Previous-Low4715

Look at Halo ITSM/PSA if you want to see how it's done in 2026

I’ve used Intune to manage around 5000 devices for five years without any notable issues.

This is the answer, block it with the CASB designed for this

For fucks sake man this sub is DYING because of this trash

Claudeslop answer: Based on the context provided in image.png, the IT admin's actions cross several major legal, ethical, and procedural lines, especially from a UK compliance perspective. While a corporate AUP typically allows IT to maintain systems and preserve logs, the proactive, unprompted investigative steps detailed in image.png go far beyond standard operational mandates and enter highly problematic territory. Here is a breakdown of why the actions in image.png lean heavily into illegal or severe non-compliant territory rather than just "borderline" policy breaches. 1. Unauthorized Access and "Snooping" In image.png, the admin admits to looking at the content of a stuck page, searching HR systems for a name match, auditing printer logs, and directly jumping into the user's corporate OneDrive without a formal request or ticket. The Reality: While corporate assets belong to the employer, access to individual user data must still be justified under a specific legal basis. Proactively digging through an individual's OneDrive or live browser history based on a hunch, rather than acting on an explicit threat vector or a formal HR/legal escalation, can violate data protection laws. Computer Misuse Risks: In strict jurisdictions, accessing a specific user account or remote-controlling a machine while an employee is away without explicit, documented authorization or an open security incident ticket can blur into unauthorized access. 2. Serious Data Protection Violations (UK GDPR / DPA 2018) The admin in image.png actively looks up an individual in the internal HR system to check for a match. Purpose Limitation: HR data is highly sensitive and collected for specific employment purposes. An IT administrator utilizing their administrative privileges to cross-reference data in an HR database for an independent, unassigned investigation is a direct breach of the Purpose Limitation principle under data protection laws. Proportionality and Privacy: Remote controlling a user's PC while they have "stepped out for an hour" to actively read their open browser tabs and Google searches violates reasonable expectations of workplace privacy. Even under strict corporate monitoring policies, targeted surveillance must be proportionate, justified, and typically vetted via a Data Protection Impact Assessment (DPIA). Siloed, unsupervised IT snooping completely fails this standard. 3. Destruction of Evidence The edit in image.png states: "I was instructed by HR AND the employee to delete the files." Compliance Failure: If the documents contain third-party Social Security Numbers (SSNs) and financial data, they represent a severe data breach for the organization (and potentially the notary's external clients). Simply ordering IT to "delete the files and backups" to make the problem go away, without logging a formal data breach, identifying the affected data subjects, or following a standard incident response protocol, is a massive regulatory compliance violation. Summary The comment at the bottom of image.png highlights the organizational reality: "You're not really supposed to do any of this unless someone in HR asks you to." By acting as an independent investigator, processing HR database records without cause, and conducting targeted live surveillance on an endpoint without a formal ticket, the IT administrator in image.png exposed themselves and their company to significant liability. Securing a perimeter or preserving logs during an active infrastructure alert is standard IT protocol; digging through a specific user's private folders and live browser sessions without authorization is a severe overreach.

In the UK this would be borderline illegal depending on the wording in the AUP, at the very least it would make it very difficult for the company to remove the employee in question. The employer is still bound by GDPR regardless of what is in the contract and there are numerous laws and precedents separating IT technical gathering from HR/conduct investigation.

Exactly this. It’s not up to sysadmins to randomly investigate employee conduct

It works in our environment, use pins rather than mapped drives though.

You’re not really supposed to do any of this unless someone in HR asks you to. If they’re friends with management and you jeopardise their employment or out management in an impossible situation, you’ll come off badly if not worse than the person in question.

It’s unbearable lately, there really needs to be a rule about advertising/researching for vibecoded slop

Not really. It’s just another albatross around your neck. I sold the switch to autopilot to my security team (who were obsessed with getting “gold images” tested by a third party for no real reason) as a switch to “gold configs”.

You don’t run two AV in parallel. You run windows defender without windows defender antivirus, and the other antivirus slots in

Yeah I had to deploy all this recently

I’d just look at autopilot if I were learning something new today

Defender works with other antivirus solutions. Defender antivirus is just one component of defender. You can have windows defender running while sophos is the antivirus module for example

Please plan don’t on vibecoding something which 500 other companies already offer

Likewise, we dropped chrome for edge years ago now.

