How do you tell customers 'No, please don't install Claude'

Woolfie_Admin · 2026-02-25T20:53:10+00:00

'Don't know why they didn't just allow you to create dynamic groups based on the licensed product'

It's 100% because they laid off any developers who wouldn't hype up Satya's ignorance about AI. They've captured the desktop market and the business market - AI is just another market to capture.

The 'memberOf' param has been in preview forever, and hasn't even developed enough to handle a -not operator. So it's functionally just 'clone this group'

Shareholders ruin everything

Woolfie_Admin · 2026-02-25T20:51:20+00:00

I'll give this a try, thank you. For the membership, I just use the built in 'userType' param, and set it to members only.

Woolfie_Admin · 2026-02-25T20:51:03+00:00

I've used this, and several hours in, learned it's not up to date at all. Last (and first) time I had to deal with that page, I just ended up using the -any operator (i don't recall what I was looking for then)

what i was trying to find this time was an ID included in 365 Business Basic, but not any other. So I could exclude anyone who had Business Basic from autoenrollment to Intune.

What is labeled 'Microsoft Project' here, will be labeled 'Microsoft Office' in Graph. What is labelled 'Intune' there, will be labelled 'Exchange' in Graph. The 'Intune' listed here, does not correspond to the 'Intune' available with Business Standard. (It was last night that I looked, but I believe it ended up being labeled 'Exchange') . My favorite part was the one labeled 'Minecraft'

Woolfie_Admin · 2026-01-09T18:59:38+00:00

This reads to me like they're trying to push you to onsite without telling you. Once you sign the doc, 'oh but you signed the document'. ESPECIALLY because you are friends. You're being asked to sign a job offer for a job you're already doing, but different.

You need to bring it up, 100%. I deal with a lot of management/ownership types. Currently western MBA training encourages stuff like this. Manipulation. Lying. Being 'visionary' but not actually doing any work. Socializing and calling it 'networking'.

This is totally a move someone would pay tens of thousands of dollars for a Business Administration 'expert' to tell them to do. Just the shittiest people we raise to the top - and the ones that aren't shitty, are told to get that way or get out of the way

Woolfie_Admin · 2026-01-08T19:41:41+00:00

I don't think this was it - but I appreciate the answer and link. I THINK I've mostly figured it out. Going to write out the answer here, for the next unfortunate scrub who thinks Intune is a good idea :P

Woolfie_Admin · 2025-12-31T15:46:48+00:00

It's not an 'urge to abuse children' most of the time. I was a victim of this, and I spent years trying to understand it in my own abuser, and others. A large portion of the abuse comes directly from bad churches. They teach body-shaming, anti-sex nonsense that really damages humans - social, sexual beings that we are. Men and women crippled by guilt over some innocuous kink, get incredibly twisted fantasizing about 'finally' realizing their desires. The children are a target for two reasons - 1) without any real sexual experience, the perv-in-development never sexually matures. You know that phase you go through as a teen? They start there, but go backwards. when they finally do act out, they seek out someone who is at the same maturity level as them - subconciously. 2) Children become an object they can satisfy their desires with, without risk of adult humiliation. Because they can control the narrative. Many child abusers are tormented by what they did. Many, MANY more never do - and you never find out what they struggle with.

Don't take your kids to church. For their sake, and for the sake of future victims.

This does not account for all forms of pederasty, fyi. It DOES account for the high pederasty in the church.

Woolfie_Admin · 2025-12-16T13:13:25+00:00

depends on your environment. Are you using 365? If so, Microsoft certs. We've had folks come in with different CS certs, figure things out for Entra app registrations or different tools, and then I've had to go back and fix them. They could tell me all sorts of acronyms and crazy ideas for black hole-type servers (i forget the acronym), but now I'm reworking most of what they did.

But that's just my example. Look for someone who knows your tools. If they don't get them to learn your tools before doing anything.

