IT Insights

Microsoft 365 is changing to a new licensing model, known as the “new commerce experience” (NCE).

See how these changes will affect you.

A price increase will apply to all new Microsoft 365 Business Basic, Microsoft 365 Business Premium, Microsoft 365 E3, Office 365 E1, Office 365 E3 and Office 365 E5 licenses from 1 March 2022) as well as existing Microsoft 365 Basic and Premium licenses as they come up for renewal after this date.

This is Microsoft’s first price rise in a decade and is a 10% increase for Business Premium licenses and a 20% increase for Business Basic licenses. The price of Microsoft 365 Business Standard license remains unchanged at this time. Other licenses will increase between 10-25%.

Microsoft is also making changes in terms of the “commitment” period of a license, that is how long you commit to having the license for. We are currently assessing how this impacts all of our clients, so we can ensure a smooth transition to the new licensing model.

All existing license prices will remain unchanged until it becomes due for renewal. At the time of the renewal, two main subscription/payment terms will be available:

  • Yearly: This is an annual commitment with an upfront payment for one year with additional licences prorated until the end of the annual subscription term.
  • Monthly: This is a month-by-month commitment with licences paid for monthly and additional licences prorated until the end of the monthly subscription term. Licences on a monthly commitment will attract a surcharge of at least 20% compared to a yearly commitment, depending on the type of licence.

Regardless of the length of the commitment, there is no ability to cancel or downgrade a licence midway through its term, and no partial refunds will be provided. Downgrades will only be possible when licences are due for renewal, however upgrades can be performed at any time.

Microsoft 365 licences are due for renewal at differing stages throughout the year and we will contact individual clients to discuss the options closer to their renewal date. Our recommendation is to move to yearly contracts and upfront billing to ensure the best price.

We appreciate a price rise is never really welcomed, however this pricing increase affects all Microsoft 365 subscribers, not just Caldwell Consultants clients, and will be the same rate if you purchase from Microsoft directly.

Furthermore, the Microsoft 365 suite has expanded significantly over the past decade with more new apps and features in the pipeline, so it still provides excellent bang for its buck.

If you have any questions or would like to know more about how you can take advantage of Microsoft 365 to its fullest, please contact us.

Windows 11 Pro will soon require a Microsoft Account

Microsoft says it’s planning to update Windows 11 Pro so it will require an internet connection and a Microsoft Account during the initial setup phase. The changes will mirror the same requirements Microsoft originally added to Windows 11 Home last year, meaning you won’t be able to avoid Microsoft Accounts by creating a local user account during setup.

This new requirement is coming to Windows 11 Pro soon “Similar to Windows 11 Home edition, Windows 11 Pro edition now requires internet connectivity during the initial device setup (OOBE) only,” says an updated Windows Insider blog post. “If you choose to setup [a] device for personal use, MSA will be required for setup as well.”

Microsoft is currently testing this change in Windows 11 builds, and it will likely rollout to Windows 11 Pro in the coming months. Currently, Windows 11 Pro users have been able to avoid a Microsoft Account by disconnecting a PC from the internet during setup and creating a local user account instead. The new requirement means fresh installations of Windows 11 Pro will require a Microsoft Account and internet connectivity during setup, and those hoping to avoid that will have to use a dummy Microsoft Account to then create a local one afterwards.

Do you need a license to install security cameras in Virginia?

Virginia requires that any person installing burglar alarms, CCTV, or electronic access control be licensed. Electronic Security Technicians must complete 14 hours of state approved training and Electronic Security Technician’s Assistants must complete 4 hours in order to install burglar alarms or CCTV.

Microsoft pushes out emergency fix for Windows Server mess.

Microsoft is addressing the problems caused by the January 2021 Patch Tuesday updates – with more updates. 

The company has issued an emergency out-of-band (OOB) update to address bugs that forced domain controllers to reboot endlessly, broke Hyper-V, and rendered ReFS volumes inaccessible while showing them as RAW file systems.

“This update addresses issues related to VPN connectivity, Windows Server Domain Controllers restarting, Virtual Machines start failures, and ReFS-formatted removable media failing to mount,” Microsoft explained in the update catalog. All of the patches, issued for different versions of the Windows OS, can be found in the Microsoft Update Catalog. Some can also be obtained through Windows Update, but being labeled as optional, Windows admins need to manually check for updates if they want to take this route.

All of the patches, issued for different versions of the Windows OS, can be found in the Microsoft Update Catalog. Some can also be obtained through Windows Update, but being labeled as optional, Windows admins need to manually check for updates if they want to take this route.

