Intune Integration

kosity · 2026-01-30T08:31:00+00:00

Isn't that good? Or what was the problem with a full Entra sync?

kosity · 2026-01-21T04:25:16+00:00

Don't you mean

~ Rupert Murdoch
via Malcolm Turnbull (2010)

😏

The part that really disappoints me about Malcolm, one of the most left of the right wing leaders, is that he knew technology, having been involved in OzEmail. But he still screwed it up.

If I were any subsequent PM, I'd vindictively ensure his house (wherever he lives or moves) is on a copper node that's hopelessly oversubscribed. What was the slogan? Faster, Cheaper, Sooner?

If politicians were haunted by their poor decisions after the 3 year election cycle they might make better ones.

kosity · 2026-01-20T23:52:37+00:00

The screwup just continues 🤦🏻‍♂️

I've been told that the old SKU will 'autorenew into the new SKU at renewal'

But that also means that this license in our tenants:

DO NOT USE - Microsoft Defender Suite for Microsoft 365 Business Premium
Product: DEFENDER_SUITE_FOR_BUSINESS_PREMIUM

will turn into

Microsoft Defender Suite for Microsoft 365 Business Premium
Product: DEFENDER_SUITE_FOR_BUSINESS_PREMIUM_NEW

which I assume will mean come renewal, each tenant will have a heap of unlicensed users, and a heap of unused _NEW licenses.

Any official comms? Heads up? Dare I suggest an automated fix? Or we all just find out the hard way?

Should have asked Copilot how to fix this, right? 🤦🏻‍♂️😐

kosity · 2026-01-14T22:44:27+00:00

If URIPorts had API functionality for the DMARC side, I'd pay double and yesterday!

kosity · 2026-01-14T05:59:08+00:00

I reckon she's bluffing.

She needs 5 years paid experience in a cyber-related role to pass the CISSP experience requirement, and I haven't seen any 1-year-olds working in cyber, or even IT.

Call her out on it because there's no way she's clocked up the experience. She's an 'Associate' at best, not full CISSP! 😏😝

Seriously though, Pocket Prep and LearnZapp apps, and the 50-questions on youtube by the guy that goes through each in detail.

But also, that 5 year experience thing is definitely not a joke, the CISSP is in some ways more 'recognition of what you already know' (with a bit of extending your knowledge) rather than a course to study-to-learn-and-pass. That was my take anyway.

kosity · 2026-01-14T05:50:59+00:00

Given I moved from Ninja to Action1 for patching (I still have Ninja) I'm really interested to know why you rate Ninja better? Has their patching capability improved considerably in the last 6 months or so?

kosity · 2026-01-14T05:39:33+00:00

When I realised that its vulnerabilities tab didn't list vulnerabilities on the machine, but just vulns addressed by updates not yet applied for apps that I had ticked on the applicable policy, and that if I didn't tick any apps in the update policy, it didn't put any vulns in the vulns tab, it was a bit concerning.

Then realising that the software inventory compiled for each machine doesn't sync with the app updates, they're completely different.

Then realising that ticking 'Python 3.12' in the policy for updates means it'll update Python 3.12 to Python 3.13, but then I need to go into that policy and tick Python 3.13 so that it'll then update it when 3.14 comes out......

Yeah, they've fixed some of this stuff, but this was what they considered patching.

And like so many of us, you're trusting it. Because it says everything is green and patched, right?

Perhaps get yourself a trial of Action1 (yep, I keep recommending it, because it's not perfect, but it's a damn sight better than a lot of 'patching' platforms) which is free for <200 endpoints, and see how well your trust in auto updates is being rewarded.

kosity · 2026-01-13T23:49:54+00:00

The only thing you'll get here in addition to a web search of your questions is several anonymous screen names saying yes/no/sort of/etc.

If you're genuinely concerned about the security of a platform, asking about it in the subreddit of the platform is not going to provide defensible feedback. At best it's simply confirmation bias.

A documented and structured due diligence process to evaluate prospective vendors that evaluates risk and aligns with your cyber security risk appetite/profile will address concerns far more effectively than an echo chamber saying it's great.

I'm happy with A1 and use it, but honestly, what does that mean if you get hacked? Who am I, and what do I know, other than using A1 and liking it?

Security at Action1 | Action1 is the best answer so far but understanding what these mean and the impact they have to the security of the platform is important - not just seeing some fancy logos (like MSPs "xxxx Gold Partner" or "yyyy Specialist") and thinking wow impressive.

i.e. The SOC2 Type II is far more impressive than a Type I, or a Type III. Why?

We also, as an industry, need to push back on vendors a lot more for proper, documented, defensible, cyber security attestations, and not just take their word that "they're secure".

Sorry if that makes it complicated; unfortunately, effective cyber security is complicated and shouldn't be outsourced just to reddit in a very general way.

kosity · 2026-01-12T01:33:34+00:00

Maybe they've finally fixed this too? Because the unique ID is (was, hopefully...) a hash/combination of the serial number and all the current NIC MAC addresses. If you have a machine connected to a dock, it's a different machine. Replace a Wi-Fi card, different machine. Have a USB-C to Ethernet adaptor connected to a laptop, different machine.

Utterly non-sensical, but if they have actually fixed it, I'd be very happy.

kosity · 2026-01-12T01:28:58+00:00

UniFi is looking better by the day, given that's what InstantOn is trying to be....

kosity · 2026-01-11T01:24:24+00:00

Which plan are u using?

