Issue 46, Christmas 2022
Welcome to the latest issue of the RM Support newsletter. This edition includes the normal security information, updates, and development news. If there is content that you would like us to cover in future editions, then please email us at firstname.lastname@example.org. Please note that you may be the only person within your establishment to receive this newsletter, so please pass on to your colleagues.
An index of all the released newsletters so far can be found in DWN5175632.
Read our recent blog on: What IT managers need to know about RM’s school broadband service.
What is the RPA (Risk Protection Arrangement) and how can a school use it to protect against cyber threats?
The first of an RM series of blogs on this can be found at the following link (and this blog links off to our other content on this matter): https://www.rm.com/blog/2022/september/rpa-and-cyber-threats-intro.
DfE cyber standards
On 10 October the DfE updated the ’Meeting digital and technology standards in schools and colleges’ guidance as follows: https://www.gov.uk/guidance/meeting-digital-and-technology-standards-in-schools-and-colleges/cyber-security-standards-for-schools-and-colleges.
This update is a major step forward in providing essential guidance to schools and colleges on the actions they need to take in order to protect themselves (and others) from Cyber-attacks.
The guidance consists of 12 elements and includes information on why that element is important, how to meet the requirement, technical considerations, any dependencies and when you should aim to meet it.
However, many of these 12 elements should either already be in place or being worked towards. In fact, the majority of this is already covered between the mandatory requirements and the recommendations within the DfE RPA scheme (see our blog above too).
Kerberos changes and hardening enforcement (October and November 2022)
Microsoft enforced some Kerberos hardening changes in the October and November 2022 patches. RM monitored the effect of these changes and only the October changes seemed to affect a small number of CC4 customers (see TEC8878929, CC4 - Host Manager and package deployment issues may be seen after October 2022 Windows Updates are applied).
The main message from these enforcement actions was to ensure that your servers (and clients) are all up to the same patch level. When there are discrepancies, then you may get failures such as the CC4 functionality that was impacted.
Microsoft 365 and Basic Authentication deprecation in Exchange Online (October 2022 onwards)
We have mentioned this in the last few newsletters and this change is rolling out to tenancies. An RM article is now available with some further details and how it may impact you and your users. See TEC8854320, Microsoft 365 and Basic Authentication deprecation in Exchange Online (October 2022 onwards).
CC4UPD223 – Security hardening patches
We have released a new security hardening patch for CC4, based on some customer feedback and certain penetration testing output. It cleans up some of the legacy configurations that may be active on CC4 networks, and we recommend that all customers look to install and roll this out as soon as possible. DWN7297764 provides the download.
CC4UPD226 – Update for Google Chrome
We have also released an update for Google Chrome to allow for the correct processing of ‘blocked URLs’ due to a recent name change in the Google policy.
A new category will be added to the user policy section within the RMMC (Google Chrome Block URLs) and you can set your blocked list of URLs within this (Block access to a list of URLs). Please see this link for the full details and download - DWN8905124.
Windows 10 22H2 for CC4
We are now working on this version of Windows 10 for CC4 customers and are looking to release this early into 2023.
New ‘OneDrive Sync’ client for CC4 customers
We have now released a replacement for the ‘CC4 OneDrive Mapper’ for eligible CC4 customers.
The ‘OneDrive Sync’ client uses the native Microsoft OneDrive in a new mode that allows it to function on shared devices. This allows your users to see their OneDrive folder within File Explorer and save to it from applications.
We are no longer developing the ‘CC4 OneDrive Mapper’ (as this was based on older technology: the mapped drives used WebDAV and the PowerShell script to map the drive utilised Internet Explorer, which has now passed its end of life (EOL) date).
TEC8626737 gives details on removing the ‘CC4 OneDrive Mapper’ from your network.
Use our technical articles on the RM Support page to identify where you have a gap in your network. Some recent articles are listed below (excludes articles already mentioned within the newsletter content):
Driver Update 154 for Community Connect 4 networks [CC4DRV154]
CC4 OneDrive Sync client - Release note and general information
RM Unify, Cloud, O365 and Google articles:
"External licences are not supported for this app" error shown when attempting to install an app from the RM Unify App Library
RM Support self-help videos
We have released a number of videos to help customers (and staff at schools) with daily tasks. Below is a selection of these videos:
Adding and removing users from Microsoft Teams and changing their roles - Group owners can add/remove members and can change the members' roles from the respective Teams – please follow this video link.
Adding a printer to your computer - If you need to add or re-add the printer if it is not working as expected, or if the user is unable to see the allocated printer – please follow this video link.
Opening delegated or shared mailboxes in Outlook web - To open delegated or shared mailboxes in Outlook web so that another user can send and receive emails on the user's behalf – please follow this video link.
Clearing Google Chrome browsing data - For clearing the cache and history of Google Chrome when some websites are not properly loading, or to help fix persistent issues in websites – please follow this video link.
Granting access to your Gmail account to another user - By giving the delegate permission on your Gmail account, you can grant them the ability to read, send, and delete emails, as well as manage your contacts – please follow this video link.
RM Unify user provisioning for Google tenancies is changing, and requires a Google super admin in each tenancy to accept a new Google OAuth App. If you have received an email communication from us regarding this, and not yet responded, please do so as soon as possible so as not to interrupt user access to Google resources. Further information is available in our recent blog post.
If you are looking to move your device management into the cloud, then Intune (or Endpoint Manager) is RM’s preferred solution. We provide standard configuration for this device management solution and support both Windows 10 and 11 devices enrolled into it. For more information please follow: School Modernisation and IT Strategy (rm.com)
We use both Autopilot and the ‘Set up School PCs’ app for device enrolment and can help with application packaging and tenancy management.
Intune is a constantly improving offering from Microsoft and you can keep up to date with significant changes in https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new, as well as searching for articles that RM author in our Knowledge Library. Some recent updates.
Intune (Endpoint Manager) - Granular controls for USB/removable storage devices (including CD/DVD drives)
Intune (Endpoint Manager) - 'Intune for Education' portal may overwrite values in the full portal
Intune (Endpoint Manager) - Windows Home edition devices cannot be enrolled
Intune and Windows 11 22H2 – enrollment issues
We are aware of a Microsoft issue that affects Windows 11 22H2 from enrolling correctly into Intune when using Provisioning Packages (e.g. the output from the ‘Set up School PCs’ tool).
Whilst this is under investigation from Microsoft, we recommend that you build W11 devices to 21H2 Education before enrolling. See TEC8926222 for more information.
Intune upcoming changes / Education Store retirement
Intune changes are coming in 2023, and we’ve written a blog to detail some that may be of interest (and are likely to alter your way of working). Please read the blog here.
One key change is the retirement of the current Education / Business Stores that are integrated with Intune and the move to the ‘new Store experience’. This will allow customers to add applications from the WinGet repository (there is both the Microsoft Store and community repository) to improve the application deployment experience (there should be less need to repackage common applications). Again, RM will release a TEC article with help and migration details as we work through these changes.
Please see this YouTube video for more information.
RM Technical Webinars / Q&A
We plan to run some technical webinars in the coming months and welcome your feedback on the topics you’d like to see covered. For example, Intune (device management, enrolment, reporting, applications), M365 (config, security, MFA), RPA Cyber cover, etc.
Please use the email address below to feedback your session ideas.
Received great customer service from us? Let us know and we will recognise staff in our internal awards scheme.
Join the conversation
Follow us @RMEducation to find out the latest security updates, news and announcements.
Let us know your thoughts and ideas for future issues. Email email@example.com to give us feedback.