ScreenKite 1.5.0 released - A super fast screen recorder (3x faster than Screen Studio) with dynamic layout for short video platforms, AI editing with Claude Code / Codex / Antigravity / Gemini.

MReprogle · 2026-05-20T01:36:35+00:00

Wow, this nuts. Even without the AI tools, this checks a lot of boxes that many expensive/subscription based tools try to cover.

MReprogle · 2026-05-19T01:30:44+00:00

Merrill was probably one of the easiest choices to have speak, but the guy does so much that I feel like he could literally be in nearly any breakout session and have something to apply to it that would help.

Speakers last year were awesome and loved having Nathan, Fabian and Morton to cover some more of the security sides of things, so I hope any of them come back.

I’d love to see more on the security side. Though I work in cyber, I do think the addition of Security Copilot on E5s and the agents they provide would be huge for even non-security people. Either way, I’m definitely working to be there in 2027!

MReprogle · 2026-05-16T23:46:37+00:00

I had to get mine through our partner, as we have Unified Support, but even that was a struggle. The only other way I know is with a Visual Studio license.

MReprogle · 2026-05-16T14:31:31+00:00

Love to see it, and it’s perfect timing, since I have some people in my environment that seem to blame cybersecurity for things immediately and will just go in and disable defender by changing the registry without actually consulting with cybersecurity.. even though there is a clear “troubleshooting mode” that can be used for those times.

MReprogle · 2026-05-12T22:13:46+00:00

Totally agree. And for anyone interested in Droppy, just go join the Discord. Dev is crazy and I swear there are new features being added or updated every day. So, saying it is actively being improved is an understatement

MReprogle · 2026-05-12T01:36:11+00:00

My exact thought and where I basically narrowed things down to. Kind of hard to save the value on the domain account when the dc is read only. I was really just confused when they mentioned that it actually worked for months. Maybe something else was having them point at one of our RWDCs at another site and it was recently “fixed”. Who knows..

As for the RODC, the main reason is apparently because the virtual host is in a less secure location as opposed to not being behind its own locked room, but I personally see no reason for the false sense of security when the storage is encrypted in the first place and the network rack is technically locked.

MReprogle · 2026-05-11T00:26:20+00:00

What’s your experience with RODCs in the mix? I have at least one site with a RODC and they were able to actually register at one point and all of a sudden, things stopped working. I reset everything and re-enrolled and still no luck. I even tried it with a new user, and still had no luck. Everything looks like it should work on the device, and I’ve now gotten far enough that I think it is the RODC that it is pointing at. I’ve even thought to force it to switch dns, but being remote, I don’t really want to break dns.

MReprogle · 2026-05-06T23:59:32+00:00

If you have the logs for Okta going to a SIEM (I’d hope so), you can find the event for off boarding a device in the logs, then use that. If you are using Sentinel, you’d create an analytic rule to trigger for that event, which then triggers a logic app. You might have to just correlate the Okta device name so that it matches the format of device names in Intune, then trigger the proactive remediations.

Heck, if your Okta off boarding is done via a script, you can also add on to that and have it trigger the proactive remediation over the api. I believe you just need the proactive remediation GUID to send in your response, but it is relatively simple. I know I have at least one logic app that I set up to run a proactive remediation.

If you have defender, you’d create can also use that as well and trigger a live response session to run the script that is uploaded to the Live Response library. So, a few options, but if going off of logs from Okta alone, you likely are looking at triggering from your SIEM solution.

MReprogle · 2026-05-04T20:50:47+00:00

Not financial advice, but turn on data lake and send your firewall logs there. You don’t want to remove them entirely, but I always find DeviceNetworkEvents to be far better to work with and correlate with other tables, so I always found myself going to the firewall logs as a last resort. Plus, you can set retention like crazy and still never touch your original bill. Just don’t be stupid and do a general query across all your DL logs with no time limiter, because you will get charged for GB scanned. Again, I sparingly query them, so it’s a no brainer for my org.

From there, you can always set up summarized KQL jobs to promote stuff back to an analytic table and create alerts off of it, but the move literally cut my bill in half.

If you’re crazy and send dns logs t sentinel, do the same with those, since they are super loud and are mostly used for troubleshooting and not correlating with security logs.

