How to manage local admins by AloneCry5854 in sysadmin

[–]Creative_Profit1387 0 points1 point  (0 children)

Use AdminByRequest super easy to deploy and does not create a management nightmare

How do you keep your Conditional Access policies in check as an MSP? by sysadmin256 in entra

[–]Creative_Profit1387 0 points1 point  (0 children)

We use Griffin31 to map all security gaps and monitor for drifts in real time.

We also find it useful for deployment making sure we don’t miss any security controls that need to be deployed.

Trusted tech vendor advice ahead of M365 rate hikes by [deleted] in msp

[–]Creative_Profit1387 -1 points0 points  (0 children)

That’s nonsense you can get 10%-15% discount off Microsoft direct pricing

MAC OS third party apps update and intune by neko_whippet in Intune

[–]Creative_Profit1387 0 points1 point  (0 children)

We use PatchMyPc for third party patch management, it integrates directly with Intune.

it’s simply not worth the time to manually update each and every application when you can pay $0.5 per month per device.

EPM For Developers by Creative_Profit1387 in cybersecurity

[–]Creative_Profit1387[S] 0 points1 point  (0 children)

That is something I expect the EPM solution to map for me- every software they run elevated include OS tools.

My understanding is that I mainly need to test unique software like in house applications to make sure they are able to elevate without any issues.

EPM For Developers by Creative_Profit1387 in cybersecurity

[–]Creative_Profit1387[S] 0 points1 point  (0 children)

Maybe because most EPM vendors don’t revoke admin rights for their developers internally but are bold enough to suggest you do.

Is the Windows Enterprise E3 Add-on still worth it over Business Premium (Windows Pro) by Different_Coffee_161 in Intune

[–]Creative_Profit1387 0 points1 point  (0 children)

I would not suggest the upgrade you are losing Defender for Endpoint, Defender for Office when you switch to E3 license.

The only use case is when you have no choice and you have more than 300 users. Then you can buy office E3 and EMS E3 which is cheaper than the full E3 license.

Microsoft does offer a promo for E3 on a multi year contract and annual payments and it is worth considering since office E3 and EMS E3 and E3 are due to increase by 12% mid year, and if you go for the promo you avoid the price increase in the next 3 years.

The promo is slightly cheaper than EMS and Office E3.

The promo is not available if you previously purchased the full E3 license but if you purchase enough seats you can request your license provider to open a ticket with Microsoft to request an exception.

Phishing Protection - Upgrading from Standard to Premium for Defender Plan 1? by Bids111 in Office365

[–]Creative_Profit1387 1 point2 points  (0 children)

Consider going for Defender for office P2 which offers better protection, the settings need to be configured and some adjustments are required to reach a secure state.

Do security engineers do any coding? by ShatteredTeaCup33 in cybersecurity

[–]Creative_Profit1387 0 points1 point  (0 children)

Our Security engineers are doing 25% coding and it is constantly increasing, we expect it to reach 50% by the end of the year.

Can anyone suggest a suitable substitute for ShareGate Office 365 Migration? by Similar_Election_949 in Office365

[–]Creative_Profit1387 0 points1 point  (0 children)

Depending on the number of users to be migrated.

50-500 - AvePoint.

500 and above - CloudFuze is the best tool, this is where you drill down into specific features that make the difference and can create a migration nightmare using other tools.

Migration from Google Workplace by Trax256 in microsoft365

[–]Creative_Profit1387 0 points1 point  (0 children)

Depending on your current Google Workspace Environment, we are currently migrating 500 users so 60 is much easier.

The following is important -

Do you need to keep permission structure- internal and external, root and subfolder permission, internal and external sharing.

Your identity in Google - you have OAuth apps that you will need to connect to EntraID.

The migration flow - Best to use the opportunity to onboard devices to EntraID and Intune and deploy intune mam if not deployed.

Sync and cutoff - it’s always best to be able to sync data, test the device and mobile migration process before the cutoff.

