Ransomware: A Serious Threat in Healthcare Cybersecurity 

In recent years, the healthcare sector has become a prime target for cybercriminals. By mid-2024, the US healthcare industry reported 280 cyber incidents, accounting for 24% of all breaches across sectors. The consequences are severe: financial losses, legal battles, and a significant erosion of patient trust, leading to long-term implications for healthcare providers. 

In April 2024, Mega Health Systems, a major U.S. healthcare provider, suffered a sophisticated ransomware attack. Attackers encrypted vital patient records and demanded a hefty ransom. After prolonged negotiations, Mega Health paid the ransom, but when factoring in system restoration, cybersecurity enhancements, legal fees, and settlements, the breach’s total cost reached a staggering $250 million. 

The UK has also faced significant challenges. In July 2024, the National Health Service (NHS) experienced a severe breach compromising over 12 million patient records, including personal information, medical histories, and treatment details. This breach caused widespread chaos in hospitals and clinics, delaying patient care. The response and recovery efforts cost over £100 million and significantly damaged the NHS’s reputation, leaving patients questioning the security of their personal health information. 

These incidents are just the tip of the iceberg. Many organizations do not report security breaches, but it’s estimated that the total cost of healthcare-related security incidents in the US and UK this year could approach $9 billion.   

The Often-Overlooked Healthcare Vulnerability: Unpatched Third-Party Software 

Given the scale of these threats, you might wonder why Recast Software, not typically seen as a security vendor, is discussing cybersecurity. The reality is that IT teams are often at a disadvantage when facing these threats. 

One often overlooked attack vector is unpatched third-party software—a vulnerability Liquit Workspace addresses exceptionally well. Liquit Workspace’s release and patch management capabilities can help IT teams prevent this easily exploitable vulnerability, which is common in many organizations. 

The number of attack vectors is vast, and IT teams can only do so much to protect organizations. This is especially true when considering that many organizations operate on shoestring budgets and with ever-decreasing staff levels.   

Liquit Workspace: A Comprehensive Solution for Application Management 

Liquit Workspace is the leading end-to-end application management platform, designed to deliver, configure, update, and manage applications dynamically throughout their lifecycle. It ensures your applications, whether on Windows or Mac, are always up-to-date and secure. 

In the UK, the Cyber Essentials certification recommends updating applications within 14 days of a vendor releasing a patch for a critical vulnerability. This can be challenging, requiring organizations to identify which applications are in their estate, assess known vulnerabilities, and determine if a vendor has released a patch. Liquit Workspace simplifies this process by enabling IT teams to automatically deploy updates across hundreds or thousands of endpoints as soon as they are available. 

Liquit’s ability to automate the patching and updating of third-party applications is a game-changer for many organizations. By reducing the time to patch vulnerabilities to under 24 hours, Liquit helps organizations close security gaps quickly and efficiently, ensuring all applications remain secure and up to date. Liquit supports both legacy and modern applications, virtual applications, custom applications, and more. This flexibility makes Liquit an indispensable tool for healthcare organizations navigating the complexities of hybrid environments. 

Beyond Patch Management in Healthcare 

Liquit Workspace goes beyond patch management, providing detailed telemetry on user interaction with the application estate. IT teams can monitor application launches, track installation successes or failures, and oversee patch distribution—all in real-time. 

Additionally, features like Smart Icons guarantee a consistent user experience across all devices while seamlessly integrating with existing IT infrastructure. Our Smart Icon Technology further elevates this experience by offering dynamic, context-sensitive icons that adapt to user roles, device types, network conditions, and location. This ensures users are always presented with relevant, up-to-date information. For instance, icons can change depending on access context, reflect updates or maintenance, and be customized to indicate application priority or alerts related to its usage.  

Liquit’s bootstrapper also integrates with Microsoft Intune and Autopilot, enhancing application deployment and management across enterprise environments. By leveraging Liquit’s powerful automation capabilities, organizations can streamline software deployment to devices managed through Intune and Autopilot, ensuring consistent application delivery and reducing manual configuration efforts. This integration simplifies endpoint management by enabling IT teams to pre-configure applications and settings automatically during device provisioning, resulting in a more efficient and user-friendly setup process. 

Real-World Applications and Case Studies 

Liquit’s impact is not just theoretical—it’s proven in real-world applications. For instance, Liquit has transformed IT operations at Dagelijks Leven, a Dutch healthcare organization with over 2,500 employees across 75 locations. The implementation of Liquit Workspace has automated application management, including patching, and provided consistent, secure access to necessary tools. This automation is a boon for the small IT team, reducing their workload and enabling them to efficiently manage all devices and applications. The productivity gains have allowed them to focus on enhancing patient care while ensuring all systems remain up-to-date and secure. 

This case exemplifies how Liquit can streamline application management and enhance the user experience in even the most challenging environments. Explore more case studies and success stories. 

Conclusion: Enhancing Healthcare Cybersecurity with Liquit Workspace  

Healthcare organizations face unique challenges in protecting against security breaches. Integrating Liquit Workspace’s release and patch management into your healthcare IT strategy can significantly enhance your security posture while freeing up IT resources for more strategic initiatives. By addressing one of the major attack vectors—unpatched third-party software—Liquit Workspace offers a powerful tool in the ongoing battle against cyber threats. 

Thank you for reading! For more insights or to schedule a personalized demo with Recast Software, connect with us on LinkedIn or reach out with any questions.  

The post Enhancing Healthcare Cybersecurity: The Crucial Role of Liquit Workspace in Patch Management  appeared first on Recast Software.

Understanding the App-V End-of-Life Transition

In Microsoft’s own official guidance for App-V replacement, they recommend that users transition from App-V to Azure Virtual Desktop and adopt MSIX as their packaging format. This advice seems to be a swing and a miss. The implication here is that all application packaging should now be done in MSIX format, with deployment facilitated through MSIX App Attach.

