Success stories

Our customers come in all shapes and sizes.

We work with organisations from all walks of life, with different ambitions and requirements. Explore how we’ve helped them reimagine everyday, and align technology with their culture and business goals.

Basic authentication disabled for Microsoft Exchange Online

Basic authentication disabled for Microsoft Exchange Online in October 2022.

Our step by step guide explains what’s happening, how to check if your tenant will be affected and how to disable basic authentication ahead of the deadline. What’s happening and when How to check if you’re using basic authentication How to disable basic authentication Author: Ben Owens, Technical Architect at Cloud Business An experienced Technical Architect, Ben supports customers with Professional Services. He takes a truly consultative approach by encouraging open and creative conversations about technology during the discovery phase, helping businesses to uncover the best solutions for their users. Ben’s specialisms include Microsoft 365, Exchange, Identity and Modern Desktop with Microsoft Endpoint Manager. Update, 12th October 2022 This article was originally published in August 2022, ahead of the October 2022 deadline. We’ve seen a surge of interest in this blog post, as many businesses are not prepared for basic auth being disabled. If you’re not ready, Microsoft have published two ways to delays this being disabled: Request that your tenant it’s opted out – this will delay basic authentication being disable until January 2023 Re-enable basic authentication using a ‘one-time’ option in the tenant – again this will delay basic authentication being disable until January 2023 Microsoft plan to disable basic auth for Exchange Online in October 2022, what’s the background? Basic authentication is essentially a login via username and password for client access. Importantly, basic auth doesn’t support multi-factor-authentication to verify logins and as a result is frequently used by attackers as a method to compromise user accounts.  Exchange Online has quite a lot of protocols which still allow basic authentication. To help close off these security gaps, Microsoft will be shutting these down from October 1st 2022. This will not be the switch-off date for everyone; Microsoft will randomly select tenants. They will send a 7-day warning into your Message Center posts and will then turn off basic authentication in your tenant. Microsoft plan to have this completed by the end of the year, so it’s important to be prepared. Microsoft originally planned to have basic authentication disabled by October 2020, however due to the Covid-19 pandemic, the deadline was delayed by Microsoft to allow organisations more time to prepare. This time, basic authentication will be disabled and there won’t be any exceptions. In essence, you need to be ready for October 1st, 2022.  What does it mean? Once Microsoft disable basic authentication for your tenant, any users, applications, or services using basic auth will no longer be able to connect using that method.  So, are you using basic authentication for genuine reasons, and if so, where is it being used, by which account, and for what reasons? We’ve prepared a step by step guide to help you to prepare your business for this change. How to check if you’re using basic authentication A great way to determine if you’re using basic authentication in your tenant is by checking your Azure AD sign-in logs. Ask your administrator to check the following:  Navigate to the Azure AD Sign In section here.  Extend the default date from the past 24 hours, to 1 month. Depending on your level of licensing, you may only be able to extend this to 7 days. Note, that signing up to an Azure AD Premium trial will unlock 1 months’ worth of sign-in information.  From the filter drop down, select ‘Client App’ and ‘Apply’.  From the ‘Client App’ client filter, there’s a long list of ‘Legacy Authentication Clients’. Select the following from the list:  Autodiscover  Exchange ActiveSync  Exchange Online Powershell  Exchange Web Services  IMAP  MAPI over HTTP  Offline Address Book  Other Clients  Outlook Anywhere  POP  Reporting Web Services  SMTP  Universal Outlook  Note: that Microsoft are not turning off SMTP AUTH. Microsoft have turned off SMTP AUTH for millions of tenants who are not using it, but if SMTP AUTH is enabled in your tenant, it’s because Microsoft see usage and won’t touch it. Despite this, we recommend that you aim to remove all use of basic authentication unless it’s absolutely necessary.  Because we’re interested in the potential impact to the genuine uses of basic authentication, add the filter ‘Status’ and set it to ‘Success’.  The results will provide a detailed breakdown of the sign-ins using basic authentication. You can choose to filter and navigate through the sign-in information in the Azure AD portal, or alternatively you can export the information into a CSV file and use Excel to filter the information:  Note: CSV download will be limited to 100,000 records, so if your query returns results past that limit, you may want to apply tighter filters by date/period or reduce the amount of ‘Client Apps’ selected in your filter.  What next?  If your query displays no results, then you’re looking good, and you could look to disable basic authentication before Microsoft does it for you in October. However, if you have successful sign-in events listed, you may be wondering how to deal with them? The short answer is that ‘it depends’. However, here’s a guide to the common actions needed and guidance on the trickier actions needed:  Common Actions:  Outlook Client Version and Registry Keys – you may see references for connections to Exchange Online using MAPI, RPC, AutoDiscover and OAB. In these cases check the Outlook version number and check whether the relevant registry keys are in place to allow modern authentication – check here.  ActiveSync – many modern devices support ActiveSync connections using modern authentication. If those devices are attempting to connect using basic authentication, then it can be as simple as the user recreating the mail profile using their ActiveSync app, so it then uses modern authentication. Alternatively, I recommend you look at moving those users to the Outlook Mobile App instead.  POP/IMAP – connections into Exchange Online via POP/IMAP support modern authentication, however Microsoft Outlook doesn’t provide that connectivity. If you require that connectivity, then you’ll need to use an app which supports modern auth.  More Complex:  Devices, Applications and Services – Updating end user devices or advising users to use
View case study >

How to prioritise 1st line support tickets like a pro!

