<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>IT Made Simple</title><link>https://itmadesimple.co.nz/</link><description>Recent content on IT Made Simple</description><generator>Hugo -- gohugo.io</generator><language>en</language><managingEditor>Thaddeus</managingEditor><webMaster>Thaddeus</webMaster><lastBuildDate>Wed, 24 Jun 2026 08:00:00 +1200</lastBuildDate><atom:link href="https://itmadesimple.co.nz/index.xml" rel="self" type="application/rss+xml"/><item><title>Wi-Fi at the Shop: Getting Reliable Internet Without Going Broke</title><link>https://itmadesimple.co.nz/posts/wifi-at-the-shop/</link><pubDate>Wed, 24 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/wifi-at-the-shop/</guid><description>Spotty Wi-Fi costs you customers and staff productivity. Here&amp;#39;s how to get reliable wireless internet without enterprise-grade budgets.</description><content:encoded><![CDATA[<p>You know the scene. A customer&rsquo;s trying to tap their card and the terminal&rsquo;s spinning. Your staff member&rsquo;s trying to look up an inventory item and the page won&rsquo;t load. Someone in the back office is on a video call that keeps freezing.</p>
<p>It&rsquo;s the Wi-Fi. It&rsquo;s always the Wi-Fi.</p>
<p>Bad Wi-Fi isn&rsquo;t just annoying — it costs you money. Slow EFTPOS terminals mean longer queues. Dropped connections mean staff waste time retrying. And if you&rsquo;re running any kind of cloud-based system (which most businesses are now), unreliable Wi-Fi means unreliable business.</p>
<p>The good news: you don&rsquo;t need to spend thousands to fix it. You just need to stop treating Wi-Fi like it&rsquo;s magic.</p>
<h3 id="why-small-business-wi-fi-is-usually-bad">Why Small Business Wi-Fi Is Usually Bad</h3>
<p>Most small business Wi-Fi setups follow the same pattern:</p>
<ol>
<li>ISP provides a modem/router combo</li>
<li>It gets plugged in wherever the phone/fibre line enters the building</li>
<li>Everyone connects to it</li>
<li>It works fine for 3 people and falls apart at 10</li>
</ol>
<p>The ISP-provided router is designed to be &ldquo;good enough for a house.&rdquo; A shop, office, or warehouse is not a house. The walls are different, the area is bigger, the number of devices is higher, and the expectations are different.</p>
<h3 id="the-basics-what-you-actually-need">The Basics: What You Actually Need</h3>
<p><strong>1. Separate your networks</strong></p>
<p>At minimum, you need two Wi-Fi networks:</p>
<ul>
<li><strong>Staff network</strong> — for your computers, POS systems, printers</li>
<li><strong>Guest network</strong> — for customers and visitors</li>
</ul>
<p>Why? Because every device on your network is a potential problem. A customer&rsquo;s phone with malware, a visitor&rsquo;s laptop doing updates in the background — these shouldn&rsquo;t be on the same network as your POS terminal.</p>
<p>Most decent routers support multiple SSIDs (network names). Set this up. It takes 10 minutes.</p>
<p><strong>2. Put the router somewhere sensible</strong></p>
<p>The ISP router usually ends up in the corner of the building where the phone/fibre line comes in. That&rsquo;s often the worst possible location for Wi-Fi coverage.</p>
<p>Wi-Fi signals spread out in a sphere from the router. If the router&rsquo;s in the corner, half the signal is going outside your building. Ideally, the router (or access point) should be centrally located, elevated, and not hidden in a metal cabinet.</p>
<p>If you can&rsquo;t move the router, that&rsquo;s what access points are for (more on that below).</p>
<p><strong>3. Use 5 GHz for business devices</strong></p>
<p>Most modern routers are dual-band — they broadcast on 2.4 GHz and 5 GHz.</p>
<ul>
<li><strong>2.4 GHz:</strong> longer range, slower speeds, more interference (everything from microwaves to Bluetooth uses this band)</li>
<li><strong>5 GHz:</strong> shorter range, faster speeds, less interference</li>
</ul>
<p>For your business devices — POS terminals, staff computers, printers — use 5 GHz. It&rsquo;s faster and more reliable. Reserve 2.4 GHz for devices that are further away or don&rsquo;t need the speed.</p>
<p><strong>4. Get the right equipment</strong></p>
<p>If you&rsquo;ve got a small office (under 150 square metres, under 15 devices), a good consumer router might actually be fine. Look for:</p>
<ul>
<li>Wi-Fi 6 (802.11ax) — current standard, better with multiple devices</li>
<li>Multiple SSIDs (for staff/guest separation)</li>
<li>Gigabit Ethernet ports (for wired devices)</li>
</ul>
<p>Brands like TP-Link (Deco series), ASUS (ZenWiFi), or Netgear (Orbi) have solid options in the $200-$400 range.</p>
<p>If you&rsquo;ve got a larger space, multiple floors, or more than 20 devices, you need a proper access point setup. This is where it gets more serious:</p>
<ul>
<li><strong>Ubiquiti UniFi</strong> — the go-to for small business. A UniFi access point ($150-$250 each) managed by free controller software. One AP covers about 100-150 square metres. Add more as needed.</li>
<li><strong>TP-Link Omada</strong> — similar concept to Ubiquiti, slightly cheaper, also good.</li>
<li><strong>MikroTik</strong> — powerful but steeper learning curve. Best if you&rsquo;ve got some networking knowledge.</li>
</ul>
<p><strong>5. Wire what you can</strong></p>
<p>Wi-Fi is convenient, but wired is always better for reliability. If a device doesn&rsquo;t move — a desktop PC, a POS terminal, a printer — run an Ethernet cable to it. It&rsquo;s faster, more reliable, and it takes load off the Wi-Fi for devices that actually need wireless.</p>
<p>Yes, running cables is a pain. But for fixed devices, it&rsquo;s a one-time job that pays off forever.</p>
<h3 id="how-to-do-a-basic-site-survey">How to Do a Basic Site Survey</h3>
<p>Before spending money on equipment, understand what you&rsquo;re working with:</p>
<ol>
<li><strong>Walk the space</strong> with your phone. Use a free Wi-Fi analyzer app (like WiFi Analyzer on Android or Airport Utility on iOS).</li>
<li><strong>Check signal strength</strong> in every area where you need Wi-Fi. You want at least -65 dBm (the number is negative — closer to 0 is stronger). Below -75 dBm and you&rsquo;ll have problems.</li>
<li><strong>Note dead zones</strong> — areas where the signal drops off completely.</li>
<li><strong>Check for interference</strong> — how many other Wi-Fi networks are visible? If you&rsquo;re in a busy area (strip of shops, office building), the 2.4 GHz band is probably congested. That&rsquo;s another reason to use 5 GHz.</li>
</ol>
<p>This takes 15 minutes and tells you exactly what you&rsquo;re dealing with.</p>
<h3 id="common-mistakes">Common Mistakes</h3>
<ul>
<li><strong>Too many devices on one router.</strong> ISP routers are not built for 30+ devices. If you&rsquo;ve got a busy shop, they&rsquo;ll struggle.</li>
<li><strong>Wi-Fi extenders.</strong> These are usually a bad idea. They cut your speed in half and create a separate network your devices have to switch between. A proper access point on a wired backhaul is always better.</li>
<li><strong>Ignoring the guest network.</strong> Customers on your business network is a security risk and a bandwidth hog.</li>
<li><strong>Never changing the default password.</strong> If your Wi-Fi still has the password from the sticker on the router, fix that today.</li>
<li><strong>Forgetting about uploads.</strong> Most internet plans are asymmetric — fast download, slow upload. If you&rsquo;re doing video calls, cloud backups, or VoIP, upload speed matters. Check your plan.</li>
</ul>
<h3 id="the-bottom-line">The Bottom Line</h3>
<p>Reliable Wi-Fi isn&rsquo;t about spending the most money. It&rsquo;s about understanding what you need, putting the right equipment in the right place, and separating your networks properly.</p>
<p>Start with the basics: separate staff and guest networks, use 5 GHz for business devices, wire what you can, and if the ISP router isn&rsquo;t cutting it, invest in a proper access point. For most small businesses, $300-$500 in equipment solves 90% of Wi-Fi problems.</p>
<hr>
<p><em>I&rsquo;ve put together a site survey guide and router configuration walkthrough on Patreon — including a site survey template, recommended settings for common router brands, and a step-by-step guide for setting up separate staff and guest networks. <a href="https://www.patreon.com/c/ITMadeSimple">Get it here</a>.</em></p>
