look at how the website is structured. Web Scraping is an art since many websites are structured differently, we will need to look at the way the HTML is structured and use PowerShell to parse through the HTML to gather the info we are looking for. Let’s take a look at the structure of BuildAPCSales. We can see that each Sale is displayed with a big header which contains all the info we want to know, the item and the price:

Now, let’s use the Web Developer tool in our browser to further inspect the HTML portion of these posts. I am using FireFox in this example. I can see that each Post is tagged in HTML with the “h2” tag  :

Let’s try scraping all of our “h2” tags and see what we come up with. We will use the Invoke-WebRequest PowerShell cmdlet and the URL to the Reddit webpage and save it as a variable in order to collect the HTML information for parsing:

$data = invoke-webrequest -uri "https://www.reddit.com/r/buildapcsales/new/"

Now we are going to take our new variable and parse through the HTML data to look for any items tagged as “h2”. Then we will run through each object and display the “innertext” content which is the text content of the tag we are searching for:

$data.ParsedHtml.all.tags("h2") | ForEach-Object -MemberName innertext

Yay, it worked! We are able to collect all the deals posted:

I like what we have so far, but I don’t only want the post headings, but also the links for each sale. Let’s go back and look at the webpage formatting and see what else we can scrape from it to get the links. When using the inspection tool in Firefox (CTL + SHIFT + C) and clicking on one of the sale links, I can see the HTML snippet for that post:

Looks like these are tagged as “a” which defines a hyperlink in HTML. So we want to run a search for all HTML objects tagged as an “a” and we’ll want to output the “href” for these instead of the “innertext” as we did in the example above. But this would give us all hyperlinks on this page, we need to narrow down our search more to only pull the links that are for sales. Inspecting the web page further, I can see that each sale hyperlink has the class name “b5szba-0 fbxLDD”. So we’ll use this to narrow our search:

$data.ParsedHtml.all.tags("a") | Where{ $_.className -eq ‘b5szba-0 fbxLDD’ }| ForEach-Object -MemberName href

Now we have the links to the items for each post. We now have all the information we are looking for:

Processing Our Web Information

Now that we have the information we want, we need to process it, I would like to create a table for each sale and its respective link. We can do this by using the following syntax:

$data = invoke-webrequest -uri "https://www.reddit.com/r/buildapcsales/new/"

$Sales = $data.ParsedHtml.all.tags("h2") | ForEach-Object -MemberName innertext
$Links = $data.ParsedHtml.all.tags("a")  | Where{ $_.className -eq ‘b5szba-0 fbxLDD’ }| ForEach-Object -MemberName href


Foreach ($Sale in $Sales)
    {
    $index = $sales.IndexOf($sale)
    $row = new-object -TypeName psobject
    $row | Add-Member -MemberType NoteProperty -Name Sale -Value $sale
    $row | Add-member -MemberType NoteProperty -Name Link -Value $links[$index]
    [array]$table += $row
    }

When we go to look at our $table, we can see the correct info:

Taking It Further

Now, let’s take it a step further and make this web scraping script useful.  I want to be notified by text if there is a specific sale for a PC component that I’m looking for. Currently, I’m searching for a good 144hz monitor. So, to get notified of the best deals, I created a script that will run as a scheduled task every 15 minutes on my computer. It will scrape the Reddit web page for any monitor deals and notify me of the deal via text, then it will make note of the deals that have been sent to me in a text file to ensure that I’m not getting spammed repeatedly with the same deal. Also, since I don’t have an SMTP server at my house, I’ve set up a g-mail account to send email messages via PowerShell. Since I want to receive these alerts via text and not email, I am sending the email alerts to my phone number which can be done with each popular carrier. I’m using Google Fi, so I just simply put in my phone number with @msg.fi.google.com and the email goes right to my phone as a text. I’ve also encrypted my g-mail account password into a file with the process outlined in our blog post about encrypted passwords in PowerShell.  After everything’s done, the syntax will look like this:

#Edit this to change the string to web scrape for
$PCPart =  "Monitor]"
#Edit this to change the email address to send alerts to
$EmailAddress = "1234567890@msg.fi.google.com"

#Collect information from web page
$data = invoke-webrequest -uri "https://www.reddit.com/r/buildapcsales/new/"