How can your IT team prioritise 1st line support tickets effectively? Find out in this blog post where we share how it's done.
View case study >

5 ways to drive IT service desk improvements

If end user satisfaction rates are not where they should be, read this article exploring how to make effective IT service desk improvements.
View case study >

The real benefits of outsourcing onsite IT support

Is outsourcing onsite IT support a good fit for your organisation and are there more benefits to be had, compared to using an internal team or remote provider? Find out here.
View case study >

IT outsourcing risks and how to mitigate them

There are inherent IT outsourcing risks whenever your outsource an IT function but with due diligence and preparation you can mitigate these. More here.
View case study >

5 steps to bring employee experience into your IT service desk

How much is your IT service desk costing your business, and is it value for money? In this post we go beyond the cost per ticket and look at how the employee experience affects your service desk and the cost of an IT incident.
View case study >

How to handle the risks of outsourcing your IT

Along with many benefits, there are also risks that go hand in hand with outsourcing some or all of your organisation’s IT function. In this post we look at how to handle the risks of outsourcing your IT.
View case study >

How to maintain 24x7x365 IT support for end users

Does your end user community need 24x7x365 IT support? In this post we explore the key drivers and how to deliver the right IT services.
View case study >

IT outsourcing for SMEs

In this article we explore the the benefits of IT outsourcing for SMEs, what you can outsource, how to go about it and the different options available to your business.
View case study >

Common IT outsourcing drivers

In this post we share 6 common IT outsourcing drivers that will help you understand whether organisation can benefit from outsourcing some or all of your IT function.
View case study >

In-house vs outsourcing

What are the benefits of IT outsourcing? In this post we explore in-house vs outsourcing for IT teams.
View case study >

Can your business afford in-house IT support?

In-house IT support doesn't come cheap. In this blog post we explore how to make end user support more cost effective and efficient.
View case study >
Basic authentication disabled for Microsoft Exchange Online

Basic authentication disabled for Microsoft Exchange Online in October 2022.

Our step by step guide explains what’s happening, how to check if your tenant will be affected and how to disable basic authentication ahead of the deadline.

Author: Ben Owens, Technical Architect at Cloud Business

Ben Owens, Technical Architect at Cloud Business

An experienced Technical Architect, Ben supports customers with Professional Services. He takes a truly consultative approach by encouraging open and creative conversations about technology during the discovery phase, helping businesses to uncover the best solutions for their users.

Ben’s specialisms include Microsoft 365, Exchange, Identity and Modern Desktop with Microsoft Endpoint Manager.


Update, 12th October 2022

This article was originally published in August 2022, ahead of the October 2022 deadline.

We’ve seen a surge of interest in this blog post, as many businesses are not prepared for basic auth being disabled.

If you’re not ready, Microsoft have published two ways to delays this being disabled:

  • Request that your tenant it’s opted out – this will delay basic authentication being disable until January 2023
  • Re-enable basic authentication using a ‘one-time’ option in the tenant – again this will delay basic authentication being disable until January 2023

Microsoft plan to disable basic auth for Exchange Online in October 2022, what’s the background?

Basic authentication is essentially a login via username and password for client access. Importantly, basic auth doesn’t support multi-factor-authentication to verify logins and as a result is frequently used by attackers as a method to compromise user accounts. 

Exchange Online has quite a lot of protocols which still allow basic authentication. To help close off these security gaps, Microsoft will be shutting these down from October 1st 2022. This will not be the switch-off date for everyone; Microsoft will randomly select tenants. They will send a 7-day warning into your Message Center posts and will then turn off basic authentication in your tenant. Microsoft plan to have this completed by the end of the year, so it’s important to be prepared.

Microsoft originally planned to have basic authentication disabled by October 2020, however due to the Covid-19 pandemic, the deadline was delayed by Microsoft to allow organisations more time to prepare. This time, basic authentication will be disabled and there won’t be any exceptions. In essence, you need to be ready for October 1st, 2022. 

What does it mean? Once Microsoft disable basic authentication for your tenant, any users, applications, or services using basic auth will no longer be able to connect using that method. 

So, are you using basic authentication for genuine reasons, and if so, where is it being used, by which account, and for what reasons? We’ve prepared a step by step guide to help you to prepare your business for this change.

How to check if you’re using basic authentication

A great way to determine if you’re using basic authentication in your tenant is by checking your Azure AD sign-in logs. Ask your administrator to check the following: 

  • Navigate to the Azure AD Sign In section here
  • Extend the default date from the past 24 hours, to 1 month. Depending on your level of licensing, you may only be able to extend this to 7 days. Note, that signing up to an Azure AD Premium trial will unlock 1 months’ worth of sign-in information. 
Basic authentication disabled - how to guide, extend default date
  • From the filter drop down, select ‘Client App’ and ‘Apply’. 
Basic authentication disabled - how to guide, client app
  • From the ‘Client App’ client filter, there’s a long list of ‘Legacy Authentication Clients’. Select the following from the list: 
  • Autodiscover 
  • Exchange ActiveSync 
  • Exchange Online Powershell 
  • Exchange Web Services 
  • IMAP 
  • MAPI over HTTP 
  • Offline Address Book 
  • Other Clients 
  • Outlook Anywhere 
  • POP 
  • Reporting Web Services 
  • SMTP 
  • Universal Outlook 

Note: that Microsoft are not turning off SMTP AUTH. Microsoft have turned off SMTP AUTH for millions of tenants who are not using it, but if SMTP AUTH is enabled in your tenant, it’s because Microsoft see usage and won’t touch it. Despite this, we recommend that you aim to remove all use of basic authentication unless it’s absolutely necessary. 

Basic authentication disabled - how to guide, client app
  • Because we’re interested in the potential impact to the genuine uses of basic authentication, add the filter ‘Status’ and set it to ‘Success’. 
Basic authentication disabled - how to guide, status success
  • The results will provide a detailed breakdown of the sign-ins using basic authentication.
  • You can choose to filter and navigate through the sign-in information in the Azure AD portal, or alternatively you can export the information into a CSV file and use Excel to filter the information: 
Basic authentication disabled - how to guide, download csv
Basic authentication disabled - how to guide, download csv

Note: CSV download will be limited to 100,000 records, so if your query returns results past that limit, you may want to apply tighter filters by date/period or reduce the amount of ‘Client Apps’ selected in your filter. 

