Because of the targeting of healthcare systems and the need to further protect the Incisive inCLOUD servers from unwanted intrusion, we have applied a restriction that requires your ISP to use the NZ range of IP addresses.  

If you are experiencing slow response times or you are frequently disconnecting from Incisive inCLOUD, there are a number of simple checks you can make which can make quite a difference to the responsiveness of the program:

1. 1. Check your computer has all the current Windows or iOS updates.  If there are any updates waiting to be applied, apply them.
      
      
   2. Go to Setup > Workstation > Configuration and check that the selected printers appear in a black font and not a red font.  If it's red, it means the printer cannot be connected to and can cause speed problems, especially in Letters/Notes.  Check that the printers are online and also not out of paper.  Remove all unneeded printer drivers.  
      
      
   3. Make sure there are no music streaming services running on the computer, such as Spotify, Apple Music, or podcast services.
      
      
   4. If you are using a Wireless network connection, plug in an ethernet cable as the connection is faster and much more reliable.
      
      
   5. If you're using a laptop, set your Power Management settings to Maximum Power.  If the disk or system goes to sleep it will drop the network connection.  Also check that the network card is not set to go into 'Sleep' mode.
   6. Run the 'Database Speed Report' in Reports > System  and in the 'Read Time:' section can you let us know what the value is for the Avg= (ideally it should be less than 4.0ms)
      
      
   7. In a browser, run an internet speed test to check the connection to your internet provider. Enter the following or click on this URL https://speedtest.net then click on the Go button to start the test.  Ideally your upload and download speed should be greater than 100Mbps and the ping time should be less than 30ms
      
      
   8. Restart your internet router.  This is a small device that connects your office to the internet.  Often the best way to restart it is to remove the power cable to it, wait 5-10 seconds for it to completely power down, then put the power back in.  It will take several minutes to connect to your ISP again.
      
      
   9. Setup a 'Hot Spot' from your mobile phone and connect your wireless network connection to the hotspot.  If this improves the connection speed or reliability, it is likely that your usual internet modem/router or internet provider may need to be changed.
      
      
   10. Test the connection bandwidth from your computer to the inCLOUD server.  Download the 'iperf3' files from https://iperf.fr  and run it using  the command switch of: iperf3.exe -c 103.226.33.2 -V  or  iperf3.exe -c 103.226.33.5 -V 

Instructions for connecting a workstation or device to the Incisive inCLOUD network

Step 1. Choose to use either Watchguard Authpoint app or a Watchguard passcode generator, so Incisive can enable your MFA authentication access.

Step 2. Create a RemoteApp connection to the Incisive inCLOUD servers.

• from a Windows workstation
• from an Apple Macbook or iPad tablet

Step 3. Download and install TSPrint & TSscan client applications to your workstation/device to improve your printing & scanning experience.

• Installing TSPrint and TSScan client applications

Step 4. (optional) Link to the 'Incisive Files' online storage location to make it easier to upload/download information.

• For Windows
  • Request the script from the Incisive Helpdesk 
  • Open 'Windows Powershell' on your PC (Windows) and paste the contents of the script into Powershell
  • Press Enter to execute the command.  Close the window when it has completed)
    (you should now see am 'Incisive Files P:' in Windows Explorer)
• For Apple, request assistance from the Incisive Helpdesk

Troubleshooting

The RemoteApp shortcut can be linked to a User profile which can cause problems if different people log on and use the same workstation.

Options to remediate this or provide a workaround are:

1. Use the browser to connect to https://secure.incloud.clinic/rdweb and log in using an inCLOUD login that you can authenticate.
2. Remove the 'Remember Me' options for the logins so that you are prompted each time for an inCLOUD login and password.
3. Use inCLOUD logins that are only used for a particular workstation/laptop
4. Configure Control Panel > Remote App connections for each Windows login that is going to use the workstation.
   This option should allow the User's profile to connect to an inCLOUD login that may have been allocated to a person, not a workstation.

