AlchemyNZ

@dashmundkar The first nat gateway should be free and charge for usage only after an amount to cover for updates. Currently it’s just more cloud tax for small environments.

Your new Azure VM can't reach the internet. That's not a bug → it's the new default. After March 31, 2026, every new VNet ships private by default. No NAT Gateway = no apt update, no Windows Update. Nothing. 👇 Why Microsoft killed default outbound: ❌ IP owned by Microsoft — could change anytime ❌ No ICMP, no fragmented packets ❌ Inconsistent across NICs & VMSS ❌ Zero Trust violation by design Your 4 fixes (in order): ✅ NAT Gateway ← do this Standard LB + outbound rules Instance-level public IP Firewall/NVA + UDR Why NAT Gateway wins: → 64,000 SNAT ports per IP (vs ~64) → Scales to 1M+ ports → You own the egress IP → Attach once per subnet. Done. The migration (don't skip step 4): Find affected NICs → Advisor → Operational Excellence Attach NAT Gateway to the subnet Set defaultOutboundAccess = false Stop + deallocate the VMs ← everyone forgets Start. Verify egress IP. Gotchas: ⚠️ Old Terraform AzureRM → still permissive ⚠️ LB backend pool by IP → leaks default outbound ⚠️ Windows Activation/Update → silently fails The lesson: Implicit defaults feel free. They're never free. You pay at 3 AM when an IP rotates or SNAT ports dry up. Explicit > implicit. Always.

@RyanLNewington I have never seen a signed file and this wont change that. These changes should be signalled months in advance so admins can be ready or provide feedback. Just contributes further to people hating updates.

JFC Microsoft - who has ever signed an RDP file in their life??? Does anyone at Microsoft actually use RDP? Forcing me to tick these boxes every single time is total nonsense.

@xenappblog @MSIntune @kaidja Devices showed upto date on this report when still in progress locally. So I had to use a proactive remediation to report instead. I would not trust this report by itself.

One Platform Script that will instantly fix most of your Secure Boot Status Not up to date in @MSIntune Why is nobody other than @kaidja talking about this? Try it out and give it 24 hours. WinCsFlags.exe /apply --key F33E0C8E002

@chrisluxonmp So which states are not upholding international law? Just say it.

Attacks on fuel tankers and energy infrastructure in the Middle East are leading directly to higher fuel prices for Kiwis. That’s why we have joined the United Kingdom and other countries in condemning Iran’s attacks in the Gulf. Iran has forced the effective closure of the Strait of Hormuz to ships carrying fuel and other critical goods to places like New Zealand. New Zealand has a longstanding record of working with like-minded partners to ensure open supply lines for global trade. Obviously, any future decision for New Zealand to support multilateral efforts to ensure safe passage through the Strait of Hormuz would need to be considered by Cabinet.

We live in the dumbest timeline. *Waves in the general direction of everything*

@henrycooke These BS headlines are why media cannot be trusted and disinformation got so bad. We had a world leading response. Stop feeding the cookers.

The second Royal Commission report on Covid is out, with a lot of very tough reading for the last Govt. It suggests the Auckland lockdown went too long and against advice, the Govt did not move fast enough on RATs, and that there was advice against kids getting the vaccine

@loicmitton @IAMERICAbooted Could be that you need to pull down in authenticator to refresh. Only high confidence notifications are pushed automatically.

@IAMERICAbooted I saw the notification issue on a colleague last week, if you find why I'm interested to see if the issue is the same for him. I'm onboarding a new fully managed android 16 tonight to test it too.

Setting up Microsoft Authenticator passkeys that use FIDO2 was an adventure. I thought I would have to switch few buttons and bam, would be done. Nope. This is what happens with no planning and without reading the documentation 😆 Here's how it went: 1. I changed some settings in Entra. They really didn't matter for on-boarding. They matter for hardening. 2. I recently bought a new phone and transfered my authenticator from my old phone. After several times of forcing to re-register authenticator from Entra, I finally realized I have to delete my old account in authenticator so it could regiater a new one. 3. I have other technology passkeys on my device and I found the order mattered. I had to move Authenticator to be priority. That caused my Amazon Passkeys to stop working. Who knows, maybe its a problem with my latest and greatest version phone. 4. I finally got the passkeys to register in my authenticator and show up in my user profile in Entra. But it was still prompted for my password 😆. Duh, I had to select more sigin options because I hadn't hardened it yet. I didn't want to lock out my accounts. 4. Now I'm to the point where Im getting the simple authn flow and it asks me which device to send a notification. I choose my phone. But no notifications come through. 5. Then I realized I hadn't joined or enrolled the laptop I was working on to Intune. Also, at some point, WIP settings in Intune were blocking me. Womp womp. Its so much easier to test in prod :p 6. Still no joy. Now my computer won't register because it windows 11 home. So I update the OS to Windows 11 Pro and low and behold ... still no joy. 7. I then went through all my settings in Entra, Intune, Phone, Computer. All are correct. Still can't join. Lol. 8. Tbc - Try with a windows enterprise VM ... but the passkeys are registered!! 😆 The joys of IT. Happy Monday, friends!