What next? 

If your query displays no results, then you’re looking good, and you could look to disable basic authentication before Microsoft does it for you in October.

However, if you have successful sign-in events listed, you may be wondering how to deal with them? The short answer is that ‘it depends’. However, here’s a guide to the common actions needed and guidance on the trickier actions needed: 

Common Actions: 

Outlook Client Version and Registry Keys – you may see references for connections to Exchange Online using MAPI, RPC, AutoDiscover and OAB. In these cases check the Outlook version number and check whether the relevant registry keys are in place to allow modern authentication – check here

ActiveSync – many modern devices support ActiveSync connections using modern authentication. If those devices are attempting to connect using basic authentication, then it can be as simple as the user recreating the mail profile using their ActiveSync app, so it then uses modern authentication. Alternatively, I recommend you look at moving those users to the Outlook Mobile App instead. 

POP/IMAP – connections into Exchange Online via POP/IMAP support modern authentication, however Microsoft Outlook doesn’t provide that connectivity. If you require that connectivity, then you’ll need to use an app which supports modern auth. 

More Complex: 

Devices, Applications and Services – Updating end user devices or advising users to use a different route of connection is relatively easy to progress, but the areas which can require more attention are applications, devices or services using basic auth. Identifying these may not be easy. This is because the connecting IP address may relate to a general internet breakout at one of your main locations. It may be using a generic service account, and the connection type may appear as nondescript. Try using a combination of the User Agent String, protocol, account name, IP address and time of authentication to help to determine its use.  

Once you have a picture of what is connecting using basic auth, the next steps are determining the route to modern auth. Some applications or services may have a fairly easy way to switch over to modern auth, however some legacy systems may require an update to how they can authenticate.

How to disable basic authentication

To move ahead with blocking basic auth, you have two key steps: 

Disabling Basic Auth via Conditional Access – if you’re licensed with Azure AD Premium P1 or above, you can create a conditional access policy to block legacy authentication. You can scope this out to users and groups. Focus on users who aren’t using basic auth first. As you progress in removing the need for basic auth, you can then expand the scope of your policy to other users. Note, that blocking legacy auth connections is carried out after verifying credentials. You ideally want to move to blocking basic auth via Authentication Policies. 

Having basic authentication disabled via Authentication Policies – once you have removed the need for users, applications, or services to connect using basic auth, you can make basic authentication disabled using Authentication Policies. This is better than blocking legacy auth via Conditional Access as it’s done before credentials are verified. 

Log Analytics 

If you’re not already using it, we recommend setting up Azure AD log analytics. This provides you with a retention of sign-in and audit events and provides powerful workbooks which can help you understand current behaviours, risks and assists in assessing new Conditional Access policies and their potential impact. 

Basic authentication disabled - how to guide,reporting

Summary 

The above provides direction of how to review and remove basic auth from your Microsoft 365 tenant. 

If you’re looking for support in these areas, or are considering outsourcing your IT Support to a reliable team, get in contact and we’ll be happy to assist you.

How to prioritise 1st line support tickets like a pro!

All 1st line support tickets are a priority! At least to the user who’s generated the ticket. Whether it’s a minor technical hitch, a request for a password reset or a more major IT incident, every ticket is a top priority for the user.

Of course, your IT team is going to have a different opinion on what’s a priority and what’s not. Naturally a major incident that’s threatening the organisation’s bottom line is going to be top of the list. But thankfully these kinds of incidents are not everyday occurrences and most 1st line support tickets are much less serious.

However, they still have an impact on business and on the individuals effected. Collectively they have a greater effect, which is why if your IT team regularly has a backlog of unresolved tickets it may be time to outsource 1st line IT support to a service desk provider.

Learn more about driving IT service desk efficiencies and improving service levels here >

How do you prioritise 1st line support tickets when everything is a priority?

Even when you outsource your IT service desk, you still need to prioritise support tickets to meet the needs of your users and business. If you feel that you’re getting a poor service from your IT support it could be because tickets are not being prioritised effectively, or aligned with your business needs.

Most organisations will prioritise tickets in a similar way, for example an issue effecting the sales team that has a direct impact on the bottom line will be given a higher priority than a comparable issue effecting an HR department.

However, there may be factors that are unique to your business that mean your tickets will need to be prioritised in a different way to other organisations. There can also be some tricky decisions to make about how users are prioritised: are issues effecting production more important than those effecting distribution or sales? Should a ticket raised by the MD be prioritised over other senior managers?

Obviously, different issues or incidents need to be prioritised too, and the nature of the problem might override a ticket from a high priority department or user. For example, if the email server is down across the whole organisation that’s going to be a higher priority than the CFO getting locked out of the finance system.

To develop an effective process for prioritising support tickets, we recommend the following:

  1. Establish priority levels for different IT problems by users, departments or groups
  2. Introduce Service Level Agreements with rules for closing tickets

The first step is to consider all commonly occurring IT issues and occasional technical glitches, as well as more infrequent major incidents, and their impact on different user groups. IT teams or service desk analysts use this as the basis for prioritising tickets.

If you have very low volumes of IT support tickets this can be enough to ensure that the business is not adversely effected by any IT issues. However, a common scenario for many businesses is that as high priority tickets come in, lower priority tickets start to stack up and don’t get resolved. It becomes more and more difficult to clear the back log and user satisfaction levels plummet.

By introducing Service Level Agreements (SLA) that define rules for closing tickets this problem can be resolved. Different types of tickets are assigned a resolution time that might vary from 30 minutes for a critical issue to 1 day for a low priority ticket, helping the IT support team manage their time and tickets more effectively. Low priority tickets are escalated as the SLA targets become more pressing. This can also improve user satisfaction levels as it helps to manage expectations.

