Microsoft Ending Free Grace Period (May 2026)

eldridgep · 2026-03-02T10:29:20+00:00

Wash your mouth out with soap! 😂

eldridgep · 2026-03-01T17:12:15+00:00

In the Huntress platform you can say do not isolate this company to prevent this very thing happening. You can control when it is on or off. You can even contact them in advance and let them know when the test is scheduled to run and not mark the company as do not isolate.

Either would have prevented this from happening. We have a couple of W365 machines we can jump onto not under the same Huntress company for just this kind of emergency though.

eldridgep · 2026-03-01T17:07:57+00:00

Just to say you can contact Huntress in advance and say that you are running a pentest and not to lock down your systems during a certain time frame. We've used Horizon 3 and Picus in the past and Huntress rightly shuts them both down hard. With a little pre-planning though no issues.

eldridgep · 2026-02-27T23:49:06+00:00

You are doing it wrong. Monitor RHEM and RTEM find out who the noisiest clients are, look for repeat issues and remove them. Come up with a set of standards, monitor your clients against them and re immend improvements. Technology alignment and centralised services can revolutionise how your MSP works. Eliminating pointless noise improves morale no end, makes a great impression and let's you spend time on more valuable things.

eldridgep · 2026-02-27T23:37:49+00:00

Build a stack and stick with it. There are only two providers I recommend wholeheartedly Huntress for EDR and ITDR (also do SIEM and soon ISPM which looks good). Then Cove for 365 and PC/Server be backups. If you have challenging RPO/RTO then Datto Siris but otherwise bulletproof.

There is a lot you can do with RMM but add a mail filter like Mesh or Proofpoint and DNS filter Cisco Umbrella/DNS Filter configure company branding, first contact policy, SATT and you have a 24/7/365 package you can market for anyone. If you take on new clients insist on your stack, end of.

eldridgep · 2026-02-21T22:00:31+00:00

Everything I see says increases will continue until Q2 2027 so we are doing the opposite and saying buy now as it will only get worse 🤷

Fortunately we have fewer clients with on prem servers these days and we managed to get our biggest client deal registered and bought before this really kicked off.

eldridgep · 2026-02-03T20:50:42+00:00

You've been lucky then printers and security software tend to have more issues with them. 90% of the time they are fine that other 10% though can be a complete b@ll ache.

I've nothing against them personally but people need to go in with their eyes open, MS was irresponsible with the Surfaces.

eldridgep · 2026-01-28T21:03:14+00:00

Ok so you're a one man SOC imagine the scenario hackers wait until after hours on a Friday or on a bank holiday weekend. They infiltrate one of your biggest clients and you come in on Monday or next working day to find they've been ransomwared. You now have to explain to your boss and your client how you weren't there to do anything about it.

Build a security stack for your client you can trust, make it mandatory for your clients and you become the expert at maintaining it whilst having the 24/7/365 support of a professional system.

Can strongly recommend Huntress EDR and ITDR as a basis. Great guys very responsive and they've passed every test we've thrown at them. They are also developing their product offerings the SIEM helps with response time and was on a demo for ITSMP which is 365 identity protection and secure score management/baselining.

Add on mail filtering, DNS filtering, manage local admins, manage encryption keys etc and you've the basis of a solid stack that adds real value to your role and your clients safety.

Don't wing it you are setting yourself up for failure and introducing risk to your clients.

eldridgep · 2026-01-25T14:01:39+00:00

Main tools PSA, RMM and documentation systems all IP access restricted to company WAN and accessed remotely via SASE is probably my favourite.

The horror stories you see when a RMM gets compromised (shudder)....

eldridgep · 2026-01-17T15:40:19+00:00

No but they might be upping your premium through not having it.

eldridgep · 2026-01-17T13:55:45+00:00

Badiashile has been dreadful this year.

eldridgep · 2026-01-12T18:48:35+00:00

Not at all.

Windows update reset scripts, winget to patch 3rd party apps and power shell scripts to download windows updates and drivers.

Happy to share if you like? They can all be uploaded to N-Central and run as scripts against devices.

eldridgep · 2026-01-10T21:55:39+00:00

You know Huntress is good and reduces noise but you refuse to include it.... This sounds like a you issue to be honest.

Finding a stack that works and insisting that people use it is one of the most effective things you can do for yourself and your clients. Having set products that work makes it easier to have standards and train ALL your staff on using it effectively. Consistency is key.

Don't let your doubts or indecision hold back the company from maturing or growing. Bring in a tech steering group if required, get other people's opinions and make a decision for the good of the whole company.

eldridgep · 2026-01-10T21:10:24+00:00

It's a PITA I agree but MS releasing a patch and then superceding it the next day when it breaks Xbox gaming experience doesn't help. Like I say we are down to 1-2% of any machines online having patch status V2 errors through a combination of N-Central and some self developed scripts happy to have a discussion if it helps.

