How to remove unused devices from Sophos Central – Sophos News

The number of devices managed in your Sophos Central will increase over time, and, as your estate evolves, some devices may not have a recent last activity date.

This could be due to a multitude of reasons. The device may have been decommissioned. It was set up as a quick test machine. Or the user has left the company. The list goes on.

Whatever the reason, you may already have a robust process in place for dealing with such devices. Perhaps your tenant is looking spick and span and is a model deployment. Although, I’m sure for many of us out there, there’s a device that may have slipped through the net and is lying dormant in Sophos Central.

So why do I need to do this?

Currently the Sophos Central Active Directory (AD) Sync Utility supports synchronizing AD users and user groups, but not devices and device groups. This means there is currently no native method to clear old devices from Sophos Central automatically. If there are many devices in need of deleting, we do not want to manually delete these through the UI of Sophos Central.

We have two options. The first is somewhat a manual process using the Sophos Central API to gather device information and manually cross reference those devices against your source of devices. You can create a script which will delete devices using the Sophos Central API.

At the end of this blog post there are two demo scripts to allow you to gather inactive devices and then delete them.

The second option still uses the Sophos Central API to gather device information, but with the added benefit of using a Security Information and Event Management (SIEM) and Security Automation and Orchestration (SOAR) tool to make it as automated as possible from end to end.

For the second option we need to answer a few questions:

  • What data will I need to collect to help determine whether I can delete a device?
  • What happens if an active machine is deleted automatically?
  • What tools do I have to assist with this process?

To answer these questions, I will cover the basic components of our process as a template for you to implement into your own environment and processes. For a quick overview, below is a process diagram we have in place.

What data is needed?

Firstly, and most importantly, we need a source of truth for devices, and for most organizations this is AD. You will need to monitor the latest changes in the Disabled OU or equivalent location dependent on how your organization manages retired devices and rebuild processes. Important fields from this data source are:

  • Hostname
  • Domain
  • Distinguished Name
  • Operating System
  • Operating System Build Number

We also need to establish the current devices in Sophos Central. We can gather an inventory list of devices using the Sophos Central API.

The fields will be gathered using the Sophos Central get endpoint API.

Key fields from this data for this process are:

  • hostname
  • id
  • lastSeenAt
  • os
  • type
  • associatedPerson
  • tenant

Together, these will form a solid base to help determine which systems are potential candidates for deletion.

How can we validate the AD and Central data?

The data is correlated using the hostname and domain of the device. In an ideal world, we would want to have a universally unique identifier (UUID) which ties them together. You may have another method which works in your environment to achieve this correlation.

Once the two data sources are correlated, we need to establish some comparatives before we pass the data to a SOAR tool for processing to ensure there is some logic to handle the events.

What questions require some logic to answer?

Our aim for this process is to remove devices from Sophos Central which are no longer active. To achieve this without deleting valid devices we need to think of likely scenarios of when we do not want to delete a device.

Determine device inactive period:

The purpose of this is to allow a sensible period of inactivity for a system in the disabled OU. By only returning those devices inactive above a certain period of time, we are less likely to delete a device which may not need to be deleted from Sophos Central.

  • Convert lastSeenAt field to Unix epoch time using strptime, lastSeenAt format is: “2019-09-23T12:02:01.700Z”
  • Calculate how many days since device was last seen: (now() Unix epoch – lastSeenAt Unix epoch)/86400

Validate whether the OS build matches:

There could be a situation where the hostname and domain match a system in the inventory where the OS build does not match. In this instance, this device should have a flag set for manual intervention to avoid errors. The best method is comparing the OS build of the device in against the data from Sophos Central.

Automate

We now have several systems identified in the data which could be deleted from Sophos Central. Using a SOAR platform will allow you to pass each event through a flow process to determine what should happen to the device.

By checking the data you have from your SIEM against live Sophos Central Endpoint API data, you can make a final validation that the device is indeed inactive and can be deleted.

In addition to the automation aspect of deleting devices, we also need to do some auditing and perhaps include some scenarios to enforce manual intervention before deletion can be authorized.

Monitor VIP devices:

To avoid unintentional deletion of devices for VIP users, we would advise flagging these devices for manual intervention to verify whether the device can be deleted from Sophos Central. One possibility is using a specific user AD group to define who these users are.

Active devices:

After comparing the machine last activity with the data from the SIEM and that obtained through the live Sophos Central API query, it’s calculated that the device has reported back into Sophos Central recently. These machines should be raised for manual validation before they are deleted.

Avoid duplication of processing:

Logging which devices have been deleted allows for auditing and exclusion of these systems when collating the information at the start of the process.

