Wed Apr-03-2024: Microsoft Changes 365 Offerings: Teams Separated, Copilot Updates, Nerdio Releases, CompTIA Embraces AI

[00:00:00] It's Wednesday, April 3rd, 2024 and I'm Dave Sobel. Welcome to the Business of Tech Lounge.

[00:00:19] Today on the show, Microsoft makes changes to 365 offerings around teams, Nerdio releases

[00:00:25] new management tools, CompTIA embraces AI plus insights from Peter Kajawa of Service Leadership

[00:00:32] and NIST 2 insight with Eric John Frazier. Glad to have you today. I want to thank

[00:00:38] SalesBuilder our Patreon sponsor who support makes this show possible. Focus on your IT

[00:00:44] sales workflow with the power of automation and visit them at salesbuilder.com that's

[00:00:49] B-U-I-L-D-R.com. Want to get your logo here? Vendors you can do so with our vendor Patreon

[00:00:57] program. It's a simple monthly subscription and visit patreon.com slash MSP Radio to sign

[00:01:03] up. I can't do this show without support, and thanks again to SalesBuilder for theirs.

[00:01:10] Now I do take questions and comments throughout the show, so make sure to put them in chat.

[00:01:15] We'll have a dedicated question section in the show with listener submitted questions.

[00:01:20] I'm really glad you can join in today. This show is to hit up some of the news stories I'm

[00:01:24] tracking while taking this week off from the daily news show. And so now, our top story.

[00:01:32] Connect Wise has released its annual MSP Threat Report which analyzes key cybersecurity incidents

[00:01:38] and trends from the past year. It highlighted the most exploited vulnerabilities including those

[00:01:43] in popular software such as 4A iOS, Citrix ShareFile and MoVit Transfer. The report found that

[00:01:50] Threat Actors are increasing their focus on defense evasion stealth tactics to avoid detection

[00:01:55] and specifically trying to bypass EDR indicating a need for layered cybersecurity solutions

[00:02:02] inclusive of prevention like EDR, detection like SIM and 24 by 7 monitoring like managed security

[00:02:09] operation centers in order to best protect SMB customers. With a comprehensive analysis of

[00:02:16] Ransomore trends, it revealed a 94% increase on ransomware sightings in 2023 compared to the

[00:02:23] previous year. It examined the top five most cited where some work groups, their techniques and

[00:02:28] the overall shift towards attacks of opportunity targeting SMBs. According to analysis, by Google's

[00:02:36] Threat Analysis Group and Google Clouds Mandient, Threat Actors backed by governments are more likely

[00:02:42] to exploit newly discovered zero-day vulnerabilities than financially motivated cyber criminals.

[00:02:48] In 2023, 97-0 days were observed in the wild with 48 attributed to government-backed advanced

[00:02:55] persistent threat actors and 10 attributed to financially motivated cyber criminals.

[00:03:02] Chinese operators led the way in exploiting zero days, followed by Russia, North Korea and Iran.

[00:03:08] Looking ahead, the pace of zero-day discovery and exploitation is expected to remain elevated

[00:03:14] with threat actors targeting a wider range of products and services. And before I get to my

[00:03:20] own reason why we care, there's an obvious one from Axios. Small business owners are increasingly

[00:03:26] concerned about cyber attacks and are investing in cybersecurity tools and consultants.

[00:03:31] The US Chamber of Commerce's first quarter Small Business Index reveals that 60% of small

[00:03:37] business owners are worried about cyber security threats. For perspective, 48% of small business

[00:03:44] owners train their staff on cybersecurity awareness and protections in the last year,

[00:03:51] while two-thirds of small business owners say they're concerned about cyber threats.

