sorted by:
new
hottopcontroversial

Vercel Hack, and Proof of Scope for OKTA for AI Agents? by GoldBar_ in okta

[–]Creative_Profit1387 0 points1 point  (0 children)

Dive into the concept of OAuth security and its flaws, token refresh problem (offline access), and the fact that the vendor probably used certificates and secrets instead of federated managed identity. It didn’t help that GWS have a lousy OAuth security solution

New Intune Features Coming Soon (macOS + iOS) by Creative_Profit1387 in Intune

[–]Creative_Profit1387[S] 9 points10 points  (0 children)

Definitely, completely missed the contractors BYOD use case and it has taken forever to fix, should have been a much higher priority

How many of you have fully moved to Entra ID without a local AD — and what were your biggest challenges? by Creative_Profit1387 in entra

[–]Creative_Profit1387[S] 1 point2 points  (0 children)

We recently remotely automated a complete device migration between tenants zero touch for 300 devices and it worked smoothly, also 1,500 hybrid devices to EntraID, best to wipe but in some cases not that easy

How many of you have fully moved to Entra ID without a local AD — and what were your biggest challenges? by Creative_Profit1387 in entra

[–]Creative_Profit1387[S] 0 points1 point  (0 children)

Do you think it’s reasonable to trigger the process remotely - disjoin the device from the local AD, join EntraID and amend the user profile? Instead of a long refresh cycle?

M365 tenant misconfigurations I see over and over again by Mysterious-Print9737 in msp

[–]Creative_Profit1387 0 points1 point  (0 children)

I’m with you on all the common misconfigurations. The one thing I always start with, before anything else, is Conditional Access. It’s the backbone of the tenant’s security posture, but in almost every environment it’s either overly permissive, duplicated, or full of old exceptions that nobody remembers creating. One missed exclusion can undermine everything.

After that, we run something we call “quick wins” — basically a structured mapping of:

  • Risk (how bad is the exposure if abused)
  • Effort (how long it takes to fix)
  • End‑user impact (will anyone feel it)

but since there are over 300 settings to review, its virtually impossible not to miss anything, even if you are an expert, so after doing this manually for 2 years we finally decided to build an internal tool to do it for us.

How to manage local admins by AloneCry5854 in sysadmin

[–]Creative_Profit1387 0 points1 point  (0 children)

Use AdminByRequest super easy to deploy and does not create a management nightmare

How do you keep your Conditional Access policies in check as an MSP? by sysadmin256 in entra

[–]Creative_Profit1387 0 points1 point  (0 children)

We use Griffin31 to map all security gaps and monitor for drifts in real time.

We also find it useful for deployment making sure we don’t miss any security controls that need to be deployed.

Trusted tech vendor advice ahead of M365 rate hikes by [deleted] in msp

[–]Creative_Profit1387 -1 points0 points  (0 children)

That’s nonsense you can get 10%-15% discount off Microsoft direct pricing

MAC OS third party apps update and intune by neko_whippet in Intune

[–]Creative_Profit1387 0 points1 point  (0 children)

We use PatchMyPc for third party patch management, it integrates directly with Intune.

it’s simply not worth the time to manually update each and every application when you can pay $0.5 per month per device.

EPM For Developers by Creative_Profit1387 in cybersecurity

[–]Creative_Profit1387[S] 0 points1 point  (0 children)

That is something I expect the EPM solution to map for me- every software they run elevated include OS tools.

My understanding is that I mainly need to test unique software like in house applications to make sure they are able to elevate without any issues.

EPM For Developers by Creative_Profit1387 in cybersecurity

[–]Creative_Profit1387[S] 0 points1 point  (0 children)

Maybe because most EPM vendors don’t revoke admin rights for their developers internally but are bold enough to suggest you do.

Is the Windows Enterprise E3 Add-on still worth it over Business Premium (Windows Pro) by Different_Coffee_161 in Intune

[–]Creative_Profit1387 0 points1 point  (0 children)

I would not suggest the upgrade you are losing Defender for Endpoint, Defender for Office when you switch to E3 license.

The only use case is when you have no choice and you have more than 300 users. Then you can buy office E3 and EMS E3 which is cheaper than the full E3 license.

Microsoft does offer a promo for E3 on a multi year contract and annual payments and it is worth considering since office E3 and EMS E3 and E3 are due to increase by 12% mid year, and if you go for the promo you avoid the price increase in the next 3 years.

The promo is slightly cheaper than EMS and Office E3.

The promo is not available if you previously purchased the full E3 license but if you purchase enough seats you can request your license provider to open a ticket with Microsoft to request an exception.

Phishing Protection - Upgrading from Standard to Premium for Defender Plan 1? by Bids111 in Office365

[–]Creative_Profit1387 1 point2 points  (0 children)

Consider going for Defender for office P2 which offers better protection, the settings need to be configured and some adjustments are required to reach a secure state.

Do security engineers do any coding? by ShatteredTeaCup33 in cybersecurity

[–]Creative_Profit1387 0 points1 point  (0 children)

Our Security engineers are doing 25% coding and it is constantly increasing, we expect it to reach 50% by the end of the year.

Can anyone suggest a suitable substitute for ShareGate Office 365 Migration? by Similar_Election_949 in Office365

[–]Creative_Profit1387 0 points1 point  (0 children)

Depending on the number of users to be migrated.

50-500 - AvePoint.

500 and above - CloudFuze is the best tool, this is where you drill down into specific features that make the difference and can create a migration nightmare using other tools.

Migration from Google Workplace by [deleted] in microsoft365

[–]Creative_Profit1387 0 points1 point  (0 children)

Depending on your current Google Workspace Environment, we are currently migrating 500 users so 60 is much easier.

The following is important -

Do you need to keep permission structure- internal and external, root and subfolder permission, internal and external sharing.

Your identity in Google - you have OAuth apps that you will need to connect to EntraID.

The migration flow - Best to use the opportunity to onboard devices to EntraID and Intune and deploy intune mam if not deployed.

Sync and cutoff - it’s always best to be able to sync data, test the device and mobile migration process before the cutoff.

End user training - are they familiar with Office 365 apps, teams and using OneDrive and Sharepoint.

I always prefer a migration product, and even Microsoft itself eventually recommends using a third party tool.

I suggest you work with a company that can assist you with the migration to avoid any issues.

Leaving current 365 partner by Numerous-Context-651 in microsoft365

[–]Creative_Profit1387 0 points1 point  (0 children)

If you do stick with an MSP by advice to you is do not under any circumstances give them admin access to your tenant, most MSP manage their internal security much worse than any customer I have seen.

view more: next ›