Microsoft to block Exchange Online Access for outdated mobile devices

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-block-exchange-online-access-for-outdated-mobile-devices/

I thought I'd share this because I could see helpdesks potentially get flooded with folk running out of date mail apps on their mobile devices.

https://redd.it/1po8ju1
@r_systemadmin

Microsoft M365 support blew up on me and hung up for asking why I need to install Outlook and do an index repair if I am having search issues in the cloud (OWA) which is all I use.

MS support has always been okay, and I have never had an issue before but the tech I had today did not seem to understand the difference between cloud and desktop outlook. I only use OWA and he wanted me to install Outlook and do a reindex because he said I had a corrupt profile on my PC was affecting the search in OWA. When I asked him how that would help me with my cloud issue, he went on a rant about how I had called him for help (as if to say not ask questions) and when I responded he hung up. I escalated to his manager via email hours ago and no one ever responded. I manage about 1500 endpoints with M365 for different orgs. Has anyone else had to deal with anything like this? How do I escalate beyond his manager?

https://redd.it/1po9plz
@r_systemadmin

how you handling IT requests that start in Slack?

how do teams of your own are dealing with this because damn. we’ve got users dropping requests in Slack DMs, channels, emails, you name it.

We’ve tried “please submit a ticket” reminders, but realistically slack isn’t going away. The problem is context gets lost, nothing’s tracked properly, and the help desk ends up doing cleanup work.

Are you just forcing everything into a ticketing system, or using something that turns Slack messages into tickets automatically? What’s actually worked long short but maybr long term??

https://redd.it/1po79n9
@r_systemadmin

Security reviews keep asking for the same evidence in different formats

Hi all
We recently started selling into midmarket/enterprise customers and what’s catching us off guard isn’t the questions themselves but the repetition.
Every security review asks for almost the same if not the same things like policies, control evidence but always in a different fucking spreadsheet, portal or format.
Right now this means reexporting the same material over and over and it’s starting to waste a lot of our time.
Do we just standardize internally and adapt per request or is there a better way to manage this without hiring someone just to monitor audits?
Would appreciate any help🙏 .

https://redd.it/1po9c3h
@r_systemadmin

Help! A User is receiving mail not addressed to them!

I have exhausted my efforts in troubleshooting a ticket where a user states they are receiving emails to a group they are not a member of (and shouldn't see!). Here's what I have:

User: jdoe@work.com
Mailgroup: sales@work.com
Mail: Exchange Online
Environment: AD hybrid joined
Mail Filter/Journaling: Mimecast

1. I have confirmed that jdoe is NOT a member of the sales@work.com group
2. I have confirmed that jdoe is NOT a member of any other group listed under sales@work.com
3. I have confirmed that there are NO transport rules mentioning jdoe or sales@work.com
4. I have confirmed that NO message trace from within Exchange Online will show this email as being sent to jdoe
5. I have confirmed there are NO auto forwards of mail to jdoe


I am full admin of my org so I can get into any system needed, but this is making no sense to me. To boot, jdoe WAS a member of sales@work.com earlier in the year, but has since moved out of that group and into another, production@work.com.

https://redd.it/1pobke2
@r_systemadmin

Proxmox or Hyper-V?

I am designing an on-prem environment for an accounting firm and want to make sure I am approaching this the right way from both a performance and licensing standpoint.

Applications involved:
• Thomson Reuters Accounting CS, uses SQL Server
• Thomson Reuters Fixed Assets, uses SQL Server
• Intuit QuickBooks Enterprise
• Lacerte by Intuit

From vendor guidance and experience, I understand the SQL workloads should not be stacked together, so the plan is to separate them logically.

Hardware constraint:
• Single physical server
• Virtualized environment

What I am trying to decide is the best virtualization and licensing approach.

Option 1:
Use a bare-metal hypervisor like Proxmox and deploy two Windows Server 2025 VMs, each hosting its own application stack and SQL instance.

Option 2:
Use Windows Server 2025 Standard with Hyper-V, run the host as a Hyper-V-only parent, and deploy two Windows Server 2025 guest VMs.

This leads to my licensing questions, where I want to be sure I am not misunderstanding Microsoft’s rules.

My current understanding is:
• Windows Server Standard licenses are per physical core, 16 core minimum.
• One fully licensed Windows Server Standard host grants rights to run up to two Windows Server guest OSEs
• The Hyper-V host must be used only for virtualization, no additional workloads
• If I want more than two Windows Server VMs, I must stack additional Standard licenses on the same host

Questions:
1. If I license the physical server with Windows Server 2025 Standard and use it only as a Hyper-V host, do I need separate licenses for the two Windows Server 2025 guest VMs, or are those covered by the base Standard license?
2. Are the guest VMs automatically activated when running under a properly licensed Hyper-V host, or would I still need KMS or AVMA configured?
3. From a real-world performance and management standpoint for accounting workloads like Accounting CS, Fixed Assets, QuickBooks Enterprise, and Lacerte, is there a strong argument for Proxmox over Hyper-V, or vice versa?

https://redd.it/1pomynz
@r_systemadmin

Found out an employee is on OF from MS Defender

I thought I have seen it all until the other day.

