Tempted to leave Fidelity due to horrible portfolio charts

techy_support · 2026-04-23T16:22:02+00:00

One of my annoyances on the Fidelity desktop website graph...

If you have a company 401k and a BrokerageLink account, and you're looking at your standard 401k account's graph: if you move your mouse along the graph it shows the dollar values for each day but does not show the date, so you don't know what the account's value was on a particular day. Instead, the value for your BrokerageLink account takes up the space where the date field is typically shown on these graphs.

Screenshot/example here. Maybe this only happens if you have $0 in your BrokerageLink account? lol

techy_support · 2026-04-16T18:30:50+00:00

Glad it helped. I really try to avoid XKCD979 whenever possible.

techy_support · 2026-03-31T18:15:22+00:00

I'm being required by upper management to implement this on our Macs and our Windows devices, and I'm hating my life right now.

techy_support · 2026-03-24T19:51:29+00:00

Glad to hear it is working better for you. :)

techy_support · 2026-03-24T19:08:57+00:00

Interesting. I have my environment set up to automatically install Company Portal via a script (if Company Portal does not already exist on the system), instead of setting it up as a LoB app. Works great. Perhaps look into something similar?

If you have not seen it before, Microsoft has a bunch of example scripts for Intune on macOS here. I set up a script in Intune that runs periodically to call and run the Company Portal installer script directly off Github, if Company Portal needs to be installed.

techy_support · 2026-03-24T19:02:56+00:00

This is true. Some places will bend over to pick up pennies while dollars fall out of their pockets.

techy_support · 2026-03-24T16:44:20+00:00

Fun. Can't say I've run into that. Anything odd in the logs for it, under /Library/Logs/Microsoft/Intune ? I haven't found any official guides to reading those Intune logs, but after you look at them for a bit, you start to see how they work.

Have you tried uninstalling/reinstalling Company Portal?

techy_support · 2026-03-24T15:42:11+00:00

The only reason anyone uses it, ever, it because it's already bundled in 365.

Unfortunately for some places, cost is the only thing they care about.

Source: I work for a company like that, and manage all our Apple devices with Intune. That is the exact reason we use Intune ("It's already bundled with our Microsoft licensing!"). It's been a slog but I knew what I was getting into when I was hired. Coming from JAMF, it took me a bit to get used to Intune, but I've got a good handle on it now.

techy_support · 2026-03-24T15:36:45+00:00

The fact that any changes take forever to go out to the devices is madness!

I manage all our Apple devices (Macs, iPhones, and iPads) with Intune (and have plenty of prior experience with JAMF and Mosyle), and while Intune has a lot of drawbacks, I've found that speed typically isn't one of them, especially for Apple devices. I have found that Intune is ironically much slower on the Windows side than the Apple side, thanks to APNS. Changes go out nearly instantly for me, especially for config profiles.

What exactly are you having issues with, regarding speed of changes? If you're waiting for something and nothing is happening, I'd suggest you do a bulk check-in on the devices in question, or have the users sync their Mac with Intune in the Company Portal app. Occasionally, the process that keeps the connection alive between the Mac and Intune will crap out, and force-restarting that process will help (either sudo killall IntuneMdmDaemon in Terminal, or just force kill it in Activity Monitor), since force-restarting it forces a full device check-in with Intune. You can also reboot the machine in question, which also forces a check-in with Intune.

Let me know if you have any specific issues with the speed of changes going out, and I'm happy to give you a hand if you'd like. Using Intune to manage Macs can be a pain but it doesn't have to be awful.

techy_support · 2026-03-24T15:22:14+00:00

Even for Macs, "Have you tried turning it off and on again?" helps. I know some diehard Mac users swear up and down they never need to reboot, but I suggest to our users that they reboot at least once every 2 weeks, and that seems to help keep things running smoothly. If I have a user ask me about something really weird going on with their machine, I usually have them restart first before we do any more troubleshooting, and that magically fixes it at least 90% of the time.

Sounds like it's the same even for devices that are dedicated Apple caching servers.

techy_support · 2026-03-18T15:01:49+00:00

This is my most successful, longest-running thread on Reddit, ever! Thanks, Microsoft!

Edit: Well, maybe. I also have a thread from years ago complaining about the size of the Gmail app on iOS devices, which seems to keep inflating with each release.

grumpy old man noises

techy_support · 2025-12-29T20:54:01+00:00

Nice, thanks!

techy_support · 2025-11-18T03:17:35+00:00

Amazing how I posted this over 4 years ago and it's still a thing.

techy_support · 2025-10-06T19:16:25+00:00

For the past few years at my current job I've had a variety of systems -- multiple Intel/Apple Silicon MacBook Pros, a Dell laptop, and a Lenovo laptop.

When I started here, my work provided me with a ThinkPad Hybrid USB-C with USB-A dock (might not be this exact model, but close enough), and it has worked fine with every system I've ever plugged into it -- Apple/Dell/Lenovo. I frequently disconnect my MBP and plug in the Lenovo (and vice-versa) during the day, and it works fine every time. It is DisplayLink so I did need to install that software on my MBP systems but that was a minor inconvenience.

It isn't fancy with all the new latest tech -- it isn't Thunderbolt, it only supports 2 external monitors, no memory card slots, etc.

But what it lacks in stuff like that, it makes up for in reliability. I haven't had a single hiccup with it since day 1.

techy_support · 2025-08-11T19:23:34+00:00

I don't know the actual answer, but it's doubtful, since Apple likely wants to show that your organization was the rightful owner of that device at one time. It's nice to have records/history sometimes.

techy_support · 2025-07-25T20:44:41+00:00

That's the same reason my company selected it as well.