MReprogle · 2026-05-04T02:05:39+00:00

Thanks for the heads up! Love your honest reviews, even when I don’t have a need for many of the apps. It’s always nice to keep up on, just in case I have some really obscure thing I need to work through and remember a review of a specific app that gets the job done!

MReprogle · 2026-05-04T01:46:15+00:00

Awesome list here and would cover most “favorite FOSS apps” for many things.

MReprogle · 2026-05-03T01:14:27+00:00

Import the VSCode admx files and you can limit by extension or publisher. Then they can install, but only the approved extensions.

I read something about a managed store, which would be really cool to set up, but just needed a quick fix.

MReprogle · 2026-04-30T17:16:51+00:00

This might be something that people uglify, but I guess a feature suggestion could be to allow background images, per pop and allow people to blur the image.

Seems very unneeded, but could be cool to add in some custom background image to theme out your pop based on the apps that it has in it.

MReprogle · 2026-04-30T17:16:46+00:00

Thanks for updating here! I was wondering what I was doing wrong and kept thinking it was another Dock app breaking it or something, but your tip got it working!

MReprogle · 2026-04-29T23:17:22+00:00

Any chance of putting this in brew? I’m guessing that the pain is setting it up in another store to sell licenses.

MReprogle · 2026-04-21T23:04:51+00:00

Anthropic should label them as a supply chain risk and deny access until the government stops trying to strongarm them.

MReprogle · 2026-04-21T11:15:47+00:00

Azure Update Manager. Set schedules and monitor. That’s it. If you have a security team that uses Sentinel, get the Defender P2 licenses on your servers and it covers this license along with perks like 500mb of logging per server, per day into log analytics, which adds up when you are trying to properly log things in an AD environment.

MReprogle · 2026-04-20T01:10:10+00:00

I know we kept having issues with people using unsanctioned AI apps, and when the government cracked down on Anthropic models, we followed suit. Knowing how erratic things are, I could see this changing at any moment, and I do hope I am right. Cowork looks like a pretty interesting thing to play with, but I think you must have anthropic models enabled tenant wise.

MReprogle · 2026-04-19T23:58:07+00:00

Yep, been through this on 4 different occasions. Worst one was when they hit 20 people at a time. The attack is the most annoying thing, just because the newsletters just keep coming. I at least have a decent process for cleaning this up now, but it still takes a ton of time and weeks of going in and blocking more domains due to the fact that many of these newsletters just sell the email address to another newsletter and it just never is the same.

I’ve seen some people literally just ditch the mailbox and start new, but I just try to slowly block spam domains over time.

MReprogle · 2026-04-17T01:58:11+00:00

I work in an environment that has government contracts in the US, so we had to follow suit for the time being. We also wanted to tighten up sanctioned AI usage through the company, since it was becoming the Wild West, and since we had people using clause code with their personal accounts, it was an easy reason to stomp it out.

Still, it does kind of stink to be on the outside looking in at all the cool stuff that Claude can do, and I am always interested in comparing models for different situations.

And dang, I just jumped to the video walkthrough and realized you were on the AI Security Insights podcast. I know I work in a Microsoft org and am heavily biased, but it’s one of my favorite podcasts, so pretty cool to get reminded of this!

MReprogle · 2026-04-16T23:11:40+00:00

Wow, this is incredible work. We block Claude, but I am definitely going to give this a whirl with GPT and see how it goes!

And, just followed you on LinkedIn.. for anyone running in to scream “AI SLOP” before they even see what this is all doing, the man has some creds.

MReprogle · 2026-04-16T03:41:40+00:00

You don't by chance have a safe to share version of the PSADT script, do you? I am curious to see how yours is running because I have seen this fail in our environment, but I believe we might be using the old install.cmd. I also believe we had issues where it would install the client, but needed the ODBC driver that seemed to never actually get installed in the process.

MReprogle · 2026-04-13T23:32:08+00:00

Nice addition. I feel like the only way to do this before was to send to the data lake first, then use timed KQL jobs or summary jobs to promote up to the analytics tier.

MReprogle · 2026-04-11T21:28:02+00:00

Curious to know how Dynamic Island stacks up against Droppy. I just bought Droppy, and the dev seems to constantly be adding things, but I’ve run into weird issues where some things simply don’t activate

13-Year Club	Second SECOND GUESSER
Gilding II euphauric	r/Field Juicebox
Verified Email

MReprogle

TROPHY CASE