]]></content:encoded></item><item><title>Intune for Small Business: Managing Devices Without an IT Team</title><link>https://itmadesimple.co.nz/posts/intune-small-business/</link><pubDate>Tue, 23 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/intune-small-business/</guid><description>You&amp;#39;re paying for Intune already if you have M365 Business Premium. Here&amp;#39;s how to actually use it to manage your computers without needing a dedicated IT person.</description><content:encoded><![CDATA[<p>If you&rsquo;re on M365 Business Premium, you&rsquo;re paying for Microsoft Intune every single month. And if you&rsquo;re not using it, you&rsquo;re leaving one of the most valuable tools in the M365 suite on the table.</p>
<p>Intune lets you manage every Windows computer in your business from a single web page. No server required. No on-site IT person required. Just a browser and a couple of hours to set it up.</p>
<p>I know what you&rsquo;re thinking: &ldquo;That sounds complicated.&rdquo; It&rsquo;s not. It&rsquo;s just unfamiliar. Let me walk you through it.</p>
<h3 id="what-intune-actually-does">What Intune Actually Does</h3>
<p>Think of Intune as a remote control for your computers. From the Intune admin centre, you can:</p>
<ul>
<li><strong>Enrol devices</strong> — connect them to your management system</li>
<li><strong>Push software</strong> — install applications automatically</li>
<li><strong>Enforce policies</strong> — require encryption, set password rules, control settings</li>
<li><strong>Manage updates</strong> — control when Windows Updates install (we covered this in <a href="https://itmadesimple.co.nz/posts/windows-updates-why-ignore/">a previous post</a>)</li>
<li><strong>Remote wipe</strong> — if a laptop gets stolen, erase it remotely</li>
<li><strong>See compliance</strong> — at a glance, which machines are up to date and which aren&rsquo;t</li>
</ul>
<p>For a small business without a dedicated IT person, this is transformative. Instead of walking around to each machine to check settings, you do it all from your desk.</p>
<h3 id="what-you-need">What You Need</h3>
<ul>
<li><strong>M365 Business Premium</strong> (includes Intune — ~NZ$36/user/month, excl. GST, annual billing)</li>
<li><strong>Windows 10/11 Pro</strong> on each device (Home edition doesn&rsquo;t support Intune enrolment)</li>
<li><strong>An Intune Administrator or Global Administrator</strong> role in M365</li>
<li><strong>About 2 hours</strong> for initial setup</li>
</ul>
<h3 id="step-1-enable-intune">Step 1: Enable Intune</h3>
<p>If you&rsquo;re on Business Premium, Intune is already included. You just need to start using it.</p>
<ol>
<li>Go to <a href="https://intune.microsoft.com">https://intune.microsoft.com</a></li>
<li>If it&rsquo;s your first time, it&rsquo;ll take a few minutes to provision</li>
<li>You&rsquo;ll see the admin dashboard — this is your new best friend</li>
</ol>
<h3 id="step-2-set-up-automatic-enrolment">Step 2: Set Up Automatic Enrolment</h3>
<p>This is the magic bit. Once configured, any user who signs into a Windows device with their M365 account automatically enrols it in Intune. No manual setup per machine.</p>
<ol>
<li>In Intune, go to <strong>Devices &gt; Enrolment</strong> (then the Windows tab)</li>
<li>Click <strong>Automatic Enrolment</strong></li>
<li>Set the scope to <strong>All</strong> (or a specific group if you want to test first)</li>
<li>Set the MDM user scope to <strong>All</strong></li>
</ol>
<p>That&rsquo;s it. From now on, when someone joins a Windows PC to your Entra ID and signs in, it enrols automatically. Note: the device must be Entra ID joined — simply signing into an app with a work account registers the device but doesn&rsquo;t fully enrol it for MDM.</p>
<h3 id="step-3-create-a-compliance-policy">Step 3: Create a Compliance Policy</h3>
<p>A compliance policy defines what &ldquo;healthy&rdquo; looks like for your devices. If a device doesn&rsquo;t meet the policy, it shows as non-compliant and you can restrict its access to company data.</p>
<ol>
<li>Go to <strong>Devices &gt; Compliance &gt; Policies &gt; + Create policy</strong></li>
<li>Choose <strong>Windows 10 and later</strong></li>
<li>Configure the basics:</li>
</ol>
<table>
	<thead>
			<tr>
					<th>Setting</th>
					<th>Recommended Value</th>
			</tr>
	</thead>
	<tbody>
			<tr>
					<td>Require BitLocker</td>
					<td>Yes</td>
			</tr>
			<tr>
					<td>Require Secure Boot</td>
					<td>Yes</td>
			</tr>
			<tr>
					<td>Require code integrity</td>
					<td>Yes</td>
			</tr>
			<tr>
					<td>Minimum OS version</td>
					<td>Your current version</td>
			</tr>
			<tr>
					<td>Password complexity</td>
					<td>Require digits and lowercase letters</td>
			</tr>
			<tr>
					<td>Password minimum length</td>
					<td>8</td>
			</tr>
			<tr>
					<td>Require antivirus</td>
					<td>Yes (Windows Defender)</td>
			</tr>
	</tbody>
</table>
<ol start="4">
<li>Click <strong>Create</strong></li>
</ol>
<p>Now any device that doesn&rsquo;t meet these requirements shows as non-compliant in your dashboard.</p>
<h3 id="step-4-deploy-your-first-app">Step 4: Deploy Your First App</h3>
<p>Let&rsquo;s install something. 7-Zip is a good test — it&rsquo;s free, small, and useful. It&rsquo;s available in the Microsoft Store, so this is the easy path:</p>
<ol>
<li>Go to <strong>Apps &gt; All apps &gt; Add</strong></li>
<li>Select <strong>Microsoft Store app (new)</strong></li>
<li>Search for &ldquo;7-Zip&rdquo;, select it</li>
<li>Assign to a group (start with a test group)</li>
<li>The app will install automatically on enrolled devices</li>
</ol>
<p>For apps that aren&rsquo;t in the Store, you&rsquo;ll need the Win32 wrapping method:</p>
<ol>
<li>Go to <strong>Apps &gt; All apps &gt; Add</strong></li>
<li>Select <strong>Windows app (Win32)</strong></li>
<li>Wrap the installer (.msi or .exe) into the .intunewin format using Microsoft&rsquo;s Win32 Content Prep Tool, then upload it</li>
<li>Set the install command and uninstall command</li>
<li>Assign to a group</li>
</ol>
<p>Yes, Win32 wrapping is the fiddliest part of Intune. Always check the Store first.</p>
<h3 id="step-5-set-up-a-configuration-profile">Step 5: Set Up a Configuration Profile</h3>
<p>Configuration profiles let you control device settings. Here are the ones I&rsquo;d set up first:</p>
<p><strong>Wi-Fi profile:</strong> Push your office Wi-Fi settings so devices connect automatically.</p>
<ol>
<li>Go to <strong>Devices &gt; Configuration profiles &gt; Create profile</strong></li>
<li>Platform: <strong>Windows 10 and later</strong></li>
<li>Profile type: <strong>Templates &gt; Wi-Fi</strong></li>
<li>Enter your SSID, security type, and password</li>
<li>Assign to your device group</li>
</ol>
<p><strong>BitLocker profile:</strong> Ensure all drives are encrypted.</p>
<ol>
<li>Go to <strong>Endpoint security &gt; Disk encryption &gt; Create policy</strong></li>
<li>Platform: <strong>Windows 10 and later</strong>, Profile: <strong>BitLocker</strong></li>
<li>Enable BitLocker, set encryption method</li>
<li>Assign to your device group</li>
</ol>
<blockquote>
<p><strong>Note:</strong> The older path <strong>Templates &gt; Endpoint protection</strong> still works, but Microsoft now steers toward Endpoint security &gt; Disk encryption.</p>
</blockquote>
<h3 id="what-this-looks-like-day-to-day">What This Looks Like Day-to-Day</h3>
<p>Once set up, your workflow is:</p>
<ol>
<li><strong>New employee starts</strong> — they get a Windows PC, sign in with their M365 account, and Intune automatically enrolls it, installs your apps, and applies your policies. Done.</li>
<li><strong>Someone loses a laptop</strong> — you go to Intune, find the device, and click <strong>Wipe</strong>. You&rsquo;ll be prompted for a 6-digit Recovery PIN. The laptop is erased the next time it connects to the internet.</li>
<li><strong>A compliance issue pops up</strong> — you see it in the dashboard, and you know exactly which machine and what&rsquo;s wrong.</li>
<li><strong>You need to deploy new software</strong> — add it in Intune, assign it, and it installs automatically.</li>
</ol>
<p>No driving to the office after hours. No walking around to each machine. No &ldquo;I&rsquo;ll do it Monday.&rdquo;</p>
<h3 id="the-honest-limitations">The Honest Limitations</h3>
<p>Intune isn&rsquo;t perfect. A few things to know:</p>
<ul>
<li><strong>It needs internet connectivity.</strong> Devices check in with Intune periodically — they don&rsquo;t need to be online 24/7, but they do need to connect now and then to receive policies and report status.</li>
<li><strong>Mac and iOS management is possible</strong> but the experience isn&rsquo;t as polished as Windows.</li>
