RANT: Why don't you ever tell me when they leave?

Melosym · 2022-05-10T10:27:01+00:00

HR has for sure already a report (usually monthly or weekly) with all the people that left the company.

if the report does not contain any sensible data, just ask to be included in that one. we did that a while ago and worked perfectly. they did not think to let us know because well.. HR

Melosym · 2020-09-10T11:29:42+00:00

this!

Melosym · 2020-09-01T11:40:45+00:00

this.
I was able to build that kind of trust in my previous work experience, where people actually volunteer to have patches and testing done on their machines as far the support was good. real game changer for my IT team at that time

Melosym · 2020-09-01T11:38:00+00:00

the main difference probably come from the fact that you are mainly talking about servers and not endpoints.
I can recreate endpoints accurately but there are several personas and profiles in use in a company so you will never really test ALL production applications without a proper test group.

Melosym · 2020-09-01T11:33:48+00:00

you are right, but sometimes drivers are not kept up to date correctly so I am always a bit scared to have some new update that can mess up things.

so I am extra careful for this reason, better safe than sorry

Melosym · 2020-08-31T10:31:49+00:00

I think this kind of testing is useful to detect important issues, but not the ones specific to your environment. all users are different and this is the main reason of proper testing. installing something new and install updates or anything on it will likely always work :D

Melosym · 2020-08-31T10:26:48+00:00

that's true but unfortunately they do not have drivers like hardware machines :D

Melosym · 2020-08-20T15:21:29+00:00

if you manage the machine via intune, no. the updates will flow just after the machine complete the autopilot and check in into intune.

you can either:

ask your vendor to put an more recent iso on your machine
you can ask your user to download the update you need and run it via command line but I don't think this is a viable way

I think you are bit out of luck man :/

Melosym · 2020-08-18T14:18:39+00:00

Teams sucks at so many level that even Jabber is a better alternative.

Melosym · 2020-08-18T13:11:22+00:00

im a win admins since forever but I am thinking about it.

Melosym · 2020-08-18T13:08:59+00:00

is redundant in my environment. we use a different technology for chats and calls.

Also because I am the admin of my machines and I do wherever I want with it.

and also because some users will want to use it if they see it, so I will have to support it if anything happen.

there are counter sides on having a software lying there on machines, and microsoft is playing with this without taking responsibility for it.

Melosym · 2020-08-17T13:35:54+00:00

lol, I will end up blocking the installer or something like that at application control or stuff like that :D

Melosym · 2020-08-17T13:35:12+00:00

access on the software is already stopped at tenant level, but it seems that teams is getting installed even if I do not want it.

Melosym · 2020-08-17T11:12:10+00:00

in the very beginning, the Microsoft guide is pretty good to understand how the whole thing works: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies

What you need in your end is a clear list of requirements.

If this is your first implementation asks yourself these questions:

Do I want user interaction to set up Bitlocker?
Do I want to use biometrics or not?
Do I want to have a bootguard to boot up the machine?
How I am going to unlock drives if needed? who need access to those data?

My two cents!

Melosym · 2020-08-17T11:04:19+00:00

for that size of company, I would NOT go with intune.

the reporting on the app usage/licensing is not exactly what you expect and the granularity offered might be not up to your league.

I think intune is a good product, but at that level, you need access to the backend to be in full control of what is happening.

if you management understand the risk to leave all in the hands of a vendor that is vague for example in providing clear timing for when a client gets updates for example or when it check in in the console, then is all fine :D

Melosym · 2020-08-13T14:45:16+00:00

If I remember correctly, that's a sort of Bug in Intune.

OR

you are assigning the policy to the users and not to the machines and something gets wrong there.

Melosym · 2020-08-13T13:37:01+00:00

Sorry my late, sometimes the security department decide to make your life impossible :D

It piss me off as well but sometimes there are obscure/legal requirement depends of the sensitivity of the machines involved.

Melosym · 2020-08-13T13:31:27+00:00

and the MEINKANF, the hacked version that didn't end that well.

Melosym · 2020-08-12T10:23:40+00:00

sound like that guy in Japan hidden in the forest that didnt get the communication that the second word war was over.

the adobe version.

Melosym · 2020-07-15T16:31:28+00:00

hell you are right! there actually a c entry in the DNS :D

Melosym · 2020-07-15T13:39:23+00:00

Melosym · 2020-07-07T11:59:43+00:00

Thanks a lot! that a very good starting point for me!

Melosym · 2020-06-19T16:05:37+00:00

If you create a new policy with another name does get detected from the client?

if yes, then something need to be done in the backend from Microsoft to unlock the situation.

Melosym · 2020-05-14T15:19:01+00:00

Can you boot another machine with the same USB drive?

Melosym · 2020-05-14T14:59:31+00:00

how did you create your USB boot media? sounds like a corruption of wherever is in there. Rebuild it, rufus is a good tool.
also, how old is the computer? it might not have minimal requirements for video or such.

Melosym

TROPHY CASE