[00:03:55] 58% also said they're concerned about supply chain disruptions. And 73% of owners said

[00:04:02] they're at least somewhat prepared to respond to a cybersecurity incident, while 67% said the

[00:04:08] same about a supply chain disruption. So why do we care? SMB owners want to be prepared. That's

[00:04:18] the real insight and do not overblow or over dramatize the risk to them. They're just as worried

[00:04:24] about having their supplies cut off as they are about cybersecurity and they're more prepared

[00:04:29] for cyber. It's important to put the threats in context. Often we talk about the IT spend

[00:04:36] as if it's the only business priority. It isn't. I also want to highlight that the concern is addressed

[00:04:44] by being prepared. Too often the IT provider community thinks that means throwing tools at the

[00:04:50] problem instead focus on cyber hygiene and disaster recovery preparedness. Bonus points if you can

[00:04:58] help with supply chain issues. Got a question or comment? Put it in the chat if you're watching live

[00:05:05] with us. Now I've got a few more stories to cover today. Microsoft is separating Microsoft

[00:05:12] teams from its office suite of products on a global level, selling teams separately. This move

[00:05:19] comes in response to an anti-trust complaint filed by Slack and an investigation by European

[00:05:24] regulators into Microsoft's bundling of teams with Office 365 and Microsoft 365. Starting from April

[00:05:32] 1st customers will have the option to keep their current bundle or switch to the new offerings

[00:05:37] with a standalone monthly subscription to teams costing $5.25 and Office without teams

[00:05:45] costing between $7.75 and $54.75. And while I'm on Microsoft, Microsoft has introduced new

[00:05:53] capabilities for CoPilot for Microsoft 365. It's AI Assistant for commercial customers.

[00:06:00] The Payne version now offers priority access to open AI's GPT-4 Turbo model providing faster

[00:06:05] and more accurate responses. The limits on the number and length of responses have been removed

[00:06:11] and enterprise-grade data protection is insured. Starting in May, users will also have priority

[00:06:17] access to Microsoft designer and expanded image generation capabilities. CoPilot for Microsoft 365

[00:06:24] is priced at $30 per user per month and is available on the web, mobile devices, and integrated

[00:06:29] into various Microsoft 365 apps. Microsoft has developed new safety features for Azure AI

[00:06:36] customers to detect potential vulnerabilities, monitor for hallucinations, and block malicious

[00:06:42] prompts in real time. These features aim to prevent generative AI controversies caused by undesirable

[00:06:49] or unintended responses. The three features currently available in preview are prompt shields,

[00:06:56] groundedness detection, and safety valuations with two additional features coming soon.

[00:07:01] The monitoring system evaluates prompts and third-party data for banned words or hidden prompts

[00:07:07] and checks model responses for hallucinated information. Azure users can customize filtering

[00:07:13] options and receive reports on users attempting to trigger unsafe outputs. But the US House has banned

[00:07:21] staffers from using Microsoft CoPilot on all house windows devices due to concerns of potential

[00:07:28] data leaks to non-approved cloud services. This follows similar restrictions on the use of

[00:07:33] chat GPT in congressional offices last year. Microsoft plans to address federal government security

[00:07:39] and compliance requirements with AI tools like CoPilot later this year.

[00:07:44] And from QZ, Microsoft customers are comparing Microsoft's AI CoPilot to open AI's chat GPT

[00:07:52] and expressing dissatisfaction with CoPilot's performance. However, Microsoft employees argue that

[00:07:57] customers may not understand how to use the tool properly. Mixed feedback has been received from

[00:08:03] Microsoft 365 CoPilot with some customers struggling to implement the tool and making unfavorable

[00:08:09] comparisons with chat GPT. Microsoft is hired brain storm to create training videos

[00:08:14] that customers use CoPilot more effectively. So why do we care? As one who's focused on helping

[00:08:22] customers be more productive, let's note the collision of antitrust regulation with software here.

[00:08:28] When I talk about EU laws impacting the US, this is what I mean. Now note that customers have more

[00:08:37] options to assemble their productivity stack. Don't want to use teams? Slide Slack or zoom into

[00:08:44] that spot with a non bundled option. Teams has the winnest spot, not just be the default.

[00:08:51] That goes for CoPilot 2. It needs to win on functionality and apparently on privacy and security

[00:08:57] too. The US House band speaks right to that. That said, this is actually good news for service providers.

[00:09:06] Note how many versions of CoPilot there are focused on specific requirements and industries.

[00:09:12] A partner opportunity to help customers navigate that and find the usefulness. This is good news

[00:09:18] for IT service providers. Remember, we're taking questions and I'm watching that chat. Throw

[00:09:24] something in chat if you've got it and we'll be taking questions later in the show.

