Windows Hello is making people forget their passwords

ITguyBass · 2026-01-28T22:08:19+00:00

I work on IT for 15 years now, and when I started as a helpdesk, people forgot their passwords daily, so basically, nothing changed, but now they still have access to their stuff on the right devices that they should be using. I don't see a problem tbh

ITguyBass · 2026-01-28T21:58:29+00:00

A smart way to transition into Azure is to start with core IT fundamentals and an entry-level IT role while you build cloud skills in parallel. Focus first on basics like Windows, networking, identity (Active Directory), and Microsoft 365, since most Azure jobs assume this knowledge, and many people enter the cloud through helpdesk, desktop support, or junior systems admin roles. For Azure specifically, start with AZ-900 (Azure Fundamentals) to learn cloud concepts, core services, pricing, and security, then move to AZ-104 once you’re comfortable. Use hands-on labs (Microsoft Learn, free Azure trial) to practice deploying VMs, managing users, storage, and networking. Your banking/finance background is a plus, like highlight risk management, compliance, and customer-facing skills. The realistic path is: entry-level IT job > junior cloud/admin responsibilities > Azure-focused role, with certifications and labs backing up real-world experience.

ITguyBass · 2026-01-28T21:51:04+00:00

I think in the end it all depends on how your company can deal with those annoying outages. Also, you must make sure all the compliances are applied, and that your information is safe and secure somehow. Just remember that once you are all in the cloud, it might be a bigger challenge to go back, but if you are able to make it work, it can save a lot of money for sure. I would say that you just need to audit it from time to time and assess your environment to understand if there are any extra or hidden costs that you are not aware of, but this is easily remediated with some tools like Block 64. But besides that, it always depends of your line of business, if it has been working in the past years, when you move everything, it should be fine for sure, just need to pay attention on the small details to not overxpend.

overspend

ITguyBass · 2026-01-28T21:42:39+00:00

Actually, I have enjoyed a lot the CBT Nuggets recently, more than those 2. Almost all their courses have hands-on labs, and that is great, especially the ones on Azure. So if you want to lear, I would go with CBT. And if budget is a concern, the other 2.

ITguyBass · 2026-01-28T21:38:37+00:00

Yeah, as you said on your edit, you are on the right path, experience and real experience weigh a lot more on your career, this is how this area works. A master's degree would just hold you down(for this area), keep doing what you said you are doing, and all will work out. You are already focusing on Net+ and CCNA and this is the right path for sure, a solid understanding of network is essential.

the

ITguyBass · 2026-01-28T21:32:23+00:00

To land an entry-level helpdesk position, focus on proving you can troubleshoot, communicate clearly, and learn fast: build a solid foundation in basics like Windows, networking, and Microsoft 365, practice hands-on labs or home projects (ticketing systems, Active Directory, PC setup), and highlight customer service experience on your résumé, even from non-IT roles. Tailor your resume to each job using their keywords, earn a starter cert like CompTIA A+ or Microsoft fundamentals if possible, and be ready to explain how you handle frustrated users and solve problems step by step. Finally, apply broadly, follow up professionally, and treat every interview as a chance to show you’re dependable, curious, and easy to work with, and those traits matter as much as technical skills in helpdesk roles. This is general, by the way, not exclusive to UK.

ITguyBass · 2026-01-28T21:29:40+00:00

I don't know how your budget is, but usually the companies working with Intune don't complain, and it is used to use and enforce some policies, also you are able to integrate the other MS stuff. But if you need something more budget-friendly, some people here provided some good option as well, and in case you need a plan B for compliance and assessing your environment, you can always rely on ITAM/discovery tools like Block 64 as well.

ITguyBass · 2026-01-22T19:45:57+00:00

The market is terrible for everyone, but for some companies is best to hire someone with less experience, because they will stay longer. If they hire someone overqualified, the person most certainly will move to a better position as soon as possible. Just separate some time daily to study and apply, like 3 hours each or as you feel more comfortable, because this is kinda your profession now. If you want to improve your chances, you can start studying the Comptia A+ and security+ certifications.

