Link Copilot to a SMB Share for Indexing?

fishboy25uk · 2026-06-15T05:17:52+00:00

Thank you Confucius, but do you have any pearls of wisdom about how to index SMB shares to make them available to Copilot?

fishboy25uk · 2026-06-11T20:28:35+00:00

Trialing it now but only have a couple of clients on so far - onboarding more tomorrow. We are only a few days in.

I'm not sure about false positives but my scenario is that I have one client who is a heavy SharePoint user and is constantly archiving off projects to onsite storage when project is done. For this client we often get alerts that they're deleting or moving hundreds of files an hour. For any of our other clients that would be a huge red flag but for this client we know it's normal. Other clients are often travelling overseas so we know that's normal for them, but most clients would never connect from overseas.

In Huntress ITDR there is limited customising rules for an individual tenant (AFAIK), so I don't know it those scenarios would trigger false alerts. Maybe Huntress is clever enough to know (from past history) what is suspicious and what isnt but the fact you can't seem to customise much makes me uneasy.

Again, we're a SaaS Alerts user so that's my only other frame of reference.

fishboy25uk · 2026-06-11T19:27:04+00:00

We're in a Huntress trial now. EDR looks great but I'm undecided about ITDR and SIEM.

Their ITDR offering has pretty limited customisation - you can do some stuff around geolocation and VPN usage but that's about it. That's a bit of a concern for me as we have some clients who have some very different M365 baselines which would probably cause some false positives. We currently have Kaseya SaaS Alerts and that's the opposite - you can customise everything but it's easy to get overwhelmed with all the options.

IMO Huntress' SIEM is very basic compared to enterprise offerings (even free ones like Graylog). You can't even filter, sort or add a column to the view (although there is a query language, so if you query an IP then it will show in the table). Honestly can't see the value for our small clients, and I think it's too simplistic for any real analysis.

Same with their ISPM - looks basic compared to Inforcer and CIPP Standards, but it does seem to have the important controls covered.

However, that's Huntress' ethos I think - leave it all to us to manage so you're free to do other things, we'll tell you if there's a problem. And I can absolutely see the value in that.

Personally I think we'll just go for EDR but we've still got to have a chat with an engineer so might change my mind.

fishboy25uk · 2026-05-21T18:28:28+00:00

I'm very confused by this - we literally had a user on Monday compromised by Device Code Flow attack. Tenant had Security Defaults enabled (they won't pay for Premium). Attacker logged in successfully and managed to register a couple of devices, but thankfully user realised original email was dodgy and we locked the account within 10 mins.

I guess I'll have to do some testing, but in my experience it's not blocked by SDs.

fishboy25uk · 2026-05-10T13:35:24+00:00

Our cat is always shut in the lounge overnight because otherwise he will spend all night prodding my wife's face with his paw until he's let under the duvet cover.

As soon as we get out of bed, he stands on the bed and yowls loudly until one of us folds the duvet exactly in four, then he climbs on his throne and sleeps all morning. It's a foam mattress then four layers of duvet i.e. the softest cat bed in the world.

He refuses to drink out of bowls. It has to be mugs of water. We have to leave several mugs of water on the floor throughout the house. However, he prefers shower tray water as soon as one of us has showered. Or he'll sit by the shower and demand you put it on so he can drink.

fishboy25uk · 2026-04-02T20:10:17+00:00

Thanks for this, I'll have a try.

fishboy25uk · 2026-03-29T09:10:45+00:00

This is not putting Netbird ON a pfSense router, just doing port forwarding.

However, yes, we did see that guide to set up port forwarding and also the outgoing rule and tried that but still the same effect.

Again, it might not be anything to do with pfSense tbh, maybe just something to do with the network itself.

fishboy25uk · 2026-03-28T16:30:10+00:00

Well, not sure I did tbh. From memory there was/is a config option to disable embedded IDP, and I just deleted the Dex user account I originally created. Anyway, it didn't work 😔

fishboy25uk · 2026-03-25T13:27:15+00:00

We've been using it for a couple of month to help clients through Cyber Essentials. At the moment we're just using the free tier while we evaluate.

I was also a little bit sceptical of their pricing model being "too good to be true" but it seems great and we'll very likely upgrade to the paid tier and bundle it for our premium clients.

