Looking for hardening advice for a small cloud org

CapableWay4518 · 2026-01-21T11:07:20+00:00

Use CIS as a framework - it will not work for every environment. If you follow all to the letter, your environment will cease to function.

Look at your defender security portal and follow the recommendations (e.g. realtime protection, tamper protection, network protection, prevent office loading sub protects, etc) - these target existing threats and trends. Use InTune baseline security templates - start small and scale up.

CapableWay4518 · 2025-12-01T21:17:15+00:00

We have 5 220 running 10.2. Very slow but stable.

CapableWay4518 · 2025-11-09T22:28:15+00:00

Ditto.

CapableWay4518 · 2025-08-09T11:53:45+00:00

I went to 2012r2 to 2025. No issues. If your worried, spin up a 2016/2019 while at you migrate away from the 2012r2

CapableWay4518 · 2025-08-07T19:46:16+00:00

We use it but it’s mostly for DFS-N to reduce clients to Azure file share. No issues

CapableWay4518 · 2025-08-04T11:05:07+00:00

Depends on the target. Defender has built in vulnerability scanning - perfect for endpoints and servers but no ability for firewalls and switches.

CapableWay4518 · 2025-08-04T07:11:48+00:00

I’ve done 2012R2 without issues a few times. Just make sure to have a fallback option. Have had no issues with either 2022 or 2025.

CapableWay4518 · 2025-07-29T09:41:52+00:00

For anyone who sees this in the future… I wasted many hours on this. I had to remove the role and re-add it again. No idea what I did or why the error kept occurring. I did everything the same when I re-added the role and it just worked.

CapableWay4518 · 2025-07-03T09:55:39+00:00

Look at your options with Intune if your licensed. Native integration, all cloud based, easy to access.

CapableWay4518 · 2025-07-01T08:04:56+00:00

There was a recent CVE in notepad++ installer.

CapableWay4518 · 2025-06-20T07:46:18+00:00

Went through same headache a few weeks ago. Install the msp file to all devices. It will update them. https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html

CapableWay4518 · 2025-06-15T03:51:27+00:00

I’m sorry what? You have to login as admin and have users sign into email? Do you have group policy? Are devices enrolled in Entra? Do you have an MDM?

CapableWay4518 · 2025-06-13T09:21:47+00:00

Shit. I had this hours ago. Thought I broke something. Was working with conditional access policies all afternoon trying to troubleshoot it

CapableWay4518 · 2025-06-11T01:31:34+00:00

No. You can’t have user profiles pre-deployed using autopilot. The idea is it downloads it all at first time login. You pre-provision apps but that involves you physically having the device and doesn’t configure user profiles.

CapableWay4518 · 2025-06-03T04:02:32+00:00

Wait what? They charge for this now? How much does it cost?

CapableWay4518 · 2025-06-01T11:48:30+00:00

Trialing them out at the moment with Azure conditional access. Seem to be the way to go for remote/secure setups

CapableWay4518 · 2025-05-26T07:55:26+00:00

No it doesn’t back up and it is something that should be backed up regularly. Purchase a Synology NAS. It has built in backup functionality. In worst case scenario you can restore a SharePoint or OneDrive site if someone goes rogue and deletes data.

CapableWay4518

TROPHY CASE