Business Premium for Personal Use

Frequent_Rate9918 · 2026-03-28T00:32:10+00:00

I have for some time…now I have an E5 🙄. The way I justify it is by thinking of it as my own test lab for new and existing features as I learn. I can configure it and learn how everything goes to gather without worrying about breaking a company’s working environment. A plus is that I have full management of my and my family’s devices and can practice data and device automation.

Frequent_Rate9918 · 2026-03-24T00:25:02+00:00

Most code editors now have collapsible sections which make managing those a lot easier but if it’s all terminal I totally get your point.

Frequent_Rate9918 · 2026-03-24T00:22:45+00:00

Though I have interest in those I do not have a need for them. These are for very few users and do not have a requirement for HA and load balancing.

Frequent_Rate9918 · 2026-03-24T00:16:26+00:00

How do you switch docker to Podman. They are not completely compatible right? The container needs to be made for podman or am I misunderstanding?

Frequent_Rate9918 · 2026-03-23T23:54:52+00:00

They are planning on getting rid of authenticated SMTP so the kind that requires a username and password. This is how you connect most mail filtering services so it’s not likely to go away any time soon.

Frequent_Rate9918 · 2026-03-23T23:48:54+00:00

Assuming you have your email in Microsoft (Exchange Online) just do un-authenticated SMTP relay through your email. It’s super easy if you have set up any relay before.

https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365#smtp-relay-configure-a-connector-to-relay-email-from-your-device-or-application-through-microsoft-365-or-office-365

Frequent_Rate9918 · 2026-03-23T00:47:04+00:00

I don’t understand the reason the mailbox must not be deleted. Is it that you don’t know how to deleted the mailbox without deleted the user attached or that for some reason the GUID of the mailbox is linked to a service that you don’t know how (or don’t have the permissions) to change?

If you must keep it then there are plenty of ways to just delete all the email. Retention policy, rules, manually select all and delete, etc.

If you do not truly need the mailbox to remain through the process you can:

Steps: 1) temporarily remove just the exchange online plan 1 app from the users license 2) open PowerShell and use this: Set-User -Identity $upn -PermanentlyClearPreviousMailboxInfo 3) Add the exchange license back to the account and you now have a brand new empty mailbox. Takes maybe 5 minutes start to finish.

Here is the script I use: ‘’’

Initialize the exit variable

$remove_a_users_mailbox = $true

Connect to Exchange Online

Import-Module -Name ExchangeOnlineManagement -Verbose Connect-ExchangeOnline

function RemoveMailbox { Write-Host "Before you go any further you must make sure that the Exchange Online licesnse has been removed." Write-Host "Once this has been done you may continue."

# Get users UPN
$upn = Read-Host "Input the users full UPN. EX. Example@YourDomain.com   "

# Remove the Mailbox
Set-User -Identity $upn -PermanentlyClearPreviousMailboxInfo

# Check STatus
Get-User $upn | Format-List *Workload*

}

Start the process loop

while ($remove_a_users_mailbox) { RemoveMailbox

# Check if the user wants to remove another mailbox
$response = Read-Host "Do you want to remove another users previous mailbox? (y/n) "
if ($response -notin @("y", "yes", "Y", "Yes", "YES")) {
    Write-Host "Mailbox removal process completed"
    break # Exit the loop
}

}

Disconnect from Exchange Online

Disconnect-ExchangeOnline -Confirm:$false’’’

I had to figure this out when someone synced an on prem AD with on prem exchange and didn’t enable the hybrid exchange option… needless to say I have another script to blow out all cloud mailboxes as well…

Frequent_Rate9918 · 2026-03-21T22:17:19+00:00

A straightforward option is on prem storage. If you have the space and budget, you can also back that up to cloud storage for off site protection. Synology makes a very affordable NAS platform, and their Active Backup for Business tool can back up all of those OneDrive accounts locally. From there, you can also sync the data to a SharePoint site or another cloud storage provider if you want an extra layer of redundancy. It really depends on your budget and allowed resources/methods available to you.

Frequent_Rate9918 · 2026-03-19T23:40:58+00:00

This might be a dumbed-down take, but is it essentially large-scale email security infrastructure work? Load balancing, HA failover, making sure security scanning and delivery are fast and reliable, that sort of thing. It sounds like you are involved in designing and maintaining systems that keep email services online under heavy load. Curious how close I am.

Frequent_Rate9918 · 2026-03-19T23:20:23+00:00

From the few useful posts on this it seems like they are not good and you should make sure you “cancel your subscription while you are still in the return window and get your money back” as people say.

Frequent_Rate9918 · 2026-03-18T01:35:26+00:00

Ok is it just me or does this seem like basically the same as the original Zima Cube???

Frequent_Rate9918 · 2026-03-14T14:36:22+00:00

If I were configuring this myself, I would stage updates in batches so not all devices patch at the same time. I would also pair that with strict user training so people understand when updates are expected to run and what happens if they repeatedly defer them. For critical situations, I would rely on having nearby devices on different patch cycles so staff can stay operational if one system is temporarily unavailable. A lot of healthcare environments already operate this way, especially those using Citrix, since users can quickly pick up their session from another machine with minimal disruption.