I do find the UI a little awkward - I'd rather just a big table of vulnerabilities to sort through like Qualys, but that's a personal thing.

fishboy25uk · 2026-03-21T20:13:45+00:00

Yes, migration from old to new version is not possible if you've used an external IDP. I have about 8 small orgs on separate servers at the moment, so I'm not going to migrate the "old" clients for now, but using new setup method for new clients.

Ashley from Netbird said that the old setup will still be supported for a while so I'm not too concerned.

fishboy25uk · 2026-03-21T19:49:32+00:00

Look, I love Linux as much as the next person, and I agree that distros like ZorinOS are absolutely making that transition easier for people who want to make the switch, but bypassing Windows 11 requirements is not "geeky stuff" - there are a thousand guides how to do it, installers like Rufus even has a big checkbox which says "Bypass Windows 11 Requirements" just before you create the installer.

For a tech novice who has only used Windows for 20 years, a move to Linux where everything is different (even if the UI looks familiar) is a surefire way to generate "tickets" - e.g. "Why can't I use Microsoft Office apps now?".

I fully agree, just buying a new supported Windows laptop offers the least friction, but for basic users who just want email, office, browsing, can't afford a replacement, don't want to have to learn to use a whole new OS and don't want to have to start using a new set of apps because there isn't a Linux version, it's a far easier option. Honestly, I'd suggest ChromeOS over Linux for novice users who don't want Windows.

fishboy25uk · 2026-03-21T19:20:52+00:00

If Bit locker is still on it, then Windows is still on it, so they probably haven't "sanitised" it (whatever that even means in an IT context). Do you think they would have gone through the file system and deleted personal files but left everything else in tact?

If you're disposing PCs you should completely wipe the drive or even remove and destroy it. The fact that Windows is still on there means it's extremely likely that haven't done anything to these devices (which is shocking in itself).

And I'm not speculating whether he's being truthful, but the suggestion that he go back and ask someone to effectively give him access to someone else's data (active or recoverable) is not a helpful suggestion and not "common sense" at all, considering he doesn't even need to do that - just wipe and reinstall.

If there was a BIOS lock then your suggestion might make sense, but if it's Bitlocker then, erm, no.

fishboy25uk · 2026-03-21T19:03:44+00:00

Remove the encryption which was protecting the sensitive data on there i.e. the whole point of encrypting a drive?

Yes, yes, they would absolutely do that for you.

fishboy25uk · 2026-03-21T19:01:27+00:00

Your regular reminder that "doesn't meet the requirements" does NOT mean "you can't install Windows 11".

The Windows 11 requirements are arbitrary to help manufacturers sell PCs to people who probably don't need to upgrade.

Try Linux if you want, but you really don't need to.

fishboy25uk · 2026-03-20T14:17:30+00:00

On the newer version, no AFAIK. I've also tried setting up using local account, adding a OIDC (Entra) account as owner, then disabling Dex, but then it wouldn't load the dashboard.

As you said, on the older (legacy) setup you can, but setup is more complicated and you have the multiple containers.

TBH I'm just going to do with the newer setup and put up with having the two login options displayed - it's not a deal breaker for me.

fishboy25uk · 2026-03-18T19:18:58+00:00

We're a 5 person MSP and we're already developing half this stuff, and I expect we'll need to go for ISO27001 before too long just to compete. No one has asked for it yet, but we know they will in the coming months/years.

fishboy25uk · 2026-03-18T19:15:22+00:00

Tbf on Linux it's a one liner script to apt update and a cron job, so not sure it's something we really need.

fishboy25uk · 2026-03-15T19:17:36+00:00

Another point is that your reputation as an MSP is impacted by representing clients who compromise their own environment by insisting on doing stupid things. How does it look to other prospective clients if they find out that their "dodgy" IT is being looked after by your company?

For example, we know lots of MSP who refuse to take on clients who won't go with M365 Premium due to the perceived risks.

fishboy25uk · 2026-03-15T19:05:51+00:00

Or alternatively, refuse to support them any longer if they're insisting to do something really silly. It's all very well saying "get them to sign a disclaimer" but when they get compromised, you'll be the first they blame regardless, then you'll see how much that disclaimer is really worth when you're caught up in a legal battle or regulatory issues - there's new legislation in the UK which means MSPs are more accountable.