<li><strong>The reporting is basic.</strong> It tells you if something&rsquo;s compliant, but it won&rsquo;t give you deep diagnostics.</li>
<li><strong>There&rsquo;s a learning curve.</strong> The first few hours are confusing. It gets easier.</li>
<li><strong>Windows Home edition doesn&rsquo;t work.</strong> You need Pro. If you&rsquo;ve got Home edition machines, that&rsquo;s a problem.</li>
</ul>
<h3 id="the-bottom-line">The Bottom Line</h3>
<p>If you&rsquo;re paying for M365 Business Premium and not using Intune, you&rsquo;re wasting money. It&rsquo;s not enterprise-only software — it&rsquo;s designed for exactly your situation: a small business that needs to manage devices without a dedicated IT team.</p>
<p>Set it up once, and it pays for itself in time saved every single week.</p>
<hr>
<p><em>I&rsquo;ve put together a complete Intune enrollment walkthrough on Patreon — with screenshots for every step, recommended compliance policies for small business, and a device enrollment checklist you can follow for each new machine. <a href="https://www.patreon.com/c/ITMadeSimple">Get it here</a>.</em></p>
]]></content:encoded></item><item><title>Do You Actually Need a Server?</title><link>https://itmadesimple.co.nz/posts/do-you-need-a-server/</link><pubDate>Fri, 19 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/do-you-need-a-server/</guid><description>That beige box under the desk might be costing you more than you think. Here&amp;#39;s how to work out whether you actually need a server — or whether the cloud does it better.</description><content:encoded><![CDATA[<p>I walk into a lot of small businesses and find the same thing: a dusty tower server sitting on the floor under someone&rsquo;s desk, humming away, doing&hellip; what exactly?</p>
<p>When I ask, I usually get: &ldquo;It runs our accounting software&rdquo; or &ldquo;That&rsquo;s where our files are.&rdquo; Sometimes it&rsquo;s: &ldquo;Honestly, I&rsquo;m not sure what it does. Bob set it up before he left.&rdquo;</p>
<p>Let&rsquo;s fix that. If you&rsquo;re paying for a server you don&rsquo;t need, that&rsquo;s money wasted. And if you&rsquo;re not using a server when you should be, that&rsquo;s a risk. Here&rsquo;s how to tell the difference.</p>
<h3 id="what-a-server-actually-does">What a Server Actually Does</h3>
<p>First, let&rsquo;s clear something up. A server is just a computer that provides a service to other computers on the network. That&rsquo;s it. It doesn&rsquo;t have to be a $5,000 rack-mounted Dell. It could be a mini PC running Linux. The concept is what matters.</p>
<p>Servers typically handle:</p>
<ul>
<li><strong>File storage and sharing</strong> — everyone&rsquo;s documents in one place, with permissions</li>
<li><strong>Centralised backups</strong> — all machines back up to one location</li>
<li><strong>Running shared applications</strong> — accounting software, databases, line-of-business apps</li>
<li><strong>User management</strong> — Active Directory for login credentials and policies</li>
<li><strong>Email</strong> — if you run your own mail server (rare for small business)</li>
<li><strong>Print sharing</strong> — managing printers across the network</li>
</ul>
<h3 id="when-the-cloud-replaces-the-server">When the Cloud Replaces the Server</h3>
<p>For a lot of small businesses, the cloud already does most of this. Here&rsquo;s the mapping:</p>
<table>
	<thead>
			<tr>
					<th>Server Role</th>
					<th>Cloud Alternative</th>
			</tr>
	</thead>
	<tbody>
			<tr>
					<td>File storage</td>
					<td>OneDrive, Google Drive, Dropbox</td>
			</tr>
			<tr>
					<td>Accounting software</td>
					<td>Xero, MYOB Online, QuickBooks Online</td>
			</tr>
			<tr>
					<td>Email</td>
					<td>Microsoft 365, Google Workspace</td>
			</tr>
			<tr>
					<td>Backups</td>
					<td>Cloud backup (Veeam, Acronis)</td>
			</tr>
			<tr>
					<td>User management</td>
					<td>Microsoft Entra ID (Azure AD)</td>
			</tr>
			<tr>
					<td>Print sharing</td>
					<td>Direct IP printing or cloud print services</td>
			</tr>
	</tbody>
</table>
<p>If your business runs on M365 and Xero, and your files are in OneDrive, you might not need a server at all. Seriously.</p>
<h3 id="when-you-still-need-a-server">When You Still Need a Server</h3>
<p>There are legitimate reasons to keep a server on-premises:</p>
<p><strong>1. Line-of-business software that requires it.</strong> Some older (or niche) applications need to run on a local server. If your industry-specific software requires a Windows Server backend, that&rsquo;s not something you can just cloud away.</p>
<p><strong>2. Internet reliability.</strong> If your business is in an area with unreliable internet, relying entirely on the cloud is a gamble. A local server keeps things running when the connection drops.</p>
<p><strong>3. Large file workloads.</strong> If you&rsquo;re working with large files — video editing, CAD, large databases — transferring everything to the cloud and back is slow and expensive. Local storage is faster and doesn&rsquo;t eat your bandwidth.</p>
<p><strong>4. Data sovereignty or compliance.</strong> Some industries have requirements about where data physically lives. If you can&rsquo;t put data in the cloud due to regulatory requirements, on-premises is your only option.</p>
<p><strong>5. Latency-sensitive applications.</strong> If an application needs ultra-low latency to a database or file server, a local machine will always beat a cloud connection.</p>
<h3 id="the-hidden-cost-of-free-servers">The Hidden Cost of &ldquo;Free&rdquo; Servers</h3>
<p>That old server under the desk isn&rsquo;t free. Here&rsquo;s what it&rsquo;s actually costing you:</p>
<ul>
<li><strong>Power:</strong> A server running 24/7 draws 100-400W depending on load. At NZ electricity rates, that&rsquo;s roughly $500-$1,600/year.</li>
<li><strong>Hardware replacement:</strong> Servers last 5-7 years. When they die, a replacement is $2,000-$5,000.</li>
<li><strong>Maintenance:</strong> Updates, patches, troubleshooting. If you don&rsquo;t have in-house IT, that&rsquo;s an MSP callout every time something goes wrong.</li>
<li><strong>Backup:</strong> You need to back up the server itself. That&rsquo;s another cost.</li>
<li><strong>Security:</strong> An unpatched server on your network is a liability. It needs monitoring, firewall rules, and regular updates.</li>
<li><strong>Noise and space:</strong> It&rsquo;s under someone&rsquo;s desk. It&rsquo;s hot. It&rsquo;s loud. That&rsquo;s not nothing.</li>
</ul>
<p>Add it up and a &ldquo;free&rdquo; server is costing you $1,000-$3,000 per year, minimum.</p>
<h3 id="the-cloud-isnt-free-either">The Cloud Isn&rsquo;t Free Either</h3>
<p>On the flip side, cloud services have ongoing costs:</p>
<ul>
<li>M365 Business Premium: ~NZ$36/user/month (excl. GST, annual billing)</li>
<li>Cloud backup: ~$5-$10/device/month</li>
<li>Cloud accounting (Xero): ~NZ$35-$125/month (excl. GST)</li>
<li>Cloud storage beyond included tiers: varies</li>
</ul>
<p>For a 10-person business, you&rsquo;re looking at roughly NZ$450-$600/month in cloud subscriptions. That&rsquo;s NZ$5,400-$7,200/year.</p>
<p>Neither option is free. The question is which set of costs and tradeoffs makes sense for your business.</p>
<h3 id="the-decision-framework">The Decision Framework</h3>
<p>Ask yourself these questions:</p>
<ol>
<li><strong>What does our server actually do?</strong> If you can&rsquo;t answer this, that&rsquo;s your first problem.</li>
<li><strong>Can each of those functions move to the cloud?</strong> List them out. Check.</li>
<li><strong>What&rsquo;s the total cost of the server</strong> (power + hardware amortised + maintenance + backup)?</li>
<li><strong>What&rsquo;s the total cost of the cloud alternative</strong> (subscriptions for each service)?</li>
<li><strong>Do we have compliance or connectivity constraints</strong> that prevent cloud migration?</li>
<li><strong>What happens if the internet goes down?</strong> Can the business function for a day without cloud access?</li>
</ol>
<p>If the cloud alternative is cheaper, your internet is reliable, and nothing requires on-premises — decommission the server. Redirect that money and attention elsewhere.</p>
<p>If you&rsquo;ve got a genuine need for a local server, keep it. But maintain it properly. A neglected server is worse than no server at all.</p>
<h3 id="the-bottom-line">The Bottom Line</h3>