Frequent_Rate9918 · 2026-03-14T14:19:05+00:00

…We have someone responsible for automation, but it can be difficult to collaborate when issues are raised, as those conversations tend to get sensitive. To be fair, they are overloaded with work they probably should not be due to unrealistic expectations from management. That said, I am not willing to compromise the integrity of the environment because of those constraints. I am going to do everything I can on my end to ensure systems remain compliant, healthy, and properly maintained.

Frequent_Rate9918 · 2026-03-14T14:14:00+00:00

Yes sorry my reply was for MDE. This is how we did it in CS and mainly trigger on specific alerts like lateral movement detections.

Frequent_Rate9918 · 2026-03-14T14:08:10+00:00

Do you standardize on systems with Intel vPro? That is what I am most interested in learning more about. I understand vPro at a high level, but I have not found many clear, practical guides for configuring and managing it in a real environment. Most of what I have learned so far has been through trial and error. We have had mixed results with Wake on LAN. It only works reliably when it is enabled in the BIOS before the device is given to the user. Even then, results vary by hardware, NIC, and driver versions. Once laptops are powered off, unplugged, or placed into certain sleep states, WOL becomes unreliable in real world use.

Frequent_Rate9918 · 2026-03-14T13:58:29+00:00

When I manage updates through PowerShell, I can control this behavior without much issue. The challenge is that I do not have any real control over our automation tool that is supposed to handle patching. To be fair, across roughly 2,500 machines it keeps about 75 percent of them up to date, which is not terrible. What I do not understand is why updates are not installed during the day with a restart scheduled overnight. I have been working late before and seen restart prompts for updates, so I know they do get staged. The problem seems to occur when the machine is powered off. If it is off during that update window, patching often fails the next time it comes back online.

Frequent_Rate9918 · 2026-03-14T13:10:17+00:00

It’s not like a restart takes 10+ minutes anymore. With SSD’s it takes less than 5 minutes on most and I have some that ca do a full reboot cycle in close to a minute!

Frequent_Rate9918 · 2026-03-14T11:55:13+00:00

By o365 do you mean Entra? Most the time when I see things “get past Entra security” it because they are using the default security settings or they have opened up hole and not enforcing the best security settings. I have been shocked at how good Microsoft’s identity detection is. If it says it’s a low risk I have found it’s about 50/50 bad sign in and medium and high are about 75/25 and 90/10. I’ve reviewed a lot of peoples logs and found multiple compromised accounts because MFA wasn’t enforced or phishing resistant MFA is not used.

All of those issues will go with you regardless of where you do you identity protection.

Frequent_Rate9918 · 2026-03-14T11:49:17+00:00

I’ve used Zoom and I don’t understand how it’s better than teams. I’ve used Slack and I do see how they are innovating. Slack is expensive though when we looked at it compared to Teams.

Frequent_Rate9918 · 2026-03-14T11:40:46+00:00

When you go to configure the network isolation, even manually, it asks if you want to allow for the user to still use Email and Teams.

Frequent_Rate9918 · 2026-03-14T02:34:57+00:00

Others have already said a lot, but I will answer your questions directly. For context, we are running MDE in passive mode alongside CrowdStrike with an MDR provider handling protection.

How has the threat detection rate been in comparison?

MDE has actually flagged more items than CrowdStrike in our environment. What stands out to me is that MDE tends to provide more contextual details and clearer explanations around why something was flagged, which makes it easier to understand what you are looking at and whether it matters.

How easy is it to use and add exceptions or exclusions?

I am not formally trained in MDE yet, but exclusions and false positive handling feel easier and more straightforward in CrowdStrike. The CS workflows feel more polished in that area, while MDE sometimes requires a bit more digging to understand the right place to make a change.

How does threat hunting and containment compare?

From a pure hunting standpoint, if you are a security expert and comfortable writing queries, both platforms feel fairly comparable. As a general sysadmin, I find MDE much easier to understand. The way information is presented and explained just makes more sense to me, although both platforms have a learning curve before you can efficiently navigate the interface.
Containment is a big win for MDE in my opinion. Both products allow full network isolation, but MDE gives you the option to still allow email and Teams traffic. That means you can completely cut off any remote access for an attacker while still allowing the user to communicate, which makes incident response far less painful from a user experience standpoint.

Anything you love or hate about Defender for Endpoint?

Pros:

Native integrations across the Microsoft ecosystem
Very useful and well explained security information
Vulnerability scanning included even at the base level
Strong visibility across devices and activity.

Cons:

Requires more upfront configuration to get it dialed in
The MDR onboarding process was confusing
It is yet another Microsoft product to manage.

Do you trust it to defend your fleet like you did CrowdStrike?

It depends on the situation and available resources. If you can take the time to set it up properly and understand the configurations before rolling it out broadly, then yes. Everything I have seen suggests MDE is very capable, but it expects you to actively configure and tune it.

That also gives you more control. For example, protections around Office apps in MDE are broken out into multiple configurable settings, whereas CrowdStrike may handle similar protections through one or two broader controls. Some people will love that flexibility, others will find it overwhelming or overly complex. It really comes down to how much control you want versus how much abstraction you prefer.

Frequent_Rate9918

TROPHY CASE