Moronic Monday - October 13, 2025
Posted by AutoModerator@reddit | sysadmin | View on Reddit | 16 comments
Howdy, /r/sysadmin!
It's that time of the week, Moronic Monday! This is a safe (mostly) judgement-free environment for all of your questions and stories, no matter how silly you think they are. Anybody can answer questions! My name is AutoModerator and I've taken over responsibility for posting these weekly threads so you don't have to worry about anything except your comments!
malikto44@reddit
Is it wise to have another tenant for Azure, just for testing stuff, with perhaps a PC or two on AutoPilot and InTune? This way, if something goes pointy-end up, it doesn't affect anything else.
Frothyleet@reddit
Ideally, yes. And you used to be able to get dev tenants for free.
Most orgs end up testing in production with M365, which mean exercising extreme caution in scoping changes to your test groups.
Mis-scoping a CA policy can break a lot of stuff, for example.
endfm@reddit
nope, groups and a fake user.
Testing Groups, no need to start a new tenant
Lazy-Function-4709@reddit
My organization just went to 365 and I don't have experience with Entra outside of recently. I am also doing IT for my church. The church has 2FA enabled via Security Defaults (they only have the basic license/Business Standard). However, despite this, users are not getting prompted for 2FA auth when signing into Office apps, email online, etc. Is there something more that needs to be done to force this? My "day job" org is forcing via Conditional Access I believe, but CA is not available with the licensing my church has. Can someone shed some light on this, or point me to the docs? I have been poking around MS official docs, but it's a labyrinth. Thanks!
Frothyleet@reddit
You won't necessarily get prompted every time, although you will always get prompted when, e.g., it's the first time on a new device.
Algorithmically, with security defaults, MS prompts as needed. It's not perfect but for most orgs and for non-privileged accounts, it works just fine.
Rawme9@reddit
Security Defaults only applied MFA to risk sign-ins. If you want it to prompt every time, you'll need to turn off security defaults and configure both Per-User MFA, a security group for MFA users, and Authentication Methods (none of which are crazy difficult or time consuming). For this method you don't need CA or the additional Entra P1 licensing
Lazy-Function-4709@reddit
Thanks. I was looking at per user MFA, but I didn't think that was quite right. I will go forward with that knowledge!!
Rawme9@reddit
CA policies are definitely more recommended but the additional licensing is not insignificant! Best of luck!
Lazy-Function-4709@reddit
We are able to get 365 Business Premium, just need to do the upgrade/buy the licenses. Maybe this will grease the skids on that project...
Zarguthian@reddit
Is October's Patch Tuesday delayed? There are no WSUS updates for my servers.
OhTeeEyeTee@reddit
Today is Monday. Tomorrow is Tuesday.
a1000milesaway@reddit
When you realize it's going to be a long week.
Zarguthian@reddit
I thought it was last Tuesday when it was meant to happen.
deliriouswishcasting@reddit
Second Tuesday, it's always second Tuesday.
rangerswede@reddit
Here's a story from 30 years or more ago. BTW, I never consider the people I support as morons ... they are just folks who are still learning things.
Anyway, this was back in the day when one of the Windows screen savers (Deep Sea Creatures? Was that one of them) would cause Windows to crash. I had a user that was having random crashes and suggested she turn her screen saver off. She did ... and all was well for a while.
Two weeks after we turned if off I was down in her area and asked how her PC had been. She told me it had just crashed that day. I said something like, "Rats! I thought we'd fixed that when we turned off the screen saver."
She replied, "Well, I turned it back on this morning."
"Oh ... well turn it back off," I suggested.
She replied, "I don't see how that will help."
She did turn it off.
AntagonizedDane@reddit
Had colleague accuse us of logging into her PC to log her out of a softphone queue she's responsible for.
Truth is she's part of a team, neither of them are capable of coordinating who's logged in and when, and apparently they've all been logged out of the queue for nearly two weeks...
Funny thing is our system automatically logs them in, and they manually have to opt out. She couldn't quite explain that, yet it's still somehow our fault.