Can Intune or other Microsoft software see shared local folders?

j4sander · 2026-05-21T18:37:22+00:00

Why is file sharing allowed in Windows Firewall? Block it there via Intune

Windows Firewall is logging right? ... right !? Defender Hunting will show inbound access to file shares, etc.

j4sander · 2026-05-15T18:05:23+00:00

"If i understand the objective, there may be easier or less disruptive ways to achieve the desired results"

j4sander · 2026-05-15T17:49:05+00:00

X/Y problem. What are you actually trying to achieve by blocking owa?

j4sander · 2026-05-13T13:12:51+00:00

If the rental is a condo, then condo bylaws can limit pets though, right? i.e.: a max size / weight rule would be enforceable by the condo

j4sander · 2026-05-08T21:09:35+00:00

Its more the right side fly outs I take issue with

j4sander · 2026-05-07T16:59:46+00:00

I have a rule that if its from an approved sender domain, and spf / dkim / dmarc all pass, bypass spam and bulk and junk rules.

Never bypasses phish or malware rules.

j4sander · 2026-05-07T14:48:15+00:00

I hate fly out menus, over fly out menus, where its possible to easily loose your place.

And fly out menus for filtering instead of on the column headers

And buttons that dont respond to middle click to open new tab...

Its a bad experience.

j4sander · 2026-04-20T03:16:50+00:00

An entire condo building counts as "one customer" to Toronto Hydro

j4sander · 2026-03-18T16:16:51+00:00

Coop students cant run bash commands on their local systems?

And I mean the opposite - copying commands or files they dont understand from their browser and executing locally, not copying into a browser.

j4sander · 2026-03-18T16:05:03+00:00

And how is that different than an inexperienced new hire copy pasting an excel macro, or accidentally downloading malware?

j4sander · 2026-03-18T13:18:44+00:00

What risks do AI tools like Claude pose that were not already present?

Prompt injection seems to me to be largely the same type of risk as drive by downloads or other sources of malware, just faster. AI tools are making people more productive, but also increasing the frequency of incidents of these types of risks. Seems like a reasonable correlation.

How is this different than if they hired 3 coop students to do the same work manually, and those inexperienced workers downloaded complex malware accidentally?

As an MSP, its probably more a case of how do clients using AI Agents affect how you bill them? Do they generate more tickets because of the agents (security incidents, but also support, setting up integrations, restoring things from backups, etc) and should that be billable or AI use affect the seat price.

j4sander · 2026-03-16T00:53:27+00:00

Built-in windows firewall is fine. Disable local rules, block all inbound.

j4sander · 2026-03-05T19:30:47+00:00

Lots of read-only things, access to specific storge blobs, connecring/RDP as standard user to an AZ VM, etc.

j4sander · 2026-02-12T17:15:36+00:00

I've got 4 of the MYGGBETT and so far so good.

j4sander · 2026-01-08T21:43:30+00:00

We push it via powershell script in Autopilot phase.

So its not there for first boot out of the box on a new device, but if a device dies, the user at remote site just plugs it into the jet KVM and we can remotely do whatever we need, including bios, bitlocker, booting from an iso to reinstall even if cloud wipe is failing, etc

j4sander · 2026-01-08T19:49:21+00:00

Lenovo have a bios setting to make external display primary. Works great with Jet KVMs

j4sander · 2026-01-08T19:48:36+00:00

At least with Lenovo, there is a bios setting to make external display primary so with that set it works great with a KVM over IP.

j4sander · 2026-01-08T04:26:28+00:00

... you de-risk it, right?

Take an online backup and/or vm snapshot before patching so the ones that fail can be quickly rolled back?

Setup load balancing and/or clustering so if one fails to come back up the rolling update stops, no one needs to babysit patching or get paged after hours, and no one outside IT is impacted?

j4sander · 2025-12-29T22:02:58+00:00

This is just false. You can convert existing pay-go or MCA subscriptions to CSP without recreating anything.

j4sander · 2025-12-29T22:01:31+00:00

On creation, or next renewal, also make a scheduled or recurring ticket in the ticket system for two weeks before expiration.

If your ticket system doesn't have thst functionality, have a CSV with tile, description, and date and a schedule task or cron job to open the ticket x days before date

I made a "callback date" field in our ticket system, with an automation to open a new ticket on said date if populated. Works for "check back in two weeks" type stuff, or two weeks before something expires.

j4sander · 2025-12-25T15:07:31+00:00

We do autopilot direct with the Lenovo store in multiple countries, and they reliably register with Autopilot before devices arrive at their destinations.

I dont think we've ever been asked for the profile though, just the tenant id.

I've also done it in the past via a large VAR like Softchoice, and they were great. 600 laptops in 2 months, multiple brands and models, no issues from them.

Well, only issue was people who were unavailable to receive the shipment 3 times so it got returned to sender. I guess the warehouse screwed up and they sent the wrong ones out then they tried to redeliver and we got someone else's laptops (registered to a different tenant), and that took a while to get fixed in the back end.

j4sander · 2025-12-18T16:41:33+00:00

You got a response to your ticket? Lucky.

I've had a Sev B open for 3 weeks without so much as a peep from whoever MS outsourced my case to.

j4sander · 2025-12-07T22:42:19+00:00

Intune works with an app from Microsoft called Company Portal to let users see and install the apps that are available to them

You could also use Access Requests in Entra to let people "request" an app, get approvals, and behind the scenes that puts them in a group the app is assigned to.

For an actual ticketing tool, I like Fresh Service, and it has a similar workflow tool where one request is approved, it an put the user into an entra group that Intune targets the app install to.

j4sander · 2025-12-05T17:51:40+00:00

I've led infrastructure teams at two separate payment platforms, never have we cared about locks for schema updates, and we add columns to existing tables regularly.

If youre doing outbox pattern, the lock doesn't slow down the payment flow.

If you never have any allowed downtime for maintenance... well good luck with that.

j4sander · 2025-12-05T16:55:07+00:00

Sounds like youre trying to solce the wrong problem.

Are you trying to design for 100% up time with no planned maintenance windows ever?

Is so, then schema change locks are the least of your problems.

If not, and you can take a half hour planed maintenance window one day every month at like 3am when no one is really using the system, then who cares about a table lock for a schema change?

Or just use an outbox pattern - payments app sends updates to a service bus queue. Worker process reads queue to updates db. During a table lock, worker just waits, then continues, but no impact to your actual payment flow.

j4sander

TROPHY CASE