|
In the process of finally revoking local admin from all of our users, we're looking into beyondtrust/powerbroker/beyondinsight to manage elevated permissions for installs instead of SCCM. Has anyone worked with it? I've only had contact with the sales guy so far and it seems to cover all of our needs, but I'm still in the process of getting my head around implementation, installation, and exactly what parts we need. Thank god we recently set up a sandbox test domain.
|
#
¿
Sep 9, 2016 16:36
|
|
|
|
| # ¿ Apr 29, 2024 00:53 |
|
|
orange sky posted:Doesn't SCCM run installs as SYSTEM and not the user running it? Yeah but we're a two person (jr and sr) sysadmin team with 150 virtual and physical servers, onprem exchange, no SAN, and 2000 users. We have rudimentary SCOM and SCCM but it was set up (not very well) by a consultant ages ago and it's on the to do list to learn, but it's a monster and we don't have enough time to learn, test, implement before the security auditors come around and ding us on the report again. This is HigherED, it's an odd place and the budget folks don't mind throwing down for the 3rd party solution.
|
|
#
¿
Sep 9, 2016 17:19
|
|
|
We've been very happy with MS 365 cloud endpoint defender whatever. It is extremely powerful and we have the e5 licenses. Just wish we had the time to really dig in and get automation running for user/device risk closures, playbooks, etc. I'd run it on my person machine too if it didnt pipe everything i do back to the central control panel for any other admin to see 
|
|
#
¿
Apr 26, 2023 00:50
|
|
|
It can be worth contacting MS to see if they'll help you with quickstartor fast-track stuff and get set up with a reseller for proper billing. We go through SHI for all of ours. MS will throw free resources at you to help you spend more money in their cloud.
|
|
#
¿
Aug 24, 2023 04:16
|
|
|
We've been looking at AVD vs w365 and found AVD much cheaper over the long run per user. There's also a middleman 3rd party service called nerdio which handles a ton of automation around load balancing and scaling and seems to pay for itself pretty easily on top of the general AVD savings of it auto scaling back deployments when not in use. Worth looking into and asking for a demo. In our testing and scaling with w365 it costs about as much as a person having a nice new laptop every 3 years in addition to them also needing a machine to connect from so it didn't make sense for us.
|
|
#
¿
Sep 26, 2023 05:07
|
|
|
IIRC Storage Spaces Direct is the new hotness in windows drive clustering
|
|
#
¿
Dec 24, 2023 01:26
|
|
|
Yeah, the control group must be mail enabled its how exchange knows what it is. You can go in after and hide it from the GAL and restrict so nobody can send do it if you want. There is new group writeback to onprem in Azure AD which might have some interesting implications for dynamic cloud/onprem groups but its brand new and we haven't poked at it yet.
|
|
#
¿
Jan 10, 2024 07:24
|
|
|
It was intune before, and then endpoint manager, and now intune is back as an umbrella over endpoint manager, i think. We give our MS rep about the constant rebranding all the time.
|
|
#
¿
Jan 12, 2024 23:10
|
|
|
Defenestrategy posted:There a button to export entra configs? Would be real useful for establishing baseline config. I think what you're looking for is called Desired State Configuration
|
|
#
¿
Mar 18, 2024 18:04
|
|
|
Defenestrategy posted:This seems like its specifically for vms not Entra, I'd like to pull a json or something that just has all the buttons I pushed for stuff like conditional access policies, groups, password management blah blah. I posted while still looking for the correct link but finally founds it again. https://microsoft365dsc.com/user-guide/get-started/introduction/ Why the first results are always azure vm dsc i dunno. search sucks these days.
|
|
#
¿
Mar 18, 2024 18:57
|
|
|
|
| # ¿ Apr 29, 2024 00:53 |
|
|
Where do you get the key and where are you applying it? We have a volume license agreement negotiated with MS and processed through a 3rd party vendor so our keys and downloads are in the m365 admin portal. In there are lots of different keys for different purposes. We used to use KMS but now use AD-based activation where the key is stored in AD and anything that is domain joined is automatically licensed appropriately. If you're trying to activate individual systems in the OS by hand, IIRC you need to use the "MAK" key. That key is good for multiple, but limited activations and that count would show in the admin portal. Also, keep it safe and don't let it leak, that is very bad. I agree it is fairly cursed system even compared to other deep level cursed MS features. The activation hotline tends to be very helpful though they can probably tell you what's wrong but couldn't help with you procuring the correct thing.
|
|
#
¿
Mar 26, 2024 19:51
|
|