What Microsoft’s recommendation fails to address are the lingering compatibility issues associated with MSIX. This means that a direct conversion from App-V to MSIX or a complete repackaging of the application into MSIX, will not have a higher success rate.

It’s often necessary to turn to an open-source kit like the Package Support Framework (PSF) or third-party tools such as PsfTooling to tackle these compatibility challenges These solutions provide the much-needed support to ensure a smoother transition and better compatibility when working with MSIX.

Many organizations are still heavily reliant on App-V, which raises questions about the recent push towards MSIX. It seems a bit hasty to recommend such a significant change without providing a thorough explanation of what the transition entails.

These organizations should have a more developed and stable MSIX ecosystem before making such transitions. The proposed go-to-solution should not introduce compatibility issues. Adopting a new technology that is not yet fully refined makes a smooth transition with minimal chances of disruption less likely.

A Smooth Transition for Application Management with Liquit

Many IT professionals are asking for a better solution with those in larger organizations facing the daunting challenge of transitioning their entire software portfolio. App-V and MSIX packaging is complex, time-consuming and costly.

On the bright side, Liquit Workspace, doesn’t require specific packaging knowledge, and the steps below demonstrate how it:

• Makes management effortless
• Translates into computing and storage cost savings with the absence of an App-V infrastructure

it’s still possible to continue using your App-V packages with Liquit after April 2026, which gives your organization the crucial advantage of more time to make a complete transition. This breathing space allows organizations to reassess their application landscape, considering whether repackaging is necessary at all.

As software vendors innovate, alternatives may emerge, like SaaS solutions or native installers that easily adapt to various platforms, including virtual and physical desktops. And if conversion to an App Layering product is the only option, Liquit Workspace has you covered there too. Thanks to our smart-icon technology, users see only the icon they need—today it might be an App-V package, but tomorrow it could just as easily be a native installer. Let’s look at the steps involved in using Liquit for this purpose.

Step-by-Step Guide to Managing the App-V End-of-Life Transition with Liquit

The steps involved in using Liquit as a rescue strategy that ensures a smooth transition for its users as App-V reaches its end-of-life are simple.

Since automation is key to streamlining workflows, you’ll be pleased to know that the steps I’m about to share can be completely automated with a PowerShell Script.

My colleague, Roel van Bueren, is an expert on this topic and has covered it extensively in his insightful blog post on app-v packages. Don’t worry if scripting isn’t your cup of tea, because I’ve laid out the steps below for you to easily follow.

Are you interested in setting up an entire Liquit environment rapidly with just one script? Including adding a number of packages that are automatically created with PowerShell. Look no further! In my upcoming blog post, I’ll guide you through the process step by step. Stay tuned for the details on how to streamline Liquit Workspace administration and boost efficiency.

Step 1: Obtain Information from an App-V Package using Microsoft Application Virtualization Sequencer

For this step, the Microsoft Application Virtualization Sequencer is required. Currently, the App-V Sequencer is part of the Windows Client Assessment and Deployment Kit (Windows ADK).

Step 2: Add an App-V Package in Liquit Workspace

The End Result

Would you like to revisit the steps for adding an App-V package into Liquit Workspace at your leisure? We also have a step-by-step instruction document available.

If you still have questions about how we can assist you, send us an email at transition@recastsoftware.com.

The post App-V End of Life: Your Transition Strategy appeared first on Recast Software.

by Daniel Engberg

Hi everyone!

I’m excited to reconnect with you all after taking some much-needed time off for full-time parental leave since July. Starting this September, I’ll be transitioning to part-time work while continuing to care for my two small kids. However, I will probably work two full-time jobs, as having kids is no time off.

In this month’s recap, we’ll explore the latest in endpoint management, Microsoft product updates, and some fantastic resources like the Skilling Snacks series, which I’ve really enjoyed following. These quick, focused learning sessions have been a great way to stay updated when given a busy schedule.

Enjoy this month’s REMR, and we’ll catch up again in September!

– Daniel Engberg

Contents – Endpoint Management Recap

• Events and Conference News
• Microsoft Product Announcements
• Community Tools and News
• Recast Software Updates

Upcoming Events

• MMS 2024 Flamingo Edition – Fort Lauderdale – October 20-23
• Microsoft Ignite – Chicago – November 18–22

Check out Recast Software’s Event and Tradeshow page for some additional event details.

This month, Microsoft introduced several updates. Microsoft Entra ID (formerly Azure AD) and Microsoft Edge received enhancements, improving security and integration.

Microsoft Defender for Endpoint now includes deep RDP data alongside new Safe Deployment Practices.

Microsoft released Intune troubleshooting guides and migration tips, while Windows and Windows 365 updates focused on performance and security improvements.

For detailed information, check out the links below.

Products

Microsoft Entra ID (Azure AD) [What’s New Page]

Microsoft ConfigMgr [What’s New Page] [Tech Community] [Virtual Hub][MS QA][Reddit][Feedback]

Microsoft 365 [What’s New Page]

Microsoft Defender for Endpoint [What’s New Page]

• Microsoft Defender for Endpoint adds deep RDP data for Advanced Hunting
• Microsoft Defender for Endpoint’s Safe Deployment Practices

Microsoft Intune [What’s New Page]

• Troubleshooting managed installer deployments in Microsoft Intune – Microsoft Community Hub
• How-To Migrate ConfigMgr Apps to Intune Win32Apps (microsoft.com)
• Skilling snack: Go cloud first with Windows device management | Windows IT Pro Blog (microsoft.com)
• Supported filter device and app properties & operators in Microsoft Intune | Microsoft Learn
• Skilling snack: Mobile device management in Microsoft Intune | Windows IT Pro Blog
• Selecting a home screen experience for your Android Enterprise corporate-owned devices – Microsoft Community Hub
• Add PowerShell scripts to Windows 10/11 devices in Microsoft Intune | Microsoft Learn