Track active processing which has been passed for manual intervention:

Where devices require manual intervention and a ticket is opened, it is recommended to log these and exclude from future processing while the ticket is open. As part of the SOAR process intervention, this can be automated. Once the relevant response is received, the change can be made. Whether the device is deleted or not is noted and the ticket is updated, and the ticket log is removed as active.

Track deletion failures:

It is recommended to also flag failures to delete or verify device information so manual intervention can be applied to these.

Whoops, an active device was removed

In a situation where a device is removed incorrectly, the following steps are required to protect the endpoint:

  • If the host does not have Sophos Endpoint Protection installed, simply download the latest installer from Sophos Central and install it to the endpoint.
  • If the endpoint already has Sophos Endpoint Protection installed and Tamper Protection is not enabled, first uninstall Sophos Endpoint Protection and install using the latest installer from the correct Sophos Central tenant.
  • If Sophos Endpoint Protection is installed and Tamper Protection is enabled, please follow the steps below:
  1. Log on to the correct Sophos Central tenant: https://cloud.sophos.com/manage/login
  2. Go to: Logs & Reports > Endpoint & Server Protection > Recover Tamper Protection passwords (Passwords will remain in this report for 60 days after deletion)
  3. Search for the host name and click on ‘View details’ to view the latest Tamper Protection password that was active on the machine prior to deletion
  4. Open Sophos Endpoint Protection UI on the device
  5. Click on ‘Admin login’ and enter the Tamper Protection Password
  6. Select ‘Settings’ and tick the box ‘Override Sophos Central Policy for up to 4 hours to troubleshoot’
  7. Under ‘Control on Users’ turn off Tamper Protection
  8. Uninstall Sophos Endpoint Protection
  9. Reinstall Sophos Endpoint Protection with the latest installer from the correct Sophos Central tenant

Wind it up and let it go

With the basic building blocks in place you are ready to dry run the automation flow. Some key milestones are:

  • In your chosen SOAR platform be sure to disable the final action to delete the device before testing.
  • Validate whether each device meets its expected outcome before committing to delete.
  • When going live with the automation start off by deleting devices slowly. This will allow time to further fine tune your process and find any more gotchas.
  • Reach out to your AD admins and service desk teams for feedback. They can provide valuable insight to the process and could highlight a key point that may have been overlooked.

For us, this process of removing the clutter of unused devices in Sophos Central has been invaluable. It also gives Central admins time back to focus on other tasks, which would normally be taken up with a manual process of checking and deleting old devices.

Sample Python to gather devices

Gather old device data

To gather old devices to check against AD please use the following code example (you will need to have the Sophos Central API Connector installed). This will create JSON files of the devices.

You will need to change ‘find_old’ and ‘client_id’ variables.


# Demo code sample using Sophos Central API connector. Not intended for production use.

import getpass
import logging
from sophos_central_api_connector import sophos_central_api_tenants as api_tenant
from sophos_central_api_connector import sophos_central_api_auth as api_auth
from sophos_central_api_connector import sophos_central_api_connector_utils as api_utils
from sophos_central_api_connector import sophos_central_api_get_data as get_api
from sophos_central_api_connector.sophos_central_api_output import process_output_json as json_output
from sophos_central_api_connector.config import sophos_central_api_config as api_conf


def main():
    log_level = "INFO"
    log_name = log_level
    level = getattr(logging, log_name)
    logging.basicConfig(level=level, format='%(asctime)s - %(levelname)s - %(message)s',
                        datefmt='%d/%m/%Y %I:%M:%S %p')

    logging.info("Start of Logging")

    # Enter the variable to set how old devices you wish to return. E.g. for more than 30days enter '-P30D'
    find_old = "<ADD IN TIME>"

    # Enter your Sophos Central API Client ID (This is generated when setting up Sophos Central API credentials)
    client_id = "<ADD IN YOUR CLIENT ID>"

    # Set authorisation and whoami URLs
    auth_url = api_conf.auth_uri
    whoami_url = api_conf.whoami_uri
    partner_url = api_conf.tenants_ptr_uri
    organization_url = api_conf.tenants_org_uri

    # Get client secret by prompting user
    client_secret = getpass.getpass(prompt="Provide Sophos Central Secret ID: ", stream=None)

    # Get Sophos Central API Bearer Token for authorisation
    sophos_access_token = api_auth.get_bearer_tok(client_id, client_secret, auth_url)

    # Construct id_headers
    headers = api_auth.validate_id_headers(sophos_access_token)

    # Lookup up the unique ID assigned to the business entity for Sophos Central API
    whoami_id, whoami_type, whoami_data = api_auth.get_whoami_data(headers, whoami_url)

