message reach across mixed environments.
Purview Insider Risk Management limits will expand significantly: Variants per indicator: 3 → 10; Total variants: 100 → 400; Detection group items: 200 → 500
IRM policies will allow multiple DLP policies to act as triggers, enabling broader and more accurate risk detection scenarios.
Exchange Online GCC High and DoD tenants will gain inbound SMTP DANE with DNSSEC, improving email authentication and security.
The Microsoft 365 Backup service will roll out to GCC environments starting December 2025.
Microsoft Planner will receive Data Lifecycle Management support, allowing retention policies to protect Planner tasks and related content.

Existing Functionality changes:

The Teams app usage report will be replaced with the Integrated Apps usage report, offering a redesigned layout with improved charts and actionable usage insights.
Microsoft Intune network endpoints will move to Azure Front Door IPs. Tenants using firewall allowlists including those relying on Basic Mobility and Security must update them.
SharePoint agent usage reporting will shift from per-site views to a unified tenant-wide report, simplifying insight gathering for admins.

Action Needed:

Managed connectors for syncing UKG and Blue Yonder data into Teams Shifts will retire on December 7, 2025. Organizations must build custom integrations to maintain data sync.
The Visio Data Visualizer add-in will be removed from Excel on December 8, 2025. Admins should disable the add-in and instruct users to save diagrams locally as .vsdx files.

Act now to stay ahead and ensure these updates don't impact you!

https://redd.it/1pb9hdc
@r_systemadmin

Suspicious of new co-worker

I work fully remotely for a company based in the UK. We primarily work in both the UK and US with the odd worker scattered around other countries. If they work from these other countries they need explicit permission to do so.

The new worker supposedly works from Texas and appears to be a US employee. But I've seen quite a few red flags and I wonder if anyone has seen anything similar or what to do in this situation.

His LinkedIn doesn't make any sense. He supposedly worked as a technical architect over 10 years ago but now works in a more junior role. He has no links to any of his certifications on his LinkedIn. His last company was based on the "US" but when I went to check on the employees they were all based in Africa. His first few companies that he worked for are from Nigeria too.

His English isn't great either and it takes him a long time to say what he needs to say. He's supposedly very knowledgeable in devops but it's been 6 weeks and I've barely seen him do anything.

So I obviously had my suspicions and I have access to our logs which shows login location and IP. He has two IP's which he uses to login which are based in Boston and Texas. But when I look the IP's up they are both VPN's. This seems highly suspicious to me because that would mean he's using a VPN on his router and not his actual ISP IP.

Has anyone had anything similar? Is it worth worrying about?

https://redd.it/1pbankx
@r_systemadmin

Suggestions for alternative PDF-Tool?

We're running a Remote Desktop Services environment where we previously used a licensed Adobe PDF Reader. After migrating to Windows Server 2022, it seems that version is no longer supported. Adobe's new licensing model for Acrobat/Reader looks pretty terrible to me, unless I'm misunderstanding something.

We have around 60 users working directly in the RDS environment, and I'm looking for a solid alternative that can handle opening, merging, and ideally some light PDF editing.

Does anyone have reliable recommendations?

https://redd.it/1pb8fq8
@r_systemadmin

FreshService down?

I saw the UI update but I doubt it is the reason why.

https://redd.it/1pbd8cq
@r_systemadmin

Why is Microsoft documentation always accurate until you actually try to use it

Every time I troubleshoot something in M365 or Azure I start with the docs.

And for the first 30 seconds everything looks perfect.



Then I try to follow the steps.

Half the screenshots are from old portals.

Buttons are in different places.

Settings moved last week.

The important part is hidden behind a “See more” link.

And the feature behaves nothing like the example.



Feels like the docs are written by a version of Microsoft that does not exist in reality.



Is this just my luck or does everyone else hit the same wall?

https://redd.it/1pbenok
@r_systemadmin

Why are a lot of IT companies suddenly starting to push Hourly consulting roles

Why do companies feel the need to hire on an hourly basis and pay you less than 40 hours per week? Is it on prerequisite knowing that they can have you work overtime on overnight shifts? I want to know the reason for this shift

https://redd.it/1pbcka1
@r_systemadmin

How does your company handle on-call compensation?