Problem:

When the Powershell script is run on the local computer, to add the P: mapped drive and credentials, it all completes correctly but the mapped drive may not be visible in Explorer, to the end-user.

Diagnose:

It's likely that the Powershell script was run in Administrator mode, not in the User context.

Open the command prompt as Administrator and change to the mapped drive.  If it appears when using the elevated Administrator prompt only then the following will fix the problem.

Solution:

Option 1.

Re-run the powershell script but do not elevate it to Run As Administrator.

Option 2.

1. 1. In Registry Editor, locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
   2. Right-click Configuration, select New, and then select DWORD (32-bit) Value.
   3. Name the new registry entry as EnableLinkedConnections.
   4. Double-click the EnableLinkedConnections registry entry.
   5. In the Edit DWORD Value dialog box, type 1 in the Value data field, and then select OK.
   6. Exit Registry Editor, and then restart the computer

Microsoft are progressively enforcing the use of Multi-Factor-Authentication (MFA), which means you will need to use an Authenticator app to allow emails to be imported into the Message Centre, for your @incloud.clinic email address. Incisive only allow @incloud.clinic email accounts to import emails because they are protected from spam and viruses, by Microsoft Defender for Office365.

If the following message box appears, it means you need to use MFA to authenticate the login

The steps to implement MFA for the email account are straight-forward and once initiated, you'll only need to authenticate the account every 12 months.

We recommend that the MFA should be installed and managed by the practice or hospital manager.

1. If you don't already have the free Microsoft Authenticator app, download and install it on a phone.
   Use your phone camera to scan the following QR code for:
   

   Apple App Store

   Google Play Store

   
   If you have an older phone you may be prompted to download and install an earlier version of the Microsoft Authenticator app.
   
   You can use an alternate authenticator app, but you will need to complete the configuration yourself.
   
   
2. Start the Message Centre and proceed through the prompts, until you get to the message saying 'Scan the QR code'.
   
   
   
3. When prompted, open the Microsoft Authenticator app, click on the + symbol in the top right corner and then select the 'Scan QR code' option.  Point it at the QR code on the screen and it will add the necessary security tokens.
   
   
   
4. Your @incloud.clinic email account has now been added to the app.
   
   
   
5. When you start the Message Centre a prompt may appear asking if you want to use the Authenticator app.  You will also receive a notification on the phone.  Open the notification and approve the authentication request.
   

Incisive inCLOUD is including another layer of security, to protect your information even further.

New servers have been added to the computing farm, which are configured to require ‘Multi-Factor Authentication’ (MFA or 2FA) to allow a remote connection to be established. This does mean there is an additional step in the process to log on, but it is a very effective barrier to unwanted cyber-intruders.

All new users of Incisive inCLOUD are using the MFA system and we are also requiring all existing customers to also upgrade the method they use to connect.

The authentication levels used to secure the Incisive inCLOUD system are:

1. inCLOUD network connection using your usual login e.g. incloud\mypractice01
2. Passcode input, generated from the Authpoint app or hardware fob (new step)
3. Incisive application login

In addition, only connections from New Zealand based IP addresses (your router’s internet address) are permitted, without needing to use a separate VPN connection.

The passcode is generated either from an app on your phone or a special hardware generator. These create a one-time passcode which you input during the connection process. This method of Multi-Factor Authentication is now used in all public hospitals, after the malware attack on the Waikato DHB last year.

There are several key reasons we have chosen to include MFA:

• CertNZ recommends MFA/2FA protection as an important security step;
• the Privacy Act requires health agencies to take ‘reasonable security safeguards’ to protect health information;
• the National Cyber Security Centre’s advisory for the increased threat of targeted cyber intrusion because of military actions between Ukraine and Russia.

Frequently asked questions.

What will change for us?