    # Obtain correct whoami uri/header based on the whoami type
    header_type, tenant_url = api_auth.validate_whoami_type(whoami_type, whoami_data, partner_url, organization_url)

    # Construct tenant headers
    tenant_headers = api_tenant.gen_tenant_headers(headers, whoami_id, whoami_type, header_type)

    # Check and gather tenant information
    if whoami_type == "tenant":
        tenant_info = api_tenant.type_tenant(tenant_headers, whoami_id, tenant_url, sophos_access_token)
    else:
        tenant_info = api_tenant.get_tenant_info(headers, tenant_url, sophos_access_token)

    # Generate urls for tenants
    api = "endpoint"
    page_size = "50&lastSeenBefore={0}&fields=tenant&fields=hostname&fields=id&fields=lastSeenAt&fields=os&fields=type&fields=associatedPerson".format(find_old)

    # Generate tenant url data
    tenant_url_data = api_utils.generate_tenant_urls(tenant_info, page_size, api, from_str=None, to_str=None)

    for ten_id, ten_item in tenant_url_data.items():
        # Pass the ten_url_data and gather devices
        tenant_id = ten_id
        # get data information for the tenant in the loop
        json_data = get_api.get_data(tenant_url_data, page_size, tenant_id, api)
        filename = tenant_url_data[tenant_id]['filename']
        json_output(json_data, filename, api)


if __name__ == "__main__":
    main()

Delete identified devices in Sophos Central

To delete the identified assets you can edit the JSON that was gathered previously and remove any devices which should not be deleted. The demo script assumes the JSON file is in the same location as the script. You will need to change ‘client_id’ variable.


# Demo code sample using Sophos Central API connector. Not intended for production use.

import getpass
import logging
import os
import json
import requests
from sophos_central_api_connector import sophos_central_api_tenants as api_tenant
from sophos_central_api_connector import sophos_central_api_auth as api_auth
from sophos_central_api_connector import sophos_central_api_connector_utils as api_utils
from sophos_central_api_connector.config import sophos_central_api_config as api_conf


def main():
    log_level = "INFO"
    log_name = log_level
    level = getattr(logging, log_name)
    logging.basicConfig(level=level, format='%(asctime)s - %(levelname)s - %(message)s',
                        datefmt='%d/%m/%Y %I:%M:%S %p')

    logging.info("Start of Logging")

    # Enter your Sophos Central API Client ID (This is generated when setting up Sophos Central API credentials)
    client_id = "<ADD IN YOUR CLIENT ID>"

    # Set authorisation and whoami URLs
    auth_url = api_conf.auth_uri
    whoami_url = api_conf.whoami_uri
    partner_url = api_conf.tenants_ptr_uri
    organization_url = api_conf.tenants_org_uri

    # Get client secret by prompting user
    client_secret = getpass.getpass(prompt="Provide Sophos Central Secret ID: ", stream=None)

    # Get Sophos Central API Bearer Token for authorisation
    sophos_access_token = api_auth.get_bearer_tok(client_id, client_secret, auth_url)

    # Construct id_headers
    headers = api_auth.validate_id_headers(sophos_access_token)

    # Lookup up the unique ID assigned to the business entity for Sophos Central API
    whoami_id, whoami_type, whoami_data = api_auth.get_whoami_data(headers, whoami_url)

    # Obtain correct whoami uri/header based on the whoami type
    header_type, tenant_url = api_auth.validate_whoami_type(whoami_type, whoami_data, partner_url, organization_url)

    # Construct tenant headers
    tenant_headers = api_tenant.gen_tenant_headers(headers, whoami_id, whoami_type, header_type)

    # Check and gather tenant information
    if whoami_type == "tenant":
        tenant_info = api_tenant.type_tenant(tenant_headers, whoami_id, tenant_url, sophos_access_token)
    else:
        tenant_info = api_tenant.get_tenant_info(headers, tenant_url, sophos_access_token)

    # Generate urls for tenants
    api = "endpoint"
    page_size = None

    # Generate tenant url data
    tenant_url_data = api_utils.generate_tenant_urls(tenant_info, page_size, api, from_str=None, to_str=None)

    logging.info("Creating device deletion URLs...")

    for file in [os.path.basename(file) for file in os.listdir() if file.endswith(".json")]:
        with open(file, 'r', encoding='utf8') as device_file:
            logging.info("Processing file: {0}".format(file))
            device_dict = json.load(device_file)
            for ten_id, ten_item in tenant_url_data.items():
                tenant_id = ten_id
                for item in device_dict.values():
                    tenant_ref = item['tenant']['id']
                    if tenant_ref == tenant_id:
                        orig_url = ten_item['orig_url']
                        headers = ten_item['headers']
                        device_id = item["id"]
                        endpoint_url = "{0}/{1}".format(orig_url, device_id)
                        del_ep = requests.delete(endpoint_url, headers=headers)
                        del_sc = del_ep.status_code
                        logging.info("Device ID: {0}, deletion status: {1}".format(device_id, del_sc))


if __name__ == "__main__":
    main()

Net Universe offers all Sophos Devices and subscritpions also consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/sophos.

