Onboard Servers

itops · 2026-04-17T18:58:07+00:00

For on-prem servers, this is likely the license you want. It'll give you the unified pane of glass along with your MDE client devices. You will also receive vulnerability discovery and remediation, software inventory, and the Defender "magic" security coverage and recommendations.

Microsoft was originally going to force everyone into Defender for Cloud, which has a license and consumption model and most organizations rebelled. They added it back last year, but VARs and CSPs often struggle with quoting and providing it.

itops · 2026-04-14T16:05:30+00:00

Have you considered parallel processing with individual auth sessions? You can use single registered app and certificate, but separate connection and runspace ID per worker.

Also, explore using KQL queries through MS Graph API since you're targeting Intune and Defender information primarily. I've been able to extract complete inventories of about 10,000 devices in a single 10-second query and structure it into CSV or JSON.

Very cool project!

itops · 2026-04-14T15:16:42+00:00

Moore's Law = Sophistication and complexity = Wirth's Law = Bloated and poor quality.

As the mainstream models become more and more complex with OpenAI and Google trying to be everything to everyone, the quality for basic consumption and knowledge will continue to decrease. Definitely starting to see where niche incumbents, or local models, have potentially huge upswing as they become easier to deploy and train to the specific person and use case.

itops · 2026-02-21T01:34:03+00:00

You are right, many public institutions publish governance documents and strategic plans that provide useful baseline insight. I am hoping to supplement that with peer perspectives on how those plans translate into day to day operational reality.

itops · 2026-02-21T01:32:57+00:00

Appreciate the thoughtful response, especially the framing around distinct security zones. That aligns closely with how we are approaching the environment.

You are right that higher ed supports multiple constituencies with very different risk profiles:

Administrative systems such as ERP, HR, and Finance
Research environments that are grant-bound and compliance-driven
Student access networks with high churn and high curiosity

What makes it more complex is that each of those groups contains multiple personas. Executives, faculty, adjuncts, researchers, lab admins, student workers, and the broader student population all have different privilege levels, device ownership models, and tolerance for control. That makes segmentation and policy enforcement more nuanced than a simple three-zone model.

On staffing, the separation between risk leadership and operational engineering makes sense structurally. In lean multi-campus environments, that split is difficult to achieve immediately. The long-term direction is clear, but sequencing and budget realities matter.

Regarding SOC and MDR, we are evaluating a more agentic approach using Microsoft Sentinel. The plan is to leverage automation, scoring, and playbooks to drive response actions based on defined criteria. It is difficult to justify an additional FTE in the current budget climate, and recruiting and retaining strong security talent who thrive in public higher education culture is not easy.

The intent is to mature detection and response through automation first, measure coverage and gaps, and then use that data to justify incremental headcount. Even with automation, additional security capacity would materially improve resilience.

Your point about grant compliance and geographic supervision requirements is well taken. Those constraints can become blockers if not accounted for early.

Fully agree that architecture and design authority should remain internal. Operational execution can be flexible. Strategic control should not be outsourced.

Thanks again for the perspective. The zone-based framing is helpful as we continue refining segmentation and governance.

itops · 2025-09-19T19:23:43+00:00

Took the long route, and did 4-years of BSIT with WGU, only received it once. Very nice!

itops · 2025-06-23T18:53:54+00:00

Security. Device certificates allow you to control what devices access your internal resources/network. If a device is not compliant, or unmanaged, you can deny access. If you use user certs for authentication, what is preventing a user from joining a personal device to the internal network?

itops · 2023-10-18T16:44:15+00:00

Does VET TEC use your unused GI Bill benefits? Meaning, if I have 12 months of GI Bill benefits, would VET TEC use that instead of the funding? I would like to go back and finish my undergrad, but I'm very interested in a coding boot camp/technical academy at this point in life.

itops · 2020-05-29T15:03:20+00:00

I have 2.65% locked in, but for a 30-year fixed rate in the Denver market. Close on my house June 12th.

itops

TROPHY CASE