alt Hacker NewsI spent the past year working for a company that relies heavily on Microsoft for email, productivity tools, and identity management. After that experience, I can say with confidence: never again. The support is astonishingly poor, and user experience feels like an afterthought.
More importantly, using Microsoft at scale can leave your organization fundamentally insecure. The obscure, insecure defaults are, at best, dangerous missteps and, at worst, borderline negligent. I’m convinced that only a small fraction of enterprises using Microsoft have the expertise and budget required to secure it properly.
My personal view is that if your organization depends heavily on Microsoft, it’s not serious about security, whether they’re aware of it or not.
Replies
Where do I find money to fund my rewrite of Kerberos 5 in Rust, removing the dumb options and Kerberos 4 compatibility and eventually create Kerberos 6 + AD that will solve a metric buttload of issues in Linux and knock a major peg of MS off?
This is blatant nonsense. The best security choice for any small business that doesn’t have a dedicated full time security staff is Microsoft 365.
I work for a company that now uses everything from Microsoft. They used to have Jira, AWS and tons of other different products, but now everything is Microsoft, and it's terrible. Azure DevOps is particularly horrific. It's like Jira+Jenkins except you can never find anything. Nothing about it makes sense to me.
As far as I can tell, the databases on Azure are all either slow, expensive, or both.
And of course it means we hand over all of our highly sensitive data to a company that has said that US law will overrule EU law. How can anyone trust a company that says they will not obey the law?