[00:09:30] Now dropping tomorrow is my interview with Peter Kujawa and I want to give you another highlight

[00:09:36] from that great conversation. Best in class MSPs and bars are the least likely to offer unlimited

[00:09:43] PTO. I'm intrigued by this because at some level a limited PTO is actually a bit of a headstate

[00:09:50] when we actually dig into it, we find employees that are offered unlimited PTO actually in a

[00:09:56] taking less PTO and it removes some level of cost from the organization. Tell me what you're seeing

[00:10:02] with this data point around unlimited PTO and its relationship to profitability and investing

[00:10:08] class. Yeah, it's exactly as you described the first of all the number of companies, the number

[00:10:16] of positions that we're offering it was a little less than we were expecting based on discussion

[00:10:21] we were hearing. Second is it's much more for manager positions and it's heavily distorted

[00:10:28] amongst MSPs by owner positions. So if I'm an owner technically of course, I have unlimited PTO.

[00:10:36] It's one of the reasons I own the business I can take off whenever I want to, I can travel whenever

[00:10:41] I want. Of course as every owner watching this knows I also rarely do and I'm rarely able to

[00:10:48] as an owner. So technically the sample the sample net the set of managers receiving unlimited PTO is

[00:10:57] much more higher than staff positions receiving it which was not surprising but the amount of dominance

[00:11:05] of owners was really skewed that day to someone. So yes as you describe unlimited PTO is primarily

[00:11:17] it's primarily an advantage to the employer because I don't have to approve to pay out

[00:11:22] upon separation on use PTO. The dominant models are still we collected also 11 to 20 days of PTO

[00:11:32] or 21 days plus of PTO and so there's a lot of data in the report about that it's different obviously

[00:11:39] for managers and staff it's different based on longevity but definitely the two big models continue

[00:11:47] to be giving PTO and the 11 to 20 day is the dominant model we do see a lot of 21 day but not

[00:11:54] unlimited as well. Interesting so mostly if you watch your employees if philosophically as an

[00:12:01] employer you're trying to minimize your liability then go on limited PTO. If if philosophically

[00:12:10] you believe in the importance of taking PTO and you believe that your employees should use that

[00:12:17] amount of time off per year for various other reasons then we'd recommend still giving them that

[00:12:23] PTO. So we have to ask why do we care? Now I'm looking forward to you all getting access to this

[00:12:30] it releases probably tomorrow because benefits matter one of the interesting points of looking into

[00:12:36] this data is the ability for you as an owner or operator of a managed services provider IT

[00:12:41] services company to make decisions about where you spend your time and how you compensate your people.

[00:12:47] Unlimited PTO is a bit of a head fake and it proves out in terms of the numbers as well

[00:12:52] and in fact giving people their time off will actually encourage them more to take time off

[00:12:59] if you want to prioritize building a good culture building work life balance as well as using

[00:13:04] balance to drive productivity you're going to need to be intentional about managing it. That whole

[00:13:10] interview is really useful for digging into the compensation packages and I'm sure we'll be talking

[00:13:15] about it more next week. Now remember we've been taking questions and you can still submit anytime

[00:13:21] in the chat window or submit for next week if you're watching the recording sending to question

[00:13:27] at mspradio.com. Now let's do a few other stories this time not Microsoft related.

[00:13:35] Nerdio has announced significant updates and new features to Nerdio Manager for Enterprise version 6.0

[00:13:41] and Nerdio Manager for MSP version 5.0. The product includes a unified application management

[00:13:48] capability which allows MSPs to centralize app storage for all their customers using native

[00:13:54] Microsoft WINGET technology and develop apps to some or all customers targeted by user, group,

[00:14:00] device or device type. The product also adds defender for business back up in disaster recovery

[00:14:06] of policies, boot diagnostics insights and pre-canned global views. The product also introduces assist

[00:14:14] pro an AI powered in app assistant driving instant context-aware support and unified app management

[00:14:21] a tool ensuring consistency and simplicity of application management across customer environments.

[00:14:28] Mooviyah has invited his introduced a native Halo PSA integration for perfect project,

[00:14:34] providing accurate project management capabilities for MSPs. The integration comes in a time when

[00:14:40] project management is becoming increasingly crucial for MSPs as highlighted in the 2024 MSP trends report.

[00:14:47] Mooviyah's commitment to enhancing project and resource management features tailored for MSPs

[00:14:51] allows for seamless integration and improved project analytics.