I know this question gets asked every once in a while, but I feel like it's always good to have fresh input from folks.

The place I'm at currently is pressuring me to join the on-call rotation (something that, when I was originally hired, was exclusively handled by a different team).

The compensation for being on-call is as follows:

- No standby pay (no pay for simply being on-call)
- Only paid for calls that come in that result in work (i.e. if I get called at 2am, but the client declines the afterhours cost, no remuneration)
- With the current number of people in the rotation, it would be once every 12 weeks or so.

I'm inclined to decline it, mostly due to the no standby pay. I dislike the idea of putting portions of my personal life on hold on the off chance someone does call in, and not getting compensated for that. I'm curious what the common standard is currently for being on-call.


EDIT: In response to some of the answers already - I am salary, but would get no comp time unless the call was excessively long, i.e. no leaving early if I started my day early due to a call.

https://redd.it/1pbf49u
@r_systemadmin

Anyone Actually Tracking DORA Metrics in Their Org? Worth the Effort?

I keep hearing about DORA metrics lately (deployment frequency, lead time, MTTR, change failure rate) and how they’re supposed to help teams measure “DevOps performance.”



We’ve got a decent CI/CD setup and some monitoring, but none of this data lives in one place. Management keeps asking if we can start tracking the DORA metric stuff, but I’m not sure if it’s actually useful or just another vanity dashboard.



For those of you who’ve done it, did it make any real difference? How hard was it to set up? We’re mostly Kubernetes + GitLab + Grafana right now.





https://redd.it/1pbi2zx
@r_systemadmin

CSAM - What do I do?

England.

Hi 😕.

I work for a small MSP (5 of us, I'm the most senior under the owner, but most decisions are made by him). One of our clients have a specific software that is installed on the users profile. There was a new PC delivered, we removed the password from the user yesterday as the vendor has specific, shitty requirements for them to install. I know this is bad, but it's not up to me. Either way, that's the not the point.

Today, I remoted in to ensure everything was good and put the password back on etc. I saw in the chrome history searches for CSAM overnight. It looks like chrome had been signed into a non work Gmail as well, and was syncing the history. The history was full of similar stuff. It's important to note that it was mainly searches etc, and very little evidence of the user actually having found what he was looking for. I was very thrown and escalated it to my CEO. After a bit, he got back to me and said it's none of our business and to ignore it and move on.

Any advice? It does not sit right with me as unfortunately I know a few people that where abused as kids so it's personal to me to ensure pedophiles are punished. However I'm not sure where to go from here? I do not want to go the police as I'm pretty sure the evidence will be gone by then.



https://redd.it/1pbldnn
@r_systemadmin

Ram rant...

Just a rant on how ridiculous the price hike on RAM... I ordered 128GB of DDR5 6400 for $593.59/USD on 11/10/2025. Checked it out today(12/01/2025) for another build I need to create for a specialized PC for one of my design departments. Now it's priced at $1,484.99/USD. Absolutely unreal and sad.


I can't even imagine what Dell and Synology are going to charge me for the new servers and NAS's I need for my near future upgrades... The RAM price for upgrading is going to drive me through the roof.

https://redd.it/1pbjsaw
@r_systemadmin

What temperature is your server room?

What it says on the tin. We have a mildly spacious office-turned-server-room that's about 15x15 with one full rack and one half-rack of equipment and one rack of cabling. I'd like to keep it at 72, but due to not having dedicated HVAC, this is not always possible.

I'm looking for other data points to support needing dedicated air. What's your situation like?

https://redd.it/1pbiw10
@r_systemadmin

Best phishing simulation tools

We’re reviewing our internal security stack and one of the things on the list is tightening up how we handle phishing awareness. I know everyone has different environments, user bases and tolerance levels for “gotcha” tests, so I’m curious what’s actually worked for you in the real world.

What phishing simulation tools have you had good (or terrible) experiences with?
Did any of them actually change user behavior long-term, or did they just annoy people?
How important are things like automation, reporting or integrations with M365/GSuite in your setup?

