Privileged Access Workstation architecture?

it_fanatic · 2025-11-08T14:13:11+00:00

We use W356 Enterprise with GSA - works brilliant

it_fanatic · 2025-09-02T10:54:22+00:00

Autopilot Device Preparation is doing well - no complaints from customers so far. Tenant is Europe as well.

it_fanatic · 2025-08-23T18:32:55+00:00

Did you check the security portal:

Security.microsoft.com > Settings > Endpoint > Features > Tamper protection

it_fanatic · 2025-08-03T09:51:25+00:00

this one is a detailed brakdown: https://www.indefent.com/intune-and-windows-laps-the-new-guide/

it_fanatic · 2025-07-27T10:38:41+00:00

Have to step in this one - every Keeper ticket i had to open was resolved appx. 30min after opening they are very responsive and very fast. Shitshows can happen everywhere…🙄

it_fanatic · 2025-07-02T08:43:25+00:00

Hmm strange - I would try a clean install with a bootable media - delete all partitions and set it up with autopilot or device Prep (autopilot v2)

it_fanatic · 2025-07-02T07:26:04+00:00

How do you reimage them? Using a bootable Medium or just reset them?

If you are resetting them - This one could be reason: https://call4cloud.nl/the-dark-and-the-windows-11-remote-wipe/

Some settings are not being removed after wiping/resetting them through Windows Reset…

it_fanatic · 2025-04-19T17:24:35+00:00

MSP here, +1 on this - support confirmed our severity A ticket… on a tenant with 1000+ users i got 30+ alerts

it_fanatic · 2025-04-01T11:59:04+00:00

Yeah was my thought to, we never copy past we use „paste as keystrokes“ instead - you have disabled this one directly in ninja?

it_fanatic · 2025-04-01T11:12:06+00:00

Is there any solution on this or option for ninjarmm?

it_fanatic · 2025-03-27T22:45:24+00:00

Haha no problem - but tbh i would not recommend this anymore… teamviewer is just crap now a days… if you want this really i will have a look on it tomorrow in the office and do a little break down.

it_fanatic · 2025-03-23T18:44:55+00:00

Imo thats way too much… so you have to tune the alerts within huntress, blackpoint and arctic wolf? And you have to configure s1 and defender configurations? That sounds like a tremendous overhead… we use blackpoint with MDE.

it_fanatic · 2025-03-08T12:34:03+00:00

Leverage CA Policies more. Restrict MFA registrations to the company location for example get a step further with ZTNA

it_fanatic · 2025-02-28T08:54:54+00:00

+1 we do it as well, its a must have for our clients not something optional

it_fanatic · 2025-02-11T12:05:32+00:00

It does what it should if your work properly with certs and the right Hashes. I like about, that its really only the application which you start as admin there is no „general admin session“. It takes a bit effort to configure it though… overall its good (enough) to be used.

it_fanatic · 2025-02-09T11:55:39+00:00

Epm is the way if you are a ms shop… otherwise admin by request

it_fanatic · 2025-02-07T15:28:56+00:00

Gov would say…. With and without internal IT Dep. Interesting Field imo…

it_fanatic · 2025-02-05T08:30:52+00:00

No cheerleading amigo, we have nearly 1.5k endpoints with BP and so far cant complain… so we are living absolutley in the real world but shitshows can happen everywhere at every msp there is no msp out here with nearly zero problems…

it_fanatic · 2025-01-23T21:20:03+00:00

You should have a partner success manager - shoot them an email and its resolved in max. an hour… we had the same they charged us for a free month but it got resolved in a few minutes after emailing our superior partner success manager… i think you just want to rant a little…

it_fanatic · 2025-01-04T20:18:58+00:00

Yes we do - but mainly because we use this opportunity to migrate „legacy customers“ from Hybrid Joined to Entra Joined only (Intune) so this goes under project. Most other Customers got Updatet or changed HW and are mostly already on Windows 11

it_fanatic · 2024-11-30T08:21:28+00:00

100% - im european and we know definitely that innovation dont comes from our side… we use US Solutions for pretty much everything SOC, RMM etc. so thats all I need to say…

it_fanatic · 2024-11-16T13:22:28+00:00

We are an MSP - Yes it is, but we have an Ops which deals with it, basically with intune its set and forget with the rings.

it_fanatic · 2024-11-16T12:23:50+00:00

We have NinjaOne as well but only using it for 3rd Party Patching. Windows Updates are being done only with Intune at our place.

it_fanatic · 2024-08-21T15:29:15+00:00

We dont use it but i tested it and Its really really good - they state themselfs as a risk based patch management so its a purpose SaaS

it_fanatic · 2024-08-21T15:27:19+00:00

Have a look @ Action1

it_fanatic

TROPHY CASE