The updates listed below, however, can only be obtained through the Update Catalog: 

Issuing patches for Windows has been nothing short of a roller coaster recently. Earlier in January 201, a patch issued for Windows 10 and Windows 11 broke the software’s built-in VPN tool, preventing it from establishing a connection. 

The only way to rid the system of the bug is to uninstall the patch altogether, which also meant exposing the systems to known vulnerability issues. One such issue was recently found (and fixed in that same patch) in the HTTP Protocol Stack. The flaw allows a malicious actor to execute arbitrary code, remotely, without much user interaction. 

There’s yet no malware abusing this flaw out there, but being extremely dangerous, it’s only a matter of time before one is discovered. To protect vulnerable devices, disabling the HTTP Trailer Support feature will suffice. 

Windows admins will need to carefully weigh the benefits and the downsides of installing, as well as uninstalling, these patches, until Microsoft sorts all of the problems that have piled up in recent times. “

Microsoft Exchange Server Attack

Users of Microsoft Exchange Server are advised to update to the latest version immediately, as a growing number of attackers are attempting to exploit four recently patched zero-day vulnerabilities in the software.

Microsoft released emergency patches last week (March 2) for the four vulnerabilities, which were being exploited by attackers in the wild. At the time, Microsoft said these vulnerabilities were being exploited by an advanced persistent threat (APT) group it dubbed Hafnium in targeted attacks. However, since then it has been reported that multiple threat actors have been rushing to exploit these vulnerabilities in Exchange Server.

Two of the vulnerabilities (CVE-2021-26855 and CVE-2021-27065) and the technique used to chain them together for exploitation have been given the name “ProxyLogon” by security company DevCore. Successful exploitation of ProxyLogon allows attackers to gain a foothold on a targeted network, potentially leading to further compromise and data exfiltration.

Microsoft released an out-of-band patch to address the vulnerabilities in Exchange Server on March 2, 2020. The versions impacted are Exchange Server 2013, 2016, and 2019. Security firm Volexity, which Microsoft credited in its security alert detailing the vulnerabilities, said it first saw attackers exploiting the bugs on January 6, 2021.

Before selling, donating, or recycling your outdated laptop/workstation, protect your privacy with this important step.

Are you selling or giving away your computer? You may have already deleted personal files and information, or you may have reinstalled or reset Windows, thereby erasing your private data. Either way, you’re not quite done. There’s one important action you should take before you say goodbye to your old friend. And that’s wiping your hard drive clean.

Simply deleting your files doesn’t do the trick since they can be restored from the Recycle Bin. And even if you empty the Bin, your deleted files can often be recovered with the right undelete utility. Using the Reset feature in Windows 8.1 or 10 to return your PC to factory conditions does erase the drive as it reinstalls the OS. So that is a viable option. But what if you’re running an older version of Windows, or you want a stronger method of wiping your hard drive than the Reset feature provides? That is when you need to call Caldwell Consultants. We can wipe the hard drive completely and recycle you old PC.

Malware creators have figured out a clever new way to hoodwink Windows 10

Google researchers have spotted malware developers employing a novel trick to confuse and break Windows 10 malware scans by using deliberately malformed signatures on valid certificates.

Cybersecurity researcher with Google’s Threat Analysis Group (TAG) Neel Mehta has shared details about the new trick that’s employed by the developers of the OpenSUpdater malware.

Mehta observed samples of the malware signed with legitimate but intentionally malformed certificates, which confused the scanning mechanism since the certificates were accepted by Windows, but rejected by OpenSSL.

Will you still be able to get online after September 30, 2021?

As of Thursday, September 30, millions of devices could find themselves unable to access the internet due to a security certificate expiring. This mainly concerns PCs, smartphones and consoles running on very old operating systems, which will need to be updated — if that’s still even possible.

PCs running Windows XP (Service Pack 2) or Macs running macOS 10.12.0 or earlier. In any case, it is important to update these computers, if possible. And Linux isn’t spared either: a version of Ubuntu later than 12.04 is strongly recommended in order to hopefully stay connected without any problem.

When it comes to mobile devices, iOS 9 and Android 2.3.6 or earlier versions may also be affected, as well as smartphones running Blackberry 10.3.3 or CyanogenMod 10. Plus, Kindle devices running firmware prior to version 3.4.1, as well as PS4 version 5.00 will need to be updated for added security.

In any case, users are strongly advised to update the operating system of all their connected devices. It may seem trivial, but millions of users around the world are still using this type of device.

Note, however, there is a workaround solution if you can’t update your devices’ OS to a newer version. This involves installing Firefox. Indeed, this web browser does not take into account the security certificates of the operating system in use when accessing the internet.