New sharing dialog for Google Drive, Docs, Sheets, Slides, and Forms

What’s changing 

We’re updating the interface you use to share files from Google Drive, Docs, Sheets, Slides, and Forms on the web. This will replace the previous interface used to share files and manage members of shared drives. These changes will make it easier to share files only with specific people without expanding access beyond what’s needed.

Who’s impacted 

End users

Why it matters 

Sharing files is critical to collaboration. This is especially true now, as more workforces are remote and collaborating on files from different locations. By making it easier to share files with specific people, we hope to improve collaboration while reducing the risk of access by unwanted users. 

Additional details 

We’ve made several changes to the sharing experience. These make it easier to perform common tasks, avoid accidental permission changes, and quickly see who has access to a file. Specifically you may notice:

  • Separated, task-focused interface: The new sharing dialog highlights essential user tasks like sharing a file, changing permissions, and viewing file access. The redesign also visually separates sharing with people and groups from link-sharing. 
  • Quick “copy link” button: We’ve added a “copy link” button to make it easier to get the link without changing link permissions. 
  • Easily see current access: The new interface more clearly shows who currently has access to the item, making it easier to quickly audit and change permissions. 

The new sharing interface for Google Drive and Docs editors files 

The old sharing interface for Google Drive and Docs editors files 

Getting started 

  • Admins: This change will take place by default. There is no admin control for this feature. 
  • End users: This feature will be ON by default. Use our Help Center to learn more about how to share Google Drive files. 

Rollout pace 

Availability 

  • Available to all G Suite and Drive Enterprise customers, as well as users with personal Google Accounts 

Resources 

Roadmap 

[ad_2]

Net Universe offers all Google devices with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/google.
You can visit our Shop Online

 

Over-include and thoroughly analyze: Advice from Zoho One customer C.A.R.S. Protection Plus

Note: This story is part of an upcoming series focused on sharing experiences and advice from our customers. Stay tuned for more from #ZohoInfluence.

“The work-from-home transition has gone incredibly well. Shockingly well, in fact,” Rick Tudor, director of operations for Zoho One customer C.A.R.S. Protection Plus began. As a warranty provider, C.A.R.S. Protection Plus has a vast network of dealers and vendors they regularly work with so while full remote work was new to the company itself, they thankfully had lots of experience working closely with people across the country. C.A.R.S. decided to move to fully remote work pretty early on, not wanting to take any chances with the COVID-19 crisis. And thankfully between that early decision and previous work with remote partners, they’ve got some great advice to share about how businesses can successfully transition to remote work without business interruption, not to mention what they think everyone can learn from this experience.

They’ve found that by paying close attention to employee needs and perspectives, making sure the right tech is in place to support those needs, and continuing to think about ways they can add value for their customers is the recipe for success in uncertain times. And while business in a remote economy is a huge change of pace and some things may have to be put on hold, C.A.R.S. emphasizes how much businesses can do to keep up and make the most of their time—everything from improving existing technology to enhancing analytics for a full picture, to doing small things to help others and set your business up for success down the road. 

For C.A.R.S., a big factor in this transition has been making sure employees’ needs are being met across the board—this includes access to the right data, information, technology, and even hardware to make sure their home environment is as conducive to productivity as their work environment. It’s important to remember that this transition isn’t just scary for you, your staff may be struggling, too. “Make sure you’re supporting all their needs as they transition to home,” Rick elaborates, “Zoho Assist has been incredibly useful in supporting 45 remote users who had never worked from home, and many of which had never used a laptop before.” It’s important to make sure you cater to employees who’ve never experienced this type of environment and enable their success.

“One of the biggest pitfalls of remote work is that people tend to start feeling like they’re not on a team,” Rick explained, “the best way to combat that is to ramp up communication, even to the point where you may feel like you’re over-including folks.” Generally, C.A.R.S. stresses the importance of really paying attention to employee needs, and that’s something they advise all businesses to really think about. When remote work is completely new for your business, it’s natural to be nervous about productivity dips or worry that work isn’t getting done, but the best thing you as a leader can do in that situation is to make sure you’re listening to your staff and thinking about things from their perspective.