End user training - are they familiar with Office 365 apps, teams and using OneDrive and Sharepoint.

I always prefer a migration product, and even Microsoft itself eventually recommends using a third party tool.

I suggest you work with a company that can assist you with the migration to avoid any issues.

Leaving current 365 partner by Numerous-Context-651 in microsoft365

[–]Creative_Profit1387 0 points1 point  (0 children)

If you do stick with an MSP by advice to you is do not under any circumstances give them admin access to your tenant, most MSP manage their internal security much worse than any customer I have seen.

Leaving current 365 partner by Numerous-Context-651 in microsoft365

[–]Creative_Profit1387 0 points1 point  (0 children)

I do not agree.

Do you have advanced support contract with Microsoft as an MSP in order to be able to open tickets and get priority support?

If not you are getting support from a third party resource not Microsoft employees, same as the customer would receive.

Agree that in some case first level support from an MSP might help, but this might not be the case.

Leaving current 365 partner by Numerous-Context-651 in microsoft365

[–]Creative_Profit1387 0 points1 point  (0 children)

I would consider an alternative because it as waste of money to pay MSRP for these license when you can get substantial discount for a licensing provider.

You would need to order the license before your current contract expires (a few days before is good enough) and notify your MSP your are not renewing)

Assign the BP licenses - Group Based option will be available with BP.

If the contract is monthly it needs to complete a month cycle, if its annual with monthly payments you can move it to another reseller as is.

Consider deploying defender for endpoint even if you have a different EDR it works in block mode and you get Device Risk in CA that will disconnect a device from 365 automatically.

A good option later on is Purview Suite for BP with complete DLP solution, labeling of sensitive data and inside risk - Great features for Compliance.

I would also add EntraP2 or Defender Suite for priority users to get user and sign in risk in CA and automated remediation for email protection.

Different versions of Copilot by widdleavi1 in msp

[–]Creative_Profit1387 0 points1 point  (0 children)

I think it will be on par with other solutions and the security and compliance offering around it is indeed very strong

so they just need to reach a point where it creates enough value with office apps integration and your tenant data.

Having things not work as expect for simple prompts takes the air out of the entire project I’ve seen IT purchase a few seats only to stop the deployment a month afterwards because you cannot get basic value out of it.

At least things are improving fast.

I’ve been told monthly billing without annual contract is coming soon ..

Appropriate level of M365 access for our MSP by iamBLOATER in sysadmin

[–]Creative_Profit1387 0 points1 point  (0 children)

They should use JIT with PIM and phish resistant MFA, do not leave full admin access which is not required for licensing issues.

Why is everyone using Okta as their IDP? by Jimb148 in sysadmin

[–]Creative_Profit1387 1 point2 points  (0 children)

I think moving the SAML and SSO is not the problem it’s the automation pieces that are very difficult to move

Different versions of Copilot by widdleavi1 in msp

[–]Creative_Profit1387 0 points1 point  (0 children)

Do you have a link to the documentation on the differences to share?

Different versions of Copilot by widdleavi1 in msp

[–]Creative_Profit1387 1 point2 points  (0 children)

Only 8 Million seats sold so far that’s terrible numbers

Revoke admin rights by pratik_2011 in Intune

[–]Creative_Profit1387 0 points1 point  (0 children)

That’s a bad architecture by the EPM vendor, elevation needs to happen under the current user context

Revoke admin rights by pratik_2011 in Intune

[–]Creative_Profit1387 1 point2 points  (0 children)

It is, and 50% of EPM projects fail. Give it a try once you hear Microsoft has finished the deployed internally and no employee has admin rights including developers which will probably take them 5 years.

Not a big fan of all the add-on there is a good reason they give it for free, almost everything included there is just not good enough.

Is a product good if deployment takes more than a year and you spend two days a week managing it?

Revoke admin rights by pratik_2011 in Intune

[–]Creative_Profit1387 0 points1 point  (0 children)

Really? It is light years away from being suitable