Microsoft Windows [What’s New Page]

• Windows Client
  • Downloading Microsoft Store apps using Windows Package Manager – Microsoft Community Hub
• Windows Server
• Windows 365
• Other
  • Configure the clipboard transfer direction in Azure Virtual Desktop | Microsoft Learn

Security Alerts and Info [Microsoft Security Portal – Security Update Guide]

Podcasts / Blog Series / Video Blogs‍

• Rename Windows Devices using Intune (youtube.com) – Chander Mani Pandey (@Mani_CMPandey)
• Corporate device vs Personal Device – Intune (youtube.com) – Manish Bangia (@manish_bangia)
• How to speed up Autopilot deployment (youtube.com) – Steve Weiner (@getrubix)
• Troubleshooting Device Migration Part 1: Bulk refresh token (youtube.com) – Steve Weiner (@getrubix)
• Windows Autopilot Deployment Report (youtube.com) – Chander Mani Pandey (@Mani_CMPandey)
• How to use Autopilot pre-provisioning (youtube.com) – Steve Weiner (@getrubix)

Blog Posts

Intune

• How to Synchronize a SharePoint Site Library to File Explorer with Microsoft Intune – Fabian Rodriguez (@Fabian1560)
• Deploy Cisco Secure Client VPN using Intune – (devicemanagementhub.com) – Dhanraj Barman
• Intune, PowerShell and Graph API: best practices | Syst & Deploy (systanddeploy.com) – Damien Van Robaeys (@syst_and_deploy)
• Managing Software Updates for macOS using Intune with all the shiny bells and whistles! (rahuljindalmyit.blogspot.com) – Rahul Jindal (@rahulj1906)
• Getting started with just-in-time registration and compliance remediation – All about Microsoft Intune (petervanderwoude.nl) – Peter van der Woude (@pvanderwoude)
• Intune and your mobile journey (oceanleaf.ch) – Niklas Tinner (@NiklasTinner)
• Intune / Azure Virtual Desktop – Manage clipboard redirection for Azure Virtual Desktop with Intune (hametbenoit.info) – Benoit Hamet (@benoit_hamet)
• New Intune Lab — Allways HyPe – Hailey Phillips (@AllwaysHyPe)
• Migrating Windows Update Workloads from SCCM to Intune: How to Verify Management Tool – All about Microsoft Endpoint Manager (eskonr.com) – Eswar Koneti (@eskonr)
• Automatically removing local admin accounts that are not authorized with Intune | Syst & Deploy (systanddeploy.com) – Damien Van Robaeys (@syst_and_deploy)
• Enhance user experience by automatically relaunching apps and recovering unsaved data after a Windows restart | The Experience Blog – Andreas Stenhall (@AndreasStenhall)
• Migrate from GPO to CSP: Step-by-Step Guide | Agdiwo (@agdiwo)
• Intune – You can now pause, revoke or delete your Cloud PKI (hametbenoit.info) – Benoit Hamet (@benoit_hamet)
• Recovery of the Intune MDM certificate | Fix Intune Syns issues (patchmypc.com) – Rudy Ooms (@Mister_MDM)
• Enhancing Security With Intune MAM (preview) for Windows 365 – Mindcore Techblog – Sune Thomsen (@SuneThomsenDK)

ConfigMgr

• OSD with Multi Disk Configs – GARYTOWN ConfigMgr Blog – Gary Blok (@gwblok)
• Why Microsoft Configuration Manager Endures in a Cloud-First World – John Yoakum (@jyoakum)

Windows 11 & 365

Cloud Security

PowerShell

• PowerShell 7.4.5 released – Icewolf Blog – Andres Bohren (@andresbohren)
• How to write a PowerShell Script | Patch My PC – Scott McAllister (@PatchMyPC)

Other SysAdmin Info

• Renewing the Apple VPP token (burgerhout.org) – Jeroen Burgerhout (@BurgerhoutJ)
• How to Run MDE Client Analyzer on Windows » Prajwal Desai (@PrajwalDesai)
• Azure Mandatory MFA Planning Guide – Boost Security – CHARBEL NEMNOM – MVP | MCT | CCSP | CISM – Cloud & CyberSecurity – Charbel Nemnom (@CHARBELNEMNOM)
• Disabling Auto-Start for the New Microsoft Teams – All about Microsoft Endpoint Manager (eskonr.com) – Eswar Koneti (@eskonr)

Tool Updates

On Discord? Join Recast Software on Discord WinAdmins under “products and vendors” -> #recast-software.

Recast Software recently welcomed their new CTO, Todd Kokoszka. Check out this brief video interview to learn more about Todd:

We just finished our three-part Go for Gold webinar series. Check out the series on our YouTube channel here.

We also recently unveiled our Essentials Package. Check out the video below to learn how vendor consolidation paves the way for streamlined IT operations and efficiency gains across both ConfigMgr and Intune.

Find our newest blog posts here:

• Why Microsoft Configuration Manager Endures in a Cloud-First World
• Streamline Liquit License Management Automation with PowerShell, Azure, and Power BI
• Recast Software G2 Awards: Top Honors for Summer 2024
• Patch Tuesday August 2024: Critical Vulnerability Roundup
• July 2024 Third-Party Patches
• How to Start with Azure Functions
• 5 Key Strategies for Small Business Disaster Recovery

Intune Posts

• How to Create and Provision Liquit Deployments through Intune
• How to Synchronize a SharePoint Site Library to File Explorer with Microsoft Intune

‍Thank you for reading Recast’s Endpoint Management Recap – Vol. 56. Stay tuned for more helpful content coming your way next month.

Follow Recast Software on Twitter, LinkedIn, Discord (#recast-software), and YouTube to see the latest news and updates.

The post Recast’s Endpoint Management Recap – Vol. 56 appeared first on Recast Software.

