Home
Join

8 Replies

  • FYI, Intune is available as a standalone subscription. 

    Was this post helpful? thumb_up thumb_down
  • Cloud based firewalls

    https://meraki.cisco.com/products/security-sd-wan/models/

    • local_offer Tagged Items
    • merakimeraki
    Was this post helpful? thumb_up thumb_down
  • Really? I called a sales rep and they told me I needed an office 365 subscription. Maybe I need to look more into this. 

    Was this post helpful? thumb_up thumb_down
  • Acousticemanuel wrote:

    Really? I called a sales rep and they told me I needed an office 365 subscription. Maybe I need to look more into this. 

    It's sold under the M365 umbrella and can be purchased stand-alone or as part of a bundle.  Some features may require addition licenses like AD P1.  Not sure of all the ins and outs.

    https://docs.microsoft.com/en-us/troubleshoot/mem/intune/device-licenses-introduction

    There is a user based license somewhere out there as well.

    (O365 doesn't necessarily mean email.  Some M365/O365 subscriptions include email, some don't.)

    Was this post helpful? thumb_up thumb_down
  • FYI again, you can purchase PCs/Laptops preconfigured for "Modern Management" from Dell and probably other vendors. I'd definitely suggest a deep dive into VMware Workspace ONE.

    I'd also suggest that you set up a company VPN, like from Cisco, and have all the remote machines connect through that (like by using Cisco AnyConnect). The VPN should be configured NOT to use a split tunnel, so all traffic goes through corporate, including its firewalls, IDS/IPS, etc.

    As an alternative, set up RDSH or VDI and allow users to connect using company-issue or BYO machines using a remote protocol, like Blast Extreme in the case of VMware VDI. The end-point machine can be as dirty as can be and still not have any effect on the VDI session it's accessing.

    1 found this helpful thumb_up thumb_down
  • Thank you guys so much for these suggestions. After further researching, Cisco AnyConnect pricing starts at 25 users minimum. We only have 10 right now (might have more). 

    Would you guys recommend taking a look at Cloudfare Firewall as a service instead of running a VPN? We do not have any infrastructure and are fully remote. Employees will only need Laptops to access internet and cloud-based platforms we use. 

    Thanks again!

    Was this post helpful? thumb_up thumb_down
  • Acousticemanuel wrote:

    I was looking into something like Microsoft Intune with Windows Autopilot, but we use Gmail and will need Office 365 for that. I also was looking into VMWare Workspace One.

    I've been a WorkSpace One end-user for 6 years, I can't speak for the management side but what do you want to know? We bought Airwatch for the MDM side it can kinda manage anything (even coke machines weirdly enough). I got lost in the Atlanta office and found the device validation team, and they had a lot of weird portable devices.

    As a daily user, the best part is the SSO portal acting as a single place to login/sign in to anything (be it O365, Workday, or even stuff like my 401K/HSA accounts).

    The key thing with MDM in general is I think people get caught up in what you COULD do, and less in what you SHOULD do. Some platforms out there people go nuts with and end up finding ways to make users' smartphones dumb. How our implementation is done on employee-owned devices it doesn't feel like they went full creepy/take over the phone.

    Was this post helpful? thumb_up thumb_down
  • JeffNew1213 wrote:

    I'd also suggest that you set up a company VPN, like from Cisco, and have all the remote machines connect through that (like by using Cisco AnyConnect). The VPN should be configured NOT to use a split tunnel, so all traffic goes through corporate, including its firewalls, IDS/IPS, etc.

    While Anyconnect is the best VPN client out there, do users really need this anymore? We've moved pretty much all of our apps over to web apps and SaaS stuff so we just use WS1. I only VPN to get to some labs that I am the bare metal sysadmin to, and honestly, I could just use VDI (Horizon) to jump box for that. I get IT, staff, using VPN still, but it increasingly shouldn't be the default way to connect as it's fundamentally less secure connecting a full device and needs to maintain ACL's (which a lot of smaller shops just give ANY ANY to internal networks once you connect). The alternative is something like a WS1 portal that goes through reverse proxy's in the DMZ on a single port or a VDI connection. If you really need users connected to the network, and you have a ton of remote offices/users the other thing I'm seeing is SASE as "that next new cloud thing". Think a SaaS VPN mesh between all your sights and security inspection/edge as a service.

    Unless you are made of money, Split tunneling is a good thing to do to save bandwidth. There's zero need to inspect traffic going to Office 365 or Gmail's subnets. Likewise for Netflix's/Hulu's CDNs. I know some SD-WAN products automate this with pretty good default rules to send bulk traffic to known good/safe senders.

    Was this post helpful? thumb_up thumb_down

Read these next...

  • Snap! Win 8.1, hybrid IT models, robo-fish, Jovian Vortex Hunters, & more

    Snap! Win 8.1, hybrid IT models, robo-fish, Jovian Vortex Hunters, & more

    Spiceworks Originals

    Your daily dose of tech news, in brief. Welcome to Friday! It has been a big week here as we launched Spiceworks News & Insights a few days ago. Do you know who else had their sights set high? Kenneth Arnold. On June 24, 1947, civilian pilot Ken...

  • Chrome is a memory hog?

    Chrome is a memory hog?

    Windows

    I have a win 10 pro machine with 21H2.Running chrome  102.0.5005.115.  I will open a bunch of tabs during the day (right now, 49).  And including other things that are running, there's 80% of the 12GB of RAM in the box.I've noticed that when I go into ...

  • When you are just starting out

    When you are just starting out

    IT & Tech Careers

    HI Spiceworld,I was reading some discussions around the community and I see that here it’s like we’re all part of a family, so I venture to open this discussion, hoping that you can help me/understand me or at least bring your experiences. I am a c...

  • Spark! Pro Series - June 24th 2022

    Spark! Pro Series - June 24th 2022

    Water Cooler

    Compulsion: 1: a very strong urge to do something He felt a compulsion to say something. 2: a force that makes someone do something She was acting under compulsion. 3: an act or the state of forcing an action They ...

  • Sublets and the Network

    Sublets and the Network

    Networking

    I have a situation where one of the offices is looking to sublet for 1 day a week. They want one port to put their firewall/router on and drive their network from there. My first notion is to say no and require them to pull in their own connection. I want...