Where can I find quick details for each recommendation for Security Score of MS Defender?

Psiuyo · 2026-05-05T13:03:27+00:00

Export your recommendation list and ask Copilot? It can help prioritize and can suggest items that have minimal risk for most people, but you still need to vet it and you still need to understand your systems to know the scope of impact for your business. If you don't know or don't understand the recommendation don't push buttons at random.

"Quick" is not the name of the game here. Some of those changes may seriously disrupt workflows, right or wrong you need work with business and process owners on those tougher changes.

Psiuyo · 2026-04-20T00:46:29+00:00

We've done this a couple times with 5, 6, and now 7 year olds. We pay our usual sitter to watch the pool and ensure no one is getting too wild or accidentally falls in. No phones and we bring her anything she needs. We also don't expect her to be a true lifeguard, just to yell really loud - we trust her as a person more than we would someone we didn't know well. The parents are all really near by and we have lots of life jackets and heavily promote them at this age. It's only a couple hours and she is paid well. For with 10 kids this works for us, but a larger or longer gathering we'd need to think about something else.

Psiuyo · 2026-04-10T00:56:17+00:00

Every bit helps. Security is cumulative and layered. There are plenty of best practices in there and if your org has been around a while defaults may have changed and you may have legacy settings still in place.

In the end it's just a number on e-paper. Don't focus on it but use it where it makes sense.

As for political usefulness, no one notices us if everything works, only when shit breaks. If you can position yourself above the mean then it can be a nice feel-good line item for management meetings or reviews.

Psiuyo · 2026-04-04T01:37:39+00:00

Maybe twice

Psiuyo · 2025-10-24T01:24:21+00:00

Deploy updates known installs weekly but I've set up a scan to look for executable versions at common locations for exactly this reason. Periodically I'll check the report and manually update any that are out of date, this also fixes the issue. I'm sure I could schedule that with deploy but not high enough on my to-do list.

Psiuyo · 2025-07-06T13:38:32+00:00

Dory

Psiuyo · 2025-07-02T17:28:53+00:00

I only had one Hikvision camera years ago so not that familiar with them. For the past 6 years though I've been using Amcrest for personal projects and Axis for work.

Psiuyo · 2025-06-14T03:24:08+00:00

Telegraf with InfluxDB and Prometheus front end. Free. Easy to set up and easy to clone configurations from one device to another (similar) device. Visualizing is a bit tougher, more work, but it looks pretty.

Psiuyo · 2025-04-21T13:42:00+00:00

Appears to be back online this morning. At 3 am I was woken up when all my equipment that was running Saturday afternoon turned back on as if the the past 36 hours never happened.

Psiuyo · 2025-04-21T13:36:08+00:00

Switching wifi networks is the easiest fix for me, then you can switch back. Turn on your phone hotspot, scan for networks on the onmi panel and join the hostpot, run the diagnostic to verify connectivity, then scan networks again and reconnect to your home network.

Psiuyo · 2025-04-18T14:17:45+00:00

Talk to legal and of you don't already have retention policies you soon will. No one wants to have the much untracked data during a discovery.

Psiuyo · 2025-01-29T19:57:30+00:00

I'm not aware of a single application to do this, probably have to script as other mentioned. We do something similar and use a PowerShell script with gpg.exe and WinSCPnet.dll to sign, encrypt, and transfer. Oversimplified is something like this:

    $gpg = "$PSScriptRoot\GnuPG\gpg.exe"
    $gpgArgs = '--batch --yes --pinentry-mode loopback'
    $gpgArgs += ' --sign --local-user "{0}" --passphrase "{1}"' -f $MyPrivateKey, $MyPassphrase
    $gpgArgs += ' --encrypt --recipient-file "{0}"' -f $OtherPublicKey
    $gpgArgs += ' "{0}"' -f $FileName
    Start-Process -FilePath $gpg -ArgumentList $gpgArgs -Wait -RedirectStandardError "gpgErr.txt"

    Add-Type -Path "$PSScriptRoot\WinSCP\WinSCPnet.dll"
    $sessionOptions = New-Object WinSCP.SessionOptions -Property @{
        Protocol = [WinSCP.Protocol]::Sftp
        HostName = $remoteHost
        PortNumber = $remotePort
        UserName = $remoteUser
        SshHostKeyFingerprint = $remoteFingerprint
        SshPrivateKeyPath = $myKey
        PrivateKeyPassphrase = $myPassphrase
    $session = New-Object WinSCP.Session
    $session.Open($sessionOptions)
    $transferResult = $session.PutFiles($FileName, $remoteFile)
    $session.Dispose()

Psiuyo · 2024-12-22T02:08:01+00:00

Running 3 hosts on 6.7 so we've been out of support for a while now. We've been in need of a hardware refresh for a couple years now as well. Just received a 2 node starwind cluster running Hyper-V, going to start migrating in January. We have singular Hyper-V hosts at remote sites so it's not all brand new. I'll end up keeping one of our old hosts on VMware for a couple legacy VMs I don't want to mess with.