@ariaupdated Great news. Thanks for acting on the feedback.

#Update due to your feedback, we are going to ensure that the date (month and year) remain present on update titles. Please keep the feedback coming, we are listening! #WindowsUpdates #Autopatch #WSUS

@georgedick @zoink The amount of exploitation and toxic culture driven from it is a red flag for me. Not saying there are exceptions but it’s not the norm in my experience. We are not wired the same so expecting all people not to be shitty is a pipe dream.

Called Zack to apologize (and appreciate his willingness to talk despite the late hour). This note from our Sales team is totally unacceptable and the opposite of how we want to work with customers. Let me be clear in response to questions that have come up. No one in Sales has access to the contents of customers' Figma files. Customer support and select members of our R&D team can access files in certain situations that the customer has authorized. All access is logged and we have monitoring in place. We are formally investigating the rep behavior and will act appropriately. Our initial findings are that file names were accessed in an interface that was built for sales to address customer issues — against our training and protocols, which we are also reviewing.

@ariaupdated Will it be there? The history in the screenshots shows the install time not the patch date. No one can quickly communicate using version numbers or KB#. Being able to communicate updates based on patch date is critical otherwise it just becomes noise that people have to google.

@TheAlchemyNZ The year and month will still be available in the update history page. Can you tell me more about why you'd want the year and month shown when downloading?

#FunFact the Windows update titles are getting an #update Learn more here: techcommunity.microsoft.com/blog/windows-i… #Windows #Autopatch

@nilsvanwoensel @ariaupdated Yeah its annoying and generally because the history is only is what the update client installed. If use WAC or AUM you cant see this in windows update history.

@ariaupdated @TheAlchemyNZ Also missing a good update history/installed updates in settings menu. Would like to see more time spend to fix that than changing the names.. Often still need to go to old control panel to see the correct list of installed updates. Multiple os have this. Even on servers..

@IntuneSuppTeam When are Baseline updates coming? Why can we not get day one support for Windows?

🚀 Windows 11 25H2 + Intune: New Settings Unlocked! 🛬 36 new Windows 11 25H2 settings have landed in Intune’s settings catalog! 🛡️ From expanded controls for security and privacy, to device management, there are many settings available to configure today, with many more to come in future updates. 📚 Read the blog to see the available settings, and let’s empower your IT administrators to efficiently manage and secure devices from day one! ➡️ Learn more: aka.ms/Intune/Windows… #MSIntune #IntuneSettingsCatalog

@NathanMcNulty Thanks Nathan, will look at this as the only workaround was to target o365 instead of all. I tried for months with support and constantly got told this was by design. Almost like MS doesnt support MAM customers. So much for the security first initiative.

I love passkeys in Microsoft Authenticator, but rolling them out with Compliance and/or App Protection Policies has not been as easy as it should be... But I have good news - we can create a better experience without introducing significant gaps :) nathanmcnulty.com/blog/2025/09/i…

@Deadlyslob @nikgeneburn They don’t play their own game. At this point I just want a proper hardcore mode for PVE so that I can do it without wipes. Because PVP has no vision that works for the whole player base.

If we're bring the Flea Market back at level 35 with 1 FIR item, and removing most of the Hardcore Wipe trader stuff. There isn't really a reason to continue HC stuff Make Flea Market level 15 with 2-3 items regardless of the status. #EscapefromTarkov @nikgeneburn

@MyNameIsMurray I have trauma from contacting MS support. The only hope sometimes is the problem goes away over time or you fix it yourself.

Microsoft Support is literally the worst. I logged a Teams support case from the Teams Admin Center. First, I get an email saying "I have tried calling you earlier but it was not successful", which is a lie because the phone I have shows all call history and no call was made...

@i_aj_naik @MicrosoftHelps @onedrive @MSFT365Status You do realise that your license shows unassigned?

Hi,I’ve been locked out of all my OneDrive data for a since Sunday,despite an active Microsoft 365 subscription. This is costing me valuable time & money, and I can’t reach support. Please assist urgently! @MicrosoftHelps @onedrive @MSFT365Status

@adamUCF @NathanMcNulty The mfa claim in federation does not equal a mfa step up triggered from MS for something such as a risky sign in. Also if you had mfa only off net then you aren’t satisfying MFA in your claim. This puts entra back in the driving seat without having to onboard mfa when using okta

@NathanMcNulty If you're using Okta why not just federate and use Okta instead of doing EAM which is just federating the auth for 2nd factor?

It looks like Okta finally added support for Entra External Authentication Method (EAM)! 🎉 help.okta.com/oie/en-us/cont… This allows Okta Verify to meet Conditional Access "Require MFA" requirements, no more custom controls! So let's do a thread on how to set this :)

The world just gets more insane every day and it’s exhausting.