1. The icon that you use to connect to the Incisive inCLOUD will need to be modified so it points to the new system (secure.incloud.clinic instead of incisive.incloud.clinic).  This needs to occur on each computer that connects to Incisive inCLOUD.
2. You will need the Watchguard Authpoint app installed on a mobile phone or have a hardware passcode generator, so that you can use either, each time you connect to the Incisive inCLOUD.

How does the MFA work?

During the process to connect to Incisive inCLOUD, a screen will appear prompting whether you want to use the 'Push' or 'One-Time-Passcode' option. If the Push option is used a notification will appear, which can be 'Approved', or if the Passcode option is used, the number can be entered from either the Authpoint app or Hardware token generator. The Incisive application will then continue to start.

See the Multi Factor Authentication (MFA) training videos.

• Installing and configuring the Authpoint app (53 seconds)
• Authenticating using the Push notification (62 seconds)
• Authenticating by entering a Passcode (62 seconds)

What happens if I don't have my phone?

We recommend that you have access to both the Watchguard passcode generator and also the Authpoint app, so there are alternative methods of generating the passcode. If neither are available, there is a ‘Forgot Token’ option where we need to be involved to allow access for a limited time.

The Incisive inTOUCH mobile app can also be used to access your clinic or operating lists and view the patient’s records.

We are a large practice/hospital and different staff frequently use the same computer.

There is no change with how you currently use Incisive inCLOUD except that the first person who logs on will need to enter a Passcode from either the Authpoint app or the Watchguard passcode generator.

Is each staff member going to need the Authpoint app on their phone?

The Passcode that is generated is linked to an individual Incisive inCLOUD login. This means that for each login there will need to be either a specific hardware passcode generator or an Authpoint app token. It is possible (but not very practical) to have the Authpoint app on a single ‘Practice’ based phone, which has the ability to remotely ‘Approve’ a connection or issue a One-Time Passcode (OTP) for multiple logins.

If the user is accessing Incisive inCLOUD from different locations (such as the specialist) then they should always use the Authpoint app on their own phone.

Are there charges?

The MFA technology is provided through an internationally respected company which does charge for its products and services. There will be changes to our fees to cover their costs and the hardware token generator can be purchased separately. Given the severe disruption that can occur from cyber-attacks, security costs are now regarded as an expected overhead of doing business.

Everyone using Incisive inCLOUD will need to upgrade to the same level of high security.

I use an Apple Mac. Do I need to use MFA?

Yes.

Is the change going to disrupt the running of our practice/hospital?

All the preparation can be completed in the background while you continue to use the existing connection method. When you are ready to start using MFA, you just start using a different shortcut icon. Everything will continue to function as it is now. The connection process will take slightly longer.

When is the change going to occur and what do we need to do?

The process to migrate existing Incisive inCLOUD users to use secure.incisive.incloud, has already started. We will shortly be inviting you to be involved as we expect that everyone will be migrated before the end of the year. We will work with you to ensure the timing works well for you.

You will need to:

• decide how many Watchguard hardware fobs you want;
• download and install the Watchguard Authpoint app, for the mobile users; and
• provide an email address for each connection.

What are the options if I don't want to use MFA?

Because the database that you use for your records, is the same for any Windows operating system, we can remove your records from the Incisive inCLOUD system so you can have them on your own on-site server.

Are any other security changes going to occur?

The Windows tsclient link to your computer’s drives will eventually be disabled and is replaced with the ‘Incisive Files’ drive that has been provided to assist with easy upload and download of files/photos to and from the Incisive inCLOUD system. This allows us to virus-scan the files being uploaded and close another possible intrusion point from your computer.

The operating system for the servers is being upgraded to Windows Server 2022, which has significant improvements in the detection and protection against malware attempts.

Is MFA going to make my information completely secure?

As I'm sure you have experienced, the cyber-security requirements are in a state of constant change. Protection is almost always a patching exercise to cover the holes that have previously been exposed by those wanting to get to your information or use you as a spring-board into someone else’s system.