Would love to hear what you’ve run into before we commit to anything.

https://redd.it/1pbql4m
@r_systemadmin

The tech industry is dead and Wall Street is feasting on its carcass

Have you noticed how every path into the middle class mysteriously disappears the moment regular people start using it? IT was one of the last ladders that truly anyone could still climb. You could learn the craft, bust ass, build a career, and maybe even build some wealth for yourself and your kids. And right on schedule, Wall Street showed up, smelled money in a place they didn’t control, and tore the whole ladder off the wall.

They didn’t misunderstand what they were doing (they never do). They saw an industry that actually innovated, an industry run by people who understood their tools and did things differently, efficiently, focused on merit. And they reacted like the parasites that they are. Hijack it. Drain it. While they walk off with the cash.

Then, along comes AI. Not as an actual revolution. Not as anything real. Just a prop. A lights-and-smoke financial trick to tell investors. A magic word that lets executives fire whole teams while saying they are “innovating.” And the sad part is they believe it. They honestly think hype is worth more than working systems. They think a slide deck about “AI transformation” contributes more value to a company than the engineer who actually knows how the systems fit together.

Remote work made the whole thing worse. I love working remotely too, but let’s tell the truth: remote work gutted the entire junior pipeline. You cannot train a new generation of engineers through Slack and Jira. You cannot replace the moment a senior looks over and says, “Stop. Don’t do that.” That is where people learned this job. That is where skill was built. Those moments are gone. Seniors kept the comfort. Juniors got pink slips, replaced with chatbots.

Leadership decided mentorship was too expensive and hand-waved it away because AI was supposed to fill the gap. Spoiler: it won’t. And in a few years, when the remaining seniors are burned out or laid off, there won’t be anyone left who actually knows how to run the infrastructure that by the way holds the modern world together.

Which brings us to the MBA and PE geniuses who think they run this industry. These are people who reboot their laptop by yanking the power cable out, but somehow they believe they should redesign global infrastructure. They talk in buzzwords which they barely understand. They buy whatever SaaS vendor has the shiniest marketing. They strip out whole infra teams and call it “efficiency.” They replace everything with contractors and chatbots and then congratulate themselves for “disruption.”

Meanwhile the actual systems, the ones running entire economies, are held together with baling wire, duct tape, and tribal knowledge. Cloudflare knocks out a third of the internet for an hour and everyone acts surprised. Surprised? You could see this coming a mile away. This is what happens when you fire the people who know how anything works and hand the keys to people who think uptime is something that comes from a SLA some sleezy account exec sold you.

There is only one way this ends. Failure. Real failure. Not a red light on a dashboard. Widespread, grinding collapse in the companies and industries that have been hollowed out for short term profit. And the people who caused it will do what they always do. Cash their checks. Blame the people they replaced. Walk away untouched.

When it finally hits (and it will), remember who's responsible. Remember who took an innovative working industry and fed it to private equity vultures to be feasted on. Remember who profited. I'm talking about the investors and boards who bought thriving startups, promising to nurture and mature them, only to force feed them to flesh eating zombies. They made out like bandits, with the generational wealth that belongs to the people whose blood sweat and tears built this industry.

https://redd.it/1pbvaxz
@r_systemadmin

Who's about to have an end-of-year change freeze?

Starts next week and I can't wait. Everyone else in the company will be on vacation and just a skeleton crew for most departments until mid January. So sick of Friday night deployments where we basically roll the dice on if the latest enhancements will work then spend all weekend troubleshooting. Only time of year I get to relax!

https://redd.it/1pbyx33
@r_systemadmin

Question for the mods: what's acceptable?

I made a post this afternoon about the state of the IT industry. I am critical of remote work, which was a secondary point to my post. My primary criticism is of Wall Street influence. I am also critical of Private Equity influence. But secondary mentions of remote work seems to have been a bridge too far.

My post was removed. Messaging the mods was blocked via primary means. One mod replied via chat but my other attempts to engage were met with alerts "no DMs accepted - from you". I appreciate that this is a ultimately a private message board. I also appreciate that I critiqued remote work, which is extremely controversial amongst a majority of /r/sysadmin subscribers. Y'all have strong opinions and I salute you for defending them.

But I broke no rules. I was polite and thoughtful in my replies. And yet, the thread was removed, and the mods radio silent, nonetheless. Simply for discussing a professional opinion, informed by decades in the industry, which seemingly doesn't align with the mods' preferences.

