I won’t deny it’s godawful to have shit split across AD, Group Policy, Regedit, and Azure/Entra/Intune.
But they very much still have controls for all this shit, almost always available before the feature rolls out. I’ve literally never seen this shit make it through to our end user devices in an un-intended fashion.
Hell, just hold non-security updates for a period of time for review before pushing it to your entire environment if this (not actually happening) issue is a concern. That’s like basic table stakes for Windows environment administration: update cadence management and pilot machines.
Please don’t claim to speak from a place of authority on this and then spread falsehoods. There’s plenty of shit to hate without making things up.
Like the third party app approvals in Azure and Teams defaulting to allow any non-admin user to be able to approve any azure app access to all of their data with no oversight. You can (and should) lock that the fuck down. It’s a batshit default, not a lack of controls.
I won’t deny it’s godawful to have shit split across AD, Group Policy, Regedit, and Azure/Entra/Intune.
But they very much still have controls for all this shit, almost always available before the feature rolls out. I’ve literally never seen this shit make it through to our end user devices in an un-intended fashion.
Hell, just hold non-security updates for a period of time for review before pushing it to your entire environment if this (not actually happening) issue is a concern. That’s like basic table stakes for Windows environment administration: update cadence management and pilot machines.
Please don’t claim to speak from a place of authority on this and then spread falsehoods. There’s plenty of shit to hate without making things up.
Like the third party app approvals in Azure and Teams defaulting to allow any non-admin user to be able to approve any azure app access to all of their data with no oversight. You can (and should) lock that the fuck down. It’s a batshit default, not a lack of controls.
That’s what I heard from the guys managing group policy in my org. It’s been several years since I did any group policy admin.
I also remember something about Teams pushing features without control. Maybe it was when they started letting users create teams groups.