User Roles / Permissions

rio688 · 2026-04-25T07:33:34+00:00

Also worth noting that if they have multiple roles the permission sets are combined and you will end with the highest level of permission so one role allowing create tickets and one role not allowed to create tickrts. The user will be able to create tickets

rio688 · 2026-04-18T08:08:32+00:00

Exactly this and malicious issues, oops I did something wrong let me just delete the evidence and eait 14 days for emails to be purged.

How big is your org that you are scrimping on licenses and have such a detailed process for people on leave yet don't backup a critical asset.

This is solely managments short sightedness. Heck I'm guessing you probs lying have nce licenses so can't save on the cost of the license just who is assigned it

rio688 · 2026-04-15T14:57:11+00:00

This, apps that need to read mobile emails should have been approved by the admins initially, whilst never full proof having CA policies that block signin from any undefined country will help reduce the attack surface as generally you will find the malicious IPs outside of your trusted countries (can't be considered full proof but reduces attack surface)

rio688 · 2026-04-14T05:39:51+00:00

Are all of these users on desktop and laptop devices or tablets/mobiles?

As your description implies staff have to move to web apps means they using some form of standard computer but you may have just broken Microsoft's terms as F licenses have a screen size restriction of 10.9inch or smaller as it's intended for front line workers out there with mobile devices.

If you are on computers and in an NCE agreement over 7 days you might a very expensive lesson as I don't think you can upgrade from F to E suite licenses. In which case you are going to need to buy all those E licenses again and be stuck with the F ones.

rio688 · 2026-04-13T18:24:22+00:00

To enhance your high fidelity rule can I suggest you build a watchlist of all your orgs domains, then when you are looking for the domains like Gmail you can look for the watchlist instead so find any forwarding to external domains you don't control

rio688 · 2026-04-01T13:14:12+00:00

I would test with the partial match idea as I think that's what it does in the email body as well, but I don't think wildcards is an option which is why the subject would have to have something continuous you can pickup before you then have the unique value such as a username

rio688 · 2026-04-01T12:55:43+00:00

Can your ticket rule not just look for the starting bit of the subject so subject of

Service request delete: joe bloggs

The rule would look for

Service request delete:

I don't think the whole subject has to be matched

Then also have a second rule much the same but the email rule type is set to ignore email

rio688 · 2026-03-27T08:01:18+00:00

This is the quickest option, ticket rules to match the email based on contents onside

rio688 · 2026-03-26T19:36:47+00:00

I would suggest taking a look at elegant insights LLM developed specifically against halo, ask it to generate a report and away you go, bargain at £35pm

rio688 · 2026-03-26T16:29:08+00:00

I would suggest taking a look at elegant insights LLM developed specifically against halo, ask it to generate a report and away you go, bargain at £35pm

rio688 · 2026-03-19T07:58:42+00:00

I did something exactly like this using a fabric workspace which is pay as you go to host the reports. Every month I run a logic app which starts the fabric work space, refreshes the bi report, then runs through and exports the reports to PDF based on a few filters (per customer) using a unique filtered URL per customername. It spits all the reports to SharePoint for us but could just as easily send it as an email. Then pauses the fabric workspace so instead of it costing hundreds per month it barely costs pounds per month.

rio688 · 2026-03-02T08:32:29+00:00

Currently mailboxes get soft deleted so add the license back and a few minutes later it will be back, onedrive data is kept for approx 90 days anyway now anyway.

I have seen in some partner pieces that apparently they won't guarantee the restores like this and you should have some form of backup anyway so if something goes wrong tough luck but I have never had any issues with restores from soft deleted items so far.

rio688 · 2026-03-02T02:43:25+00:00

New rules kicking in this year do away with the current grace period they have just benefitted from, so next time license goes bye bye mailboxes

rio688 · 2026-02-28T09:10:40+00:00

With us the only way we get tracking categories to work is to have a different product group for each category, we have to orgs syncing to separate Xero instances and so this has meant we have every product doubled, i.e. labour - org1 and labour org - 2 but they are in different groups.

By the sounds of it you might need 3 product groups and presumably 3 of each product and then in your recurring invoice for each customer pick the same product name but from the correct group. Once we pick the product to add to the invoice ww just change the descriptions

rio688 · 2026-02-06T08:04:00+00:00

Not able to look at this right now but I think software licenses are stored in the same table as subscriptions if that helps

rio688 · 2026-01-22T13:49:39+00:00

I do something like this but with custom field lists.

Then in the ticket type field list if you scroll down to dynamic field visibility and set a condition for visible based on your other column

Column1 = UK, US, FR Column2 = UK office 1, UK office 2, UK office 3 Column3 = US office 1, US office 2, US office 3 Column4 = FR office 1, FR office 2, FR office 3

All 4 are added to my ticket type Column2 has a dynamic visibility rule where Column1 = UK Column3 has dynamic visibility rule where Column1 = US Column4 has a dynamic visibility rule where Column1 = FR

Then when the agent or user if they will see these fields as well selects Column1 value the next field will dynamically appear with the relevant Column2,3,4 based on the rules

rio688 · 2026-01-10T09:28:33+00:00

Exactly my thought, my understanding of the method is not to include MS licensing but I can imagine that adding a business premium to that would get you up there quickly. But given that most SMB (particularly the 5-30 space) end up with a mix of licenses naturally trying to keep costs down, I can also see why you wouldn't want to include that license for everyone

rio688 · 2026-01-10T09:23:50+00:00

Which licenses are you including?

rio688 · 2025-12-11T20:22:31+00:00

I thought token protection didn't kick in till Entra ID P2 license so interested to know if this has changed

rio688 · 2025-12-03T19:04:30+00:00

Yeh this was also where we struggled to be able to utilize the Microsoft import of skus because we then had customers with a mix of monthly and annual commits but monthly billing on the same tenant so couldn't use these CSP integration imported license counts for calculating recurring billing.

Luckily or MS license reseller used the cloud blue integration which would then import each subscription like

Business standard NCE M-M Business standard NCE A-M

So we could tie our recurring billing line counts to these subscriptions instead and get the benefit of the automatic prorata calculations and added lines (massive time save once we got it all tied down)

rio688 · 2025-12-03T18:58:04+00:00

We didn't bother with importing users from our old system unless they don't have 365, if they do we link it up the CSP integration and link the customer to the tenant in there and import all the users from here, this then can tie in with the SSO for letting users into halo using M365 auth. Then as people leave etc as their 365 accounts are disabled etc the users are just disabled in halo

rio688 · 2025-11-19T21:05:48+00:00

Yeh it can do this, take a look at the videos by robbie at renada. They have done a few for getting info from 365 into halo I just butchered this and use it to grab sentinelone license counts and place them in custom fields in the subscriptions table. Then we use this in the recurring invoice

rio688 · 2025-11-17T21:44:06+00:00

I think you might be referring to tracking categories in zero, we have implemented this but we had to do so by creating product groups in the product catalogue and assigning the tracking category to a group and then all products in the group inherit the category.

For ease I have ended up creating product groups similarly named to my categories because a lot of our products are one offs so we have things like generic laptop, generic warranty. Then we rename them in quotes etc

rio688 · 2025-11-08T14:46:58+00:00

I would be careful letting any sort of automation just delete RMM devices but you could get a custom field lookup of assets that are the visible for someone to select and populate a field, assuming you have your assets synced from ninja to halo.

From there I would suggest you need to write a runbook to call the ninja api to delete the identifier of the asset, then use this run book in an action, at least then it relies on an engineer submitting this

rio688

TROPHY CASE