There’s a growing push to shift towards cloud-based management for devices, a change that many IT professionals find daunting. Transitioning to the cloud often means overhauling established processes that have been refined over many years. Consider the time required, the considerable learning curve, and the uncertainty of the outcome—factors that necessitate extensive training, meticulous planning, and thorough testing to ensure a successful rollout. It’s a significant amount of work, especially in an environment where SysAdmins are already expected to do more with fewer resources.  

The Shift Toward Cloud Management: Challenges and Considerations  

In my previous role as a manager and owner of a ConfigMgr environment, I kept asking myself questions like: 

• Where am I going to find the time to learn this or do this?  
• If it’s not broken, why fix it?  

Yes, I am talking about Microsoft Configuration Manager (ConfigMgr), also known as SCCM, MECM, etc. ConfigMgr is a powerful tool that many have already invested significant time and training into. It also continues to perform well.  

So, let’s explore why ConfigMgr is still valuable today. 

The Value of Configuration Manager in On-Premises Environments 

Firstly, many organizations continue to rely on on-prem Active Directory (AD) and on-premises resources. This dependency is a primary reason why ConfigMgr remains essential. It integrates with our AD environments seamlessly, allowing us to gather valuable information about users and devices, as well as allow us further controls for those devices. ConfigMgr puts a lot of information about those objects in AD at our fingertips, allowing us easy access to the information. 

Server Management: Where Configuration Manager Shines  

For those familiar with Intune or other MDM solutions for Windows, it’s well known that server management is not their strongest suit. Even in organizations that have shifted workstation management to the cloud, server management often stays on-premises due to the different requirements involved. You can manage them with Azure Arc, but it is different from using Intune. In most scenarios, it is just easier to leave them and manage them on-premises, further bolstering the need for ConfigMgr. 

Application Delivery with Configuration Manager 

If you’ve used Intune for any length of time, you’ve likely encountered its limitations in application delivery. Yes, it can deploy applications, but there really isn’t any control as to when devices get those applications or logging around the installation of that application. ConfigMgr provides a more refined application delivery system, allowing users to get the applications they need when they need them while allowing the admins to monitor and diagnose issues easily. 

Along these same lines, if you enable Software Metering, ConfigMgr provides statistics on which applications are used most often, allowing you to determine future behaviors and make informed decisions. 

Compliance and Configuration

Another area where ConfigMgr has more flexibility than Intune is in its Compliance Baselines with Configuration Items. Yes, there are compliance and configuration items in Intune, but your configuration items won’t apply if your devices aren’t compliant for some reason. This results in you having to try and troubleshoot the compliance before verifying the configuration items are working as expected. In ConfigMgr, this is easier and more reliable with accessible results. 

Granular Control Over Windows Updates

SysAdmins are also tasked with ensuring that our devices are secure, managing Windows Updates with ConfigMgr gives more granular control over what and when updates are deployed. If you’ve used Windows Update for Business, you know that while it works well, it doesn’t offer control over which updates are applied or when they’re installed. There are settings to control when updates are applied, but none to control what gets deployed. However, when ConfigMgr is integrated with WSUS (Windows Server Update Services), it provides granular control over what updates are applied to which devices and when, even allowing you to patch servers on the same schedule. 

Enhanced Reporting Capabilities in Configuration Manager 

ConfigMgr outperforms Intune significantly in reporting capabilities. While Intune offers limited built-in reports, ConfigMgr, with the installation of the Reporting Services point, provides a wealth of readily accessible reports. It’s also much easier to create or install additional reports, giving you deeper insights from the data you’re already collecting. This is particularly valuable for managing Windows updates, an area where comprehensive reporting is essential and where Intune falls short. ConfigMgr comes with a wide range of pre-built reports covering all aspects of your environment and offers flexibility by supporting both SQL Server Reporting Services (SSRS) and Power BI Report Server. 

The Role of Configuration Manager in Operating System Deployment (OSD) 

While ConfigMgr excels in many areas, one critical aspect worth highlighting is Operating System Deployment (OSD). Although Intune can “provision” a computer, it doesn’t offer the same capabilities as performing a full OSD. Intune is designed to manage computers with an existing operating system, but it lacks the tools to easily deploy a new OS. If you need to reinstall an OS due to corruption or other issues, you’d typically have to create a bootable thumb drive, manually install the OS, and then go through the provisioning process with Intune. This process is time-consuming. In contrast, ConfigMgr’s OSD allows you to fully configure devices for end users much more efficiently, using a combination of task sequences, application deployments, and configuration items tailored for on-premises or hybrid environments. 

Conclusion: Configuration Manager is Still a Critical Tool for IT Teams 

As discussed in this article, Microsoft Configuration Manager (ConfigMgr) continues to be a valuable tool for managing IT environments, especially those with on-premises or hybrid setups. It offers reliable control and flexibility for server management, application delivery, and compliance monitoring. 

If you’re looking to improve your existing processes, need assistance with IT management, or need help transitioning to the cloud with less stress, Recast Software is here to help. We offer tools and expertise that can integrate seamlessly with your current setup. 

The post Why Microsoft Configuration Manager Endures in a Cloud-First World   appeared first on Recast Software.

The Liquit PowerShell module now offers comprehensive license usage information, including: 

• PurchasedType : The type of license purchased. 
• BillableCount: The number of licenses that are billable. 
• PurchasedCount: The total number of licenses purchased. 
• ExcludedCount: Licenses that are excluded from billing. 
• OverUsage: Instances where usage exceeds the purchased licenses. 
• BillableRefreshedAt: The last time the billable data was refreshed. 

These enhancements enable administrators to efficiently manage and monitor their licensing needs. 