You can use a SAM tool like license dashboard or snow. Both have ways to track SAAS or hook into Microsoft CASB

Intune is more than fine honestly

Modern approaches would be headless servers, containerisation, IAC, automation, azure policy, PAM with session recording, proper change control etc.

Depends how many licenses you've got, you get a shared pool of storage with each license.

Yeah, we turn off Sharepoint sync everywhere. Everything goes to Sharepoint unless it can't live on Sharepoint, then it lives in Azure files.

What about Azure Files, or better yet SharePoint

Depends entirely upon a few key details like the organisational risk appetite and the current configuration of local user access. But this isn’t a technical problem, it’s either a communication breakdown or a genuine idiot making roles untenable, and it can’t be solved by a technical solution. If it’s one of those horror show situations we see on here occasionally where everyone has local admin access, that’s a massive security issue but also provides a technical route to adopt this ridiculous positioning. I’ve been management for a few years now but if I were still doing senior sysadmin, In his position I would simply get it in writing as published guidance. I’d support the customer until a UAC escalation prompt appears, then tell them no further support is available because of a new policy from named CTO and point them to the published guidance. Once you hit critical mass of enough customers unable to work, heads of department and line manager executives will solve the problem for OP through direct outside on the CTO. The key thing for OP is to get the guidance in writing and to have a product in mind when he’s very quickly asked to get one up and running. Most of intune premium suite is coming to E5 soon, so that might be an option. IF CTO is a career executive who has no technical knowledge he may genuinely not understand why you can’t simply cancel the remote support contract to save a few bucks. All OP can do is lay out very simply what can and can’t be done without a remote support tool, in writing, and escalate.

Guide them into looking at a UAC prompt they can’t traverse because they don’t have local admin or LAPS access… I hope

Scientists are the worst, trust me. "I don't care if it's triggering 140 separate CVEs, I need to run this cobbled together Access database "app" on a Windows 95 VM on this unmanaged Windows 8 machine connected to the internal network because there's no other way to operate this bespoke machinery we paid half a million for 19 years ago and never maintained or bought support for, stop making my job difficult"

All my device based rules are global and I have thousands of devices

I knew this was slop just from the title

It used to be good, now it’s a fawning hallucinatory disaster. I use it a lot.

Claude, the rest are a disaster 

Weird, we have tens of thousands of assets and no performance issues.

We can see exactly where you are signing in from every time you sign into Microsoft 365, I’ve used it many times in HR investigations to prove or disprove claims made by or about employees. Just fill in the forms and get permission to work abroad or don’t work abroad.

Honestly, just study the new ITILv5 and implement that. No one reinventing the wheel and you’re starting from square one which is rare.

People are vibe coding crap either Claude and then thinking they can sell it. Alternatively they’ve being told by chatgpt and Gemini to do market research here.

From post history it sounds like you don't have a very good attitude and haven't gotten out of the Dunning Kruger bell curve towards strategy, business systems analysis and enterprise architecture which typifies a lot of sysadmin attitudes.

Slop

There are loads of ticket types. Problems, incidents, requests, changes etc. ITIL will guide you on this

I know, I have been administering Active Directory in on premise and hybrid environments for 20+ years and currently do it for a large gov org transitioning to cloud. There’s an awful lot more in terms of prospects by learning hybrid or fully Entra environments in 2026, especially for someone starting out in the field. On premise AD is a career dead end for the most part.

OK.. "don't". It's like studying betamax repair.

This is literally the same structure as three other posts this week including the “not selling anything just trying to understand” at the end.

Coming from someone who has done it for 30 years, I’d go straight into Entra and do MS900 (even though it’s being deprecated). Then do Az900.

Oh God there’s a new UI?

Halo is great but needs a lot of development work in my experience.

Windows/Azure

urggggh for God's sake

You need to use azure communication services instead of exchange online.

Azure files is only really good for data which cannot live in SharePoint. You need to force that change culturally with buy in from execs.

Can we get a rule on this mods

Claud already exists. Is there not a rule against this endless slop we’re seeing almost hourly at the moment

“Well I’ve vibecoded a tool…”