<p>The default assumption in 2026 should be cloud-first for small business. If you can do it in the cloud, do it in the cloud. Only run a server on-premises if you have a specific, identified need that the cloud can&rsquo;t meet.</p>
<p>And if you do run a server, know what it does, keep it updated, and budget for its replacement before it dies at the worst possible time.</p>
<hr>
<p><em>I&rsquo;ve put together a full Server vs Cloud decision guide on Patreon — including a cost comparison template you can fill in with your actual numbers, a migration checklist for moving services to the cloud, and a &ldquo;decommissioning plan&rdquo; for when you&rsquo;re ready to turn that dusty tower off for good. <a href="https://www.patreon.com/c/ITMadeSimple">Get it here</a>.</em></p>
]]></content:encoded></item><item><title>Windows Updates: Why You Can't Just Ignore Them</title><link>https://itmadesimple.co.nz/posts/windows-updates-why-ignore/</link><pubDate>Thu, 18 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/windows-updates-why-ignore/</guid><description>That &amp;#34;Update and restart&amp;#34; prompt is annoying. But ignoring it is how businesses get ransomware. Here&amp;#39;s what updates actually do and how to manage them without losing your mind.</description><content:encoded><![CDATA[<p>You&rsquo;re in the middle of something. A deadline, a customer on the phone, a report that was due yesterday. And there it is:</p>
<p><strong>&ldquo;Update and restart now.&rdquo;</strong></p>
<p>So you click &ldquo;Remind me tonight.&rdquo; Tonight comes. You click &ldquo;Remind me in 4 hours.&rdquo; You keep clicking it until it forces the restart at the worst possible time, and now you&rsquo;re annoyed at Microsoft.</p>
<p>I get it. I really do. But here&rsquo;s the thing — that prompt is trying to save your business.</p>
<h3 id="what-updates-actually-do">What Updates Actually Do</h3>
<p>There&rsquo;s a misconception that Windows Updates are just Microsoft adding features you don&rsquo;t want and changing things that work fine. Sometimes that&rsquo;s true — the occasional feature update does change the look and feel, and it&rsquo;s annoying.</p>
<p>But the critical updates? The ones that interrupt your work? Those are usually security patches (delivered as part of monthly cumulative updates).</p>
<p>Here&rsquo;s what that means in practice:</p>
<p>Microsoft&rsquo;s security team (and independent researchers) find vulnerabilities in Windows. These are flaws that a criminal could use to get into your computer. Some vulnerabilities require no interaction at all — in some cases, just being on the same network with an unpatched machine is enough. Others rely on phishing or user action.</p>
<p>Microsoft releases a patch to fix the vulnerability. That patch gets delivered via Windows Update.</p>
<p>If you install the patch, you&rsquo;re protected. If you don&rsquo;t, the door stays open. And criminals know exactly which doors are still open — the patches are public. When Microsoft releases a fix, attackers can reverse-engineer the patch to figure out exactly what to exploit on machines that haven&rsquo;t updated yet.</p>
<p><strong>Not updating is like locking your front door but leaving the key in it.</strong></p>
<h3 id="the-wannacry-problem">The WannaCry Problem</h3>
<p>In 2017, a vulnerability called EternalBlue was used to spread the WannaCry ransomware. It infected over 230,000 computers across 150 countries in a few days. Hospitals, businesses, government agencies — all hit.</p>
<p>Microsoft had released a patch for the vulnerability <strong>nearly two months before</strong> the attack.</p>
<p>Most of the businesses that got hit weren&rsquo;t running ancient unsupported Windows. Mostly Windows 7 and Server 2008 R2 systems — the same versions many businesses were still running. They just hadn&rsquo;t installed the update.</p>
<p>WannaCry didn&rsquo;t care that you were busy. It didn&rsquo;t care that the update prompt was annoying. It just encrypted everything and demanded $300 in Bitcoin.</p>
<p>The majority of successful ransomware attacks exploit known vulnerabilities with available patches. The gangs aren&rsquo;t using fancy zero-days — they&rsquo;re exploiting the updates people didn&rsquo;t install.</p>
<h3 id="but-updates-break-things">&ldquo;But Updates Break Things!&rdquo;</h3>
<p>This is the counter-argument, and it&rsquo;s not wrong. Sometimes updates do break things. A driver stops working. An app compatibility issue pops up. Something that worked yesterday doesn&rsquo;t work today.</p>
<p>This was more of a problem in the Windows 7/8 era. It still happens occasionally, but Microsoft has gotten significantly better at testing updates before broad release. The &ldquo;update broke my computer&rdquo; scenario is far less common than it used to be.</p>
<p>Here&rsquo;s how to manage the risk without leaving yourself exposed:</p>
<p><strong>Don&rsquo;t install updates on day one. But don&rsquo;t wait three months either.</strong></p>
<p>Let the early adopters find the problems. Wait a week or so after &ldquo;Patch Tuesday&rdquo; (the second Tuesday of each month — that&rsquo;s when Microsoft drops their big security updates). Then install.</p>
<p>You can configure this in Windows through <strong>Windows Update for Business</strong> or <strong>Intune</strong> (if you&rsquo;re on M365 Business Premium). Set a deferral period — give feature updates a longer deferral (30-60 days), but keep security updates shorter (7-14 days).</p>
<h3 id="how-to-set-up-a-basic-update-policy">How to Set Up a Basic Update Policy</h3>
<p>If you&rsquo;re running Windows 10/11 Pro (most business machines do), you can configure this without any extra tools:</p>
<ol>
<li>Open <strong>Settings &gt; Windows Update &gt; Advanced options</strong></li>
<li>Enable <strong>Receive updates for other Microsoft products</strong> (keeps Office updated too)</li>
<li>If available on your version of Windows, under <strong>Choose when updates are installed</strong>, set:
<ul>
<li><strong>Feature updates:</strong> defer by 30 days</li>
<li><strong>Quality updates:</strong> defer by 7 days</li>
</ul>
</li>
</ol>
<p>That&rsquo;s the &ldquo;set and forget&rdquo; level. You&rsquo;ll get security updates within a week of release (early adopters have found any problems by then) and feature updates within a month (plenty of time for news about any issues).</p>
<p>If you&rsquo;ve got M365 Business Premium and Intune, you can do this centrally for all machines — more on that below.</p>
<h3 id="if-youve-got-intune-m365-business-premium">If You&rsquo;ve Got Intune (M365 Business Premium)</h3>
<p>This is where it gets easier. When we covered <a href="https://itmadesimple.co.nz/posts/m365-licensing-which-plan/">M365 licensing</a>, I mentioned that Business Premium includes Intune. One of the best things about Intune is centrally managing Windows updates across all your devices.</p>
<p>You create <strong>update rings</strong> — groups of settings that control when and how updates install. You can set up:</p>
<ul>
<li><strong>A pilot ring:</strong> 5-10 machines get updates first. If something breaks, you catch it before it hits everyone.</li>
<li><strong>Everyone else:</strong> Gets updates 7-14 days after the pilot group.</li>
</ul>
<p>The pilot ring should include non-critical machines and tech-comfortable staff who&rsquo;ll actually report problems. Don&rsquo;t put your most important server in the pilot group.</p>
<p>I&rsquo;ve put together a complete walkthrough on Patreon for setting up Intune update rings — including recommended settings for small business, screenshots, and what to do if an update causes problems.</p>
<h3 id="other-things-updates-cover">Other Things Updates Cover</h3>
<p>It&rsquo;s not just security. Updates also include:</p>
<ul>
<li><strong>Bug fixes:</strong> That weird crash in Excel that happens every Tuesday? Might get fixed in a cumulative update.</li>
<li><strong>Driver updates:</strong> New hardware support and better performance on existing hardware (though these can occasionally cause issues, so some businesses manage them separately).</li>
<li><strong>.NET Framework updates:</strong> A lot of business software depends on this. Missing or mismatched .NET versions are a common cause of app issues.</li>
</ul>
<h3 id="the-bottom-line">The Bottom Line</h3>
<p>I know updates are annoying. I know they always seem to fire at the worst time. But the alternative — running unpatched Windows in a business environment — is genuinely dangerous.</p>
