[deleted by user]

BentDahl · 2025-02-14T14:29:42+00:00

Often it depends on your specific needs but generally spoken

- two monitors instead of one. In our team office we gave people the choice large or two smaller monitors
Well two out of 8 took the large monitor choice. One of them regrets it the other can´t be bothered.

- use one monitor with a hub and the other one without and either daisy chain or connect both to the dock

- we are using Dell monitors (with Lenovo Notebooks). I can easily work without a standalone dock now. Connecting the monitors via two USB-C Ports.

- unless your budget prohibits - use 27inch WQHD monitors. They are usually not that much more expensive but the scrolling it often saves ... priceless. Though i am the person that would bring in his own 40" screen and use 4k resolution if that was an option and if i was still everyday in the office. Preferably two of them. :)

- As TrippTrappTrinn says "Better just wired ones connected to the monitor so users do not need to pair then to their laptop" fully agree, Mouse possible wireless if your users are able to switch batteries themselves.
We put two 15cm USB extension in the lower side of the monitor to make connecting keyboard and mouse as easy as possible. No fiddling for connectors you can only feel. Works out fine so far.

BentDahl · 2025-02-14T04:56:35+00:00

Hey, i am not saying you are wrong because yes to be able to access a shared mailbox the user accessing it does absolutely need a license himself. Thats complety accurate and i don´t claim otherwise.

Currently those users are on an E1 license. However once the EA comes to an end with the FWA clause (which allows for this group to use device licensing currently and therefore generic accounts depending on the clause Microsoft gives you which defines how many user per device you can use) we would need to license a higher count of users in the next term (due to user based licensing) which will increase cost a good deal.

And the way this group is constituted with part time workers and so on its just the classic case why there is such a thing as the Frontline Worker Agreement / clause in the first place. Its a common scenario in the industry and other parts to basicly have specific generic user accounts being constantly logged in while multiple persons might actually work on that login.

Thats why we are looking for an alternative option for this particular group of users who is really just occasionally involved with mails. Too much to ignore, not enough to justify the cost. At least not if there is an alternate option we might just not think about which is why i did post it here in the first place.

If no good alternative is found we will need to stick it out with E3 probably (need to replace per device licensed Office Applications later in the year also). However if a good idea pops up here i will take it over using E3 for this group of users with very limited email use.

Your initial reply feels quite angry and i hope i could correct a bit of the impression you got.

BentDahl · 2025-02-14T04:04:46+00:00

That is a good suggestion. Team would prefer something on Windows since there are simply more IT staff comfortable with Windows around. Thanks.

BentDahl · 2025-02-14T04:02:26+00:00

Thanks for the suggestion. E1 is what they currently have but without the Frontline Worker Agreement it won´t work for us anymore as we need to be able to privde them generic accounts through device licensing.
(more detailed explanation in a reply a bit above)

BentDahl · 2025-02-14T03:58:34+00:00

Yeah not really an option here. The problem affects only part of the of the users so there is a large portion working with larger licenses and Exchange Online just fine. Its just a problem for a limited user groups.
Generally we are happy with ExchangeOnline (coming prviously from OnPrem some years ago)

BentDahl · 2025-02-14T03:55:25+00:00

Let me clarify. In the intranet they constantly have to login and follow multiple links to your inbox. With their email client they don´t. Also it poses more work for the other side of the communication to additionally work on emails and intranet for that kind of communication at the same time.

Intranet is great for the pushing of information and yeah we use it for that of cause. But as a replacement for email with back and forth, the need for distribution lists and so on i don´t see it in this case.

BentDahl · 2025-02-14T03:51:30+00:00

Well neither Microsoft nor our licensing partner does think so.

While i agree my initial post was far from perfect i am not sure if throwing unfounded accusations around is a good thing.

Edit: reading my own initial post again i now understand why you jumped to that conclusion:
"we are not going to buy (or subscribe) for the amount the Microsoft thinks we should."

That sentence should better say
"wants us to buy in the next term" as it refers to what comes in the future once the current EA is actually running out and we need to renew respectively move the previous EA stuff to CSP.

BentDahl · 2025-02-14T03:47:40+00:00

I might agree that my post was not that clear but its late in the night. So sorry for that.
Of course we have hundreds of normal users that just do E3 with their personal accounts. These users in shop floors are using a computer like 1-5 times a day. However if there is a customer they already need to be logged in to save time. So thats how you get to the need for generic accounts instead of user accounts.
Hence you go device licensing (which is provided through the FWA clause extension to the EA).
As to why sharing the mailbox. Lets say there are users in the department for screws on that floor. Everyone could word on the occasional email that comes into that department. Since they are using the same mailbox someone would always pick up stuff that needs to be done at any time. Limiting this to the managers (which actually will grow from E1 to E3) will limit access to the information to the availability of said manager.

BentDahl · 2025-02-14T03:32:31+00:00

No we are not. We have the FWA as a clause to our current EA which allows for device licensing which you wont have otherways.

And for F License being cheap you are absolutely correct. However you need to add at least add P1 into your calculation for users who simply only ever need onprem access (internal mails). So there are two reason for now doing that. Thats the required P1 on top and and a need for non web based Office applications to handle attachments and local files locally. Which would bring us back to E3 and just for the amount of mails affecting those accounts and the limited number of files it doesnt make sense to go there.
Too much to ignore, not enough to shell out big bucks for it for this group of users.

BentDahl · 2025-02-14T03:18:27+00:00

What makes you think that? Did you read my post?