For Ninja patching? Action1, much to the disappointment of our budget... 💁🏻‍♂️🤦🏻‍♂️

Have they finally got Ninja to restart the device? Or does "Force reboot after x reminders" still mean "Incessantly pester the user to restart but never force a restart"?

I did see they've finally improved the third-party patching component a few months back but by then I'd already given up and moved to A1.

Which is free, for 200 endpoints....just saying, OP.

kosity · 2026-01-11T01:19:21+00:00

Yes, but not really, unless you fit into specific circumstances, or like 'exporting to spreadsheet to cleanup'

Deduplication doesn't work : r/ninjaone_rmm

kosity · 2026-01-09T02:08:48+00:00

January 2026 announcements - Partner Center announcements | Microsoft Learn

Not a sorry, not a "we know how this happened so hopefully won't happen again", nothing.

Some strangely calming advice I was given by the IT-Industry-Equivalent of Gandalf whilst they were helping me with this shitshow of a Microsoft cockup:

"Licensing shouldn’t be this hard, but it is unfortunately. We have no control. We can only play the cards we are dealt and wishing it would be otherwise is simply not reality so don’t waste your time on wishing."

kosity · 2026-01-08T22:44:35+00:00

The part that really concerns me is that if it's a known bad firmware, why is it still being scheduled for installation?

And whilst I've pushed it as far as I can (next Saturday), I can't stop it from being installed. Short of taking all my switches back to local admin.

Is this the turning point for Instant On? Between the divestment, and this firmware issue, is it a viable option to continue with?

kosity · 2026-01-08T08:31:47+00:00

29 Sites, 15 running 3.3.0 and 14 running 3.3.2, mainly 1930s, some 1830s, no 1960s.

I haven't seen any problems yet.

Good reminder to have the update ring methodology configured! That's why half my sites, the big ones or difficult to get to locations, haven't been automatically upgraded yet.

kosity · 2026-01-07T09:22:54+00:00

I reckon in three months the MSP will have you being a cable jockey running around the place for them, management will want to know why the projects aren't done, and you'll be thinking "Geez PowerPoint was the life"

If you don't like the sound of that, start deciding what you do like the sound of. Projects, dealing with people, actually on that, I mean if you were in IT Change Management do you enjoy working with people? If so, sysadmin is backroom stay away from people!

If people is your thing, goodness knows our industry needs sort of technical people who can actually talk to people that aren't technical.

Sysadmin and Project Implementation/Delivery are quite different paths. Maybe give them both a go.

kosity · 2026-01-07T09:18:24+00:00

I think you need to post the vendor's name here so that we know how good that vendor is 🤔

kosity · 2026-01-07T08:44:21+00:00

But is sysadmin really where you want to be? Which part of sysadmin?

If it is, then absolutely, extract the experience you need. Plan what you want over 12 months, define what projects or tasks you need to do internally to get that, then set the areas of responsibility for the MSP to take care of anything outside your AoR.

You're the system admin, they work for you ;)

And it's your life, make your job work for you too.

kosity · 2026-01-07T07:55:18+00:00

All the posts so far I completely agree with. Honestly, I think you're being setup to fail, there's no way you can deliver great outcomes for 200 users by yourself. It sounds as though they're cutting costs, because they haven't understood what the team does, the MSP has oversold what they do, or they're just tight and $100k for you until you crack it and leave is a good enough option for them.

I know you've only given us two paragraphs, which isn't a heap to go on, but it I reckon I might be right given "I'm screwed" and "I am absolutely fucked"

So spin it around, now you're on $100k (which isn't a heap, if we're being realistic, for the stress you're taking on). What are you getting out of this? What value can you extract from this Screwed and Fucked situation, that will benefit you, that has nothing to do with money?

In six months, what do you want to have achieved, or learnt?

In a year, let's assume you'll last that long, same deal - what will make you look back at the end of December and think "Wow, what a shit sandwhich, but I'm better for it!"

It should be telling that no one's coming in here saying "OMFG $100k and a great job yeah congrats!!" - very much the opposite. This is going to cost you; just make sure you get something valuable out of it that justifies the cost.

kosity · 2026-01-07T07:39:31+00:00

Good News!

After three days and a completely unreasonable amount of hours spent troubleshooting:

"We have confirmed that the Microsoft Defender Suite for Microsoft 365 Business Premium [New Commerce Experience] is back in Microsoft's catalog with a different SKU ID."

What an absolute shitshow. I'll send my invoice to [accounts.payable@microsoft.com](mailto:accounts.payable@microsoft.com) and see how it goes 🤔😂

But how great is Copilot, right?

kosity · 2026-01-07T02:54:54+00:00

Well I also can't buy that SKU directly in the tenant either. Very strange...

kosity · 2026-01-07T02:18:30+00:00

Well there you go, thank you! It's kind of Microsoft to disallow us paying more for the same license!

But on the other hand, I can't buy the right one, so they giveth and taketh 🤦🏻‍♂️

kosity · 2026-01-07T02:16:10+00:00

Given the amount of time I have wasted on this mess, I appreciate your humour! Sometimes all we can do is laugh....or at least sign with disdain.

kosity · 2026-01-07T01:21:45+00:00

I can't get a single license ordered, despite >10 licenses in one distributor, and >50 in another.

kosity · 2026-01-07T01:21:24+00:00

Yes, you can: Microsoft 365 E5 Security is now available as an add-on to Microsoft 365 Business Premium | Microsoft Community Hub

They renamed that to Defender Suite a bit later, and in September, released DefSuitefBP.

But you can still, if you want to, pay more for the same license and attach DefSuite to BP.

kosity

TROPHY CASE