Key Features of Liquit License Management Automation 

While this feature is powerful, effectively leveraging the data requires careful consideration. Here’s an overview of key points to keep in mind: 

• Accessing License Information: This can be achieved with a straightforward PowerShell command that retrieves the necessary data. 
• Centralize: Store your data in Azure Blob Storage to centralize and streamline access. Azure Key Vault simplifies the secure management of secrets by centralizing storage. 
• Visualizing Data: To make the data insightful and accessible, consider using data visualization tools like Power BI. Power BI can help you create dashboards and reports that provide a clear overview of your licensing status. 
• Automate: Leverage Azure Automation with a Runbook, PowerShell script, and scheduling to automate the generation of license usage data. 
• Regular Monitoring: Regularly review this data to stay on top of licensing needs and prevent over-usage. 

Enhancing Liquit License Management Automation Using Azure 

When it comes to automating tasks in Azure, security and efficiency are key. That’s where Azure Key Vault becomes a crucial element. Azure Key Vault offers several advantages, particularly relevant to our situation: 

• Enhanced Security: Azure Key Vault enhances security by securely storing sensitive information, such as passwords, tokens, and API keys, eliminating the need to hard-code secrets into scripts. This reduces the risk of exposing critical information. 
• Centralized Management: Azure Key Vault simplifies secret management by centralizing storage across multiple scripts or environments. This allows for easy credential updates without modifying existing scripts, saving time and ensuring consistency across automation processes. 
• Seamless Integration with Azure Automation: Azure Key Vault seamlessly integrates with Azure Automation, allowing scripts to easily retrieve and use stored secrets. This simplifies credential management in automation scripts, minimizing security risks. 

Script Overview 

If you need a powerful PowerShell script to streamline your tasks, you’re in luck. I’ve created a script that you can use right away. Visit my GitHub to download it.  

The PowerShell script I wrote will do the following: 

• Retrieve Liquit credentials and Liquit Workspace URL from Azure Key Vault to use in this PowerShell script 
• Use the Get-LiquitZone to get the Liquit License usage information and write it to a CSV-file with a date stamp in the filename 
• Send it to a container in Azure Blob Storage 

Step-by-Step Guide to Liquit License Management Automation 

To achieve the desired outcome, follow these steps: 

1. Create Azure Storage Account and create a container where the CSV-files can be stored 
2. Create an Azure Key Vault 
   • Create Key Vault Secrets for the Liquit Workspace Credentials and Liquit Workspace URL 
   • Make sure that Storage Account has the correct permissions to access secrets within Azure Key Vault 
3. Create an Azure Automation Account 
   • Install the Liquit PowerShell Module which is available in the PowerShell Gallery in Azure Automation. The module can be found with the name Liquit.Server.PowerShell 
   • Create a Runbook and use the PowerScript I wrote 
   • Add a Schedule to the Runbook 
4. Install Microsoft Power BI Desktop on your device
   • Connecting Azure blob storage data to Microsoft Power BI desktop 
   • Transform multiple CSV files from Blob storage without combining them 
   • Create an awesome cool Dashboard 
   • Publish it online in the Power BI service 

To view and share reports on the Power BI Service and automatic schedule data refreshes, a Microsoft Pro or Premium license is required. 

Benefits of Liquit License Management Automation for IT Operations 

Security and efficiency are crucial. Automating the retrieval of license usage information within Liquit Workspace and integrating it with Azure services simplifies processes and enhances IT operations. 

One of the standout features of this solution is its ability to securely store the output data in a CSV file on Azure Blob Storage. Leveraging Azure Key Vault for credential management eliminates the risks associated with hardcoded credentials, ensuring a secure and compliant environment. 

By scheduling this PowerShell script to run weekly in an Azure Automation runbook, you can ensure that data collection is both consistent and up to date. The gathered data is securely stored in Azure Blob Storage, making it easily accessible for further analysis. 

By connecting Power BI to the data stored in Azure Blob Storage, you can create a dynamic, visually appealing dashboard. This dashboard not only empowers IT administrators with vital insights but also serves as a comprehensive reporting solution for IT managers. 

The result is a streamlined, automated workflow that enhances transparency and accountability while delivering a dynamic dashboard with detailed Liquit license usage information. This makes IT operations more efficient and effective than ever. 

If you have any questions, feel free to reach out. Liquit is here to help! 

The post Streamline Liquit License Management Automation with PowerShell, Azure, and Power BI appeared first on Recast Software.

Prerequisites

Before proceeding, ensure that Entra ID is configured as your Identity Source. If not, please follow the instructions at Microsoft Entra ID – Identity Sources to set it up. The steps outlined here were derived from both trial and error and Liquit documentation, particularly the Liquit Agent Bootstrapper deployment with Intune. While these are the steps I followed, your environment may require different settings and customizations. Please consult the documentation for a complete list of settings for your JSON file.  

Note: This guide focuses on configuring the Liquit bootstrapper and agent settings, not Autopilot. 

The term ‘Deployments’ can be ambiguous in IT contexts. For this guide, ‘Deployments’ refers specifically to the section in the Liquit server labeled ‘Deployments.’ 

Step-by-Step Guide to Liquit Deployments through Intune 

Begin by logging into your Liquit portal. We’ll start by configuring and downloading the necessary components. First, create your deployment, which is a collection of packages you intend to deploy to a machine during agent installation. 

• Create your deployment in Liquit. 
  • In Liquit > Manage > Deployments. 
    • Click Create. 
    • Enter a name for your deployment and Click Next. 

• Click Finish
• Once the properties load, proceed with the following steps. 
  • Click Packages. 
  • Search for and add any packages that you would like for this deployment, be sure to specify the “Install” action.

• Click Assignments.
• Be sure to add an assignment for All Devices and the Production Stage.

Now we will move on to getting the certificates needed for the agent installation. 

Certificates for Liquit Deployments

• Certificate-based registration is recommended for optimal device registration. The following steps ensure a smooth process. 
  • In Liquit < Manage < Device Registration, follow the below steps: 
    • Click Create. 
    • Keep the “Certificate” section highlighted and click Next. 

• Name your Certificate and click Next.

