Almost like that xkcd joke…

Why did you train so badly?!

Just choose Australian. Tbh we don’t care how you say it just be loud.

Yes. How can you sit and turn 180 on only your waist. This is just a joke.

To back off your post, does anyone have one for Australia?

I don’t think that works on my Samsung TV, or my partners iPad though. :)

Although not especially effective on the YouTube front, it actually increases network security just by blocking api access to ad networks on those kinds of IoT and walled garden devices. Ironically my partner loves it not for YouTube but apparently all her Chinese drama streaming websites. So when we go travel and she’s subjected to those ads she’s much more frustrated than when she’s at home lol.

So the little joke while not strictly true, is pretty true just if you just say ‘streaming content provider’.

There have been a few cases where ports are blocked. For example on many residential port 25 is blocked. If you pay and get a static ip this often gets unblocked. Same with port 10443 on a few residential services. There’s probably more but these are issues I’ve seen.

If you think about how trivial these are to bypass, but also that often aligns to fixing the problem for why they’re blocked. Iirc port 10443 was abused by malicious actors when home routers accepted Nat- pnp from say an unpatched qnap. Automatically forwarding inbound traffic on 10443 to the nas which has terrible security flaws and was part of a wide spread botnet. If you changed the Web port, you probably also are maintaining the qnap maybe. Also port 25 can be bypassed by using start-tls authenticated mail on 587 or 465 and therefore aren’t relaying outbound mail spam from infected local computers.

Overall fair enough.

It’s paraphrasing Torvalds himself though. It’s a cheeky title.

“… and I have absolutely no excuses to delay the v6.6 release any more, so here it is,”

Oh because if an application doesn’t exist natively in azure, ie not a MS Store app, then you can only deploy by uploading the msi which of course is one version. At an MSP with thousands of devices in dozens if not a hundred tenancies, and new software versions being released daily, you need something that will update all that.

Chocolatey is just for the poorer customers, a best effort, immybot for soe management though if the customer is full. Whenever Microsoft finishes getting their own repository fixed though, using winget could be the new chocolatey. Right now it doesn’t do patching or at least it didn’t 12 months ago. It could install and report but not update.

So thinking of solution life cycle you want something that doesn’t need tons of manual innervation, and you can use PDQ or chocolatey or immybot or whatever. Microsoft can handle its first party software suites and rmm deployment but 3rd party at this stage is just not good enough.

Hope that helps

So aside from using machine wide installers and ensuring that users are licensed for those products, you also need to setup enterprise roaming.

By the way, intune policies if they aren’t changing don’t take 8 hours to propogate to the machine, they take hours to propogate world wide like group policy takes hours to propogate in international sized ad forests.

So if you’ve got your intune policy set to auto sign in one drive and teams and whatever apps, assuming all your devices are intune registered, that setting doesn’t take hours to get to the machine. It’s immediate on first login. If you change that setting, it’s some hours to get it across every single machine. By the way in my experience, generally 80% of the time with a forced sync from the company portal app you should deploy with intune, it’s practically as fast as gpupdate. There’s a few times where you need to patiently wait 15 minutes but you can see that if you name your configuration profile like (v12) and you’ll see it’s either still (v11) or immediately (v12) and you stuffed a setting and it’s still not working.

You should be using machine wide installers not user appdata installers. Are you not?

Just to add more confusion, we are removing MDT from all customers and replacing with intune using the already created json templates we have plus then also deploying chocolatey with intune then calling powershell from intune to install other software. I’d say only 20% of our customers have on-premise AD the other 80% are all Microsoft Business Premium licensed unless over 300 staff, and that’s why we have been transitioning customers to only that for the last few years.

MDT is the right tool for AD on premises though so don’t be dissuaded from that, just more, you should know.

After I followed the instructions and having 15 years of system administration experience. Which I was willing to help but I guess you’d rather quip.

From my perspective unless there’s something that you’ve not yet disclosed, if wireguard can get to the public domain, like a vps, then tailscale would work. Since it’s mechanically doing the same thing, being wireguard with a gui and a vps hosted by tailscale.

If your ISP however is blocking ports and destinations maybe there are factors in play, usually ones that can be overcome. But your answer is to pay for mechanically the same thing. Which is fine, but I suspect there’s a knowledge gap.

Are you sure? Did you want to troubleshoot this or did you just want to give up?

I’ve got two synology nas connected to each other directly for hyper backup replications at clients because both units are on cgnat isps and there’s no public IP. And it just works.

Didn’t understand that by willing you meant wanting.