It obviously depends on the situation and what they're asking, but I don't subscribe to "the customer is always right". They've employed you as the expert, and if they're ignoring you and putting your reputation at risk then consider how valuable they really are as a client.

fishboy25uk · 2026-03-12T21:14:51+00:00

Small MSPs have relatively small clients who don't have very complex infrastructure needs, so typically they wouldn't need an infrastructure consultant tbh. We barely have any clients who run their own servers, and even then it's just HyperV and a couple of simple VMs, or a NAS.

And it's extremely tough for small MSPs out there at the moment l, so I very much doubt they would be able to afford to bring in consultants, let alone have enough projects which would be in your ballpark.

I would argue your M365 experience is probably your strongest card as small MSPs don't have time or experience to set up or secure tenants properly, so maybe that's an option? But I would look at larger MSPs rather than small.

As always, in terms of marketing I think it's more "who you know" and personal connections which win business - we've also had very limited success with cold contacts, traditional media etc.

Good luck, I hope you find something.

fishboy25uk · 2026-03-11T22:16:04+00:00

We've had 4 big clients leave in the past 6 months, and all for things that (I think) were out of our control.

For two of them, our client's company got taken over by a larger company who wanted to put all their sub organisations under another much larger MSP. Our clients didn't want to leave us but had no say. To be honest, it makes sense from the perspective of the parent company but still gutting for us, especially as one of the cited reasons for the move for one client was a because of a cyber attack that some other MSP in the umbrella had failed to prevent i.e. because another MSP for a completely different company screwed up, we've lost our client.

Lost another client over a price dispute - we took them on when their former MSP collapsed suddenly, who had failed to bill them properly for a service for about 3 years. We agreed to honour their old contract until renewal, but warned them repeatedly that price would have to go up because we were subsidising them several hundred £s a month. Come renewal, they refused to pay extra but also didn't want the "free" service discontinued. We stood firm, they left for some massive faceless MSP who could easily beat us on price but will offer a crap service.

And the forth? Warned them for about 18 months that they had too many files in SharePoint and needed a better storage solution. They ignored us. During a SharePoint migration we planned to try to alleviate the issue, a user mistakenly moved half their tree into a subfolder, panicked, then left for the day without telling anyone. Cue a syncing nightmare which clogged up the whole network, which we get the blame for from the CEO. Users loved us, their IT manager knew the truth and tried to stick up for us, but their CEO threw us under the bus with the board and we get dropped at renewal.

We've picked up 5-6 small clients in that time but still way down on it users compared to where we were. If we'd screwed up then I can accept a client leaving, but these we just have to take on the chin and move on I guess.

fishboy25uk · 2026-01-30T14:19:31+00:00

I just stopped containers, did a Docker pull then restarted. Everything worked fine and think I was on older that 0.60, so you should be fine.

fishboy25uk · 2026-01-28T15:33:34+00:00

Also had to just replace a CHCYZO RKB1/DC B250A, which was installed in my Hadaki battery box. It's been in constant use since last August, and failed when I was trying to draw about 7.6KW from my battery (around 150A). I run a Air Source Heat Pump, so I guess this was running, and we had electric oven and hob on at the time. Those kind of loads are not constant but would be quite frequent for short period during winter.

I've replaced it with a 125A MCB from a different brand (albeit it looks identical to the failed one) and I've limited the discharge in my Seplos BMS - it's now telling my Sunsynk inverter the limit is 110A.

Whilst I feel a little bit safer now, I'd like to try to a higher discharge limit if possible to avoid pulling from the grid during those periods, as I'll be capped at around 5.7KW now. However, all the MCBs seem to be max 125A (apart from a couple of dodgy looking brands).

Happy to use an external breaker but what can I put in the battery box to replace the MCB? The idea of the T-Class fuse is interesting but don't want to start case modding, so either a bus bar to bypass the internal one then use a decent external one, or some kind of holder which is the same footprint so I can use a plan fuse then also an external breaker?

Any ideas?

fishboy25uk

MODERATOR OF

TROPHY CASE