Finally, one important step to ensure that tickets are prioritised effectively is training.  While your IT team may have priority level guidelines to help them and SLA targets to meet, training will help them make better judgements on the priority of different support tickets and improve the experience for users.

Asking the right questions is fundamental to this. With the right information service desk teams are in the best position to understand the urgency of a problem and the impact on the business. It’s not rocket science! Basic questions such as ‘how many users are affected?’ and ‘what services are affected?’ provide a clearer picture of the impact of an issue, but are often not asked.

1st line support key takeaway

If your IT support team or service desk is not delivering the service you expect, review the way tickets are prioritised to identify any issues that can be easily rectified.

5 ways to drive IT service desk improvements

How can you improve your IT service desk? The ability to access IT support quickly and easily is essential for your users, whether they are employees, customers or partners. If your IT service desk is unavailable, or hard to reach, it can have a negative impact on productivity, revenue generation and reputation. Therefore, if user satisfaction rates and ticket resolution times are not meeting the grade, it’s time to make some improvements.

Here we share x5 IT service desk improvements that deliver positive results.

IT service desk improvements – try these…

  1. Improve self-service options

An effective way to improve your IT service desk is to reduce the number of tickets raised. This has the benefit of reducing your IT support team’s workload so they can focus on resolving other tickets and also work on more strategic projects. Improving your self-serve options is the first step, by giving users solutions to resolve the issue for themselves.

Review your knowledge banks and troubleshooting guides to see whether they can be improved and updated. Are there common problems that a self-service option could address? Many people are happy to fix a problem for themselves if it means they can get a faster resolution, so make sure users know about self-serve options and how they can help them.

  1. Listen to your users

Customer satisfaction rates improve, alongside positive outcomes, when service desk analysts really listen to your end users. It’s important to identify how significant the issue is to the end user, however low a priority it is to your IT support team. That way they can be reassured that they are being listened to, that the issue is being taken seriously and that the service desk analyst understands them. That doesn’t mean that their ticket is escalated, unless it is clearly a higher priority than you thought, but it does mean that the user has more confidence that the service desk will deal with it appropriately. Invest in training to ensure your service desk team are really listening to what users are saying.

  1. Outsource 1st line tickets

1st line tickets can be very time consuming for an in-house IT department. They distract your team from doing other more value-adding work, and are also difficult to manage when you require out-of-hours cover. Outsourcing 1st line tickets – such as call logging, password resets, account unlocks, distribution list changes/creations, closing sessions, clearing print queues, user training, basic desktop support, basic hardware issues and third party triage – can deliver significant improvements to your service desk. It can also be a much more cost effective way of providing basic IT support.

  1. Collect user feedback

Without feedback from users it’s difficult to know how to improve the performance of your service desk. Even if you can’t always act on improvement-based feedback, you can increase customer satisfaction rates just by replying and acknowledging the user’s input. Explain that you’re grateful for their input and outline what steps can or have been taken to address the issue raised.

When you can act on feedback, and especially if you see trends developing where users give very similar improvement-based feedback, act on it! Then make sure you inform all parties of the improvements that have been put in place so they know you take their feedback seriously.

  1. Go above and beyond

Service Level Agreements set out what users can expect from your service desk, but what about doing more? When a user receives more value, their whole perception of your IT support team changes from a ‘necessary evil’ to a department that’s genuinely there to help. Promote a culture of delivering value. Instead of just logging tickets, encourage service desk analysts to think about how they may be able to help outside of pre-defined procedures. For example, if a user has an issue printing an important document, as well as logging the ticket and booking an engineer to repair the printer could they help the user get that document printed by other means?

It may not be easy to drive improvements to your IT service desk when you have limited resources and budget. Implementing self-serve solutions, having the time to really listen to users and collate feedback, and going above and beyond when time is short and tickets are piling up isn’t always feasible. However, you can implement these improvements by outsourcing to a specialist provider. They have the resources and infrastructure needed to improve the performance of your service desk, and will also free up your IT department’s time to focus on delivering more value in other areas.

Download our guide to learn more about driving IT service desk efficiencies… 

The real benefits of outsourcing onsite IT support

Onsite IT support, run by your own staff, can be an expensive way to provide technical IT support in SMEs. The majority of tickets generated will be 1st line, way below the paygrade of many internal IT teams, but essential for minimising downtime and the smooth running of all organisations. 

2nd and 3rd line support tickets may offer more interesting work to your inhouse IT team, with the chance of inputting into strategic IT decisions, but if your more highly skilled and specialist staff are also covering 1st line support they’ll be overstretched.  

Remote IT support is a good solution to get balance right. You can outsource 1st, 2nd and 3rd line support, in any combination, saving on those expensive salaries and freeing up staff to focus on their core competences.  

But what about outsourcing onsite IT support? Is it an option for your organisation and are there more benefits to be had, compared to using an internal team or remote provider? 

Here’s where outsourcing onsite IT support can help  

  • Addresses the lack of internal technical skills 

Onsite support is great for project-based IT work as it increases your internal skills without you needing to make permanent hires. Onsite support is also highly beneficial for high risk mission critical projects. 

  • Provides hands on support for hardware issues 

Not all IT problems can be fixed remotely, especially hardware issues. Onsite support improves diagnostics of problems too and the speed of resolutions. 

  • Increases availability of support 

Naturally, having onsite support means someone is available during their working hours to resolve your IT issues. While resolution times will be dependent on ticket volumes and capacity, your organisation will always be their top priority. 

  • Proactive approach to IT support 

Unlike remote IT support where service desk analysts are generally focused on the specific issue a user has, onsite support analysts can take a more proactive approach. For example, by identifying issues that haven’t been reported but are impacting productivity, security or other factors. 

