Hello all,
I have recently joined a company as a system administrator and I am in a dire need of advice.
In the interviews we discussed how it is needed for the company to manage Windows endpoints, apply policies, patch them and make sure that they comply with new regulations.
They told me the RMM that they will use and I took for granted that I will have an AD or intune as a tool along side it.
Apparently all I will have is the RMM tool, nothing else, which I think is insane.
They expect me to manage the local policies through scripts that I will push through the RMM.
I have told my supervisor that this is not a good idea because the endpoints will basically be unamanged devices, scripts are not reliable and tend to break with updates, they won't stack well... etc.
The response was: "this is how we were advised to proceed" (probably by the RMM company, I did not ask), with automations and scripts.
I asked for a possibility for an MDM but they will have to check the cost of that.
Now the colleague (field tech) that was starting the project before I came along is fine with it somehow, and I had a look into a script that will set the password "policies". It is a combination of "net" and changing the local security database of windows.
Am I out of touch? I have to admit that I am relatively new to the field and my scripting skills are not good.
I am writing a report about this which I am not sure if I should send or not.
What would you do here? Do I need to skill up and take it on?
Focus on the business needs. What do you need? Why do you/they need it? What will they have that they don't have now? This part is very important. If you can't come up with a compelling business case, then there's no reason to move forward on it.
How much will it cost? Are there any cheaper options? Some places would rather hire a $100k/year sysadmin rather than buy a $10k/year license. Other places will get excited when you talk about reducing support staff. Keep that in mind. Also, some places are more concerned about how replaceable someone is, so using standard products are more valuable than price or capability.
When you're evaluating options to recommend, try to get information about the entire landscape. There's a very good chance that they're already paying for Microsoft E5, which means you already have a license for Intune that you aren't using. If not, you can pitch it as a total package with other benefits.
ETA: Security is a really big deal at most companies. Internal and external threats, data loss, exfiltration, legal compliance requirements, etc. But smaller places often won't care until they've been burned.
I have sent an email with the details, I am waiting for the results.