“Cliq allows us to stay in constant contact with our staff, and we generally touch base daily at a supervisor-to-employee level,” Rick explained, “it allows remote workers to feel included, not on an island, and informed of what’s going on company-wide.” C.A.R.S. also conducts a stand-up call each morning via Zoho Meeting, which they’ve found to be critical for keeping everyone in the loop and reproducing some workplace normality. And beyond all that, everyone’s in need of a bit more social interaction these days.

In addition to coping with changes on the people side of the business, C.A.R.S. knows it’s important to consider what we all can learn from this experience, and things we can all work on that we may not have been able to otherwise. “If you have time, task your agents to do clean-up work in your systems, make sure important fields are filled out consistently,” Rick said, “and take advantage of this opportunity to engage with customers: schedule training, deliver remote sales presentations, and do what you can to be helpful to your customer base.” 

Another thing Rick recommends is expanding reporting and analytics business-wide and making sure managers have the tools they need to ensure their teams are remaining efficient. “One of the key things for us in evaluating current employee performance is keeping in mind which employees should be given the option to work remotely in the future, after this is all over,” he explained, “generally let this crisis show you areas for growth in your business. A work-from-home environment gives you longevity for remotely managing employees—you could even consider hiring remotely in the future, which gives you a much deeper pool of folks to recruit from in the future.”

C.A.R.S. suggests everyone take advantage of this time to build out their analytics. “One of the ways we have expanded is predictive analytics to tell us when a dealer might be getting ready to leave our ecosystem—we use this to manage the frequency with which our territory managers visit their accounts, thereby making those dealers less likely to leave,” Rick said. Previously, they often weren’t aware there was a problem until the dealer had already moved on to another provider. “In order to do this, we leverage Zoho Analytics‘ ability to function as a data warehouse, combining information from external systems with Zoho CRM. We then created a dashboard we push to CRM, which is tied to a local SQL database of sales data from our ERP solution,” he explained. Now any dealer who falls out of their typical submission cadence not only shows up on their dashboard, but an alert is sent to the account owner and their supervisor, letting them know this is an “at risk” account and follow up is required. They have a similar dashboard and system to establish when their territory managers should visit accounts.

This is also a great time to think about ways you want to improve your processes, like adding in automation to reduce manual workload. “We’ve started leveraging Zoho Forms and CRM to outsource the shipping of our Dealer and Territory Manager supply requests,” Rick started, “now we allow our team to submit a Zoho Form for the supplies they need and have it routed to an external shipper who then verifies the address and validates eligibility of certain requests through CRM before they drop ship the request.” C.A.R.S. has also started using Zoho CRM to allow an external call center to set appointments for them. “We’ve provided one of our Zoho One licenses to a call center who uses custom reports we created to target certain areas and set appointments for our external team,” he explained.

Lastly, Rick emphasized how much everyone should be thinking of what positive changes they can make to their business as a result of what they’ve learned during this time, even the smaller things. “You should consider what you can save on in-house resources, like thinking about if you could have a smaller office and more staff work remotely, or re-purposing office space for training or something that may help customers in another way,” Rick said, “And on a smaller scale, think about ways you can use less paper by leveraging document management platforms like Workdrive. It’s important to think about resources you can save to better your business and the world around it.”

Net Universe offers all Zoho subscritpions and consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/zoho.

Focusing on the positive when losses overwhelm: Violet Press’ story

Note: This story is part of an upcoming series focused on sharing experiences and advice from our customers. Stay tuned for more from #ZohoInfluence.

“There really isn’t a part of our business that has been unaffected by COVID-19,” began Vi Warner, independent artist and owner of the small business Violet Press, a Zoho One customer. She was hit quickly by the economic impact of COVID-19. Vi is a letterpress artist who left her career as a lawyer to turn her passion into her livelihood. She works on a vintage machine and, alongside her brother Jake, creates custom invitations and stationary for weddings and greeting cards to sell wholesale and at her shop. Before the pandemic started, Vi had just recently moved her small shop to an area with more foot traffic. Once the quarantine orders set in, however, she had to switch gears. Vi had to close down her brick and mortar store and many of her custom work clients postponed their contracts.

“I’m not sure when we will reopen and things feel very shaky right now. We haven’t gotten any government assistance and we’re not alone there—93% of small businesses didn’t receive PPP or EIDL loans/grants and that first wave of money has now run out,” Vi elaborated. Like so many small businesses, the COVID-19 crisis is causing significant hardship for Violet Press. Since this downturn started, Vi has started taking on part time legal work. This shift, however, is not due to any sort of failure of the business or Vi’s creativity, this new set of challenges are simply new things to adapt to, knowing that Vi’s passion will be there when she’s able to dedicate her full time to it again.  