I found out an employee is on OF from reviewing the spam/phising email reports.

An employee reported an email from Onlyfans as phising.

Subject: A new login on your Onlyfans account
DMARC: Pass
MS Defender Checks: No threats found
To: employee@company dot com
From: noreply@onlyfans dot com

Craziest part is no one would have ever known if he didn't report that email as phising. I kindly marked it as "No threats found" lol

Has anyone seen anything crazier than this?

https://redd.it/1pooa3l
@r_systemadmin

KnowBe4 alternatives

We’re looking at refreshing our security awareness setup and KnowBe4 keeps coming up just because it’s the familiar name, but I’m trying to get a better sense of what else is actually working for people. I’m mostly interested in tools that feel realistic in day to day use, keep users engaged without burning them out and don’t require constant handholding to get useful reporting out of them. If you’ve moved away from KnowBe4 or tested other platforms how did they hold up in a real environment?

https://redd.it/1povudy
@r_systemadmin

What is the best way to monitor browser risks (extensions, data exfil) without crossing into invasive surveillance?

In environments with remote/hybrid teams on Windows/Chrome/Edge, how to handle the growing risks from unauthorized browser extensions and potential data leaks (e.g., sensitive info posted to external domains or copied into shady AI tools)?

Specifically looking for approaches that provide event-level visibility/alerting...things like:

* Detecting extension installs
* Flagging uploads or POSTs to non-approved domains
* Blocking or alerting on high-risk browser activity

...but without resorting to full surveillance tactics like keystroke logging, screen recording, or constant session monitoring.

https://redd.it/1povgo7
@r_systemadmin

Why are internal/business applications so far behind public applications in terms of user experience?

I work in system implementation, and have been directly involved with SAP, Oracle, and Siemens Teamcenter transformations, and have been a stakeholder for MS Dynamics, Salesforce, and similar transformations.

One of my biggest continuing complaints is how bad the user interface/experience is for these tools, especially those that aren’t customer facing. Teamcenter, for instance, is incredibly unintuitive to new users and is prone to long loading times; Oracle is a bit more user friendly, but still looks like it was built in 2003 out of the box and its OOTB reporting is stuck in 1994.

So what is it that’s driving this? Is it a lack of investment in UX by the creators? Lack of investment from my employers when planning their implementations? Or simply a byproduct of the highly customizable nature of this kind of application? All 3? None of the above?

https://redd.it/1poyaxy
@r_systemadmin

Looking for a way how to block AI mode in Google Search?

Hi everyone,
i am seeing in most of educational settings, students are relying on Google Search’s AI Mode to get instant summaries instead of doing proper research. While AI Mode provides quick answers, it can contain inaccuracies and may lead students to copy content without verifying it. This reduces critical thinking and research skills.

Has anyone successfully disabled AI Mode in Google Search for students?

https://redd.it/1poz954
@r_systemadmin

Is a bachelors degree in Information Systems still worth it?

Hello, i am a 27 year old struggling between going back to school to finish my bachelors in information systems or getting into the trades for electrician. For context i have roughly 1.5 years left of classes to finish. I took a 2 year break and need to make a decision now.

I know the market is saturated with people trying to get IT jobs and outsourcing. I would have about 14k of school debt when i finish. By that time i could be making decent money as an electrician.

For anyone in IT do you still recommend going into this field?

Any regrets?

Thanks.

https://redd.it/1pp0fok
@r_systemadmin

W365 - 24H2/25H2 - Performance hit

We have several hundred Windows 365 CPCs across different customers. In the majority of cases, they run 2CPU, 8GB, 128GB - and workloads are M365, Edge and a couple of Line of Business apps.

When these were 22H2/23H2, the performance was reasonable. Not mind-blowing, but for your average knowledge-worker, it was fine.

Since 24H2/25H2, poor performance is increasingly becoming one of our top support tickets.

Upgrading to 16GB alleviates much of the issues, but it's quite a costly jump for several hundred systems.

I know 8GB is not great with W11 - but it *was* functional.

I'm debating A/B testing a 25H2 gallery image with WDOT, with/without our security tools, etc. Equally, dropping it - and using ZTNA/Global Secure Access and long-lining into Azure instead.

I'm interested in other people's recent experiences. W365 started out great for us and our clients, but it's increasingly becoming a pain in the arse.

https://redd.it/1pp5d0k
@r_systemadmin

ISP Line termination

I was planning to switch ISPs for my organization in lower Manhattan. Everything was set until the new ISP told me they would only connect to the building’s phone closet on the 4th floor. To run a line up to our floor (24th), they said it would cost an extra $4,000.

We don’t change ISPs often, but I honestly don’t remember ever having to pay extra just to get the line into our network room. Am I forgetting something, or does that seem excessive

https://redd.it/1pp5mx9
@r_systemadmin

Windows 11 Settings Menu Will Not Launch

Omnissa Horizon VDI Environment
Windows 11 25H2

Over the past several months, I have run into a number of users who cannot open the settings menu for some reason. After they click the icon, you can see the window with the cog in the center pop up but then it disappears before moving any further. If you search for specific settings and click the option in search, those do not launch either.