• Select the box for Use a self-signed certificate for device registration and click Next.

Give your certificate a name, validity period, and key size. If desired, add a description, then click Next.

• Click Finish. 
• When the properties come up, click on Settings. 
• On the right-hand side, click the button for Download for agent registration button.

• Save this file for use when creating the Intunewin file. 
• Export out the three certificates from the Liquit Server and Certificate Management. This may be different from your environment. We need to establish that trust chain between your client and our Liquit server. 
  • IIS Cert you used. 
  • CA Cert for that IIS Cert. 
  • Liquit Self-Signed Cert. 
• Create three profiles in Intune, one that pushes out the above three certs to devices in their root store Create trusted certificate profiles in Microsoft Intune | Microsoft Learn. 

Download and Create Required Files

• Create a folder on your C:\ drive (or any folder you choose) to store all the downloaded files. 
• Navigate to Support – Liquit and download the Agent Bootstrapper and save it in the above folder. 
• Log in to your Liquit server and click on your user picture in the right-hand corner and click the link to download the agent. Once downloaded, save to above folder, and rename to Agent.exe. 
• Copy the downloaded certificate file from above to the same folder. 
• Use Notepad++ (or your choice of editor) to create a Json file named “agent.json” and save it to that same folder. 
• Create your Json file. At the end of this document is the Json file that I used that you could copy and modify according to your own settings. I’ve highlighted the areas that require modification. Review the remaining settings to determine if further customization is needed. 
  • The Zone will be your zone that you have created. 
  • The certificate thumbprint will be from the certificate you downloaded in Step 1. 
  • The deployment will be the name of the deployment you created in Step 2. 
  • The identity source will be the name of the Identity source you have created for SSO.  
  • The trusted zone is where you would enter your zone name. This can be multiple zones if you have more than one. 
• Create your IntuneWin file and create your app in Intune. 
  • Follow the documentation guide from Liquit Agent Bootstrapper deployment with Intune to create and upload your package to Intune. 
  • Add ‘/certificate=”AgentRegistration.cer”’ to the install command line so that it copies the certificate you uploaded into the right location so that agent can register correctly with Liquit. 
  • Change the command line for the log to a location that is easily accessible. I used C:\Windows\Temp as my log file location. 
  • Modify the detection method so that instead of using the provided script, you hard code it to look in c:\Program Files\Liquit Universal Agent. 
  • Deploy as required to your autopilot or other devices. 

Achieving a Functional Autopilot Deployment with Liquit Deployments through Intune 

By following these instructions, you should achieve a fully functional Autopilot deployment of applications during device provisioning or initial agent installation.

Note: Ensure port 443 is open on your Liquit server to facilitate communication with clients. After deployment, a device reboot is required to allow the agent to exit deployment mode and restart as a normal process. 

Additional Note: This guide focuses on deploying Liquit on Windows devices. A separate guide for deploying on macOS devices will be published soon.

Happy deploying! 

{ 
    "zone":"https://liquit.corp.viamonstra.com", 
	"promptZone": "Disabled", 
    "registration": { 
        "type": "Certificate", 
		"certificateThumbprint": "1f319334a7357653ded039659953e600e31e6d0f" 
    }, 
    "log": { 
        "level": "Debug", 
		"agentPath": "C:\\Windows\\Temp\\Agent.log", 
		"userHostPath": "C:\\Windows\\Temp\\UserHost.log", 
		"rotateCount": 5, 
		"rotateSize": 1048576 
    }, 
    "deployment": { 
        "enabled": true, 
        "start": true, 
        "context": "device", 
        "cancel": true, 
        "triggers": false, 
        "autoStart": { 
            "enabled": true, 
            "deployment": "Autopilot", 
            "timer": 0 
        } 
    }, 
	"login": { 
		"enabled": true, 
		"sso": true, 
		"identitySource": "MadduxConsulting", 
		"timeout": 4 
	}, 
	"icon": { 
		"enabled": true, 
		"exit": false, 
		"timeout": 30 
	}, 
	"launcher": { 
		"enabled": true, 
		"state": "Default", 
		"start": "Auto", 
		"tiles": true, 
		"minimal": false, 
		"contextMenu": false, 
		"sideMenu": "Tags", 
		"close": true 
	}, 
	"restrictZones": true, 
	"trustedZones": [ 
		"liquit.corp.viamonstra.com" 
	] 
} 

The post How to Create and Provision Liquit Deployments through Intune  appeared first on Recast Software.

Requirements  

• OneDrive Files On-Demand enabled 
• Windows 10 (1709) Fall Creators Update or later 
• SharePoint Library ID  

Step-by-Step Process 

First, let’s go to your SharePoint site that we want to setup for automatic sync, in my case I’m going to use the Marketing site that I have created in SharePoint.  

Copy the Library ID. Click on the Documents sections on the left-hand side.

Sync and Copy Library ID

In the Documents section, click the Sync button. When prompted to Open Microsoft OneDrive, click Cancel. In the pop-up option, click on Copy Library ID to copy the Library ID.  

Configure in Intune

Now go to https://intune.microsoft.com/ > Devices > under the Manage devices section, click on Configuration.

In the Configuration page, click on + Create. Select ‘Windows 10 and later’ under Platform and choose Settings Catalog under Profile type. Click Next.

Give your Profile a Name and Description. Click Next once complete.

Next, you’ll be directed to the Configuration settings to pick your settings. Search for Configure team site libraries to sync automatically. Then click on OneDrive under Browser by category. Next, under the OneDrive Category, select the Configure team site libraries to sync automatically (user).

Once that is selected, close out of the screen to setup your settings on the backscreen. On this page, you’ll want to give your Libraries a name and a value. Remember the Library ID we copied from earlier? You will need to add that to the Value section. Click Next when ready to move forward.  

I skipped Scope tags, but you can adjust those settings if needed.