“Our wedding invitation side has sustained losses due to cancellations and postponements. Our retail side is closed to keep customers and ourselves healthy. Our wholesale side has faced similar cancellations and delays as other small businesses that carry our greeting cards have closed and fear they may never reopen,” Vi explained.

While it’s been hard because many of her wedding contracts have been postponed, Vi is planning to start taking this opportunity to put more focus on the online face of her business. Though weddings are being postponed, people have not stopped planning them, nor have people stopped falling in love and getting engaged. People who are engaged now are simply giving themselves more time to plan and perfect their weddings, they’ll just be happening much later on. Though Vi has had to face new challenges due to this pandemic, she hopes this time provides ways for her to keep creating in a way that she may not have been able to with her regular work schedule.

In the meantime, as a member of Zoho’s ESAP program, Zoho can at least make sure that she has one less thing to worry about. “As we currently have very few ways to bring in income, breaks from vendors are super helpful. Having Zoho extend a few free months to us not only helps our expenses, but boosts morale and helps us feel supported.”

And if you find yourself or folks you know in need of greeting cards or custom wedding stationary invites amongst all of this, please take a look at Vi’s work on her website here. If we may say so ourselves, it’s beautiful.

Net Universe offers all Zoho subscritpions and consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/zoho.

Save power by automatically turning off Google Meet hardware displays

What’s changing

We’ve added a setting in the Admin console to allow you to enable power-saving signaling over HDMI from Google Meet hardware. When enabled, this feature can help you save power by turning off Meet hardware displays when they’re not in use.

Who’s impacted

Admins only

Why you’d use it

Some displays, like those in conference rooms and lobbies, are often left on indefinitely, wasting power and shortening their useful lifespan. This setting allows compatible displays to be turned off automatically after 10 minutes of inactivity.

Displays are automatically turned on 10 minutes before a scheduled meeting or if a user interacts with the touch panel controller.

Additional details

You might need to turn on HDMI-CEC, change other advanced settings, or update the firmware on your display. Consult your displays manual for more information.

Getting started

Admins: This feature will be OFF by default and can be enabled at the organizational unit (OU) level. Visit the Help Center to learn more about turning display power saving on or off for your organization.

End users: There is no end user setting for this feature.

Rollout pace

This feature is available now for all users.

Availability

  • Available to all G Suite customers

Resources

Roadmap

[ad_2]

Net Universe offers all Google devices with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/google.
You can visit our Shop Online

 

Enhanced security for Windows 10 devices now generally available

Quick launch summary 

You can now manage and secure Windows 10 devices through the Admin console, just as you do for Android, iOS, Chrome, and Jamboard devices. This also means you can enable SSO so users can more easily access G Suite and other SSO-enabled applications on Windows 10 devices. This was previously available in beta.

Now, all G Suite admins can now use Google Credential Provider for Windows to:

  • Enable their organization to use existing G Suite account credentials to login to Windows 10 devices, and easily access apps and services with SSO. 
  • Protect user accounts with Google’s anti-hijacking and suspicious login detection technologies. 

Additionally, G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers can now also:

  • Ensure that all Windows 10 devices used to access G Suite are updated, secure, and within compliance of organizational policies. 
  • Perform admin actions, such as wiping a device and pushing device configuration updates, to Windows 10 devices from the cloud without connecting to corp network. 

This can help simplify device management, help to increase data security, and reduce the hurdles and logins users need to access applications and get work done. See our previous announcement for more details on the Windows 10 management features and benefits.

See our Help Center to learn more about enhanced desktop security for Windows. See our post on the Cloud Blog to learn how this and other launches can help G Suite customers stay secure.

Getting started 

Admin controls available for Windows 10 devices 

Rollout pace 

Availability 

Login and SSO features associated with Google Credential Provider for Windows:

  • Available to all G Suite and Cloud Identity customers 

Device management for Windows 10 devices:

  • Available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers 
  • Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, and Cloud Identity Free customers 

Resources 

[ad_2]

Net Universe offers all Google devices with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/google.
You can visit our Shop Online

 

New data exfiltration protections for G Suite data on iOS devices

What’s changing 

We’re adding new security controls that admins can use to protect sensitive company data on iOS devices. Admins can now choose to:

  • Restrict copy and paste on data belonging to G Suite accounts to other accounts. This can prevent corporate data from being exfiltrated to personal accounts. 
  • Restrict the ability for users to drag and drop files from specific apps within their G Suite account. 