<p>Configure a deferral so you&rsquo;re not on day one. Test on a couple of machines first if you&rsquo;re in a managed environment. But actually install them. Every month. Without fail.</p>
<p>The ransomware gangs are counting on you putting it off. Don&rsquo;t make it easy for them.</p>
<hr>
<p><em>For M365 Business Premium users, I&rsquo;ve put together a step-by-step Intune update ring guide on Patreon — with recommended settings, pilot group setup, and rollback procedures if an update causes issues. <a href="https://www.patreon.com/c/ITMadeSimple">Check it out here</a>.</em></p>
]]></content:encoded></item><item><title>5 Things Your IT Guy Wishes You Would Stop Doing</title><link>https://itmadesimple.co.nz/posts/5-things-stop-doing/</link><pubDate>Wed, 17 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/5-things-stop-doing/</guid><description>If you&amp;#39;re a small business owner who has ever had to call someone like me, read this. Please. I&amp;#39;m begging you.</description><content:encoded><![CDATA[<p>¡Look — I get it. You run a business. IT is not your thing. You&rsquo;ve got clients to serve, invoices to send, staff to manage, and a hundred other things to think about before you have to worry about whether your laptop is acting up again.</p>
<p>But some of the things I see small businesses do make my eye twitch. And I say that with love.</p>
<p>So here it is. These are the most common (and fixable) mistakes I see. If any of these apply to you — and if you&rsquo;ve got any IT support at all, whether it&rsquo;s an internal person or an external provider — please. For the love of all that is good. Stop.</p>
<h3 id="1-using-password123-or-your-business-name-or-your-dogs-name">1. Using &ldquo;password123&rdquo; (Or Your Business Name, Or Your Dog&rsquo;s Name&hellip;)</h3>
<p>I wish I was joking. I have seen all of these. Used by real businesses, with real data.</p>
<p>Here&rsquo;s the thing: password policies exist for a reason. Every time there&rsquo;s a data breach — and there&rsquo;s one basically every week somewhere in the world — millions of username and password combinations get leaked onto the internet. And attackers use these to automatically try those same credentials across other systems.</p>
<p>If your password is <code>Plumbing2024</code> and your email address is <code>john@plumbing.co.nz</code>, I can guarantee that combination is in a list somewhere. It takes a bot about 0.3 seconds to try it.</p>
<p><strong>What to do instead:</strong>
Use a password manager. Bitwarden is free, works on every device, and generates strong passwords so you don&rsquo;t have to think of them. You remember one master password, and it handles the rest.</p>
<p>Yes, it takes 20 minutes to set up. No, it&rsquo;s not complicated. Yes, it will save you a world of pain.</p>
<h3 id="2-clicking-links-in-emails-from-microsoft-warning-you-about-a-security-threat">2. Clicking Links in Emails from &ldquo;Microsoft&rdquo; Warning You About a Security Threat</h3>
<p>Oh, this one kills me.</p>
<p>You get an email that says something like:</p>
<blockquote>
<p>&ldquo;Your Microsoft 365 account has been compromised. Click here to verify your identity immediately.&rdquo;</p>
</blockquote>
<p>The email looks legit. The branding is right. The logo is there. There&rsquo;s even a link to &ldquo;Microsoft&rdquo; in the text.</p>
<p>It&rsquo;s not from Microsoft. It&rsquo;s from Steve in his mum&rsquo;s basement trying to harvest your credentials.</p>
<p><strong>What to actually do:</strong>
If you get an email from Microsoft (or your bank, or anyone) asking you to click a link and log in, <strong>don&rsquo;t click the link</strong>. Open your browser. Type in the URL yourself (office.com, your bank&rsquo;s actual URL, whatever). Log in there and check for any actual notifications.</p>
<p>99% of the time, there&rsquo;s nothing. The email was bait. You didn&rsquo;t bite. Well done.</p>
<p><strong>How to spot a phishing email:</strong></p>
<ul>
<li>Creates urgency (&ldquo;Act now!&rdquo; &ldquo;Your account will be closed!&rdquo;)</li>
<li>The sender address is slightly off (<a href="mailto:support@micros0ft-security.com">support@micros0ft-security.com</a> vs <a href="mailto:support@microsoft.com">support@microsoft.com</a>)</li>
<li>You hover over the link and the URL doesn&rsquo;t match the company</li>
<li>You weren&rsquo;t expecting it</li>
</ul>
<p>When in doubt, bin it. Or ask someone who knows. That&rsquo;s literally what we&rsquo;re here for.</p>
<h3 id="3-installing-random-software-from-the-internet">3. Installing Random Software From the Internet</h3>
<p>&ldquo;Do you have a PDF?&rdquo;
&ldquo;Just download any free PDF reader from Google.&rdquo;
<em>Downloads some god-awful toolbar-laden garbage from a sketchy website</em></p>
<p>Yes, you need a PDF reader. But you get one from Adobe. Or use Edge, which is already installed and handles PDFs just fine. You don&rsquo;t need to Google &ldquo;free PDF reader&rdquo; and click the first sponsored result.</p>
<p>Random software installs are one of the biggest sources of:</p>
<ul>
<li>Adware (pop-ups everywhere)</li>
<li>Spyware (keyloggers, data theft)</li>
<li>Ransomware (everything&rsquo;s encrypted, pay up or lose it)</li>
<li>Bloatware (slows your computer down)</li>
</ul>
<p><strong>The rule:</strong> if you don&rsquo;t know exactly what it is and where it came from, don&rsquo;t install it. Period.</p>
<p>If you need help figuring out whether something is safe, ask. That&rsquo;s not a dumb question. Clicking &ldquo;next&rdquo; on an installer without reading it <em>is</em> the dumb thing.</p>
<h3 id="4-using-the-shared-computer-as-a-junk-drawer">4. Using the Shared Computer as a Junk Drawer</h3>
<p>You know the setup. There&rsquo;s one computer in the office. Everyone uses it. The desktop has 47 shortcuts, half for things you installed once in 2019 and never used again. The browser has 6 toolbars. There&rsquo;s a folder called &ldquo;New Folder (3)&rdquo; sitting on the desktop with who-knows-what in it.</p>
<p>This isn&rsquo;t just messy. It&rsquo;s a genuine problem:</p>
<ul>
<li>Outdated software doesn&rsquo;t get security updates</li>
<li>Random old installs can conflict with things you need now</li>
<li>Finding anything takes forever</li>
<li>The computer runs like molasses because it&rsquo;s doing background tasks for 11 programs nobody uses</li>
</ul>
<p><strong>What to do:</strong>
Give everyone their own account on the computer (even basic Windows accounts). Clean up the desktop. Uninstall everything you don&rsquo;t use. Keep the desktop to a few folders max.</p>
<p>If the computer is genuinely slow, it might just need a cleanup. And by &ldquo;cleanup&rdquo; I mean: someone goes through it properly, removes the junk, and makes sure what&rsquo;s left is current and actually used.</p>
<p>Or buy separate devices. One shared junk-drawer computer for five people ends up costing more in lost productivity than just giving everyone their own cheap laptop.</p>
<h3 id="5-telling-us-its-urgent-when-it-isnt">5. Telling Us It&rsquo;s &ldquo;Urgent&rdquo; When It Isn&rsquo;t</h3>
<p>I know — to you, if you can&rsquo;t print your invoices right now, it IS urgent. You&rsquo;ve got work to do and the printer isn&rsquo;t playing ball.</p>
<p>But I need you to understand: when five people all say their issue is &ldquo;urgent,&rdquo; nothing is urgent. That&rsquo;s just called a Tuesday.</p>
<p>Meanwhile, the person who quietly sends a calm message like &ldquo;Hey, whenever you get a chance, I&rsquo;m having trouble with X&rdquo; — that person is my favourite human. I&rsquo;ll help them first every single time, because they&rsquo;re reasonable and I&rsquo;m only human.</p>
<p>Here&rsquo;s how IT prioritises (and this is how IT teams prioritise issues):</p>
<p><strong>Actually urgent:</strong></p>
<ul>
<li>Nobody can access email/Internet/your main business application</li>
<li>You think you might have been hacked or have ransomware</li>
<li>Something is actively losing you money right now</li>
</ul>
<p><strong>Important but not urgent:</strong></p>
<ul>
<li>Printer is doing that thing again</li>
<li>Computer is a bit slow</li>
<li>You need help installing something</li>
<li>Software is &ldquo;acting weird&rdquo;</li>
</ul>
<p><strong>Not urgent (but you&rsquo;ll ask anyway):</strong></p>
<ul>
<li>Can you make the text bigger?</li>
<li>Can you help me with my home laptop?</li>
<li>What&rsquo;s the Wi-Fi password again?</li>
</ul>
<p>Be honest about the urgency and you&rsquo;ll get better, faster service. I promise.</p>