100% protection would mean that the Incisive inCLOUD system would have to be so locked down that remote access from your own computers or devices, would be virtually impossible to use and very expensive to implement. To provide a system that is workable for you, there is always a degree of compromise between accessibility and protection. Which is why we have backups and fail-over functions.

If you have any questions please get in touch with us at help@incisivesupport.com 

To start using the Multi-Factor Authentication function with Incisive inCLOUD, you need to:

1. Provide us with a unique email address for each login to Incisive inCLOUD and indicate whether you want to authenticate using an app on your phone or use a hardware fob
   If you haven't already completed this step, you can use the template in this link to help you list your requirements, then send it back to us.
   
   
2. An email will be sent to the email addresses, from wgcloud-no-reply@jpn.cloud.watchguard.com, with information on how to install and Activate the Watchguard Authpoint app.  The app needs to be activated on your phone within 7 days of receiving the email.  The activation process can occur from your computer or the app on your phone.
   
   If you are using a Watchguard fob to generate the Passcode, you do not need to install anything on your phone or complete any activation process.  You can ignore the email from @watchguard.com.
   
   
3. Change the 'Incisive inCLOUD' shortcut on your laptop/workstation to connect to secure.incloud.clinic instead of the current incisive.incloud.clinic
   You will need to delete the existing icon/shortcut.
   
   Instructions on creating a connection to secure.incloud.clinic on Incisive inCLOUD:

• • on a Windows computer
  • on an Apple Mac or iPad

If you need assistance to change the shortcut icon, please email a request to help@incisivesupport.com with some times that it would be suitable for you.

Short tutorial videos showing how to use the Authentication options are available from this Knowledgebase article

You can add 'alias' email accounts to Gmail and Office mailboxes, without them costing anything.  The incoming emails, addressed to the alias accounts, will all appear in the main mailbox account.

The MFA function for Incisive inCLOUD requires a unique email address for each inCLOUD account and if you don't have individual practice emails or you don't want to use a personal email, you can easily create additional alias accounts.

Google Gmail

Send emails from a different address or alias - Gmail Help (google.com)

How to set up Gmail or Google Workspace (G Suite) aliases – cloudHQ Support

Microsoft Office

Add another email alias for a user - Microsoft 365 admin | Microsoft Docs

Incisive recommend that if you are hosted in the inCLOUD.clinic system or you have your own Terminal Server (Remote Desktop) environment, you should be using TSPrint or TSScan to get an optimal experience.

You will need to install the TSPrint Client and TSScan Client applications on the local workstation/laptops so that they perform correctly.

The installation process is very simple and no additional licensing is required.

Instructions to install and configure TSPrint for SPM & PHM applications

The TSPrint guide from Terminal Works is available:

Windows -  https://www.terminalworks.com/remote-desktop-printing/downloads/documentation/TSPrintGuide.pdf

Mac - https://www.cloudwalks.com/uploads/2/6/6/5/26654030/printing_guide_for_mac.pdf (this is a bit old)

Configure TSScan for Windows

The TSScan install file is downloaded from https://www.terminalworks.com/downloads/tsscan/TSScan_client.exe 

After installing, go to TerminalWorks > TSScan Client Settings in the Windows Start menu and select your default scanner

Configure TSPrint for a Mac

The TSPrint install file is downloaded from this site:

https://www.terminalworks.com/downloads/tsprint/macosx/TSPrintClient.zip 

After installing the app, check the inCLOUD → Mac printer mappings are correct.  If not, delete then choose the correct printer when printing the next time.

Delete any that are incorrect or obsolete

Print from SPM and choose the correct printer when the prompt appears.

Configure TSScan for Mac

Scanning from an Apple Mac Book

Apple do not recognise or use TWAIN drivers to interact with scanners that are used with their Mac Book computers, so it takes a few more steps to get the scanning options configured and also to complete the scanning workflow.