If I have the user log out and I log in as myself (non-admin/elevated creds), I am able to launch settings without issue. Once the user logs back in, the issue is resolved for them. A normal reboot/logout does NOT resolve the problem. Another user must log in and launch settings to fix the problem.


I've done some googling without much success. All the recommendations suggest running sfc /scannow, which does not resolve the problem in my case. I've also seen several other reddit threads on the issue, so it seems to be a somewhat common one, but in those cases it's usually a single person having the issue, not someone who has seen it in an enterprise environment.


Has anyone else seen this issue? Did you find a fix that doesn't involve logging in as another user? If this were one or two cases, I probably wouldn't care enough to post about it, but I've seen it enough that it has become a serious annoyance.


All of my systems get the same set of policies, so I do not believe it's related to any weirdness there.

https://redd.it/1pp4hge
@r_systemadmin

Windows failover cluster setup questions.

We are going to deploy a 3 node Windows server 2025 failover cluster for VMs and file shares on HCI hardware. I read that Scale-out file server (SOFS) role is not needed in Hyperconverged deployment. But then there is also reference about enabling SOFS in Hypercoverged setup. Are they for specific setup? For the file shares, should we enable the general File server role on the host instead of using the VM for file sharing to avoid overhead? Thanks

https://redd.it/1ppbpuc
@r_systemadmin

Docusign Question

My employer is implementing basic Docusign for its Procurement Department. The end users need to be able to:

(1) send a document to supplier for signature, (2) have the supplier sign, and
(3) countersign and download the fully executed document WITHOUT it being sent back to the supplier.

This is because the fully executed document is then attached to a PO in my employer’s ERP, and only released when the PO is approved.

Is anyone aware of a workaround to get this outcome? Looking for a solution that is workable on the most basic version of Docusign.

Thanks!

https://redd.it/1pp6ijh
@r_systemadmin

You disabled NTLM across all of your workstations. What problems did you not account for?

Disabling NTLM across all workstations has been added to 2026 roadmap, and I have been doing some research on potential impact.

In our case, out of 1000 workstations, only 10 might be impacted due to legacy processes/workflow. Business will be addressing those so nothing for IT to worry about there.

Windows 11, Entra joined, no on-prem, no hybrid. Reviewing past 30 days of logs shows NTLM being used on those 10 workstations only.

A bit shocked, I thought this would be more cumbersome to prep for, so I must be missing something.

Did you disabled NTLM? What did you miss so I don’t have to?

https://redd.it/1ppeuhv
@r_systemadmin

In your organization, who is the authority that decides what gets posted in your SPF record?

In your organization, who decides what gets to send email as your organization?

We are limited to 10 records in a domain's SPF record. Let's say 9 of your slots are used and there is 1 left, who makes the judgement call on using that last available record?

What happens if there is a future ask/need to allow yet another application/vendor send email on your behalf?

Just curious. Is it the team that manages Exchange? The team that manages DNS? Infrastructure Team? InfoSec Team? A CISO? The jack of all trades that's carrying IT?


https://redd.it/1ppe0d6
@r_systemadmin

I’m burnt-out

I’m slowly realizing that there’s a leadership/management/culture issue at work because my coworker, whose supposed to have shared responsibilities as me, isn’t even doing half his work, so a majority of it falls on me. And has been falling on me, for months.

I “spoke up” for myself, already, this past late spring and was given a near 10% salary increase, but that feeling of dread is creeping up on me again, and I don’t think any pay increase is going to shake it off. It’s obviously the dynamic.

I think I need a separation from this coworker. I can work with the most difficult person, easily, but I cannot work with someone who doesn’t even do their work.

I’ve been talking to my manager about “change” amongst us for the last 2 months, but it doesn’t sound promising or enthusiastic because my manager isn’t bringing any ideas to the table.

I told him that I’d wish they’d promote my coworker to some other area, to slack off over there, while I can do my thing and train someone that actually wants to work, collaborate, and work as a team. I just don’t have that with my current coworker, and after nearly 3 years of this, I know that it’s never going to happen.

Edit: also, before anyone says, “bring it up to your manager” - it’s not necessarily professional for me to criticize my coworker’s performance because that’s not under my role and/or functions of my job. That’s up for my manager to do, and that’s wherein the problem remains. If my manager can’t acknowledge his shortcomings, they’re going to eventually promote this guy to leadership/management and make this org a true shitshow. If that happened anytime soon, I would easily be looking for my exit plan because he is not leader material (at least not from what I’ve seen)

https://redd.it/1ppi42x
@r_systemadmin

Degree vs. Experience: Which would you rather have?

I’m currently in a position where I have the noscript and the experience, but no degree. I’m curious about the trade-off in today’s market.

* Which candidate is more valuable long-term?
* Does the degree eventually "expire" if there's no experience to back it up?
* For those who took the experience-only route, have you hit a ceiling?

https://redd.it/1ppgy2n
@r_systemadmin