  • Direct interaction with end users 

The benefit of having IT support onsite also extends to employee relationships, communication and engagement. Onsite support analysts are visible, so employees are more likely to request support when they need it instead of trying workarounds or being unproductive. Analysts are also embedded in the organisation, so they have a much better understanding of business drivers, priorities and strategy. 

  • Increased security and compliance 

Accredited service desk providers like Cloud Business can provide remote IT support for regulated organisations and have robust security and data protection measures in place. However, you may want the reassurance of having onsite support for compliance reasons or for highly secure or confidential projects. 

If you would like to discuss any of the topics covered in this blog post, or explore outsourcing onsite IT support with us, please get in touch

IT outsourcing risks and how to mitigate them

If your organisation wants the benefits of IT outsourcing but is concerned about risks, read on. In this post we explore the key IT outsourcing risks and how to mitigate them.

Let’s first look at the key risks outsourcing IT can present:

Operational risks – where if something goes wrong with IT outsourcing a transaction or operational process is impacted. For example an order isn’t dispatched or a customer can’t complete a transaction.

Data security risks – giving a 3rd party access to your organisation’s IT infrastructure has inherent risks. Any additional users increases the risk of a data breach, particularly when accessing systems remotely.

Compliance risks – data security risks go hand-in-hand with compliance risks. All organisations need to comply with data protection regulations like GDPR but some organisation have additional compliance requirements.

Business continuity risks – what happens if the IT service provider is affected by an incident such as a power outage, natural disaster, fire or flood? Their business continuity and disaster recovery plans will have a knock on effect on your organisation.

Reputational damage – if the service your organisation receives from an IT service provider falls short it can damage your organisation’s reputation, particularly if they have a customer-facing role such as providing technical support to your customers.

Got a question about IT outsourcing? We’re here to help! Book a discovery call with one of our team here >

How to mitigate these IT outsourcing risks

Planning is the key to militating against any security risk. When outsourcing to a new IT service provider, start the process early to ensure you don’t overlook any detail that could exposure your organisation to unnecessary risk.

The following steps can help:

Conduct a risk assessment. Assess the IT service required against each risk and the business impact if something goes wrong. From this assessment you’ll be able to identify the most critical factors and carry out appropriate due diligence.

Understand the processes the IT outsource provider uses. Due diligence should include a thorough understanding of all the processes employed and how these impact on your organisation. A site visit is highly recommended, although not always feasible if you’re exploring outsourcing to an offshore IT service provider.

Explore how resilient the IT provider’s business is. Get a clear idea of how the provider’s business continuity and disaster recovery processes protect their customers and what processes are in place to minimise disruption to other businesses. Also explore the company’s financial resilience and business plans, if they go under or sell to another company how does that affect your organisation?

Test different risk scenarios with the provider. Just as you would test your business continuity plans internally with key members of staff, test different risk scenarios with the IT service provider. This will help you identify any factors that leave your business vulnerable.

Get guarantees and ask providers to sign up to your standards. Most IT service providers will have quality standards certifications like ISO 27001 for information security. They may also have developed their own standards and processes, aligning them with their customers’ requirements. If not, ask them to sign up to your standards, such as the way they vet staff and handle staff leaving their employment. You can also ask for guarantees that they have the right physical and virtual security protection and processes in place.

Don’t let the security risks associated with IT outsourcing put you off this model! With the right preparation and the right provider you can get all the benefits while mitigating the risks.

For more advice on IT outsourcing please get in touch for an informal chat about your requirements.

Book a discovery call advert

5 steps to bring employee experience into your IT service desk

How much is your IT service desk costing your business? Most service desk providers will give you a ballpark figure of the average cost per ticket, that’s what they charge you for handling an IT support ticket. But that’s not the only cost your organisation incurs when an employee is affected by an IT incident. There’s also lost working time and that could be significantly more expensive than the ticket cost.

Download our checklist to discover whether your organisation is getting a 4 Star service from your IT support provider. Click here.

In fact Happy Signals, an employee experience measurement tool, believes that the average direct ticket cost (what you pay to your service provider) is €15 per ticket, but the average employee lost productivity cost related to that ticket is €150 (approx. 3 hours on average).

How to reduce lost productivity costs

If you’re outsourcing your service desk rather than running it in house, SLAs will give you some reassurance that tickets will be resolved in a timely way. However, response times will depend on the nature of the IT incident and the priority that’s been agreed for the type of incident and the users affected. For example, if an IT incident is preventing a large number of staff from getting on with their work the ticket might be given a priority 1 with a target fix time of 1 hour.

That’s why it’s really important to understand the impact different IT incidents can have on your company and key members of staff, and agree priority levels with your service provider.

However, even those less serious incidents that are given a lower priority level are disruptive, and no employee wants to hear that they’re less of a priority than someone else. This results in a negative employee experience even when your service provider is fulfilling agreed SLAs.

So how can we improve the employee experience, reduce the cost of downtime and give those priority tickets the attention they need?

Here are our recommendations:

How to improve employee experience and service desk performance

#1: Assess the priority levels given to different tickets

If your employees are losing valuable hours waiting for low priority tickets to be resolved, may be the priority levels are wrong? Your service desk provider will suggest how to rank different IT incidents based on their experience, but priority levels for tickets will be unique to your organisation. Review the tickets raised in the last 3 – 6 months to identify any trends and speak to your service provider about how to reduce downtime.

#2: Introduce next generation service desk technology

Many employees have good IT skills and could resolve commonly occurring IT issues for themselves with the right tools. Next gen technology such as web chat and other self-serve tools can help them get back to work quickly without needing a service desk analyst or technician’s help. Speak to your IT support provider about how to implement a next generation service desk.