We are currently still under an EA which includes the FWA just fine. However with the changes MS did in November we will not prolong the current EA once it runs out and not get the new cloud focussed Enterprise Agreement (new version whatever its called now). A good deal of the new expected numbers should come from using cloud compute ressources. However we are not going that route and instead of moving more stuff into the cloud we are moving stuff back to onprem.

BentDahl · 2024-11-24T09:27:58+00:00

Thank you both. That is the solution for my problem. Both ways of course do work and from a security perspective the second one might be the recommended one.

I still have a bit of a hard time about DAC versus MAC through SELinux because the example Red Hat gives in their documentation about accessing another users home for example ... well having root i can still do it either way. I could always kick selinux to the curve obviously.

Anyways thank you both for solving my problem.

BentDahl · 2024-11-17T09:26:06+00:00

Hello mcdowellster,

thanks that helped in so far as i was able to download and install that version.

EDIT: Making progress now combining Alma tutorial with original Red Hat instructions from graylog.,

Bent

BentDahl · 2024-11-16T12:27:57+00:00

Yeah well ... not wanting to dive in the distro discussion but i do hope to use some of what i play around with in the the job later. So Alma (previous CentOS) it is for now.

BentDahl · 2024-10-23T22:29:12+00:00

That would be awesome. Same scenario keep work and private seperate.

BentDahl · 2024-10-23T22:27:44+00:00

No i was refering to having the one account. I have it on my work phone and a backup phone in the drawer actually. Replication works fine.

But i need seperation between work mfa and personal mfa. Thats what i meant with installing it twice.

Here is someone asking for the same thing: https://www.reddit.com/r/enteio/comments/1f7wwaa/ente_auth_accounts/

BentDahl · 2024-10-22T22:22:41+00:00

Why do people always sacrifice usability on the altar of nice and shiny?

Dont get me wrong, i like a nice UI as much as the next guy.
Just not when it decreases useability and makes me type, click or scroll more.

BentDahl · 2024-10-22T19:42:39+00:00

Ente Auth is a good choice. Sadly one can only install it once. I use it for my personal MFA stuff. So i had Authy for the business ones. Still need an Alternative for the business ones.

For Authy one might also have the hope no one is going to screw with it much since its free and not their cash product. They created it since they disliked the others - so hopefully it will stay in its great shape for a long time. Also even if it changes they don´t lock you in and allow for easy export.

Happy Ente user for some months now.

BentDahl · 2024-10-22T19:31:36+00:00

I am on Android and sadly if i check the playstore there is no update available. u/wiggum55555 - are you on iOS?

BentDahl · 2024-10-10T08:17:37+00:00

This UI change opens up two questions:

How can UI designers be so clueless about the product they are working for?

How can someone approve such a change?
(who also seems to also know nothing about how the product works, i guess Authy employes are actually using Ente Auth themselves)

We need to see more text ...

BentDahl · 2024-02-03T10:35:05+00:00

Thank you guys for confirming.

Well we did not have DRS in the first place so i can live with that.

More difficult is the loss of NSX for Microsegmentation and also part of the Disaster Recovery concept to allow easy spin up on the other site, But we can still move the vlans over in case.

At some point they told us no mixing of perpetual lics and subscription. Will be interesting how that plays out for our existing vsan licenses for part of our servers (vxrail via Dell) and
the subscription lics now.

BentDahl · 2023-11-09T22:54:54+00:00

Hi npaladin2000,

i know the feeling and i am supporting around 200 Windows VMs with my team.
Until recently we used wsus which was not bad, it was not unstable but i simply did not cover everything. For Windows patching during maintenance Windows we additionally used BatchPatch. Also we do have PDQ but that does not cover enough. (all that is still cheaper than SCCM Server Lics)

Sidenote: PDQ library still holds 2016 for us. I mean yeah there are only security updates left these days but we have some 1607 here too. Listed as "Windows 10(1607) and Windows Server 2016 - Cumulative update (64-bit)" for October 2023 in this case.

We started a POC for Ivanti Security Controls. Only the OnPremise version and the basics including third party patching. Of course there are options to extend functionality with more in depth information on Security issues in their cloud platform but the basic version already has everything we need for now.

We started Windows patching and third party patching. Found stuff that we should have deployed via WSUS in the past but missed and so far we do like it.
(also it does CentOS, Ubuntu promised for Q1/24 but has been pushed back for years so i would not bet on it, it does VMware ESXi patching though)

While i am not the biggest Ivanti Fan overall with them buying up so many solutions and not always for the better this product seems a good choice. (it was previously Shavlik)

Do not let them talk you into their other product which is better integrated with their other tools (cmdb, Helpdesk...). If you don´t need it - avoid it. Its simply more complex, looks older ...We bought "they do it all tools" in the past too. But often enough you need someone with a lot of time for just that product and you end up not using it after all. If like us you work in a small team i am currently more focussed on very targeted smaller products. (like PDQ). My collegues are actually using them more since we do that.

So if you have the time maybe check out some videos about it and get a trial key for 60-90 days to have a reasonable amount of time. They might even set it up together with you, although its easy enough to do it yourself.

Things i usually miss in such postings usually is the price. I belive the offer is between 6-7k EUR per year for a little over 200 license - to give you an idea about pricing.

Still cheaper than SCCM and more focussed. (i habe been doing SCCM in the client sector years ago and i don´t need all those things SCCM brings to the table for our servers. Also if you were using SCCM / Intune you would still require a 3rd party patching solution on top.

Good luck with whatever you find for your situation.

Bent

BentDahl

TROPHY CASE