<h3 id="bonus-round-the-stuff-you-probably-dont-even-know-youre-doing">Bonus Round: The Stuff You Probably Don&rsquo;t Even Know You&rsquo;re Doing</h3>
<p>Since we&rsquo;re here, a few extras:</p>
<ul>
<li>
<p><strong>Plugging in random USB sticks.</strong> Found a USB drive? Don&rsquo;t just plug it in to see what&rsquo;s on it. It could be loaded with malware. Ask first.</p>
</li>
<li>
<p><strong>Sharing passwords via email or text.</strong> If you need to share login details, use a password manager&rsquo;s sharing feature, or just tell the person verbally. Don&rsquo;t write passwords in an email. Emails get forwarded, hacked, and sit in inboxes forever.</p>
</li>
<li>
<p><strong>Never restarting your computer.</strong> Some of you have been running the same session for <em>weeks</em>. Just restart it. Seriously. Once a week. It installs updates, clears out the cobwebs, and fixes weird glitches.</p>
</li>
</ul>
<h3 id="the-common-thread">The Common Thread</h3>
<p>Every single point on this list comes down to one thing: <strong>a tiny bit of care goes a long way.</strong></p>
<p>You don&rsquo;t need to become an IT expert. You just need to slow down a little, think before you click, and ask when you&rsquo;re not sure.</p>
<p>And if you&rsquo;re not sure? That&rsquo;s fine. That&rsquo;s what we&rsquo;re here for. I&rsquo;d rather answer a &ldquo;silly&rdquo; question than recover your data after you click something you shouldn&rsquo;t have.</p>
<hr>
<p><em>Want a printable staff IT policy checklist you can stick on the office wall? I&rsquo;ve put together a one-page PDF on Patreon covering password rules, email safety, and software install policies. <a href="https://www.patreon.com/cw/ITMadeSimple">Grab it here</a>.</em></p>
]]></content:encoded></item><item><title>Why Your Business Email Gets Hacked (And How to Stop It)</title><link>https://itmadesimple.co.nz/posts/business-email-gets-hacked/</link><pubDate>Tue, 16 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/business-email-gets-hacked/</guid><description>Business email compromise is the number one way small businesses get robbed. Here&amp;#39;s how it actually happens and what to do about it.</description><content:encoded><![CDATA[<p>Last year, a business I know got hit. Not a big company — a small operation, maybe 12 staff. Someone got into their email, monitored the inbox for a few days, and then sent an email to their accounts payable person requesting an &ldquo;urgent payment&rdquo; to a new bank account.</p>
<p>The email came from the boss&rsquo;s actual email address. It looked real. The language was right. The urgency was convincing.</p>
<p>They paid $18,000 before anyone noticed.</p>
<p>This isn&rsquo;t unusual. It&rsquo;s happening every day, all over the world, to businesses just like yours. And it&rsquo;s not because the criminals are genius hackers. It’s usually because the basics weren’t in place.</p>
<h3 id="how-business-email-actually-gets-compromised">How Business Email Actually Gets Compromised</h3>
<p>Forget the Hollywood image of a hooded figure typing furiously. Here&rsquo;s what actually happens, in order of how common it is:</p>
<h4 id="1-stolen-passwords-the-big-one">1. Stolen Passwords (The Big One)</h4>
<p>Your password leaks in a data breach. It ends up on a list that gets sold on the dark web. Criminals use automated tools to try that same password on email, banking, accounting software — everything.</p>
<p>This is called <strong>credential stuffing</strong>, and it works because people reuse passwords. If your email password is the same one you used on that random forum in 2019 that got breached, your business email is one automated script away from being owned.</p>
<h4 id="2-phishing">2. Phishing</h4>
<p>Someone sends you an email that looks like it&rsquo;s from Microsoft, your bank, or a supplier. There&rsquo;s a link. You click it. You land on a fake login page that looks identical to the real one. You type in your username and password. You&rsquo;ve just handed your credentials to a criminal.</p>
<p>Modern phishing is good. Really good. The fake pages are pixel-perfect. The sender addresses are close enough to fool you when you&rsquo;re busy. The urgency (&ldquo;Your account will be locked in 24 hours!&rdquo;) pushes you to act before thinking.</p>
<h4 id="3-no-multi-factor-authentication">3. No Multi-Factor Authentication</h4>
<p>Even if they get your password, MFA stops them cold. But if you don&rsquo;t have it enabled, a password is all they need. Full stop.</p>
<h4 id="4-session-hijacking">4. Session Hijacking</h4>
<p>You log into email on a public Wi-Fi at a café. Someone on the same network could intercept your session token. They don&rsquo;t need your password — they&rsquo;re already &ldquo;you&rdquo; as far as the server is concerned.</p>
<p>Less common for small businesses, but it happens. Especially if you&rsquo;re checking email at the airport, a hotel, or a coworking space.</p>
<h3 id="what-it-looks-like-when-youre-compromised">What It Looks Like When You&rsquo;re Compromised</h3>
<p>You might not know right away. Sophisticated attackers don&rsquo;t change your password (that would tip you off). They just quietly:</p>
<ul>
<li><strong>Read your emails</strong> to learn how your business works, who your suppliers are, how you talk to your bookkeeper</li>
<li><strong>Set up email forwarding rules</strong> to send copies of certain emails to their own address (you won&rsquo;t see this unless you check your settings)</li>
<li><strong>Send emails from your account</strong> to your contacts, your bank, your staff — whatever serves their purpose</li>
<li><strong>Access connected services</strong> — if your email is the recovery address for your bank, your accounting software, your domain registrar, they can reset passwords on all of them</li>
</ul>
<p>The business I mentioned earlier? The attacker watched their inbox for almost a week before making a move. They learned the business&rsquo;s patterns, who handled payments, what the boss&rsquo;s writing style looked like. Then they struck.</p>
<h3 id="how-to-lock-it-down">How to Lock It Down</h3>
<p>Here&rsquo;s your action list. Do these in order.</p>
<h4 id="step-1-unique-passwords-everywhere">Step 1: Unique Passwords Everywhere</h4>
<p>Every account gets its own password. No exceptions. Use a password manager — Bitwarden (free) or 1Password (paid, excellent). Let it generate random passwords. You don&rsquo;t need to remember them.</p>
<p>This single step eliminates credential stuffing entirely.</p>
<h4 id="step-2-multi-factor-authentication--everywhere">Step 2: Multi-Factor Authentication — Everywhere</h4>
<p>I covered this in the <a href="https://itmadesimple.co.nz/posts/security-audit-small-business/">security audit post</a>, but it bears repeating: <strong>MFA is the single most effective security measure you can take.</strong></p>
<p>Enable it on:</p>
<ul>
<li>Email (M365, Gmail, whatever you use)</li>
<li>Online banking</li>
<li>Accounting software</li>
<li>Domain registrar (this one gets overlooked — if someone takes over your domain, they can intercept all your email)</li>
<li>Cloud storage</li>
<li>Social media</li>
</ul>
<p>Use an authenticator app (Microsoft Authenticator, Google Authenticator, Authy) rather than SMS if possible. SMS is better than nothing, but it can be intercepted through SIM swapping.</p>
<h4 id="step-3-check-for-compromise-right-now">Step 3: Check for Compromise Right Now</h4>
<p>A few things to check today:</p>
<ul>
<li><strong>Recent login activity.</strong> In M365, go to your account security page and check recent sign-ins. Look for locations or devices you don&rsquo;t recognise. In Gmail, scroll to the bottom of your inbox and click &ldquo;Details&rdquo; under &ldquo;Last account activity.&rdquo;</li>
<li><strong>Email forwarding rules.</strong> Check if any rules are forwarding emails to an address you don&rsquo;t recognise. In Outlook: Settings &gt; Mail &gt; Forwarding. In Gmail: Settings &gt; Forwarding and POP/IMAP.</li>
<li><strong>Recovery email and phone number.</strong> Make sure your account recovery options actually point to your current email and phone number. Attackers often change these so they can regain access even after you change the password.</li>
</ul>
<h4 id="step-4-train-your-staff">Step 4: Train Your Staff</h4>
<p>This is the hard one. You can have the best technical controls in the world, but if your office manager clicks a phishing link and enters their credentials, the controls don&rsquo;t matter.</p>
