What’s this??

What’s this??

An actual usb key in the wild, dropped not far from my office??

@mrr3b00t.bsky.social what should I do?

a man with glasses and a beard says " don 't touch it if it works " ALT: a man with glasses and a beard says " don 't touch it if it works "

I just want it back the way it was!!

My work today was for another partner who have oodles of license SKU’s, and I am frequently deploying 4-6 SKU’s per group.

Was a pain.

Will do @jeftek.com! Thanks for the suggestion.

My rant was prompted by spending two hours cleaning up a licensing mess, and I know this stuff!

Used to be great, going to the group in Entra and seeing which license had a conflict or issue.

Now it is license centric, and... not as clear.

@merill.net @nathanmcnulty.com Do either of you have the contacts within @microsoft.com to get this reversed?

It's an abomination now...if licenses are not assigning, I got to go through them 1 by 1, checking the groups, checking conflicts... I feel like I need 2-3 Admin portal windows open!

It seems to have made a difference so far this month.

Anyone else doing anything with EASM?

Remove expired SSL certs

Ignore Microsoft Sites

Ignore Microsoft Certs

So, you can add a Policy, which acts on a saved search to adjust the approved inventory; these are what I use:

While I want to see an expirying Cert, I don't want to retain a long record of expired ones (I know that put an onus on me to make sure they are all set up to renew correctly).

Nor do I want to pay to track Microsoft infrastructure that I can't influence.

I don't know if it is a bug or a change, but it appears to be down to two things:

1) Much more common use of Lets Encrypt, expirying every 90 days, but still tracked by EASM

2) Downstream Microsoft services, hosts, IPs, and Certs behind Intune and other services

I like deploying @microsoft.com Defender for External Attack Surface Management (EASM) as an external observation layer for the clients I manage.

Originally a very reasonable cost, I noticed that the costs appeared to have trippled over the last couple of months:

And your regular reminder that this was the most annoying M365 decision ever made!

Setting up some new @microsoft365.microsoft.com tenants today, and there is so much to do to make them fit for purpose!

Why oh why do I need to go through these individually to disable them?? I must check out PowerShell...

One or two…

I am not a developer, and wouldn't know React from C++ but a few hours with @vscode.dev, Roo Code, @anthropic.com, Docker, and I have a AI enhanced document management solution (running locally for now, but soon for an
nVidia #Jetson... when it arrives!

#StopMeNow #loadin4k

My plan is to unwind over the remainder of the Christmas holiday by making an effort to reduce the bedside pile of books (which “magically” grew again).

Reading “Notes from a Small Island”, and I see Bill Bryson channelling my sentiments exactly on sand!

Ha, I was only joking on the Copilot+ stuff.

For me, this is my first experience with a Pi like device; I have a Dell R720xd running some VMs and this would give it a run for its money.

I really want to try/learn some python and vision AI stuff; defect detection, document intelligence, etc.

Image of nVidia Jetson Nano developer board.

So… is this a Copilot+ PC (as I wait for mine to arrive)

Absolutely!

Yeah, you should use fail2ban when setting up webservers

Ok, now that's super!

I wonder, I wonder… I have mine on fairly heavy duty arms… it may work!

Feck!

Reason I go 4k is the vertical resolution; try doing a logic app or long doc on 1440 - not for me!

Ok! Thats a very different scenario! Does Google do much in the way of device management?

It’s not perfect, but it’s sufficiently functional for my needs on MacOS and improving all the time.

Thanks for this!

I am Intune all the way

a cartoon of homer simpson screaming with his mouth open ALT: a cartoon of homer simpson screaming with his mouth open

Rolling out Passkeys to the same cohort…

I had a similar project recently for a few more people… just rolling out MFA though. Despite multiple rounds of comms, even using Terms of Use CA policy with custom instructions, you’d be amazed how many were shocked when they were locked out from their BYODs as they didn’t have MFA…

I think I am having a weird issue where I am protecting security registration using TAP on BYOD, but for some reason I am not prompted for the TAP when registering for passkey.

While I would love my clients to go with Passkeys, I still struggle in two areas:

- a useful set of CA policies to allow passkey registration on BYOD mobile devices for remote workers
- the windows interface is still a bit of a dogs breakfast if you have Fido/whfb/multiple accounts.

Am interested in the monitor setup; I use 2x32” 4Ks side by side, I need the pixels but the layout is not ideal.