A short tutorial video displaying the workflow sequence to scan a document, is available from this location

Configuration

1. Install the ICA driver for the scanner on the Mac.  Test by using the Apple 'Image Capture' app.
   If the driver doesn't install check that you have sufficient permissions.
   If there is no ICA driver then the following steps will not work and you will have to scan the documents separately then attach, using the Message Centre feature.
2. Install (or update) the latest TSscan client app (for MacOS) on the computer that is connected to the scanner (https://terminalworks.com).
   1. Open the app (Finder > Applications) and select 'Options'.  Then check ON the 'Redirected folder' option.
      
3. Go to Preferences in Microsoft Remote Desktop and in the Redirected field, enter in the path to the ...Documents\TSDataDrive 
   
   
   

Scanning

1. In the Incisive application, go to Patient > Notes > Scan.  
   1. Choose 'TSScan' as the scanner
   2. Open the 'Advanced' section and check ON the 'Use Shell Scanning' option.  This must be enabled.
      You may also want to enable 'Save Automatically', 'Use Document Feeder' and 'Reverse Background' (if they appear as white text on black).
      
      
      
2. Click on the 'Scan' button
   If this is the first time using TSscan, a TSscan window may appear.  Select the Tools menu and choose the 'Switch to Mac UI', then close it.
   
   
   If the above screen doesn't appear, just let it continue as it is already set to use the Mac UI.
   
   
   
3. Apple's 'Image Capture' app will then appear.
   1. Select the scanner in the left-hand panel
   2. Choose configuration options in the right-hand panel.
      1. 'Text' quality is usually sufficient.  If you use Colour it will significantly increase the size of the image file.
      2. Set the 'Scan To' directory to be the same as the directory selection in point 3. of Configuration above (Microsoft Remote Desktop > Preferences
      3. Choose 'TIFF' as the format and check ON the option to 'Combine into a single document'.
         
      4. Select 'Scan' to start the scanning process
      5. When the scanning has completed, choose 'Finish' to close Image Capture and pass the image to the Incisive application.
   3. The TSscan application will then upload the scanned image to the remote server.
      
      
      Wait until the 'Completed' image appears.  The speed of how long this takes is dependent on your internet Upload speed
      
      
4. If the 'Save Automatically' option is not checked On, click on the button in the Incisive application to Save and either continue scanning or Exit

If this scanning process does not work for you, then scan the documents separately to a folder and import them to the patient's records using the Message Centre import feature.

The Windows 'Language-Bar' pop-up may appear floating on the screen when SPM or PHM is run on an Apple Mac via Remote Desktop or RemoteApp.  It can cause a problem when Checking Dictation because it keeps grabbing the mouse focus away from the Incisive application and it requires extra mouse-clicks to get the check-dictation process to work as expected.

The following steps will hide the Language Bar.

1. With the Incisive application running, click on the downward arrow on the right side of the floating Language Bar
   
   Choose 'Settings'
   
   
2. In the 'Switching Input Methods' section, uncheck both the;
      - Let me set different input method for each app window, and;
      - Use the Desktop Language bar.
   
   or on Server 2022, go to Settings > Devices > Typing > Advanced 
   
   
   
3. Click Save if the button is visible.

The most usual reason is that you have made too many unsuccessful attempts to login (more than 3) and the Incisive inCLOUD system has imposed a stand-down period of 20 minutes before it will allow further attempts to log in using the same account.  The reason for the stand-down time is to dissuade unwanted hacking attempts to jack-hammer entry to your information.