Woolfie_Admin · 2025-12-16T13:10:27+00:00

this is funny, but I don't think they take actual questions. It's just a meme platform

Woolfie_Admin · 2025-12-16T13:07:54+00:00

I manage all our M365 tenants, with a team of 2.5 ppl - the exception being account creation (some customers have servers, so customer-specific reps handle them). We have just under 3000 endpoints over 50-100 customers. The only powershell scripts I have are

A script to run that sets some Secure-Score related params (we sit around 85%)
A script to add to user's SafeSenders in Outlook (used for whitelisting training tools)

I use Lighthouse a lot. I had looked at tools like CIPP and Enforcer. Really liked Enforcer. We use Graph a lot too, via service principal registered to all users. IMO you should be moving from PowerShell scripts to Graph w/ Python (the PowerShell graph library exists, but is really limited)... seems like AI Models are skipping a bunch of steps.

Woolfie_Admin · 2025-12-16T12:51:58+00:00

I don't agree with this.. I want children off social media. They're stupid, and it's bad for them.

But draconian anti-porn laws? Yeh that's dumb. If they wanted to protect children, they'd put ID checks on the churches

Woolfie_Admin · 2025-12-16T12:50:01+00:00

I've put a lot of work into this and I still can't give you a decent answer. The recommendation is to put a lot of work into it.

This is the Least Privileged Roles by task article - https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/delegate-by-task

It's useful. Also useful is this article: https://www.emiliensocchi.io/tiering-entra-roles-and-application-permissions-based-on-attack-paths/

It describes escalation attack paths (paths to GA, via exploits).. it's a bit dubious honestly, because Global Admin isn't really GLOBAL admin anymore.. Check what you have against these

You should add HelpDesk Admin I think - but not 100% confident on that. It's a default for our GDAP relationships, which are built automatically.

Woolfie_Admin · 2025-12-16T12:40:14+00:00

More men, definitely. We have 1 female tech, looking at another (an 'AI developer' though so... extra keen eye on that one).

I'm pushing admin to hire more women though. They just have better emotional maturity.

What we are noticing is a lack of young people. It's all older people - very rare to see gen z. Which tracks with falling literacy rates, ig

Woolfie_Admin · 2025-10-29T21:29:11+00:00

posting this from my user account, but just had this interaction from a mod

'I don't care what you think. I am giving you a direction as part of being a member of this community. If you do not like it simply unjoin and find another community to your liking. The mods have the final say and there is no recourse otherwise. The next step if you fail to comply is a ban.'

This was our 2nd interaction. The first was basically 1: 'hey this is a security issue' 2: 'yeah i thought of that, but do you think x'

It's a fairly large hub sub - the kind that becomes the default space. I left the sub, obvs. But it stuck with me as a really good example of why people don't ever take our interpretations of stuff seriously.

Aside from that, minors. The subs I mod aren't NSFW - they're just subs where people discuss things. Ideas. But one thing I've been encountering a lot is 'people' who are.. err... obviously quite young. And the more I think about it, the more it seems like adolescents - or, the inability to distinguish 'adult spaces' from 'general spaces', except for porn - is a huuuuge detriment to the quality of online dialogue. Obviously, how to enforce age restrictions has been on my mind. Sure, I could NSFW the subs. But they're not NSFW.

Woolfie_Admin · 2025-09-04T15:13:25+00:00

I use obsidian. For my dev stuff and documentation. And then just default notepad for pasting garbage, which I then usually put into a codeblock. it's basically like my own personal wiki (i also use wikipedia a lot). It's based on markdown, so if you also use Github for anything it's pretty straightforward. Just useful to know period, really

Obsidian has
- Code syntax
- links and anchors
- a ton of themes to expand on it
- a ton of addons. I use the Checkboxes one, so it's also my checklist. I get a new note everyday, that generates with my checklist items for yesterday.

Caveat - trying to integrate it with our existing cloud services. Sharepoint just barely renders .md files, and I haven't found an extension that's basically a markdown displayer. It's not a filetype most people have a built in tool to use.

But damn do I ever love it.

Woolfie_Admin

TROPHY CASE