#3: Change the culture of your service desk

If your service desk team are focused on logging tickets, not listening to what users are telling them, you could have a cultural mismatch. Make sure your service desk analysts are listening first and then pointing users to the most appropriate resolution. This might be to share content from your knowledge bank so they can resolve the issues themselves. Or, having listened to the user and got a better understanding of the impact of the issue on that individual or department, the service desk analyst may assign a higher priority to the ticket than they would had they only listened to what the problem is.

#4: Take proactive steps to prevent commonly occurring issues

A proactive service desk will monitor tickets and identify issues that can be prevented before they occur, or at least minimised. Review commonly occurring issues to see what the root cause of these are and how they can be resolved permanently, over time this could save your business many hours in lost productivity.

#5: Give your in-house service desk team the support they need 

If you currently handle all IT support tickets internally, you may find that outsourcing 1st line tickets will improve the employee experience and have a positive impact on your IT team. This will allow internal teams to focus on 2nd and 3rd line tickets that are more complex and time consuming, while 1st tickets like password resets, clearing printer queues and account unlocks are handled by the outsource partner.

IT incidents will always take time to resolve and that can have a negative impact on productivity. However, the tips above can help you minimise downtime and the cost of each incident, over and above the direct cost of raising a ticket.

Discover IT service desk services advert

How to handle the risks of outsourcing your IT

Outsourcing your organisation’s IT function (in full or in part) has many benefits. But these benefits often go hand in hand with risks.

Here we share 5 of the most common IT outsourcing risks and how to handle them:

5 IT outsourcing risks to avoid or resolve

#1: Loss of control

IT outsourcing by definition means that you’ll be handing over some of the managerial control of your IT function to an IT services provider. In most cases this is a benefit, it frees your team up to focus on other activities. However, ‘out of sight, out of mind’ is not the desired outcome; instead your provider and their team should really be an extension of your internal team, where you have transparency and visibility over everything that relates to your organisation.

How to avoid losing control? – Make sure all parties understand the parameters of the project; ensure that the services provided are aligned with business and operational goals, and that there is a clear protocol for changing deliverables; have a clear reporting systems and identify exactly what information you need from the provider; promote collaboration between each team.

#2:  Loss of skills and knowledge

If you’re considering outsourcing your IT service desk or other operational functions to a IT outsourcing provider, you may be concerned that you’ll lose internal skills and knowledge. This could potentially make it difficult to bring a function back in-house or move to a different IT services provider.

Access to skills is actually a motivating factor for outsourcing IT, when your organisation has a skills gap, but it’s an understandable concern when weighing up whether to recruit or outsource.

How to keep skills and knowledge in-house? Identify the most important skills required in-house and ensure you’re investing in training and CPD to keep your IT team up-to-date; investigate whether a hybrid outsourcing model may be appropriate, for example outsourcing 1st line tickets but retaining 2nd and 3rd in-house; consider also whether it would be beneficial for the service provider to work directly with your internal team, helping to upskill individuals and retain skills; ensure the IT service provider continually updates documentation and your organisation’s IT knowledge bank.

How much does outsourcing your Service Desk cost? Get a high level quote here >

#3: Geolocation

In theory IT outsourcing providers could be located anywhere in the world. Many of them are. The offshore outsourcing model is used by many organisations. However, for some organisations there is a risk when the provider is located on the other side of the globe. Time zones, language barriers and the ability to make on-site visits are obvious hurdles that might need to be overcome. Other considerations are the economic and political climate in the region the provider is located, as well as industry and local.

Is geolocation an issue? Be clear about what services you require and how location may affect service levels, and what compromises your organisation is prepared to make. Offshore providers can often be cheaper than onshore companies, but may not deliver the service your organisation requires. Factor in regulatory compliance, including the impact on your organisation’s clients and their governance. Think about the future and whether the provider is able to scale with your business and support development and growth.

#4: Security and compliance

Giving a 3rd party provider, and their employees or contractors, access to your IT systems and infrastructure is not without security risks. However, as well as functions such as IT support, many organisations are outsourcing cyber security and data protection to external providers: who can often do it much better than they can.

Is security a risk? The first step is to address any compliance issues and how working with a 3rd party provider impacts regulations. Then understand exactly what data and systems a provider will have access to, for example if an analyst offers desktop support they’ll potentially have access to corporate data stored on local drives and maybe network shares. Find out what data the provider needs, what they do with that data, how it is used and stored and how they protect it. Do background checks and get confidentiality agreements in place. Check for ISO 27001.

#5: Not aligned with business operations and objectives

Finally, an IT outsourcing risk can be a lack of alignment between the organisation’s day-to-day operations and strategic direction. Some providers are guilty of selling in their services without fully understanding the business and this can result in an organisation not getting value and positive ROI.

How to avoid this risk? Alarm bells should sound if the provider attempts to sell a one-size-fits-all service without first taking the time to understand your requirements, operations and business objectives. Put your IT requirement out to tender with a Request for Proposal to help shortlist providers and identify those that want to develop a strategic partnership with your organisation.

If you would like to discuss IT outsourcing in more detail please get in touch for an informal chat with our team.

How to maintain 24x7x365 IT support for end users

For many UK SMBs with staff and clients in the UK, staying open 24/7 isn’t the norm. However, for companies with clients and teams around the world, or those that operate in ‘always up’ sectors like hospitality, healthcare and e-commerce, end user support (EUS) needs to be accessible 24x7x365.

If your organisation is seeing increasing demand for out of hours IT support, transitioning from weekday operating hours to 24x7x365 IT support is a big step to take. Before you take this step, there are a few questions worth asking: 

  • Do we need this?
  • Can we afford this?
  • What happens if we don’t provide this support?

As with most business decisions, needs and opportunity costs must be balanced. If your company has staff, contractors and clients that need access to your systems around the clock, and the number of unanswered overnight support tickets is growing, then this is a situation that needs addressing. 