The steps to try are:

1. Do you have an internet connection?  Try using your browser and see if your usual news site loads correctly.
2. Are you using the correct password for the login?  The last two digits on the password should match the last two digits on the login.
   If you have tried multiple times it is probable that your account has been locked as the servers suspect it may be a Denial-Of-Service (hacking) attack.  You can either wait for30 minutes and it will unlock or call the Helpdesk for it to be unlocked manually.
3. If you are connecting from a computer that you have not done so previously, use the full login name which includes the incloud domain name as a prefix e.g. incloud\mylogin01
4. Are you using an internet service provider (ISP) that is not using New Zealand based IP addresses e.g. StarLink?  To reduce the potential attack surface we limit access only to NZ based IP addresses.  If you are outside of NZ or not using an NZ based IP address we can provide you with information on how to establish a secure link.
5. Try using one of your other Incisive inCLOUD logins.

If you have checked these then by now the 20 minute stand-down period has probably passed so you should try to log in again.

If you are still having problems please contact the Helpdesk.

If you are experiencing drop-offs or losing connections to your remote server there are several things you can try.

1. If you are using a wireless connection try using an ethernet cable
2. Turn off the power-down option on the wireless or ethernet card
3. Change the connection details on the rdp connection

The following information relates to editing the rdp file.

There is a setting in the .rdp file that can improve the latency of the connection.  If you edit the rdp file with Notepad, find the line saying "ConnectionType" and change the value to a  3  so that the line will look like "ConnectionType:i:3". 

This value effectively tells the rdp connection to be more forgiving (better latency) if there is no response from your router or the remote server and to have more retries.

1. Install the 'Microsoft Remote Desktop' app from the App Store
   Click here

   https://apps.apple.com/nz/app/microsoft-remote-desktop/id1295203466?mt=12 

   
   If the MacOS is 10.12 or older the Remote Desktop app in the App Store won't install as it needs MacOS 10.13 or newer.
   
   
2. Open the Microsoft Remote Desktop application from LaunchPad or MenuBar
   
   
   
3. Select the Add Workspace and enter the following URL into the Workspace field.
   
   
    Workspace URL: https://secure.incloud.clinic
   
   
   
   
4. Add a User Account if it is always the same person who will be using this computer, or leave it as 'Ask when required' if different people use it.
   
   
5. Open the Microsoft Remote Desktop  and select 'Specialist Practice Manager' or 'Private Hospital Manager'
   
   
   
   
6. For security reasons, the 'Multi-Factor Authentication' function will prompt you to either 'Approve' the connection or to enter in a Passcode from your Authpoint app or Watchguard hardware dongle.
   See Multi Factor Authentication (MFA) - Watchguard Authpoint
   
   
7. When the Incisive application appears, enter your login details, password and location.
   

If you minimise the Incisive application you will be able to display it again by selecting the >< icon in the top title bar 

Printing & Scanning settings

To improve the process of printing from the Incisive inCLOUD applications or scanning documents to attach to a patient's file, two applications called TSPrint & TSScan can be installed and configured.
See Installing TSPrint and TSScan client applications

Advanced configuration

Use the Preferences option to:

• Configure the Interpolation (Resolution)
• Add a User account
• Add the path for TSPrint & TSScan

Choose the Interpolation setting

Add a User Account

Add the TSDataDrive for TSPrint & TSScan

Microsoft have finally admitted a bug when connecting from Win11 22H2 to a RemoteApp server (Incisive inCLOUD), but haven't yet provided a fix.

However the IT community have found that you can make a Registry change or you can copy a couple of files from an 22H1 instance, which will resurrect the functionality again with 22H2.  One firm has even gone so far to provide a patch which will get the correct files from Microsoft and apply them to the PC.  We have already run the patch and it does work.  We don't, however, know the firm providing it and therefore can't vouch for its integrity.  Saying that though, our malware systems haven't had any alerts raised because of it.

If you are happy to use it you can:

1. Apply the Windows 22H2 update again
2. Get the fix file from https://support.gotomyerp.com/portal/en/kb/articles/updating-to-windows-11-22h2-breaks-remoteapp and run it.

There is a lot of text produced on the screen, but this is just telling you exactly what it is doing.