[00:14:56] CompTIA has announced the expansion of its learning and certification programs in AI,

[00:15:01] addressing the need for AI skills in various job clusters and roles.

[00:15:06] The Essential Series focuses on foundational competence while the expansion series builds

[00:15:12] deeper advanced skills. The releases will cover areas such as software development,

[00:15:17] cybersecurity data analytics, prompt engineering and AI systems architecture.

[00:15:22] The goal is to provide competency-based learning and certifications for the age of AI.

[00:15:29] So why do we care? Included the nerdy announcement as both an update and also a comparison

[00:15:36] against last week with the Naples announcement. Cloud management offerings are in various levels of

[00:15:42] maturity and I want to make sure we're keeping an eye on that, particularly as we move toward a much

[00:15:47] more cloud and SaaS based offering solutions for the way we deliver solutions you're going to need

[00:15:52] to understand the way you manage it and what your techniques are so let's keep an eye on those spaces.

[00:15:59] The Halo seems to be the flavor of the week with several integration announcements lately.

[00:16:04] Now I want to know from you listeners what is your thought on the PSA landscape and the importance

[00:16:10] of those various spaces? Is this something we want to dive into more or is this something that we

[00:16:16] don't care so much about? Now CompTIA is a big player in training so it should not surprise that they

[00:16:23] have an offering. My thought, you're going to want to be thinking about your own training strategies

[00:16:29] and how you're going to be upskilling your own internal staff. What is the systematic way you

[00:16:34] want to approach AI and making sure your teams are ready both to use it in the organization

[00:16:41] as well as help customers with their needs. This is going to be related to your thinking on the way

[00:16:48] you implement frameworks within the organizations and I want to make sure to highlight that this

[00:16:53] is an area to address. Now make sure to put any questions in the chat. We'll be getting to them

[00:16:59] right now. Remember bring your questions live and you'll get a live response. I really do enjoy

[00:17:05] taking questions and it can submit them ahead of time. Q&A gives us a chance for you to get involved

[00:17:12] with the show and be a participant in what we do here. Let's take our first submitted question.

[00:17:19] What are the best practices for structuring pricing in a way that appeals to small businesses

[00:17:28] while ensuring sustainable revenue for the MSP? I love the pricing question because ultimately

[00:17:36] there are so many ways to do it and there isn't one answer. Ultimately I tend to favor one

[00:17:44] of a model that says initially you're going to focus on consulting and project style revenue

[00:17:50] that you then find ways to turn into monthly recurring revenue as appropriate. You likely have

[00:17:57] a series of engagements that happen on that monthly recurring revenue basis around managing,

[00:18:02] monitoring, controlling, configuration, security and the way that you think about it but on top of

[00:18:08] that you're building your productivity and consulting offerings. I think a healthy combination of both

[00:18:14] is the best way to do it and we'll note that generally best in class data says that tends to

[00:18:21] favor that implementation model. Don't overthink it particularly something that is newer. You're

[00:18:27] going to want to capture via consulting hours and engagement on a regular hourly basis but as you

[00:18:35] establish the way that you've thought this through, you'll move portions of that into monthly

[00:18:41] recurring services. For example, if I'm thinking AI, you're going to do something around helping

[00:18:47] them with framework development, helping them with ethical considerations and helping with training

[00:18:52] and you'll roll in maintenance of that framework and ongoing updates to training as part of your

[00:18:58] recurring revenue component. It's something that you can iterate with over time and continue to do so

[00:19:04] ongoing. Tweak it and finally, think through the areas where you want to retire services because

[00:19:12] over time things are less relevant and make sure to take them out of your offering when they don't

[00:19:17] make sense anymore. I really do appreciate these questions. If you've got them, make sure to send them in.

[00:19:23] This is the best part of the show to get interactive and we do it every single week. I keep

[00:19:28] it eye out for the listeners' questions submitted and make sure those are put first and we will always

[00:19:32] take them live when you show up and ask away. Now, I want to give you a preview of an upcoming

[00:19:38] interview that's coming out. NIST 2 is a new EU directive that aims to enhance the security of

[00:19:45] network and information systems across the European Union. It's an expansion and strengthening of

[00:19:50] the previous NIST 2 directive that was introduced in 2016. It expands the scope of the original

[00:19:57] NIST directive covering a total of 15 sectors compared to the previous 7 sectors. This includes more

[00:20:04] critical infrastructure and essential services. It applies to both essential and important entities

[00:20:11] with essential entities facing strict compliance monitoring and higher potential fines for non-compliance.