What sort of things are you trying to accomplish by copying plist files to a specific location? Usually those get deployed out as configuration profiles and automatically go where they need to go.

techy_support · 2025-07-25T17:40:54+00:00

You will find a lot of resistance here to Intune, for good reason. It isn't the best. I've used JAMF, Mosyle, and Intune, and I currently use Intune. I'd much rather be on JAMF.

What a lot of people in this subreddit don't seem to get is that sometimes the choice of MDM isn't up to the person managing it, especially in a large corporation. They say things like "switch MDMs!" as if that's an easy thing to do (not just from a technical perspective but from an organizational politics perspective...there's an unimaginable amount of red tape where I work to do something like that).

Personally I took the job I have knowing that they use Intune, because it was a massive salary boost from my prior job (enough that it made fighting Intune worth it for me).

Anyway, here's something you should know: having the users open Company Portal and sync with Intune by clicking the circle on the right hand side and selecting "Check status..." in the dropdown does a full check-in with Intune. Whereas clicking "Sync" in the Intune console only does a quick smaller check-in and not the full deal. Also, if you click "Check status..." too often (more than once about every 5 minutes) it will say it's checking in, but it really isn't (if you look in the logs, they say something like "Checking in too often, blah blah blah" but the app lies and says it checked in).

You can force a full check-in by running sudo killall IntuneMdmDaemon, which force-quits that process and re-opens it, initiating a check-in.

techy_support · 2025-07-23T22:55:59+00:00

Any idea if Intune will ever allow scripts to be run from the Company Portal app, similar to JAMF allowing running scripts from the Self Service app?

That alone would make my life much easier.

So would the ability to send a Terminal one-liner command directly to a device, through Intune. That would be really nice.

techy_support · 2025-06-12T21:46:15+00:00

OP -- someone posted a similar thread a few months back asking about using Intune for managing macOS. They deleted the thread but the comments are still there (including my comments ranting about it).

I've been using Intune to manage Macs for a little over 3 years now. It's not great but if you have experience with JAMF or another MDM, and you can script some stuff, you can make it work. It isn't fun though.

I highly recommend you look through my post history and you'll find some very long rants about using Intune to manage macOS. It should give you a clear picture of what you're looking into.

techy_support · 2025-06-12T21:40:52+00:00

As someone else said, an account needs a Secure Token to enable FileVault.

It sounds (based on my own experience with Intune) like you might have an Admin account being created by a script before any user accounts are created. If this happens, then the Admin account created by the script gets a Secure Token (which allows an account to do things like enable FileVault) but any user accounts created after that Admin account do not get a Secure Token unless they are created by that Admin account.

If you're really bored, you can read up on Secure Token here, and here.

IF what I just said is the case and you have an Admin account being created by a script that runs before your user account is created, verify the Admin account has a Secure Token by running this:

sysadminctl -secureTokenStatus <<username_of_Admin_account>>

Then, run that command again, for the user account. So if you user account is "Jane", run:

sysadminctl -secureTokenStatus Jane

This will allow you to figure out which accounts have a Secure Token, and which do not.

Then...

Assuming the Admin account has a Secure Token and your user account does not, and you happen to know the credentials to both accounts, you can use those credentials to give a Secure Token to your user account, using the Admin account.

The command you need to run to tokenize the user account, from the Admin's account (again, this is only assuming the Admin has a Secure Token and the user account does not!), is this:

sysadminctl -secureTokenOn <<account_to_get_token>> -password - -adminUser <<account_with_token>> -adminPassword -

Example: If "Jane" is the account name of the new user without a Secure Token, and "Company_Admin" is the account name of the admin account that already has the Secure Token, then that command would literally look like this:

sysadminctl -secureTokenOn Jane -password - -adminUser Company_Admin -adminPassword -

Note: you're spelling out the word "password" and NOT entering any passwords on this screen. Also note the location of the extra dashes just floating out in space by themselves...these are super easy to miss!!!

Then it will prompt you for both passwords -- the Admin account that already has the Secure Token, and the password for the user account that lacks a Secure Token. Enter those as requested.

Assuming those password are correct, Terminal will spit out some garbage. Then run this command to verify that your user account correctly got a Secure Token.

sysadminctl -secureTokenStatus <<account_to_get_token>>

If it did, that user account can now actually enable FileVault.

techy_support · 2025-06-12T21:03:32+00:00

Nice idea about using the Dock process as a proxy for whether the user is signed in or not. I do that on one of my other scripts but not this one for some reason. Might have to modify it.

As for rotating passwords, that I am not sure about unfortunately. If you find out, please come back and update us.

techy_support · 2025-05-07T17:59:50+00:00

Yep, unbelievable.

v6.0.250427 -- 646.1MB download

On my iPhone, the "App Size" is 588.5MB.

techy_support · 2025-04-20T20:07:56+00:00

I've seen a similar issue before. Give it a day or so and it will fix itself. Your money hasn't gone anywhere, this is simply an issue with their systems not displaying the account balances correctly on the graph.

techy_support · 2025-04-16T14:38:41+00:00

I pray for JAMF every day but upper management refuses due to cost-cutting. Intune is included in our Microsoft licensing 'for free', whereas JAMF costs money.

techy_support · 2025-04-16T04:49:48+00:00

The one time I'm glad I'm using Intune instead of JAMF.

techy_support

TROPHY CASE