The following link just includes some more chatter about the problem https://learn.microsoft.com/en-us/answers/questions/1018151/windows-11-22h2-cant-connect-to-a-rds-server-after.html

Microsoft have finally admitted a bug when connecting from Win11 22H2 to a Remote Desktop or RemoteApp server (Incisive inCLOUD) but haven't yet provided a fix.

However, the IT community have found that you can:

1. Roll-back the 22H2 update, or;
2. Make a Registry change to disable UDP protocol, or;
3. Copy a couple of files from an 22H1 edition of Windows, which will resurrect the functionality again with 22H2. 

The roll-back to 22H1 will be the safest option, but you will also need to disable automatic updates.

The Registry change will disable the ability to use the UDP protocol to connect to the remote server, which means it must use the TCP protocol.  The major issue with the Registry change is that you will need to reverse it when Microsoft do finally provide a patch.  Only a technician should make the registry change.

The third option is to get a copy of the mstsc.exe and mstscax.dll files from a version of Windows 11 prior to the recent 22H2 update and copy these into the System32 and Syswow64 directories of your computer.  One firm has even gone so far to provide a patch, which will get the correct mstsc.exe and mstscax.dll files from Microsoft and apply them to the PC.  We have already run the patch and it does work.  We don't, however, know the firm providing it and therefore can't vouch for its integrity.  You need to consider the risks for yourself if you choose to run their patch.  Ideally, you should have an IT technician apply the patch.

If you are happy to use the patch from gotomyerp.com you can get the fix file from https://support.gotomyerp.com/portal/en/kb/articles/updating-to-windows-11-22h2-breaks-remoteapp and run it, using the elevated Administrator level option.  There is a lot of text produced on the screen, but this is just telling you exactly what it is doing.

The following link just includes some more community chatter about the problem https://learn.microsoft.com/en-us/answers/questions/1018151/windows-11-22h2-cant-connect-to-a-rds-server-after.html 

Access to Port 445 (SMB) is needed by the inTOUCH app and SPM/PHM to access Azure Blob containers.  

inTOUCH uses it to reference the intouch-firebase-key token

SPM/PHM uses it to upload and download files from various blob containers.

Windows

Open the Run command and type cmd to open the command prompt. Type the command in the image and press Enter.  

It is successful if the resulting screen is blank

iPhone

Download iNetTools Free app and use the PortScan option

Enter the sever name such as   inclouddemo.file.core.windows.net  and the port name of 445 
Protocols and slashes are not needed.  The above address can be used for the test

Using the Windows Control Panel, you can go to either:

• Remove and replace the Remote App and Desktop Connections
  This option will require you to replace the shortcut icons on your Desktop or Taskbar
  
  • 'Remove' the existing connection
    
    
    
  • Select 'Access RemoteApp and desktops' in the left-hand menu to add a new connection record.
    See Setting up new connections to Incisive inCLOUD
    
    
• Update login credentials in Credential Manager,
  • select Windows Credential
  • find and open 'secure.incloud.clinic'
    
    
    
  • Edit the record
    
    
    
  • Change the Username and Password
    

Another option, is just to go to https://secure.incloud.clinic/rdweb, login and use (run) the Remote Desktop that will be produced and downloaded for you.  This option can be used from any location there is access to the internet, without having to preconfigure the connections in the Control Panel.  See Setting up new connections to Incisive inCLOUD

If you are running SPM or PHM on the Incisive inCLOUD servers, the latest download of Remote Desktop for Mac (10.4) won't install on older versions of the MacOS (10.12 or older).  To find the version of your MacOS click on the Apple icon in the top left corner and choose 'About this Mac'

Use the installer 'Package' from the following link to install remote desktop 10.3.8 which does work on MacOS 10.12

https://microsoft-remote-desktop-connection.en.softonic.com/mac/download

If this is no longer available contact the Helpdesk for a copy of the .pkg file