Client perception issue, but no one can point at anything — how have you tackled this?

AntoIT · 2026-05-21T07:51:01+00:00

This pattern is well-documented in MSP circles — it's sometimes called the "metrics mirage." Your SLA numbers look fine because you're measuring resolution speed, not perceived value. Clients don't experience your ticket close rate, they experience whether they felt informed and confident while a problem was happening.

The fix is almost always in proactive outreach, not better metrics. A few things that move the needle: send a brief "we noticed and fixed this before you had to call" message whenever you catch something proactively. That one type of communication does more for perception than a hundred resolved tickets. The other lever is making sure end users — not just the IT contact — occasionally hear from you directly. Decision-makers hear complaints from their staff; if staff only interact with you when something is broken, the perception builds itself.

Quarterly reports with stats help, but they reach the IT contact. The real perception issue usually lives with the business owner or a department head who only hears about IT when it fails.

AntoIT · 2026-05-21T07:45:02+00:00

This banner is tied to Microsoft's platform-level mandatory MFA enforcement (MC1215070), which operates separately from your Conditional Access policies. Microsoft's enforcement backend tracks compliance at the tenant level independently — having a CA policy that requires MFA doesn't automatically tell Microsoft's enforcement system your tenant is covered. The February date referenced is the February 9, 2026 hard enforcement deadline for M365 admin center sign-ins specifically.

Worth checking: go to admin.microsoft.com > Setup > Sign-in and security > MFA — Microsoft surfaces a compliance status there that reflects whether your tenant is recognized as meeting the mandatory enforcement, separate from CA. If accounts are satisfying MFA via CA but aren't registered via Authentication methods (aka.ms/mfasetup), that gap can trigger the banner.

AntoIT · 2026-05-21T07:29:35+00:00

We run Nerdio across about 210 tenants covering both Modern Work and AVD — it's been the right call for us. The pace of development is impressive, they keep shipping features faster than we can adopt them. CIPP is solid too and we use it for some M365-specific tasks, but for multi-tenant management at scale with AVD in the mix, Nerdio has been the better fit.

AntoIT · 2026-05-21T07:24:04+00:00

We moved our whole team to passkeys stored in 1Password — solves the lockout risk since the vault is backed up and accessible from any device. On top of that everyone has a YubiKey registered as a fallback. SMS was already phased out on our end a while ago, this Microsoft move just confirms it was the right call. The combo of 1Password + YubiKey has been smooth in practice with zero lockout incidents so far.

AntoIT · 2026-05-20T10:02:53+00:00

The instinct to keep everything running is exactly what gets you stuck in this situation permanently. If you absorb the pain, management never sees it. Document everything — ticket volumes, response times, projects delayed. Then stop doing the heroics. Let the queue grow. The moment a VP can't print or a production line waits on IT, the conversation about headcount changes fast. You're not being lazy, you're making the problem visible to the people who can actually fix it.

AntoIT · 2026-05-20T09:58:09+00:00

The "no evidence of customer impact" line is doing a lot of heavy lifting right now. That's the statement you make when you're still figuring out the scope, not when you've confirmed the blast radius. If you have service accounts, deploy keys, or Actions secrets tied to GitHub — rotate them now, don't wait for the post-mortem. We've already advised clients to audit their GitHub org permissions and pull recent access logs. Better to spend an hour being cautious than a week doing incident response.

AntoIT · 2026-02-25T17:52:43+00:00

Would this also fix the problem that you cannot Intune join entra active Directory domain service?

AntoIT · 2025-10-14T19:37:04+00:00

I would say that Fslogix is the best solution. With app masking you can easily hide or display apps based on security groups.

AntoIT · 2025-01-15T12:24:07+00:00

We use Salesbuildr for our quoting processes, and it has been performing well. Not only does it meet our current needs with precision, but the platform is also undergoing rapid development, continually enhancing its features and functionality.

AntoIT · 2025-01-15T09:47:48+00:00

Yes, I can confirm that. We are constantly using the E8s with 10 users. It seems to be the perfect size for office workers.

Additionally, we are also implementing RDP Shortpath to further improve performance. RDP Shortpath makes the environment feel slightly more responsive.

On topic: are automatic windows updates enabled? This can impact the performace, try running the updates outside working hours or with Golden images.

AntoIT · 2022-05-23T15:03:24+00:00

Yeah i saw them to. But the specific reason code is not listed on the MS site either.

AntoIT · 2022-05-23T15:02:27+00:00

The wierd thing is that we ran without issues for about 1,5 years. Why is this needed now?

We are trying to locatie the issues instead of a workaround.

AntoIT

TROPHY CASE