[00:20:18] It imposes new requirements for its management, incident reporting and supply chain security for

[00:20:23] in-scope organizations. I spoke with Eric Yarnfrazier about why American companies should care

[00:20:30] here's a preview of that interview. With NIST, that network information systems law

[00:20:38] and the directive from the EU, what's happening with it over the course of this year?

[00:20:43] So what we see is that the NIST 2 directive is coming towards us and there's a lot of

[00:20:50] of us going on around in Europe. We see a lot of countries developing their own requirements,

[00:20:58] the member states are developing their requirements and a lot of companies get lost

[00:21:05] in the jungle that called NIST 2 at the moment. We developed the platform for that to help

[00:21:13] these companies out becoming clients on NIST 2. Well let's take the quick step back. What is NIST 2?

[00:21:19] What's it contain and who's it applied to? So the NIST 2 is a follow-up on the NIST 1 directive

[00:21:27] and it really focuses on cyber security. It focuses on these high critical and other critical sectors

[00:21:35] that really need to have their cybersecurity on a good based level. And what has been developed

[00:21:43] is a directive that really shows these companies that they need to have in order to be compliant

[00:21:49] with NIST 2. One of the other things is that there will be fines granted to these companies if

[00:21:56] they don't have this in place and that's really a difference if we look to other directive.

[00:22:02] Now I will add a lot of these cybersecurity frameworks are very standard. We talk a lot about the

[00:22:07] NIST cybersecurity framework in the US. We've got some of the new directors right there but one

[00:22:12] of the things about NIST 2 is it applies very broadly in a way that a lot of American

[00:22:19] listeners ought to care about. Talk to me a little bit about how it applies and who it applies to.

[00:22:25] So it really applies if you look at the official way to two sectors, the high critical sectors

[00:22:32] you can think of the energy companies transportation, financial market, healthcare, drinking water,

[00:22:40] waste water, digital infrastructure. These are really the high critical sectors but also

[00:22:46] the administrators of IT services, space travel, banking so that's the section that's called

[00:22:54] the high critical sectors. But we also have the other critical sectors and these are the digital

[00:23:00] providers, postals, courier services, waste management, food producing, chemicals, research,

[00:23:08] manufacturing. It's really a broad spectrum of these companies. What we also see developing

[00:23:16] is the supply chain companies that are offering services to these companies. So it's getting

[00:23:25] broader and broader in the companies that need to comply and companies that want to comply to NIST 2.

[00:23:33] The deadline to transpose the directive in the national law is October 17, 2024 at which

[00:23:39] organisations will need to be compliant. Now as a reminder for listeners my Patreon supporters

[00:23:45] already have this video and you can get all my interview content early as a supporter.

[00:23:50] Visit patreon.com slash MSP radio to learn more. I want to thank sales builder our Patreon

[00:23:57] sponsor who support makes this show possible. Focus on your IT sales workforce with the power

[00:24:03] of automation and visit them at salesbuilder.com that's buildr.com. Vendors, you too can get your name

[00:24:13] mentioned in the live show. It's a simple monthly subscription. Visit patreon.com slash MSP radio

[00:24:20] to learn more and sign up. And listeners you can support the show in lots of ways like share

[00:24:26] and follow on your favorite platforms or support directly on patreon with our give what you want

[00:24:33] model. You set what you think the content is worth and we appreciate every bit of support.

[00:24:39] And if you have a question or a listening to the recording send it in at question at MSP radio.com.

[00:24:45] Tomorrow for all listeners you'll get that interview with Peter Kujawa and what bacon got to do

[00:24:51] with business. Saturday you'll get my appearance on slow smoked business as Jared Morgan turns the

[00:24:58] tables and asks me questions. On Monday you'll get that interview with Yarek Yon Frazier and

[00:25:03] I'll be back on Wednesday with a regular news show. Next week this live show is on Thursday so catch

[00:25:11] us live Thursday 3 p.m. Easter. Thanks for joining me for the business of tech lounge. I will see you

[00:25:19] next time.