I had a net 400 upvotes in an hour. 80% upvoted. Removed.

Absent any other explanation, this is obvious and apparent narrative control. Anyone who doesn't regurgitate the /r/sysadmin party line that remote work is better than in person: boom, banned, ignored. Silenced.

If you're pro remote work and anti free expression and debate, today is a great day for you. If you believe that robust debate makes us stronger, well, this is evidently not the sub for you.

So how long do you think it will be before this thread is locked by the gestapo? FWIW they truly do believe they're doing the right thing, stifling discussions!

https://redd.it/1pc03nz
@r_systemadmin

Changed DNS records over a week ago. Global propagation checkers say 100% complete, but clients still see the old site?

This is driving me insane.

We migrated our company website's to a new host over a week ago. I updated the A records and the CNAME at our registrar to point to the new server IP.

About 2% of our client base is emailing us saying they are seeing a "Page not found" error.

When I check whatsmydns.net or DNSChecker, every single location shows the new, correct IP address. It’s all green checks.

Troubleshooting so far:

I've asked clients to clear their browser cache (Ctrl+F5). No luck.
I asked one client to run nslookup and they are indeed getting the old IP returned to them.
I lowered the TTL (Time To Live) to 300 seconds before the switch, specifically to avoid this.
The old host has been fully shut down, so they are just hitting a dead end.

Is it possible their local ISP DNS is caching the record for over a week? That seems insane.

How do I fix this now, and more importantly, how do I prevent this zombie DNS in the future?

https://redd.it/1pbz27n
@r_systemadmin

Looking for help reducing a PDF file size

I’ve got a large PDF that I need to make smaller for emailing. Nothing fancy, just a quick reduce without losing quality. Any tools or tips that’ve worked well for you?

https://redd.it/1pc3k78
@r_systemadmin

Phishing attempts are getting sophisticated

Long story short: right as we’d finished negotiating our CRM renewal and were about to sign, "our CRM" emailed saying we had to pay ASAP or our account would be deleted by end of week. It landed with an old admin, got forwarded to the new owner, and his first thought was: “Why isn’t there an in-app notification for something this big?” He looked up the “account manager” on LinkedIn (not a real person), checked headers and domains, spotted a few subtle inconsistencies, and flagged it as phishing.

But for real, the timing from the phishing attempt was too convenient for it to be a coincidence...

https://redd.it/1pc446m
@r_systemadmin

Microsoft Defender Admin portal issue

It seems the security console is not loading properly. Wondering if there is an outage with this at the moment?
Thoughts?

https://redd.it/1pc47gp
@r_systemadmin

Unlocker from MajorGeeks contains Babylon RAT

Got hit with thousands in AWS charges from crypto miners this morning. Spent hours figuring out how they bypassed my MFA.

It was Unlocker 1.9.2 from MajorGeeks! Babylon RAT bundled in keylogger, credential stealer, the works. My whole pc was compromised thanks to it.

Windows defender nor Malwarebytes didnt pick it up back then, and even now only Malwarebytes detects the installer.

Hash: fb6b1171776554a808c62f4045f5167603f70bf7611de64311ece0624b365397

This has been known since 2013. Still up. 1.8M downloads.

Hope nobody else falls for this, had pretty excruciating hours at the bank today.

https://redd.it/1pc91kg
@r_systemadmin

Need to decide on making a change.

I am 24 years into working in IT and federal contracting. I have hated aevery min of working in IT for well over the last 14 years. Now I am 50 years old, 4 kids with one in college and the rest still in K -12. I have been laid off twice this year because of this administration's BS, and I cannot stomach the job or the customer anymore. I am looking at trades now. Hard to imagine getting into a trade at 50 years old and making less money. But I rather make less and actually enjoy what I do with my life for once. Just a bad situation all the way around. I am so sick of interviews and applying for these IT jobs. The requirements that companies are looking for. You need to know a dozen different things for one Sysadmin job, and the crap keeps changing every year. IT was the biggest mistake of my life, and the years I will never get back because of it. AI can have this. The future of this feild is going to put so many out of work.

https://redd.it/1pc8o07
@r_systemadmin