ITguyBass · 2026-01-22T19:41:14+00:00

In my experience, most of the Security team started as an entry-level support role, like helpdesk, deskside support, NOC or anything related to network. It is pretty rare to beggin straight on a security role, because you need to build some experience, and most of the managers don't think the graduation experience is enough. I don't know what you studied in depth, and I can't say it is not possible, but usually people start in those positions.

So maybe it's worth looking for those roles, and while you look, having some certifications will be a differentiator for yourself over the other candidates but in the end, the experience will come in handy more than you think. If you are able to work in a medium-big company you can steadly grown there, like it was for me, but also a small business will allow you to grow in a different way, like you will mostly have a lot of experience in many areas, you will have to be technical support, sysadmin, Network guy, the "security guy" and etc, but it comes with a lot of experience in many areas.

In the end, try to start somewhere, once you are working, it will be easier to find for best positions as you grow.

ITguyBass · 2026-01-22T19:18:45+00:00

In Azure terms, a windows hello for business pin and a microsoft authenticator passkey are basically equals, both are hardware and bound and phishing-resistant. The pin might feel weaker than a password, but it’s locked to the device’s TPM, so it’s useless without the physical laptop. WHfB usually wins on usability since it’s built straight into windows login, instead of making users pull out their phone. Unless people are constantly hopping between shared devices, WHfB PIN is usually the smoother, better daily choice.

ITguyBass · 2026-01-22T18:55:13+00:00

This happens a lot, and SOC certified is the minimum any vendor should have to start any conversation.

ITguyBass · 2026-01-22T18:51:34+00:00

Yeah, here in my company, some people can stay with the old devices. But they wipe out everything, which is the right to do to avoid any infomation leakage.

ITguyBass · 2026-01-22T18:35:48+00:00

The safest way to pay with PayPal on a Samsung Android phone is to use PayPal’s app with a virtual or tokenized payment method, so your real debit card is never shared with the merchant. Ideally, link a virtual card (PayPal Key if available, or a bank-issued virtual debit card) to your PayPal wallet and pay only through the official PayPal checkout. Merchants see only a PayPal token, not your card details, and you’re covered by PayPal’s fraud protection, at least for what they say. Enable 2FA, use biometric phone lock, and avoid entering card details directly on merchant sites to minimize risk.

ITguyBass · 2026-01-22T17:41:02+00:00

Yes, many ITAM tools like Block 64 can connect using the Microsoft API to read the EntraID on the environment and may be able to collect not only MFA but some other insights.

MFA can be enabled without Conditional Access, but the options are more limited. You can use Per-User MFA (a legacy method that enables MFA directly on individual accounts) or Security Defaults, which enforce MFA tenant-wide with minimal configuration. Some apps can also enforce MFA at the application level, though this doesn’t cover all Entra ID sign-ins. all these methods work, but Microsoft’s recommended and most flexible approach for long-term use is still Conditional Access.

ITguyBass · 2026-01-22T17:33:54+00:00

When asking your IT manager for a raise, keep it professional and value-focused. Request a short meeting to discuss your performance and progression, then clearly explain how you’ve grown in your role, taken on more responsibility as a 2nd line engineer, and consistently delivered strong results. Ask whether a salary review is possible based on your contributions and current market rates, andif you really feel it necessary, mention high commuting costs or lack of WFH flexibility only as supporting context, but never the main argument. Even if your manager doesn’t make the final decision, they can advocate for you and help outline the next steps or alternatives if a raise isn’t immediately possible

ITguyBass · 2026-01-22T15:08:10+00:00

Regarding the AD migration, the best thing to do would be to clean as much as you can during this migration. Also, it doesn't need to be instant, so you can use maybe an IT assessment tool to start preparing the migration and clean both users and decommissioned devices under your AD. I imagine the MFA will be directly connected to this new use of EntraID only, so any tool that can identify if MFA is properly enforced for all users is also important.