Find out how much outsourcing IT support 24x7x365 could cost your organisation here >

Failure to implement 24x7x365 support could reduce team productivity for those who work flexible hours, employees who work overseas as well as those working shift patterns in this country whilst looking after clients abroad. Without a 24x7x365 service desk, clients could feel neglected or be unable to use products or services purchased from your organisation. Losing one or two business days on a project could impact customer satisfaction, even causing an unhappy client to go elsewhere. Unsupported staff could do the same.

When IT problems aren’t addressed quickly, downtime reduces the effectiveness of staff everywhere, especially when they can’t access any assistance from head office and senior managers. 

24x7x365 IT support options

There are several ways 24x7x365 IT support can be achieved.

#1: Internal team 

Employing a team, either abroad or in head office, to work shifts is the most costly option. Taking this approach will involve a team of at least 2 to 3 extra staff, to ensure you can meet demand and adhere to the EU working time directive.

Night shift staff need to be clear on the hours they’re going to work when you start recruiting. Make sure they’re given extra support, training and processes to be followed in the event of an emergency. During the recruitment process, make sure staff working night shifts have the support they need at home to work unsociable hours and sleep during the day. Otherwise, it might be difficult to ensure your team want to keep working those hours. 

If you’ve got staff working alone at night in the office, it’s worth checking out the lone workers health and safety guidelines from the Health and Safety Executive (HSE).

#2: Overseas outsourcing

Another way to provide 24/724x7x365 IT support is to work with one or more outsource companies, depending on the timezones of your staff and clients. Overseas first and second-line IT support is cheaper than employing a team at home. In the Philippines, India or Indonesia, there are numerous firms that supply IT services tailored around the technical needs of small and medium companies.

When working with an outsource partner abroad, make sure they’re already experienced at providing services to companies similar to your own. Ask for references and see if you can test them on a trial basis. If you are happy to go ahead, their team will need scripts and processes to follow from your IT team, and relevant access to your software, hardware and other services to provide the right level of support. 

Although this method is more cost effective, the downside is that support can be limited. If anything is more complex than the training and scripts provided, it will require your UK-based IT team to handle the problem the next day. 

Culture is also a consideration when outsourcing to offshore providers. There can be cultural differences between the way your users (employees and clients) communicate and the offshore service desk analysts. This can result in misunderstands and poor customer satisfaction. 

Understanding your company culture is something else that offshore providers may struggle with. This can affect the way tickets are handled with analysts not understanding how to prioritises tickets according to your organisation’s business objectives and operational model. This is why it’s often best to only use offshore providers for 1st line support.

#3: Trusted IT support

Instead of hiring your own night shift team, or outsourcing this function to an overseas third-party provider, work with a trusted IT partner here in the UK. Out-of-hours or 24/7 support will cost a little more than outsourcing your IT service desk during regular office hours, with the advantage that they are in the best position to really embed themselves in your organisation and understand your key drivers and objectives.

Working with a team in the UK maintains clear lines of communication and service standards. It is easier to provide that team with new information, training and changes they need to implement in the same timezone. This way, you can be confident your 24x7x365 IT support team is prepared to look after clients and staff around the clock.

Sleep confidently, knowing that if your systems go down the other side of the world, an IT team here can fix the problem quickly, keeping downtime to a minimum. When you are working with a trusted IT partner, you don’t need to let technical worries keep you up at night. 

IT outsourcing for SMEs

IT outsourcing can help SMEs reduce IT costs while enjoying the freedom to access new technologies.

It is likely that you currently have core IT operations that could really benefit from being managed by a third party service provider – either onsite or offsite, depending on what is the best arrangement for you.

Why outsource your IT?

There are many reasons why a business might choose to outsource part or all of its IT operations. These can include cost savings, particularly from owning and managing an IT network and employing an IT team to carry out the work.

There are other reasons besides cost – IT may not be the core activity of your business, so outsourcing can relieve the pressure and allow you to focus on your core competencies. Outsourcing can provide you with access to the latest industry technologies and processors creating better operational efficiencies. It can also improve your speed to market for new products and services.

Service quality can also be improved through outsourcing specific operations such as customer service and payroll etc. for example.

Which IT operations are usually outsourced?

All IT activities can now be run as outsourced services, including the development and implementation of applications and IT systems themselves.

Many non-core IT activities, which businesses have traditionally provided internally, are now available as outsourced services. These include IT service desk and support, IT maintenance, security, backup and recovery and even the running of core business applications such as Microsoft 365.

Find out how much outsourcing your IT service desk would cost. Get a high level quote here

How do I outsource my IT?

Once you have decided which department or operations you would like to outsource and made the business case for it, the next step is to find an outsourcing partner who matches your requirement.

From a financial point of view, it is advisable to understand your existing IT estate and its cost base in enough detail to enable us to evaluate the most cost effective solution for you.

Should I look for an offshore provider or stay UK based?

Overseas service providers may be able to offer good rates but there are many considerations involved in choosing to outsource your services abroad.

For example, will the overseas provider be subject to the same legislation as any UK based provider? For example, in relation to legal or data protection?

Who will audit the off-shore services, and correct any problems? Also, will the overseas provider have a sufficient degree of familiarity with the language and expectations of your customers? These points must be considered very carefully.

Ensuring that you get the most out of your outsourcing relationship means you will need to have regular meetings with your service provider, and measure their performance. This level of monitoring will be highly challenging with an overseas provider.

Is Software as a Service (SaaS) the same as IT outsourcing?

Software as a Service (SaaS) or web-based software is not necessarily the same as IT outsourcing, however it does have similar principals.

A service provider will manage and maintain a business application for you, offering you access to it over a network and backing up any information that is generated from your usage.

You will be billed accordingly for the services you use, and there will be an agreement between you and the service provider that governs your usage and their responsibilities to you. The sorts of IT operations that can be provided as on-demand SaaS services include email, accounting, human resources etc.

