To be fair ChatGPT didn’t exist 12 years ago.

Just curious, what management software are you gonna use?

P.S good luck configuring Linux if you can’t even manage bitlocker.

You know…

Yes, of course you people like it but the rest of us for sure aren’t switching to worse instances.

Nah, you just select domain join. I did that a few weeks ago on a Win 11 enterprise install.

But if you deal with new installs “all the time” you should really consider automating the setup and domain joining, instead of manually creating local accounts and then domain joining.

Yeah probably.

No need to worry similar stuff will get developed for other platforms as well.

Did it use 45 GB extra or were there just 45 GB worth of changes?

My bad. I was thinking of cheetos

You guys have chips in schools? Bruh…

Microsoft does that too though. And afaik they have offered extended support for a long time for loads of windows versions (especially for the server versions)

That’s just incompetence. It’s not like they are laughing with the devil because people can’t place the taskbar at the top anymore.

They are not ending support for some evil plot to force people to use win11. They just don’t want to support win10 forever. The exact same thing has happened to every other windows version and most Linux distros and lots of other stuff like servers and networking hardware.

Keep in mind that giving out the highest possible sentences to crimes that could be worse (like murder) essentially gives someone that’s committing the lesser crime (rape in this case) free range to commit any worse crimes because the sentence can’t be worse anyway.

If someone is fucked up enough to rape someone, chances are that they will see it as a positive that they can kill the victim and leave behind no living witnesses and without risking a worse punishment.

Even if rapists won’t kill anyone, they might still be less likely to restrain themselves to cause additional harm to the victim.

It’s not permanently locked though.

Apparently it’s not configured like that by default and even if it is, just configure it differently if you want a different behaviour ¯\_(ツ)_/¯

Moving over to Linux is a great idea, if you have found a good way to manage them and your users are accepting.

Either way, I have never noticed this issue and we manage hundreds of Windows computers

You know I can take that drive out and just try to brute force it a million times per second without that silly rule being in my way, right? It’s an anti security pattern similar to requiring password changes every week, it’s a bad idea.

Nah, not really. I get what you mean, but the feature is obviously intended to lock the drive after a few failed logins because the user’s password is generally way less secure than the bitlocker recovery key/encryption key. Brute forcing a 48 digit key is practically impossible while brute forcing a user’s password is child’s play in comparison.

So in my opinion it sounds like a pretty good idea to include that feature in the security baseline. It’s not really Microsoft’s fault that you pushed out security baseline settings without checking what they do first. But since you actually did some testing with bitlocker, the impact wasn’t that bad. So just adjust or disable the feature and move on.

And better and people got better at making 3d printed guns.

That depends on where you live. I could get 10 Gbit/s WAN if I wanted to pay the subscription for that but 500 Mbit/s is enough.

Also 10 Gbit/s is mainly useful for LAN. Like connecting to a NAS.

Read the article man

This feature will be available on Teams desktop applications (both Windows and Mac) and Teams mobile applications (both iOS and Android).

You can use pins, passwords, TPM, a usb key, or multiple in combination. But generally TPM is the best option for most users

apparently it’ll pwrma lock itself after x amounts of invalid passwords which is just incredibly stupid. But don’t worry, there is a backup key! Yeah, that is lie

If you only used TPM for bitlocker with no pre-boot authentication or something similar, it’s possible that you had the “MaxDevicePasswordFailedAttempts” policy configured. Apparently that is configured by default if you use the security baseline.

IMO it makes a lot of sense to lockdown and require bitlocker recovery if there has been a few failed attempts.

We use bitlocker on probably over 1000 devices I don’t believe we had any substantial issues with it. Of course users occasionally get locked out, but that should be planned for and a process should be in place to help them.

I suggest deploying windows hello or smart cards to reduce the dependency on passwords. Window hello for business is especially great since it’s free, secure and way easier and faster for users to use, especially if your devices have fingerprint readers or face recognition. I wish Linux and MacOS had anything as useful as Windows Hello.