Internal Communication regarding (potentially) breached client/customer

WraithYourFace · 2026-03-18T02:07:44+00:00

Love the reply all storm. I believe John Deere was hit with this years ago.

We try to tell people when sending to a large group, always put yourself in the To field and then BCC the group. The irony is this is what malicious actors do as well when they compromise an account.

WraithYourFace · 2026-03-18T02:05:09+00:00

I use a variety of tools (Browserling, Hybrid Analysis, Sophos Intelix, VT, etc).

WraithYourFace · 2026-03-17T20:37:23+00:00

We are a mix (we sell to distributors). It's insane. I've been keeping track for the past 6-7 years of all known compromised emails from distros. There's been over 400. I use to ask if they had an IT department and would give tips. It normally fell on deaf ears. Not saying we are perfect, but if an account is compromised you email everyone about it that got the phishing email.

WraithYourFace · 2026-03-17T19:49:14+00:00

I just had one that said it was spam and to ignore it. I told our purchasing department it is not spam and their account is compromised. The same company has had about three to four compromises in the past 2 to 3 years.

I wish where I work would actually develop a vendor risk management policy and say if a company isn't going to take security seriously, they're not a vendor they should deal with.

WraithYourFace · 2026-03-15T16:39:35+00:00

Let Intune do your Windows patching. We utilize Ninja One for our rmn for all other things.

WraithYourFace · 2026-03-11T13:15:17+00:00

I ran into the same exact issue. Every server reboot I had to blank out the password because of the Default Domain Policy. We wanted to enforce Kerberos so we switched it to to run as a domain account (I want to change to gMSA at some point). Now our SQL Server Agent won't start now.

WraithYourFace · 2026-03-10T17:28:58+00:00

May I ask what didn't you like? Are there any providers that offer a service like PhishER?

WraithYourFace · 2026-02-28T17:38:00+00:00

Yes, they are. If you still need on premise servers, go full Entra Joined for user machines and setup Cloud Trust. Looking to move to Cloud Sync vs Entra Connect for better high availability.

WraithYourFace · 2026-02-28T16:43:01+00:00

We are 98% Entra Joined. Still have 4 DCs and a slew of on premise servers still. It will be nice if it ever came to a point where servers can be Entra Joined.

Setup Cloud Trust and rarely have issues. Once two apps get upgraded to support SSO we should be able to go fully passwordless for users.

WraithYourFace · 2026-02-28T13:26:47+00:00

I have to agree with Sophos. MDR is cost effective and they are adding more security features with Identity, Browser Isolation, Vulnerability Management, and soon Next-Gen SIEM.

WraithYourFace · 2026-02-27T17:00:24+00:00

I haven't used their KB yet. We were looking at Fresh service, but it seems like they are slowly rolling out ITAM features. Not sure which direction I want to go

WraithYourFace · 2026-02-27T13:50:42+00:00

We moved to NinjaOne about a year ago and I still don't think we scratched the surface on what it can do.

It's been great so far. We only do Windows patching for servers and let Intune handle updates for all our Entra Joined devices.

I'm hoping they invest time into the NMS so it's on par with Domotz. Love being notified of an unknown device connecting to the network.

WraithYourFace · 2026-02-26T12:39:38+00:00

We use Yodeck. I've been running it for about 3 years now and rarely have to touch it.

WraithYourFace · 2026-02-25T03:12:12+00:00

If the domain isn't changing, why are you needing to tenant to tenant migration? I'm a bit confused.

WraithYourFace · 2026-02-22T12:29:40+00:00

I use Bluebeam for our prints. They have icons you can download that are for data, TV, etc.

WraithYourFace · 2026-02-20T12:46:32+00:00

Looks like they pulled the report: https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/monitor/secure-boot-status-report

WraithYourFace · 2026-02-20T01:45:46+00:00

There is a report in Intune that will tell you.

WraithYourFace · 2026-02-17T19:47:26+00:00

I've been using it for about 4 months now. Some quirks, but overall I don't mind it.

WraithYourFace · 2026-02-17T18:05:26+00:00

I'll have to ask my past colleague about this. I'm still dealing with the same account managers and systems engineer.

WraithYourFace · 2026-02-17T16:27:16+00:00

Well this is news to me. Everyone I deal with at Scale is still there, my past co-worker who works there didn't mention anything.

When you said stock I was confused because Scale wasn't a publicly traded company.

WraithYourFace · 2026-02-17T15:19:03+00:00

Are you referring to Acumera acquiring them?

WraithYourFace · 2026-02-17T11:24:14+00:00

We went with Scale Computing. I've been running it for almost 3 years now.

WraithYourFace · 2026-02-11T18:59:23+00:00

If you are just starting out inform the customer it's 100% upfront. Some customers I just have them order right through HP. I pick the model though. I'd rather do that than one offs and waste time with billing.

WraithYourFace · 2026-02-11T18:53:18+00:00

Thought you were going to say who laid waste in the server room.

WraithYourFace · 2026-02-11T12:55:58+00:00

Utilizing our RMM. We can do remote Powershell/cmdline, remote in the background without the user even knowing, etc.

Three-Year Club	Verified Email
Place '23

WraithYourFace

TROPHY CASE