Next, we’ll assign this library to our users. In my case, I will select a dynamic group for the Marketing team so that all our Global Marketing users will get this SharePoint library automatically.

Review and Create

Review and then create your profile. Then, verify on your device that this policy has successfully synced the Marketing SharePoint documents to the end user’s File Explorer.

Before the policy is enabled, the user does not see any SharePoint site libraries available in their File Explorer.

After the policy is applied, we can now see those SharePoint files sync through to the File Explorer.

Verify inside of the Marketing SharePoint as well. 

Conclusion: Streamline SharePoint Site Library Access with Microsoft Intune

Automating the synchronization of a SharePoint Site Library to File Explorer with Microsoft Intune not only saves valuable time but also ensures consistency across your organization. By leveraging Intune’s management capabilities, you can seamlessly integrate SharePoint libraries into your users’ workflows, reducing help desk requests and improving productivity. Implementing this solution helps your teams have quick and reliable access to the files they need directly from File Explorer, streamlining operations and enhancing the overall user experience.

Check out additional Intune content here.

The post How to Synchronize a SharePoint Site Library to File Explorer with Microsoft Intune appeared first on Recast Software.

A Vision for the Future of Recast Software 

Todd’s extensive experience in product and technology leadership, particularly in high-availability, mission-critical SaaS platforms, aligns perfectly with Recast Software’s commitment to delivering stable, feature-rich, and cloud-enabled solutions. His proven track record in driving product growth and his customer-centric approach will help propel Recast Software’s offerings to new heights. 

“We are thrilled to welcome Todd to the Recast Software team,” said Will Teevan, CEO of Recast Software. “Todd’s deep expertise in engineering and product management, coupled with his passion for innovation and customer success, will be invaluable as we continue to scale our solutions and meet the evolving needs of our clients.” 

Todd also expressed his enthusiasm for joining Recast Software: “I am excited to join Recast Software at such a pivotal time in the company’s journey. The opportunity to contribute to the ongoing evolution of their industry-leading products is incredibly motivating. I look forward to working with the talented team here to drive innovation and deliver even greater value to our customers.” 

Bringing a Legacy of Leadership and Innovation 

Todd joins Recast Software from Everbridge, where he served as Vice President of Engineering for over seven years. At Everbridge, Todd was responsible for overseeing software engineering and API product management, managing a global team of over 300 professionals. His leadership played a crucial role in enhancing the reliability and scalability of Everbridge’s mission-critical SaaS platforms, which are relied upon by governments and enterprises worldwide to manage critical event communications. 

Before Everbridge, Todd held significant leadership roles at several other high-profile companies, including: 

• The Predictive Index: As VP of Engineering, Todd led technology strategy, software development, and technical operations, contributing to the company’s growth in delivering high-quality user experiences. 
• payvia: As CTO, he was responsible for product management, software development, and technical operations for payvia’s SaaS and web-scale platforms, driving the company’s innovation in the mobile payments industry. 
• Sybase 365: During his decade-long tenure, Todd served as Vice President of Software Engineering, leading technical product management, software engineering, QA, and support for Sybase’s enterprise applications and SaaS platforms. 

Looking Ahead 

Todd’s appointment marks a significant milestone for Recast Software as we continue to expand our leadership team and enhance our product offerings. His strategic vision and leadership will undoubtedly play a crucial role in shaping the future of our company and the solutions we provide for our customers. 

Please join us in welcoming Todd Kokoszka to the Recast Software family. 

About Recast Software 

Recast Software is a leading provider of endpoint management and IT security solutions. Our products, including Right Click Tools, Endpoint Insights, and Privilege Manager, empower IT teams to manage and secure their environments with ease and efficiency. With a focus on enhancing Microsoft ConfigMgr capabilities, automating patch management, and streamlining application management, Recast Software is committed to helping organizations navigate the complexities of modern IT landscapes. 

The post Recast Software Announces the Appointment of Todd Kokoszka as Chief Technology Officer appeared first on Recast Software.

Users Most Likely to Recommend 

The Users Most Likely to Recommend badge is a powerful endorsement from our customers. It signifies that among our peers, Recast Software has earned the highest Likely to Recommend rating in our category. This badge isn’t just a mark of approval—it’s a strong indicator of trust. It shows that our customers believe in our products and services enough to confidently recommend them to others. This trust is built on the consistent delivery of value, whether it’s through our innovative features, reliable performance, or top-level customer support. 

For you, this badge means you can be confident in choosing Recast Software as your trusted partner.  

Easiest to Do Business With 

Our customers are busy and often stretched thin. In this context, ease of doing business is critical. That’s why we’re proud of the Easiest to Do Business With badge. This recognition is awarded to the product that earned the highest Ease of Doing Business rating in its category. 

At Recast Software, we’ve consistently prioritized simplicity and efficiency in every interaction, from the initial onboarding process to ongoing support. This badge highlights our efforts to make working with us as seamless as possible. Whether you’re deploying our tools, seeking support, or navigating through our platform, we strive to ensure that your experience is smooth and hassle-free. 

For IT teams, whether upper management or SysAdmins, this badge is a promise that partnering with Recast Software means less complexity and more focus on what truly matters—optimizing your IT environment. 

High Performer 

This High Performer badge is awarded to products with high customer satisfaction scores and lower market presence compared to other vendors. This reflects that, even as a company focused on delivering niche, high-impact solutions, Recast Software punches above its weight in delivering value. 

This badge underscores our ability to meet and exceed customer expectations, even as a specialized provider in the endpoint management and IT security sectors. We’re proud to deliver solutions that solve real problems effectively, which is reflected in the high satisfaction levels among our users. 

For prospective customers, this badge highlights the fact that while we may not be the largest player in the market, our focus on delivering excellence and customer satisfaction positions us as a strong contender among bigger competitors. 