<p>You don&rsquo;t need a corporate training program. You need a 10-minute conversation:</p>
<ul>
<li><strong>Don&rsquo;t click links in emails</strong> that ask you to log in. If Microsoft says your account is expiring, open a browser and go to microsoft.com directly. Don&rsquo;t click the link.</li>
<li><strong>Verify payment requests.</strong> Any email asking for a bank transfer, especially if it&rsquo;s &ldquo;urgent&rdquo; or &ldquo;confidential&rdquo; — verify by phone. Use a number you already have, not one in the email.</li>
<li><strong>Report weird stuff.</strong> If something feels off, tell someone. Don&rsquo;t feel embarrassed. The businesses that recover fastest are the ones where staff speak up quickly.</li>
</ul>
<h4 id="step-5-have-a-response-plan">Step 5: Have a Response Plan</h4>
<p>If the worst happens, what do you do?</p>
<ul>
<li><strong>Change passwords immediately</strong> — email first, then everything else</li>
<li><strong>Check forwarding rules and recovery options</strong></li>
<li><strong>Notify your bank</strong> if there&rsquo;s any chance financial accounts were accessed</li>
<li><strong>Notify your contacts</strong> — if the attacker sent emails from your address, let people know</li>
<li><strong>Check other accounts</strong> — if your email was compromised, assume any account that uses it as a recovery address is also at risk</li>
</ul>
<p>Write this down. Don&rsquo;t figure it out in the moment.</p>
<h3 id="the-bottom-line">The Bottom Line</h3>
<p>Email security isn&rsquo;t complicated. It&rsquo;s just unglamorous. Unique passwords, MFA, basic staff awareness, and knowing what to do if something goes wrong. That&rsquo;s it.</p>
<p>The businesses that get hit aren&rsquo;t the ones with bad luck. They&rsquo;re the ones that never turned on MFA, never checked who had access, and never talked to their staff about phishing.</p>
<p>Don&rsquo;t be that business.</p>
<hr>
<p><em>I&rsquo;ve put together a complete MFA rollout guide and staff awareness kit on Patreon — including step-by-step MFA setup for M365, a one-page staff handout on phishing, and an incident response checklist you can fill in with your own details. <a href="https://www.patreon.com/c/ITMadeSimple">Get it here</a>.</em></p>
]]></content:encoded></item><item><title>The Security Audit Every Small Business Should Do</title><link>https://itmadesimple.co.nz/posts/security-audit-small-business/</link><pubDate>Thu, 11 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/security-audit-small-business/</guid><description>Most small businesses have no idea how vulnerable they are. Here&amp;#39;s a practical security audit you can do yourself — no tools, no budget, just a checklist.</description><content:encoded><![CDATA[<p>I&rsquo;m going to ask you some questions. They&rsquo;re not comfortable. But answer them honestly, because criminals already know the answers — they&rsquo;re just waiting for you to keep ignoring them.</p>
<p>When was the last time you checked who still has access to your business email?</p>
<p>Do you know if your ex-employee&rsquo;s laptop still has your files on it?</p>
<p>Could someone walk into your office right now and plug a laptop into your network?</p>
<p>If you hesitated on any of those, this post is for you.</p>
<h3 id="why-security-audits-get-ignored">Why Security Audits Get Ignored</h3>
<p>Let&rsquo;s be honest — nobody wakes up excited to do a security audit. It&rsquo;s not fun. It doesn&rsquo;t directly make money. And for a small business owner already wearing every hat, it&rsquo;s the thing that gets pushed to next month every single month.</p>
<p>The problem is that &ldquo;never&rdquo; is how breaches happen. Not dramatic Hollywood hacking. Just someone reusing a password they leaked in a data breach three years ago, clicking a link in a voicemail redirecting as an email, or walking away from a computer that doesn&rsquo;t lock.</p>
<p>Small businesses are the perfect target. You&rsquo;ve got valuable data — customer details, bank access, supplier accounts — but you probably don&rsquo;t have the security guardrails that a larger company has. Hackers know this.</p>
<h3 id="the-audit--what-to-check-right-now">The Audit — What to Check Right Now</h3>
<p>Do all of these. Today, not tomorrow.</p>
<h4 id="1-who-has-access-to-what">1. Who Has Access to What?</h4>
<p>This is the big one.</p>
<ul>
<li><strong>List every system your business uses.</strong> Email, accounting software, bank accounts, social media, file storage, your website, Point of Sale system — everything.</li>
<li><strong>For each system, list who has a login.</strong> Not just current employees. Former employees too.</li>
<li><strong>Remove anyone who shouldn&rsquo;t have access.</strong> If &ldquo;Jake from three years ago&rdquo; still has admin access to your accounting software, that&rsquo;s a problem.</li>
</ul>
<p>Don&rsquo;t forget:</p>
<ul>
<li>Shared Wi-Fi passwords (especially in hospitality/retail)</li>
<li>Master accounts (the generic &ldquo;admin&rdquo; or &ldquo;office&rdquo; login everyone uses)</li>
<li>Third-party access (your accountant, your web developer, your MSP)</li>
</ul>
<p>If you don&rsquo;t have a list, that&rsquo;s problem one. Make the list. Fix it as you go.</p>
<h4 id="2-passwords--get-serious">2. Passwords — Get Serious</h4>
<p>I know. Everyone hates this topic. But it&rsquo;s still the number one way businesses get compromised.</p>
<ul>
<li><strong>Are you reusing passwords?</strong> If your QuickBooks password is the same as your email password, and your email gets breached, the attacker now owns your finances.</li>
<li><strong>Are you sharing passwords?</strong> Shared Gmail inboxes, shared logins to the bank — these are common in small business. They&rsquo;re also a nightmare when something goes wrong and you can&rsquo;t tell who did what.</li>
<li><strong>Get a password manager.</strong> Bitwarden is free for a single user and has a cheap team plan. 1Password is another option. Either is better than the spreadsheet on Karen&rsquo;s desktop called &ldquo;logins.xlsx&rdquo;.</li>
<li><strong>Prefer authenticator apps over SMS codes for MFA</strong> &ndash; SMS can be intercepted via SIM swapping. An authenticator app (like Microsoft Authenticator or Google Authenticator) is stronger protection.</li>
</ul>
<p>The goal: every person has their own login. Every system has a unique password. Nobody&rsquo;s writing passwords on a Post-it note stuck to their monitor. (You know who you are.)</p>
<h4 id="3-multi-factor-authentication--turn-it-on">3. Multi-Factor Authentication — Turn It On</h4>
<p>If you only do one thing from this entire post, make it this.</p>
<p>Turn on multi-factor authentication (MFA) on:</p>
<ul>
<li>Email (M365, Gmail — whichever you use)</li>
<li>Online banking</li>
<li>Accounting software</li>
<li>Cloud storage (OneDrive, Google Drive, Dropbox)</li>
<li>Social media accounts</li>
<li>Anything with customer data</li>
</ul>
<p>MFA means even if someone gets your password, they still can&rsquo;t log in without approving it on your phone. It blocks the vast majority of automated attacks.</p>
<p>Microsoft 365 makes this relatively straightforward — we covered MFA setup in a <a href="https://itmadesimple.co.nz/posts/what-is-microsoft-entra/">previous post</a>. email me if you need help.</p>
<h4 id="4-backups--test-them">4. Backups — Test Them</h4>
<p>We covered backups in <a href="https://itmadesimple.co.nz/posts/321-backup-rule-explained/">a previous post</a>, so I won&rsquo;t rehash the whole thing. But the audit question is simple: <strong>When did you last test a restore?</strong></p>
<p>If the answer is &ldquo;never&rdquo; or &ldquo;I don&rsquo;t remember,&rdquo; your backups might not actually work. Backups that you haven&rsquo;t tested are just hope with extra steps.</p>
<p>Pick a file from three months ago. Restore it. Confirm it works. Do the same thing next month. Build it into your routine.</p>
<p>Make sure at least one backup is offline or protected from deletion &ndash; ransomware that gets into your network can also wipe cloud backups.</p>
<h4 id="5-devices--whats-connected">5. Devices — What&rsquo;s Connected?</h4>
<p>Walk around your office. Count every device that connects to your network — computers, printers, phones, tablets, that random Raspberry Pi someone installed for a project two years ago.</p>
<p>Ask yourself:</p>
<ul>
<li>Are they all running current software? (Windows Updates, macOS updates, firmware on the router)</li>
<li>Do they all have passwords/PINs?</li>