#filter out headers and links
$Sales = $data.ParsedHtml.all.tags("h2") | ForEach-Object -MemberName innertext
$Links = $data.ParsedHtml.all.tags("a")  | Where{ $_.className -eq ‘b5szba-0 fbxLDD’ }| ForEach-Object -MemberName href

#create table including the headers and links
Foreach ($Sale in $Sales)
    {
    $index = $sales.IndexOf($sale)
    $row = new-object -TypeName psobject
    $row | Add-Member -MemberType NoteProperty -Name Sale -Value $sale
    $row | Add-member -MemberType NoteProperty -Name Link -Value $links[$index]
    [array]$table += $row
    }




#analyze table for any deals that include the PC Part string we are looking for
If ($table.Sale -match $PCPart)
    {
    $SaletoCheck = $table | where-object {$_.sale -match $PCPart}
    ForEach($sale in $SaletoCheck)
        {
            if ((Get-Content C:\scripts\SaleDb.txt) -notcontains $sale.link)
            {
                #Save link to text file so we don't send the same deal twice
                $sale.link | out-file C:\scripts\SaleDb.txt -Append

                #obtain password for gmail account from encrypted text file
                $password = Get-Content "C:\Scripts\aespw.txt" | ConvertTo-SecureString 
                $credential = New-Object System.Management.Automation.PsCredential("lukeautoscript@gmail.com",$password)

                $props = @{
                    From = "lukeautoscript@gmail.com" 
                    To = $EmailAddress
                    Subject = $sale.sale
                    Body = $sale.link
                    SMTPServer = "smtp.gmail.com"
                    Port = "587"
                    Credential = $credential
                    }
                Send-MailMessage @props -UseSsl
              }
        }
    } 

We wait for a sale for a good monitor to pop up and see our end result:

Wrap-Up

As you can see web scrapping tools can be incredibly powerful for parsing useful web pages. It opens up so many possibilities to create useful scripts that one might think were not possible. Like I said previously, it is an art, a lot of the difficulty depends on how the web site is formatted and what information you are looking for. Feel free to use my script in the demo if you want to configure your own notifications for PC part deals. If you’re curious, I ended up getting a good deal on an Acer XFA240 and the picture looks amazing with 144hz! Let me know in the comments below if you’ve created or plan on creating a web scraping tool.

The post Creating Web Scraping Tools for MSPs with PowerShell appeared first on Altaro DOJO | MSP.

Most MSPs have a lot on their plates. Not only are there customer needs and demands to be taken care of, there is staff to train, people to hire, inventory to manage, and sales and marketing work to be done. However, I often find that one VERY important area gets pushed under the rug, and that is documentation. I find that documentation is often a last priority for many MSPs, which I’ve always found to be quite perplexing because without it:

• You can’t service your customers as well due to poor documentation
• You have no record of service for your customers
• You’re possibly losing customer passwords
• Licensing tracking isn’t being done properly
• Inventory is becoming out of date
• Defined processes aren’t being followed
• Change Control is not being followed

This is just to name a few! I could likely go on for at least 3 times the list above, but you get the picture. The fact is that without proper documentation, you don’t run as efficiently as you can. Some would argue with me that documentation takes too much time, to which I would respond, how much time is lost if you don’t have the correct password when you need it? How much time is lost when you don’t have the IP address to the switch in the warehouse corner and you need to make a change? How much time is lost when you need to re-install and re-license that manufacturing application that went out of support 3 years ago, but you don’t have the license anywhere?

These are just a few examples, but the time lost really adds up. So, with that in mind, I’d like to focus this article on some tools that can be used to help you keep track of documentation, and help you avoid some of the pitfalls listed above.

Let’s take a look.

Interested in Other MSP Tools?

While this article focuses on documentation tools, you can see a broader list of tools by looking at our infographic on MSP Tools here!

1. Ticketing Software

This may seem like a given, but I’m often surprised at how many small MSPs are still working off of the “pen and paper” system. Proper incident tracking is your first line of defense for when issues crop up. When a new issue comes to your MSP, your first line tech. should be looking to answer the question of Has this happened before? If so what was the resolution? Who fixed the issue? If it’s not a repeat issue, it can be documented in a new ticket, so those questions can be answered at a later date when the issue shows up again.