Users Love Us 

Last, but certainly not least, we’ve been awarded the Users Love Us badge, an honor given to products that have garnered 20 or more reviews with an average rating of 4.0 stars or higher. This badge reflects consistent positive feedback from our users, who appreciate the value and reliability that Recast Software brings to their IT operations. 

Customer reviews are a crucial part of our feedback loop. They help us understand what’s working well and where we can improve. The Users Love Us badge is particularly meaningful because it’s a direct result of the voices of our customers. It’s their collective experience that has earned us both their business and this accolade, and it serves as a powerful reminder of the importance of listening to and acting on customer feedback. 

Why Recast Software G2 Awards Matter 

These Recast Software G2 awards represent the trust and satisfaction of our customers. They also highlight our dedication to continuous improvement and our focus on delivering value where it matters most. At Recast Software, we’re committed to continuing our journey of excellence. These G2 badges are but a stepping stone toward even greater achievements. We’re excited to keep pushing the boundaries of what’s possible in IT and endpoint management, and we look forward to sharing more successes with you in the future. 

Read our reviews on G2:

• Right Click Tools
• Application Manager
• Endpoint Insights

Thank you for being an integral part of our journey. Your trust and support have been key in helping us earn these G2 recognitions, and we’re committed to delivering even more value as we continue forward. 

The post Recast Software G2 Awards: Top Honors for Summer 2024 appeared first on Recast Software.

Notable Vulnerabilities in July 2024 Third-Party Patches

Vulnerability severities vary from low to critical. The vulnerabilities with a critical severity rating include Docker Desktop (CVE-2024-41110 with a CVSS score of 9.09) and VMware Workstation Pro 17 (CVE-2024-22268 and CVE-2024-22267, both with a CVSS score of 9.03). Autodesk AutoCAD, with major versions 2022, 2023, and 2025, received patches for the highest number of vulnerabilities. Their extensive security update addressed 41 vulnerabilities. 

Detailed Analysis of Critical Vulnerabilities 

CVE-2024-41110, a security vulnerability, was discovered in certain versions of Docker Engine. This vulnerability could allow unauthorized access under specific conditions, although the likelihood is considered low. Even though this problem was solved in an update in January 2019, it wasn’t included in later major versions. You can read more about this on Docker’s website. Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine | Docker 

A critical heap buffer-overflow vulnerability, identified as CVE-2024-22268, has been reported in the Shader functionality of VMware Workstation and Fusion. This flaw could potentially allow a malicious entity with regular user privileges on a virtual machine with 3D graphics enabled to trigger a denial of service. Stakeholders are advised to consult Broadcom’s security advisory for detailed information and mitigation strategies. Support Content Notification – Support Portal – Broadcom support portal 

Second critical use-after-free vulnerability CVE-2024-22267 has been identified in VMware Workstation and Fusion’s vbluetooth device. This flaw could potentially allow a malicious entity with administrative access to a virtual machine to execute arbitrary code in the context of the host’s VMX process. Users are advised to review their systems and apply updates promptly to mitigate this security risk. Support Content Notification – Support Portal – Broadcom support portal 

Browser Security Updates in July 2024 

Chromium based browsers are known the be updated very frequently. Google Chrome released 6 updates during July. These updates included a remediation for 50 vulnerabilities. Microsoft Edge was updated three times during July and these updates remediated 35 vulnerabilities in total. Opera One was updated only once fixing 4 vulnerabilities. Mozilla Firefox and Mozilla Firefox ESR were updated once remediating 16 and 5 vulnerabilities. Brave Browser was updated twice patching total of 14 vulnerabilities.  

Microsoft Product Updates Included in July 2024 Third-Party Patches

In addition to Edge, Microsoft released updates for the following product families. 

• Microsoft .NET Runtime  
• Microsoft .NET SDK 
• Microsoft 365 Apps 
• Microsoft ASP.NET Core Runtime  
• Microsoft ASP.NET Core Runtime Hosting Bundle 
• Microsoft Azure CLI 
• Microsoft Azure Kubelogin 
• Microsoft Azure PowerShell 
• Microsoft OLE DB Driver for SQL Server 
• Microsoft SQL Server Management Studio 20 
• Microsoft Visual Studio 2022  
• Microsoft Visual Studio Team Explorer 2022 
• Microsoft Windows Desktop Runtime  

Key Third-Party Line-of-Business Application Patches 

Multiple versions of Java products are vulnerable, including but not limited to: Amazon Corretto JDK/JRE, Azul Zulu JDK/JRE, BellSoft Corporation Liberica JDK/JRE, Eclipse Temurin JDK/JRE, Oracle Java Runtime Environment Version 8, Oracle Java SE Development Kit, and Red Hat OpenJDK/JRE. See Oracle’s security advisory for more information. Oracle Critical Patch Update Advisory – July 2024  

AutoCAD products were heavily patched during July. Please see for more information in their advisories. adsk-sa-2024-0009 (autodesk.com) and adsk-sa-2024-0010 (autodesk.com) 

5 vulnerabilities was patched in the latest patch for Jetbrains Teamcity. See more information in. Fixed security issues (jetbrains.com) 

Calibre by Kovid Goyal remediated 4 vulnerabilities in their patch in July. See for more information in  Advisories | STAR Labs.  

Detailed List of July 2024 Third-Party Patches

For complete list of applications, versions and remediated vulnerabilities see the following list generated by using Setup Store data.  

Conclusion: July 2024 Third-Party Patches

Maintaining the security and performance of your IT environment hinges on timely third-party patching. The July 2024 updates addressed significant vulnerabilities across various applications, underscoring the importance of staying vigilant. By prioritizing these patches, you help safeguard your systems against potential exploits and ensure continued operational stability.

To deepen your understanding of third-party patching and its impact on your security posture, explore our eBook Reduce Your Attack Footprint. Additionally, don’t miss our analysis of the August 2024 Microsoft Patch Tuesday here.

The post July 2024 Third-Party Patches appeared first on Recast Software.