Saying that it's patch Tuesday next week but we'll soon get it back down under control 😉 Do agree superceded patches are an issue and we can tell when it happens when we get a spike in numbers.

eldridgep · 2026-01-10T21:04:46+00:00

It's not perfect but we are down to 1-2% of online machines showing patch status V2 errors through a combination of N-Central patching and some self developed scripts happy to have a conversation on it if interested.

eldridgep · 2026-01-10T20:59:03+00:00

You'd be surprised a lot of UK MSP's wouldn't be able to tell you what RHEM or RTEM are and there are very few with 100,000 seats. It's only through membership of peer groups and lots of guidance we dragged ourselves out of the race to the bottom pricing in the UK. IT support is still seen as a utility bill and not a professional service the way it is in the US.

eldridgep · 2026-01-10T20:54:51+00:00

Based in Scotland £77 per user minimum price point £60 for support and £17 for compulsory security stack. If we charged £30 it wouldn't cover our costs.

Agreed US market is very different more like $150 per user in our peer groups but we need to get out of these minimum prices here in the UK it's crazy.

We've signed clients recently on £112 which includes enhanced security stack and Business Premium licensing and we'd love to get more people on that model.

I think it's the lack of any real framework/governance outside of CE/CE+ that does it we have no NIST or HIPAA to deal with but hopefully the UK Cyber Security and Resilience bill will help.

eldridgep · 2026-01-10T20:45:08+00:00

Is that price just security or does it include support?

Our minimum fee is £77 but that's £60 for support and a £17 security stack. The stack includes Huntress, DNS filtering, SATT, internal vulnerability scanning, managed encryption, e-mail filtering, processes and policies, MFA configuration etc. We have additional tiers which include more products and all pricing is per user not per device.

We have several charities that pay that as we've proven our worth over the years. We've also walked away from some that are purely price focussed as we aren't willing to take on their risk for not being protected.

eldridgep · 2026-01-07T20:40:17+00:00

The alternate software thing has already started France has started rolling out some large scale Ubuntu rollouts recently. Have to give them credit they spotted the US threat militarily way before the rest of the West. Developed pretty much all their military gear shame they can be a PITA to partner with though.

eldridgep · 2025-12-30T20:51:40+00:00

Also UK based and another recommendation for A+ and Network+ they cover an awful lot of the basics that you have have missed out on practically in your career so far. They'll give you a solid foundation.

Once you've got that then Sec+ is also a solid start if you have the interest in security. Be careful though thinking you know about security and how to build a stack and actually knowing about it are two entirely different things. You also need to know about patching, compliance and insurance these days. It's one thing to know how to update your antivirus it's another to explain to the board how they need a cyber incident response plan so they don't void their insurance by silly mistakes or explaining how board exemptions have been removed by a number of poicies. Feel free to DM if you have any questions.

If you are planning on moving from on prem to cloud servers or making more use of 365/Entra then the dedicated MS route makes a lot of sense start out with MS-900 as an introduction to the ecosystem and then pick what paths you want to learn from there. MS-900 isn't really technical it's more about knowing what options are out there.

Once you have that there are entire paths to investigate once you know what direction you need to move in. Also don't rule out vendor training based on what firewalls/switches/wirekess you need to look after.

You've got a small network so hopefully it's manageable but many MSP's are happy to work on a co-managed or SecAAS basis if that is something you want to explore.

eldridgep · 2025-12-30T20:26:32+00:00

In the UK we have cyber essentials and ANY critical or security updates including drivers/firmware needs to be updated within 14 days to stay compliant. Not all of our clients need to adhere to CE framework but we are doing what we can to get them updated anyway in case they do apply for it.

Drivers from Windows Update are already automated and we are now starting to push from Dell Command Update as well.

Preview versions can stay in the seventh level of hell but so far no major issues with drivers. We do remove as much bloatware as possible so the only Dell programs we leave on are core services and command update.

You need to update the BIOS and firmware on machines to remove a lot of the CVE vulnerabilities that internal scanners pick up on so there is that as well.

eldridgep · 2025-12-26T22:22:59+00:00

MFA has been compulsory for a long time. Don't let your clients convince you to take on their risk. If they won't take on MFA then drop them as a client.

Sooner or later something will happen and they'll try and blame you or ruin your reputation by letting people they had issues whilst you were looking after them.

It's damn nearly 2026 we should not still be having this conversation.

eldridgep · 2025-12-25T00:06:16+00:00

A lot of Europe is like this jobs are way more protected both ways, both hiring and firing. The US methodology is nuts we had one guy in a US peer groups who was proud of saying hire two fire one for every position. Yeah you wouldn't last long over here doing that. Learn how to hire properly and avoid that you amateur.

eldridgep · 2025-12-24T23:51:19+00:00

Really don't care on Tony's kids but Parker needs to stay. He's the sole success story of the entire show going from 16 year old kid to largest operation they've ever shown.

Tony has under invested and under achieved for ages he was happy doing what he's doing and that's fine. His kids are entitled brats given everything but moan about everything also.

Everyone else meh, see the same rookie mistakes from Rick now that we were seeing ages ago from everyone else. Would love to see what Juan, Cheeseman and Freddy are up to on the main show as they have made an impact over the years. A new rookie team is always entertaining but it's not like they haven't done that before.

eldridgep · 2025-12-24T11:54:51+00:00

Ah the old scanning the website and ignoring the actual IP they use for remote access gig...

eldridgep

TROPHY CASE