At launch, admin controls will apply to five G Suite iOS apps: Gmail, Drive, Docs, Sheets, and Slides. This feature is available to G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium customers. Users will still be able to copy and paste and drag and drop from personal accounts to G Suite accounts. Protections are available to devices managed with G Suite’s basic or advanced mobile device management, as well as devices with basic mobile management alongside a separate enterprise mobility management (EMM) solution.

Who’s impacted 

Admins

Why it’s important 

Without these features, there are limitations in the controls admins have to prevent users moving corporate data between corporate and personal accounts on the same iOS device. While admins can prevent sharing files between managed and unmanaged apps, users can still share data between accounts when apps support multiple accounts or via cut/copy/paste actions. For example, iOS users can copy the text of a corporate email into a personal account. This introduces the potential for data leaks and reduces the overall security of your corporate data on iOS.

The admin controls introduced in this launch will help increase protections and make it more difficult for corporate data to be accidentally or intentionally shared to a personal account. Similar protections are already available on Android devices through Work Profiles.

See our post on the Cloud Blog to learn how this and other launches can help G Suite customers stay secure.

Getting started 

  • Admins: This feature will be OFF by default and can be enabled at the organizational unit (OU) level. Visit the Help Center to learn more about data protection on iOS devices. 
  • End users: There is no end-user setting for this feature. If a user tries to perform a restricted copy and paste action, the text “This info can only be shared within your organization’s G Suite apps” will paste instead of the text they copied. 

Admin controls for data exfiltration protection on iOS 

Rollout pace 

  • This feature is already available for all domains. 

Availability 

  • Available to G Suite Enterprise, G Suite Enterprise for Education customers and Cloud Identity Premium customers 
  • Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits customers, and Cloud Identity Free customers 

Resources 

[ad_2]

Net Universe offers all Google devices with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/google.
You can visit our Shop Online

 

Context-Aware Access for SAML apps available in beta

What’s changing 

We’re enhancing Context-Aware Access (CAA) with a beta that enables admins to use it to control SAML apps. This gives admins the ability to control access to SAML apps based on the user, the device, and the context they are in when they are trying to access an app.

CAA for SAML apps will work for customers that use Google as the primary identity provider (IdP) to enable access to third party apps from pre-integrated SAML apps or custom SAML apps. It’s available to G Suite Enterprise, G Suite Enterprise for Education, Cloud Identity Premium, and Drive Enterprise customers only. See our post on the Cloud Blog to learn how this and other launches can help G Suite customers stay secure.

Who’s impacted 

Admins only

Why you’d use it 

Using Context-Aware Access, you can create granular access control policies to apps based on attributes including the user, location, device security status, and IP address. This can improve your security posture by reducing the chances that there’s unintended access to specific apps and the data in them. Some ways you could use CAA for SAML include:

  • Only allow access to your CRM app when the user is on the corporate network. 
  • Only allow access to a cloud storage app if the user has an up to date operating system and an encrypted device. 
  • Only permit IT admins to access certain tools from a remote location. 
  • Only permit users in a specific country to access certain apps. 

Additional details 

Builds on the CAA for G Suite infrastructure 
Controlling CAA for SAML apps will use the same infrastructure and admin console interface as CAA for G Suite. That means you can use any pre-configured access levels, user groups, and end-user messaging for CAA to SAML. Use our Help Center to find out more about managing context aware access in G Suite.

CAA for SAML only enforced at time of sign-in 
CAA for SAML apps is only enforced at the time of sign-in. This is different from CAA for G Suite applications, which offers a higher level of control. G Suite applications are built by Google and CAA controls are enabled for continuous evaluation of context (IP, device attribute, etc) during use. As SAML apps are non-Google applications using Google sign-in, we’re only able to evaluate context at the point where a user signs into these applications using Google sign-in. After that sign-in, the context is not evaluated again until the session is terminated and users try to sign-in again with Google.

Getting started 

  • Admins: This is an open beta, so the controls will automatically become available to you if you are a G Suite Enterprise, G Suite Enterprise for Education, Cloud Identity Premium, or Drive Enterprise customer. 
  • End users: No end-user impact until turned on by the admin. 

Availability 

  • Available to G Suite Enterprise, G Suite Enterprise for Education, Cloud Identity Premium, and Drive Enterprise customers. 
  • Not available to G Suite Basic, G Suite Business, G Suite for Education, G Suite for Nonprofits, and Cloud Identity Free customers. 

Resources 

[ad_2]

Net Universe offers all Google devices with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/google.
You can visit our Shop Online

 

Video conference anywhere with low-light mode for Google Meet on mobile

Quick launch summary

Google Meet will now automatically enhance your video to adapt to low light conditions. Now, you can take a video call from anywhere, even without suboptimal lighting, on your Android or iOS device without fear that others on the call won’t be able to see you.