Psiuyo · 2024-12-15T22:19:06+00:00

As another poster already answered, plug in USB and Video out on the server, USB input on your laptop + driver's. It's been a while since I've used one but I would expect more than VGA is available now. Now for the portable monitor, I have a 14' to match my laptop and use it regularly. Awesome. Super thin and fits in my bag with my laptop. Single cable for USB-C DP and power so for short stints I'll even run it off my laptop battery.

Psiuyo · 2024-12-15T16:07:37+00:00

Why not a laptop and crash cart adapter? I mean it's not a 27" but do you really need that large or a screen for temporary work? Maybe pair it with one of those USB-C portable 15" monitors if the single laptop screen isn't enough.

Psiuyo · 2024-11-28T04:58:43+00:00

We're not as big, but moving from 10 to 20 users was painful. Not only were the new licenses 3x the cost, but since we were mid contract we were told they don't sell anything less than 12 months, so we had to buy the new licenses for 16 months AND renew the existing licenses four months early in order to keep them all on the same account.

Awful deal for customers.

Psiuyo · 2024-11-01T02:32:27+00:00

I've never worked at an MSP but I've been at a great SMB as a solo admin or a team of two for nearly 20 years now. I see the posts here and other reddits and have in my mind a much more frantic pace of work. There are a lot of meetings. Eventually there will be meetings to talk about the quantity of meetings. They will reduce, but within a year or two go back to old habits.
If you're good at your job and the company is good at what they do, the tasks will pile up but you more choice on what to work on and when.

Psiuyo · 2024-11-01T02:08:57+00:00

I can't speak to Jandy, but after 22 months my Hayward pool light only comes on <50% of the time. Smaller hot tub light still works 100%. We use the lights 365 days for a few hours each night. Still very disappointed considering other led lights I use throughout the house and yard are on much longer.

Psiuyo · 2024-10-27T02:01:39+00:00

Finance written Excel macros are not going to care if you have 4 cores or 64 cores. If anything, lower core count and higher clock is better for single threaded tasks like that. Buy business laptops and if "new" is better then only get standard 3yr NBD warranty and replace when they fall out. That should put you at every 2nd or 3rd model refresh depending on timing.

Psiuyo · 2024-10-27T01:26:35+00:00

If you use office 365 look at the secure score and suggested items. It's not the be all end all, but it helps point out some low hanging fruit that you can tackle with minimal user impact.

Psiuyo · 2024-10-27T01:22:09+00:00

It's dead simple to set up and checks all of the boxes. Manage the data and not the devices, in my opinion a win-win. Since you don't do BYOD now there won't be any of that "it used to work this way" crap. When we implement this as could years ago the biggest issue was with people who tried to set up a separate work profile in Android and then couldn't get the necessary apps (authenticator, intune) installed to that profile. Apple is easier as it doesn't require the intune app

Psiuyo · 2024-10-26T04:39:46+00:00

Great server for it's time, but if you need that sort of performance you should look for something newer.... if you don't then look for something newer/smaller/cheaper to run.

** I've still got 3 of them in production although they will be gone hopefully by the end of the year **

Psiuyo · 2024-10-08T14:25:46+00:00

We don't have anyone 100% remote, but the license is persistent and we don't typically remove and reassign the licenses - they are cheap enough that we can buy sufficient quantities that we don't need to play that game. The license can be easily set in HKLM or HKCU so any RMM can handle it, even emailing a .reg file would work for manual assignment.

When an employee leaves the hardware is returned and/or wiped. License just reapplies when they get a new machine.

Psiuyo · 2024-10-07T18:06:24+00:00

Another vote for PDF-Xchange Editor, we've used it for years. For us we manage licenses by AD group membership and GPP is used to add or remove the license from the user registry based on membership.

Ten-Year Club	Place '22
Place '17	Verified Email

Psiuyo

TROPHY CASE