If you have any further questions about IT outsourcing for SMEs, please get in touch. Our team are happy to have an informal chat about your requirements and explore different options.

Common IT outsourcing drivers

Outsourcing has been and most likely will always remain a contentious subject. What do we see as a leading outsourcing business as the “typical” outsourcing drivers? They can be summed into x6 main areas:

  1. Reduce risk
  2. Improved service
  3. Reduce duplication of effort and waste
  4. Detailed reporting
  5. A focus on customer experience
  6. Provide greater value for money

If your organisation is considering outsourcing some or all of its IT function, watch the video below where our Chief Operating Officer, Mark Watson, discusses Managed Services and how we support customers who have outsourced IT to us.

If you would like to learn more, please get in touch to speak to our team.

To find out how much outsourcing your IT service desk to a MSP would cost, click on the link below.

In-house vs outsourcing

Many companies face the challenge of deciding if the continuation of an in-house IT team is the best way forward, versus the benefits of outsourcing to an external expert.

This blog post looks at some of the benefits of IT outsourcing:

Benefits of outsourcing your IT

Focus

When you outsource, you can focus your time, attention and resources on your company’s core competencies. The remainder of your time can be spent achieving new goals.

Outsourcing frees up time for the people in your business – to focus on running and growing your company.

Many companies find that, as they grow, a key member of staff ends up becoming the ‘IT scapegoat’. Known to be good with computers, the IT scapegoat gets bombarded with requests for help whenever anything goes wrong, distracting them from their actual job. If your sales manager spends more time helping staff with computer problems than selling, then you know it’s time to make some changes.

Flexibility

Outsourcing is also a very flexible option. The biggest benefit of short term outsourcing is that you are able to bring in an expert for a defined period of time to perform a task without long term commitment.

Even if the hourly or project rate is higher than hiring an employee, you may save a significant sum by not committing to an annual salary and benefits etc.

This flexibility is also seasonal which means you can scale up or down quickly and accordingly – Ideal for temporary or short term operations – such as seasonal fulfilment, tax preparation or upgrading your infrastructure.

A service desk is often outsourced because those providers are better equipped to handle high volumes of calls on demand. It provides longer- term service desk needs as you gain operational efficiencies and skills that you would have a difficult time replicating in- house.

Outsourcing: when is the right time for you?

The correct time to outsource is different for each company. Some businesses have in-house staff to handle daily activities, but may need outside help to undertake new projects that don’t warrant another full-time employee.

When you are unable to manage the day-to-day business of your company and you have the desire to grow to the next stage, it may be time to consider outsourcing.

For most, the right time for outsourcing is when you have no time left to pursue growth.

If your company is without IT support, we can implement our services within a week. If an existing agreement is ending, we can transition the service during the month of the incumbent suppliers contract end (if required). A comfortable timeframe can be agreed to take into account your needs.

Can your business afford in-house IT support?

Making the right level of investment in IT support can be a tricky juggling act for SMEs.

Either you end up with too many resources and not enough work for your IT team. Or the opposite: insufficient resources, not enough team members and painfully slow response and resolution times that can impact the entire business.

IT performs two primary functions with most organisations. Strategic and therefore value added, where the work your team performs will generate long-term benefits. And at the same time, IT is immediate and necessary, a troubleshooting and business operational role, to ensure everyone has WiFi, email, access to systems and the network and other mission-critical services.

Security is interwoven in both roles, increasingly vital, considering the constant threat organisations of every size face from cybercriminals and malicious hackers.

Why is in-house IT support so expensive? 

IT talent doesn’t come cheap.

Naturally, those with more experience can expect higher salaries. However, even those with only a year or more experience (recent graduates) can be tempted by higher salaries offered by venture-backed startups and big tech firms. Competition for talent in the IT market is fierce, making it harder to recruit people in-house for service desk analyst roles.

Talent competition is one reason for higher than expected IT costs. IT professionals also need resources. Software, hardware and other equipment and services necessary to deliver support services. Attempting to work out how much – human and software – support is needed isn’t easy. It partly depends on what technology your company uses to operate. Do you use legacy software and hardware or have you undergone a digital transformation recently?

Older tech often requires more specialist support, making it more expensive to operate. You could recruit great IT talent, only for them to run first and second line support services. On the other hand, if your organisation has recently updated your tech, you could have an over-staffed IT team with not enough to occupy their time. Especially if a digital transformation project involved the implementation of self-service and other cost-saving tools.

Other costs associated with an in-house IT team include management, tax/NI, insurance, pensions, holidays, absences and various associated fixed costs. Budgetary pressures across an organisation could also mean that IT can’t make strategic improvements that would save money in the long-run.

Another option: outsourcing IT support 

Unlike strategic projects, first and second line support can be easily outsourced. How much IT support your business requires depends on the nature of the problems encountered on a weekly and monthly basis. Some issues may only appear sporadically, and with the right support, problems are proactively managed, so they don’t impact productivity anymore.

So why employ a team on a full-time basis to manage IT problems when they may only happen every so often? From a budgetary perspective, this doesn’t make much sense. Not when outsourcing support functions are far more cost-effective.

Consequently, this doesn’t mean you need to downsize your team. Instead, they can focus on long-term strategic projects that will save the company even more time and money, making everyone more productive whilst releasing budgetary pressures. Outsourcing IT service desk is the way forward. For long-term gains and to ensure your mission-critical services stay operational around the clock.

Cloud Business Logo - white
Microsoft Gold Partner Logo - Cloud Business
Cloud Business Limited
5 Elmwood
Chineham Business Park
Basingstoke
RG24 8WG
Microsoft Gold Partner Logo - Cloud Business

2023 © Cloud Business Limited
Registered Company in England and Wales 06798438