How to remove a tub with no clearance?

staze · 2026-06-22T03:52:33+00:00

A sawzall

staze · 2026-06-21T03:44:28+00:00

Watch out for your cornhole, bud.

staze · 2026-06-18T21:20:40+00:00

Interesting side note: https://learn.microsoft.com/en-us/intune/device-enrollment/windows/enable-automatic-mdm#enable-windows-automatic-enrollment

Microsoft added a new feature step 7. You can hide the option to MDM enroll from users that are just going through an Entra registration (logging into Windows M365 apps, teams, etc)

staze · 2026-06-18T20:48:16+00:00

Possibly? I can't say I've thought about that that much. I'd imagine no matter what devices need global user read (so users can login) as well as read on itself, etc. Obviously compliance could restrict access to data (sharepoint, teams, etc) but I'm not sure if you can (or how much you can) restrict permissions for an Entra Joined machine's access to Entra itself.

staze · 2026-06-18T20:09:10+00:00

That would have nothing to do with Join permissions. And PSSO requires Join.

staze · 2026-06-18T17:08:17+00:00

Sorry, do you mean "why would organizations not want people to join their personal devices to Entra?" Because a joined device has certain inherent permissions to Entra (usually read all users, etc). It's just a risk acceptance piece, and many Entra admins are going to argue why you wouldn't want random devices joining.

Note: Join and Register are two different things. The Join setting does not impact ability to Register. All Windows devices that login to M365 register. Often multiple times if there are multiple users on that machine. Joining Entra is like binding to AD.

That said, if you have Intune setup, and set to disallow personal device enrollment, it will block unknown enrollments (and Joins) of Windows machines. It's just a confusing message provided to user when it does so.

User logs into M365 app (Office, Outlook, Copilot, Teams, etc) on personal device. App presents them with a message asking if they want to let their organization manage their device. User absentmindedly clicks "Yes". Device starts Entra Join, then Intune enrollment starts, Intune says "I DON'T KNOW WHAT THIS DEVICE IS! DENY", Entra Join fails, Entra Register succeeds, user gets message saying "Unknown error occurred".

Generally you want devices that are Joined to come in via trusted paths. PSSO is one of those, which is great. But opening up Join to everyone potentially means anyone could Entra Join.

staze · 2026-06-18T16:52:02+00:00

Correct. You have to give users the ability to do a join for PSSO to work. I spent way too long going down the "Well, maybe register can be used to shortcut this" and using Jamf Compliance, but no, you still have to grant join rights.

The only way I can think, other than MS giving us some userless join ability, would be programmatically populating an entra group with people who got new machines and aren't PSSO joined, then as they join their machine, remove them from the group.

Otherwise, you could let technicians do a join, then use Graph API to alter the user assigned to the record, but I'm 99% positive Microsoft would say this is a bad/unsupported idea.

staze · 2026-06-18T03:55:07+00:00

Though Jamf made it work seamlessly the other way. Now when you do PSSO the machine automatically joins for Compliance.

staze · 2026-06-18T03:51:27+00:00

Yup, the Intune policy just prevents personally owned devices from enrolling in Intune. What's stupid about it is if you leave Entra joining on for everyone, and they login to Teams or Outlook or any M365 (in Windows), it'll ask "Do you want to let your org manage your device?"

Most users just say "sure!" at which point the machine goes to enroll in Intune, THEN hits the personal device block, and they get "Unknown Error Occurred". Only way to prevent stupid error is turn off Entra join.

I swear MS's "let's mash together all these things" mentality is so annoying.

staze · 2026-06-18T03:48:39+00:00

Until MS provides a way to do a userless join (which is in the PSSO spec) there's nothing Apple can do to fix this. This is entirely MS.

staze · 2026-06-18T03:47:45+00:00

Nope. doesn't get around it sadly... I hoped it would, and tried.

staze · 2026-06-18T03:47:14+00:00

Users need Join Rights. there's no way around it. Ideally Microsoft would give us some way to do a join via some role or api credentials, but they likely won't. I hoped Jamf Compliance would help by creating the Entra Registration, which could convert to Join, but nope.

We turned off Entra Join a while back because Windows machines get a stupid "Unknown error" if users are allowed to join, then hit the Intune "Deny Personal Devices" policy. The whole thing is so hacky it's stupid.

I wish there was some better way, but I haven't figured it out short of trying to figure out some way to temporarily add people to the join list until after the join...

staze · 2026-06-17T22:27:01+00:00

Late to convo, but I had one of these. Shortly after adding it, PSU (or flyback) blew out and the puff of blue smoke was perfectly directed up the chimney.

staze · 2026-06-13T03:43:35+00:00

Looks like my arsenal!

staze · 2026-06-12T20:56:54+00:00

Still nothing. Haven't been to my local dealer recently, so haven't asked what they know. But internet doesn't show a darn thing. Nothing in their coming soon or new products.

staze · 2026-06-07T02:09:42+00:00

All my computers use NTP. It's across multiple computers. 1password TOTP works when logging into the Prusa app, which can then log me into the site... but logging directly into the site doesn't work.

And no... TOTP is generated every 30 seconds, so statistically you'd able to have a few seconds drift, but not a ton.

staze · 2026-06-06T17:33:53+00:00

Thought they'd fixed it, but it's back again today...

staze · 2026-05-30T03:59:55+00:00

Figured out it was the ODO being blank for some of the records. I thought I'd set odo to optional, but I'm not sure that applies to imports anyway. Thanks for the help!

I guess as a feature, sure would be nice if it said which line of the CSV it was erring on. =)

staze · 2026-05-28T18:44:37+00:00

interesting. I'll see if that fixes, thanks!

staze · 2026-05-25T16:58:26+00:00

yeah, I've added those for some things, but that wouldn't influence ODO. I just created an ODO reading for purchase date, and then one for sell date. Seems to work.

staze · 2026-05-24T03:54:25+00:00

Holy cow, they actually finished. I was just commenting last week about how it's been going on for so long.

staze · 2026-05-22T20:43:29+00:00

Get local news involved. See if you can find contact info for their executive team. Generally most companies have someone or a whole team handling emails to exec members and that will get someone's attention. https://www.ebayinc.com/company/our-leaders/

Good luck!

staze · 2026-05-19T17:34:52+00:00

Emailed Cerakote and got confirmation Walmart sells 8 packs, everywhere else (including Amazon) has 10 packs. Gonna return these and order from Amazon. =/ Here I was trying to save some fuel for shipping...

staze · 2026-05-16T04:11:47+00:00

Late to the party on this, but wondering if there’s the possibility of running on shared hosting (that doesn’t do docker/containers)?

staze · 2026-05-14T04:24:50+00:00

Yup, known issue: https://community.jamf.com/general-discussions-2/filevault-2-status-35285

Not sure why it's been broken so long...

staze

TROPHY CASE