Video enhancements will begin five seconds after entering an area with low light. As your lighting conditions change, Meet will intelligently adapt, for example increasing enhancements as lighting conditions worsen and turning processing off when lighting conditions improve.

As mobile devices have different camera hardware and processing capabilities, the actual end result may differ between devices.

Getting started

Admins: There is no admin control for this feature.

End users: This feature will be ON by default and works automatically. To turn low light mode off, you can do so in the in-call settings menu.

Rollout pace

iOS

Android

Availability

  • Available to all G Suite customers

Resources

[ad_2]

Net Universe offers all Google devices with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/google.
You can visit our Shop Online

 

Five reasons to track your lead source

This is a guest post by JotForm.

In simplest terms, a lead source is where a lead comes from. This source can differ from the actual method someone uses to contact your business.

For example, say a prospect saw one of your Facebook posts. Then, they read a few blog posts on your website, and then filled out your contact form to schedule a demo. The initial lead source would be Facebook.

A lead source is a crucial piece of information you can use to gauge the value of your marketing campaigns. If you don’t track this information, you’re missing out on data that can point you toward better prospecting opportunities and help you reduce marketing costs.

Here are five reasons you should track your lead sources, and some tips about how you can use this information to optimize sales and marketing efforts.

#1 To determine how they initially heard about you   

Identifying the lead source can get complex when the potential customer encounters multiple touchpoints before contacting your company or a sales representative. In these situations, it’s best to track both the initial touchpoint as well as the last-click interaction (i.e. what led to the sale).

For instance, say that the customer first engaged with your company through a Facebook marketing campaign. From there, they went to a local event sponsored by your company and filled out a contact form. After being sent an email as a follow up from the contact form, they went to your website and used the live chat function to ask additional questions.

In this scenario, Facebook, the local marketing event, and live chat were all part of the process. However, Facebook was the initial touchpoint and live-chat was what led to the sale. If you aren’t tracking lead sources, you may only see that last stage in the process, so you wouldn’t know about the impact the Facebook post had. Also, this helps you determine conversion rates, click-through rates, and other marketing metrics.

#2 To discover which marketing campaigns are most effective   

Most companies are running multiple campaigns at any given time. It can be difficult to track the effectiveness of one campaign as a lead source against many others.

For example, say you ran two different Facebook ad campaigns, Campaign A and Campaign B. Campaign A ran over the course of the entire 1st quarter and generated 15,000 impressions, resulting in 25 quality leads. Campaign B lasted for a week and only generated 1,000 impressions, but also resulted in 25 quality leads. Campaign B was likely more successful, but the two campaigns resulted in the same number of leads.

#3 To determine the average time it takes to close a lead   

Once you track a lead source, you should also pay attention to how many leads end up turning into sales, the average time it takes to close a sale, and the percentage that are disqualified for one reason or another.

#4 To find the value of each lead source  

Not all leads are created equal. Different lead sources will have various odds of success for your company. Knowing the value of each lead source will allow you to place the right amount of effort and marketing funds into each.

For example, you may find that leads from speaking events typically turn into higher-value customers than those that you get from Facebook ads. Knowing this, you could prioritize speaking events and use more of your marketing resources at these events instead of Facebook ad campaigns.

#5 To analyze your sales and marketing efforts   

Sales tracking should go beyond knowing the lead source to provide you with valuable and actionable insights.

Consider pairing the following metrics with your lead source information to see how leads interact and the value of each:

  • Sales per lead source

  • Sales during a specific time frame

  • Sales per sales representative

  • Sales per customer

  • Sales per customer demographic

  • Sales for new vs. recurring customers

  • Average time to close the sale

These metrics will help you further optimize your marketing efforts. For instance, knowing the average time to close the sale will help you determine how long it will take for your lead to become a paying customer. Knowing this, you can set attainable goals for your salespeople.

If you know that the average lead takes six months to convert, you won’t expect the sale to close in two months. You can even help make plans for appropriate follow up times during the sales funnel.

Understand where your leads are coming from using Zoho CRM

As your business grows, it can become increasingly difficult to track your leads by hand. An old-fashioned spreadsheet just doesn’t cut it when you’re dealing with hundreds of data points. This is where good sales CRM software comes in.

With a sales CRM like Zoho CRM, you can automate the lead tracking process by setting specific categories for your data, such as different lead sources. You can also automatically sync lead details from sign-up forms in JotForm directly to Zoho CRM.

Try JotForm for Zoho CRM

Work smarter by adding new capabilities to Zoho CRM with business solutions from Zoho Marketplace.

Net Universe offers all Zoho subscritpions and consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/zoho.