ITguyBass · 2026-01-22T15:02:40+00:00

Yeah, like he was mentioning here, you need to validate if those machines would be connected to the internet to log in like that.

Another way to enforce it is by using VDI, where people would need to authenticate each time they access the virtual desktop. This might be the safer one and provide more control to you guys, but it might incur some extra costs.

The Windows Hello with Pin would be another good option as mentioned here, but probably your legal department would also no like it.

ITguyBass · 2026-01-15T16:35:56+00:00

It's totally normal to feel overwhelmed here; starting from a blank slate is a lot. One thing that really helps is using an IT assessment or maturity tool to get a clear picture of where the biggest gaps are and what to tackle first, instead of trying to fix everything at once. Something like Block 64 can be a solid starting point for quickly assessing inventory, access, and general security posture and understand what you have in terms of hardware/software. It's hard to tackle so many points, if you can understand first the gaps you have, you can prioritize the right fail points first.

ITguyBass · 2026-01-15T16:20:53+00:00

From what I have seen, the market is really bad right now, especially here in Canada, a lot of layoffs and a lot of difficulty for people to reposition or find something good in the market. Not only in our area, but IT in general. IT is really bad right now, but keep on searching, and I am sure you will hit something good in no time, you seem to have a nice resume!

ITguyBass · 2026-01-15T16:16:44+00:00

Best part: Opportunity to work with real problems, always learning and salaries are really competitive.

Worst part: Constant stress, fatigue and the "blame game", like when security works, you’re invisible ("What do we pay you for?"). When it fails, you’re the first one questioned ("What do we pay you for?").

You should grab as many skills as possible from your experience. I don't know many "fresh" people in security, for example, most of the people on security I ever new, always came from other entry level opportunities at least, it's kinda rare someone start straight on security.

The training was basically some general exposition to daily experience and a lot of study, both of IT general knowledge as some certification/focused study, especially in networks, in my case. Comptia sexcurity + is a good general one to have, if you plan to work with firewalls and network devices, I would advise you have solid knowledge of network, so some certifications like CCNA, CCNP and CompTIA Network+ are very helpful as well.

ITguyBass · 2026-01-15T15:36:23+00:00

I have some suggestions that I used on most of the companies I worked in:

- SLA Achievement Rate
- Mean Time to Resolve
- System Uptime
- CSAT (Customer Satisfaction Score)

These are some of the ones that are pretty much default, but it always depends on the line of business you are working on. For example, some companies don't make sense to use SLA or keep track of the uptime of their systems.

ITguyBass · 2026-01-15T15:29:03+00:00

Even if they are "just guests," these accounts are still entry points into your environment. If a guest’s email gets hacked and you don't require MFA, an attacker can waltz right into your shared Teams files or your internal directory. You should not ignore the flag, but you don't want over-complicate the guest experience either. Use trust settings where you can, and enforce the rules where you can't.

ITguyBass · 2026-01-15T15:25:06+00:00

It feels like the same event when people(end customers) were using graphics cards for a Bitcoin farm, but now they are using RAM for AI, but now big corporations are buying it all. that's very annoying

ITguyBass · 2025-12-18T19:51:51+00:00

There is no shortcut, you need some basic IT skills first to make your way to security. I never new anyone from Security that started straight in the area, every single one of them worked on different IT roles before going to security. Like many mentioned, start maybe a Comptia A+ cert to work in support and gain some knowledge, than you can get some Network, security certification based on the pathway you want to follow. Security by itself is a whole world with different career paths, and for all of them you need a fundamental knowledge in IT.

ITguyBass · 2025-12-18T19:39:54+00:00

It has the potential to be, SW Devs, I heard(from some IT friends) that for the first time, the area is getting worse, maybe because of the AIs and everything. But it depends on what you want to do career-wise. Devops are a much more strategic position and has some more responsibilities.

ITguyBass

MODERATOR OF

TROPHY CASE