This is a basic example, but there is more you can do here. There is a lot of valuable information to be gleaned from ticketing software, even outside of a single incident. As the IT expert for your customer, you should be looking at incident trends. For example, maybe ABC Company has started having a lot of printing issues over the last month. Your technicians in the trenches may not see that as they are trained to handle calls as they come in, but if you look at a customer’s issues over a larger time span you can start to see trends. Once you notice there have been many printer related issues, now you can start to figure out the root cause. Maybe it’s a printer that is EOL, maybe it’s a copy center with a failing network card in it. Whatever the reason, you can do some long-term analysis and fix the issue at its source instead of continuing to deal with the issues as they come in.

Software Options: Connectwise Manage, Kaseya BMS, Tigerpaw

2. RMM Tool with Inventory Management

This item really goes hand-in-hand with ticket software these days. In fact, many tools available on the market today either integrate the two, or contain both within the same tool. The reason for this is simple. In order to properly support your customers, you need to know what they have. Additionally, you’ll be able to track and associate a particular service issue with a particular piece of equipment, and like the point I made above, you then have the ability to start looking at service trends for a specific asset. The advantages of this pair become VERY apparent once you start using it.

Software Options: Connectwise Automate, Continuum, NinjaRMM

3. Password Manager

There is nothing worse than working on a critical customer issue at 2 in the morning, and need a password that you don’t know and can’t find. Now you either have to scrap the work or call your customer at home at 2 AM, and chances are they don’t’ know the password either. Not to mention, as an IT Service company, not having something as simple as a password makes you look extraordinarily bad.

With that said, Passwords are very easy to track but must be done so in a way that is functional yet secure. There are two different options really, online password management trackers and offline. If you use an online password management tool such as LastPass, you’ll want to make sure you turn on 2-factor authentication. If you’re utilizing something local like KeePass for example, remember that these tools often us a file-based database to store the passwords. Such databases are easily copied and moved, so you’ll want to pair this with a specific process or a technical mechanism to track access and activities.

Additionally, there are some companies like Thycotic that will provide you with enterprise-grade password management and control. They tend to be expensive but can be VERY worth it for larger MSPs.

Software Options: LastPass, KeePass, Thycotic

4. Wiki for Customer Information

Customer information comes down to more than just passwords and service issues. Think about all the stuff on your customers’ network. Networking devices, proprietary devices (often seen in manufacturing and healthcare), specific 3^rd party applications, and special needs for certain users, just to name a few. While it’s easy to track the items we’ve talked about thus far, there is some information that requires a more long-form type of format. For example:

• Installation instructions for a medical application
• Imaging Instructions for a point-of-sales kiosk
• Licensing keys and contact information for a manufacturing CNC machine.
• LAN Diagrams and Documentation
• Network CIDR blocks and routing information
• Etc…etc…etc….

The amount of information you should have documented for each customer can be staggering, but nothing beats good documentation when you need it.

What I’ve found works really well for this is a Wiki. Just a simple webpage that contains a section for each customer and is remotely accessible to your engineering staff. You’ll need to secure it properly to meet your needs, but there are several ways to do so.

Sometimes simple is better.

Software Options: WordPress, Drupal, Joomla

5. Network Management

Network management tools are more of a niche area when it comes to documentation, but it is really important. While the above wiki option can be used to track a lot of this, it’s tough to beat a tool designed for network documentation. Tools in this category will track IPs, router configurations, networking performance trends, firewall rules….etc…etc. The main reason why I included this as its own section is that while the above stuff you can usually get a workaround in place for most issues when it comes to networking, you NEED the correct information when you need it. I highly recommend that once you have the above basics in place, that this is the next category you look at when it comes to documentation.

Software Options: NetBrain, Cacti

Wrap-up

Hopefully, this article will help you get off on the right foot when it comes to documenting your customers’ networking and equipment. Good documentation can be a life-saver, and it’s ultimately one of those things that takes a good MSP and turns them into a great one.

What about you? Do you have some existing documentation tools that you use and would like to share? Be sure to let us know in the comments section below!

The post 5 Essential Tools for Managing Customer Documentation appeared first on Altaro DOJO | MSP.