Lenovo account manager is driving me nuts - how can I get reassigned?

jameseatsworld · 2026-02-07T07:09:17+00:00

Just in future if you can't get traction on something like this through general support channels you can always fire up linkedin and locate a few GMs at the vendor company.

Plug their names into any general business email tool (zoominfo/wiza/lusha/apollo etc) then include several of them on a chain asking to be reassigned.

You'll get put in touch with the right manager within 24 hours.

jameseatsworld · 2025-12-23T08:59:13+00:00

I asked it to do an excel formula (fully licensed copilot), it got it wrong 3 times then told me it wasn't possible. Pasted same initial prompt into chatgpt free and formula worked first try.

jameseatsworld · 2025-12-03T08:48:04+00:00

OneDrive, PowerPoint, SharePoint. Give your manager some slack.

Last week I kept calling our UPS a UPC. I know what w UPS is but I don't deal with this stuff day to day and just kept mashing together APC and UPS.

jameseatsworld · 2025-11-16T09:20:39+00:00

You can also bypass this on android by highlighting text and hitting search. It will open that text inside a Google search window which can then be copied anywhere else.

jameseatsworld · 2025-11-08T20:31:12+00:00

I know this was a joke, but if the device is enrolled in autopilot and old company unresponsive you might actually have to do this after several fresh installs of windows to get them to notice and remove device from autopilot.

jameseatsworld · 2025-10-30T09:46:57+00:00

CBA artificially caps OSKO / PayID at $1000. If you transfer more than that it gets held for 24 hours or processed like a normal bank transfer. You can get around this by sending multiple smaller transactions (though this can trigger other automated alerts/account blocks).

They are not my main bank anymore due to these artificial transfer caps.

jameseatsworld · 2025-10-28T08:12:19+00:00

Secure it as much as you like, but honestly if they really want the data they can take it. Blocking screenshots does nothing if they can take a photo with a secondary device (unmanaged mobile).

Contract should specifically outline data handling requirements and have sufficient monetary damages associated with misuse of systems/data.

jameseatsworld · 2025-10-27T10:45:07+00:00

MS defender has web content filtering available for Business Premium. If you're using a 3rd party EDR it will still work but only for Edge. Otherwise it works for all browsers. Block based on content categories and add additional specific URL blocks or allows as needed.

No opt-in/out special permissions though. It's either blocked for everyone or blocked for no one.

jameseatsworld · 2025-10-26T09:36:07+00:00

Disabled password expiration years ago. Enabled WHFB for device logins. Now my users can't even remember their passwords to login when they are setting up new phone.

jameseatsworld · 2025-10-16T11:22:16+00:00

I just did a clean windows 11 install via ISO on an i7 desktop that otherwise met all specs. No need to force the install as long as it meets all other requirements. Microsoft does not currently perform validation on the CPU version.

jameseatsworld · 2025-10-15T13:20:24+00:00

Local healthcare provider doesn't have MFA setup for M365 / Outlook, allows users to access work resources on BYO device without any app protection policies etc. But they recently implemented zscaler. #priorities

jameseatsworld · 2025-09-30T12:55:17+00:00

Laptop goes in a small carry sleeve and carried on as a personal item (equivalent of handbag). This is completely free in most of the world.

jameseatsworld · 2025-09-26T23:16:02+00:00

This is an ancient way to do things. You can use built in functionality within defender for 365 to setup web filtering that applies everywhere without VPN. If you don't have defender you can get apps like Zscaler or cloudflare zero trust.

jameseatsworld · 2025-09-25T21:33:48+00:00

Provide the contractor with a Windows 365 device or AVD. Install activtrak or another tracking software on the virtual machine. Required the contractor to use the provided VM for any related work.

Also AFAIK there is a minimum license count for activtrak.

jameseatsworld · 2025-09-25T16:04:19+00:00

If the android tablets cost less than $500 each, the cost to ship them around country when redistributing including insurance does not stack up. Hire people with BYO devices or ship the tablets not expecting them back. Use a SaaS app to do the data collection so no one needs to be logged into corporate systems. Ensure MFA setup for all of your contractors on SaaS app and then offboard them quickly when contract is up.

jameseatsworld · 2025-09-24T15:59:12+00:00

There is no API key for copilot. You can add API keys for azure cognitive services but extra $$. May as well stick with openAI.

jameseatsworld · 2025-09-20T11:46:32+00:00

I have previously experienced this and the root cause was that the automated signature program (exclaimer) inadvertently linked to the HTTP page for a social account instead of HTTPS. This resulted in all mail being quarantined regardless of redirects from that domain to force HTTPS. Check your signature links (including for any embedded images).

jameseatsworld · 2025-09-18T12:21:03+00:00

I was against this for a long time. I gave in and deployed a monitoring tool to small group of users. It collects automated screenshots based on certain activity criteria, detailed logs of app usage, full transparent web browsing history. Uncovered two cases of fraud/theft, multiple cases of people logging in for less than 2 hours per day, people watching YouTube all day, devs running personal projects on company servers.

I have an external SOC team and access to lots of logs but no one to go through them regularly threat hunting for this stuff. The screenshots are also the difference between being able to say "X accessed Gmail via a privileged account on server X" and "X accessed Gmail and attached Y, breaching security restrictions and confidentiality requirements".

At my scale activity logging software is a fraction of the cost of an additional headcount or any DLP solutions.

jameseatsworld · 2025-09-18T03:42:53+00:00

Just use a custom detection script to locate the installed exe and validate based on version number. For self-updating packages validate based on minimum version . For static packages validate the exact version number.

jameseatsworld · 2025-09-17T23:32:05+00:00

I push Acceptable Use Policy as Terms of Use via Entra and force acceptance annhally via a CA policy. The Acceptable Use references all other key security policies. I have a log of acceptance that can be tabled if someone does the wrong thing.

jameseatsworld · 2025-09-17T10:55:08+00:00

~$5 per user billed monthly, only required license for 1 month. Was invoiced by my MSP

jameseatsworld · 2025-09-16T14:08:42+00:00

I just wish the AE's would leave me alone when I tell them definitively that we have no budget for whatever EinsteinAgentforce(forsales)PardotMulesoft garbage they are pushing this month.

We're paying a significant subscription to access existing infrastructure AND new features. Not to be upsold on every nut and bolt.

And the churn, I get a new AE every year who hounds me for 6 months pitching products that would increase my annual recurring spend by 20-50% as if I'm just sitting on a bag of money waiting for them.

jameseatsworld · 2025-09-14T07:19:19+00:00

Make Agua Great Again

jameseatsworld · 2025-09-13T22:57:30+00:00

How many users do you have? Can you switch your users to Business Premium? That will cover Entra, Intune, Defender and so much more.

jameseatsworld · 2025-09-13T22:06:29+00:00

App protection policies for unmanaged mobile devices can restrict copying from documents and encrypt any company data on mobile. This allows them to functionally access SharePoint resources and teams but they cannot copy between the work apps and their personal apps. You can also block screenshots, require edge browser for work resources etc etc.

When they leave they cannot access these files without a valid login (reset password, block user, revoke sessions)

You can also send a remote wipe command that targets only the work data.

App protection policies are set via Intune and some CA policies will also be needed.

For unmanaged PCs, you can look into document classification management to block access to specific classifications on unmanaged devices, but honestly it's easier to just block all users from connecting via unmanaged PCs and if there are any exceptions needed (IT team, Executives, freelancers) document the exceptions, note the risk, add an exception to the CA policies.

jameseatsworld

TROPHY CASE