<li>Do they lock automatically after a few minutes of inactivity?</li>
<li>Are they encrypted? (BitLocker on Windows, FileVault on Mac)</li>
<li>Is security software active on all devices? (Microsoft Defender is free and built into Windows)</li>
</ul>
<p>That old Windows 10 machine in the back office that &ldquo;still works fine&rdquo;? It&rsquo;s a liability. If it&rsquo;s running an unsupported operating system, it has known vulnerabilities that will never be patched. Replace it or isolate it from the network.</p>
<h4 id="6-physical-security--the-forgotten-layer">6. Physical Security — The Forgotten Layer</h4>
<p>You can have the best passwords in the world, but if someone can walk into your server room, none of it matters.</p>
<ul>
<li>Is your server cupboard locked?</li>
<li>Do you have a guest Wi-Fi network separate from your business machines?</li>
<li>What happens when a stranger walks in and says &ldquo;I&rsquo;m here to fix the printer&rdquo;? (Social engineering is real — verify, don&rsquo;t just trust)</li>
</ul>
<p>This sounds paranoid until the day it isn&rsquo;t.</p>
<h3 id="how-to-make-it-a-habit">How to Make It a Habit</h3>
<p>Don&rsquo;t try to fix everything in one day. Prioritise:</p>
<ol>
<li><strong>This week:</strong> Access audit and MFA everywhere. These are the highest-impact fixes.</li>
<li><strong>This month:</strong> Passwords sorted, backups tested, device inventory done.</li>
<li><strong>Ongoing:</strong> Quarterly review. Every three months, run through the checklist again. New employees, new devices, new software — things change.</li>
</ol>
<p>The goal isn&rsquo;t perfection. It&rsquo;s raising the bar high enough that automated attacks move on to an easier target.</p>
<h3 id="the-bottom-line">The Bottom Line</h3>
<p>You don&rsquo;t need a $50,000 security consultant or enterprise-grade tools. You need to spend a few hours going through a checklist and fixing the obvious stuff. Most small business breaches come from the same handful of basic failures — old passwords, no MFA, ex-employees who still have access, unpatched machines.</p>
<p>Fix the basics. You&rsquo;ll be ahead of 80% of small businesses overnight.</p>
<hr>
<p><em>Want a printable security audit checklist you can work through with timestamps and sign-off fields? I&rsquo;ve put together a full template on Patreon — covering every point above with checkboxes, priority ratings, and quarterly review trackers. <a href="https://www.patreon.com/c/ITMadeSimple">Grab it here</a>.</em></p>
]]></content:encoded></item><item><title>VMware vs Hyper-V: Which Should Your Business Use?</title><link>https://itmadesimple.co.nz/posts/vmware-vs-hyperv/</link><pubDate>Wed, 10 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/vmware-vs-hyperv/</guid><description>VMware and Hyper-V are the two big names in virtualization. But which one actually makes sense for a small business? Here is an honest comparison — no vendor loyalty, just what works.</description><content:encoded><![CDATA[<p>You&rsquo;ve got a server. It&rsquo;s running one thing. Maybe it&rsquo;s your file server, maybe it&rsquo;s a line-of-business app, maybe it&rsquo;s accounting software that only runs on Windows Server. It’s doing one job and using about 15% of the hardware.</p>
<p>That&rsquo;s wasteful. And expensive.</p>
<p>The fix is <strong>virtualization</strong> — running multiple &ldquo;virtual machines&rdquo; on one physical server. Instead of buying three servers for three jobs, you buy one decent box and run three virtual servers on it. Less hardware, less power, less cooling, less stuff to break.</p>
<p>But when you start looking into it, you hit a wall: <strong>VMware or Hyper-V?</strong> Everyone has an opinion. Most of the internet swears by VMware (or they did before Broadcom bought VMware, now everyone is looking to jump ship). Hyper-V doesn’t get as much attention, but it’s widely used and perfectly capable. And nobody explains it in a way that actually helps a small business owner decide.</p>
<p>So let&rsquo;s fix that.</p>
<h3 id="what-is-virtualization-quick-version">What Is Virtualization, Quick Version?</h3>
<p>A virtual machine (VM) is a computer that runs inside another computer. It thinks it&rsquo;s real — it&rsquo;s got its own operating system, its own memory, its own network connection — but it&rsquo;s actually sharing the physical hardware with other VMs.</p>
<p>The software that makes this happen is called a <strong>hypervisor</strong>. VMware and Hyper-V are both hypervisors. They&rsquo;re the layer between your physical hardware and the virtual machines running on top.</p>
<p>Why bother? Three reasons:</p>
<ol>
<li><strong>Consolidation.</strong> One physical server doing the work of three or four.</li>
<li><strong>Isolation.</strong> If one VM crashes, the others keep running. Your file server doesn&rsquo;t take down your accounting app.</li>
<li><strong>Recovery.</strong> You can back up an entire VM — operating system, apps, data, all of it — as a single unit. When something goes wrong, you restore the whole thing in minutes instead of reinstalling from scratch.</li>
</ol>
<h3 id="vmware-vsphere-esxi">VMware vSphere (ESXi)</h3>
<p>VMware is the big name in virtualization. They&rsquo;ve been doing it the longest, and their product — <strong>vSphere ESXi</strong> — is what most enterprises run.</p>
<p><strong>The good:</strong></p>
<ul>
<li><strong>Mature and rock-solid.</strong> This thing has been battle-tested in data centres for nearly two decades. It just works.</li>
<li><strong>Excellent performance.</strong> VMware&rsquo;s hypervisor is lean and efficient. You get more out of your hardware.</li>
<li><strong>vSphere Client.</strong> The web interface is clean and intuitive. Managing VMs, checking performance, setting up networks — it all makes sense.</li>
<li><strong>Snapshots.</strong> Take a point-in-time snapshot of a VM before you make changes. If it goes sideways, roll back. Invaluable.</li>
<li><strong>Huge ecosystem.</strong> Every backup tool, monitoring system, and management platform supports VMware. It&rsquo;s the default.</li>
</ul>
<p><strong>The not-so-good:</strong></p>
<ul>
<li><strong>It&rsquo;s expensive.</strong> VMware vSphere licensing isn&rsquo;t cheap, and since Broadcom acquired VMware, pricing has gotten worse. The free version (ESXi Free) exists but is severely limited — no vMotion, no central management, no backup API access. You basically can&rsquo;t use it properly in production.</li>
<li><strong>Broadcom uncertainty.</strong> Since the Broadcom acquisition, VMware has been killing off free tiers, raising prices, and generally making people nervous. A lot of businesses are actively looking for alternatives right now.</li>
<li><strong>Overkill for small setups.</strong> If you&rsquo;re running two or three VMs, you probably don&rsquo;t need enterprise-grade virtualization.</li>
</ul>
<h3 id="microsoft-hyper-v">Microsoft Hyper-V</h3>
<p>Hyper-V is Microsoft&rsquo;s hypervisor. It&rsquo;s built into Windows Server and Windows 10/11 Pro/Enterprise etc&hellip; Windows 10/11 Home edition doesn&rsquo;t include Hyper-V.</p>
<p><strong>The good:</strong></p>
<ul>
<li><strong>It&rsquo;s included with Windows Server.</strong> If you&rsquo;re already running Windows Server (and most small businesses are), Hyper-V comes with it. No extra licensing cost.</li>
<li><strong>Windows integration.</strong> If your business runs Windows — and it does — Hyper-V fits right in. Same management tools, same Active Directory, same update cycle.</li>
<li><strong>Hyper-V Manager is decent.</strong> It&rsquo;s not as polished as VMware&rsquo;s interface, but it works. For a small number of VMs, it&rsquo;s perfectly fine.</li>
<li><strong>No vendor lock-in anxiety.</strong> Microsoft isn&rsquo;t going to buy themselves and triple the price. Hyper-V isn&rsquo;t going anywhere.</li>
</ul>
<p><strong>The not-so-good:</strong></p>
<ul>
<li><strong>Linux VM support is ok</strong>, but VMware and Proxmox still tend to offer a smoother experience.</li>
<li><strong>The interface feels dated.</strong> Hyper-V Manager looks like it was designed in 2010 and never updated. It works, but it&rsquo;s not pretty.</li>
<li><strong>Snapshots are called &ldquo;checkpoints.&rdquo;</strong> They work fine, but they’re easy to misuse — especially if you leave them in place for too long. Like VMware snapshots, they’re not backups</li>
<li><strong>Less third-party support.</strong> Some backup tools and management platforms support Hyper-V, but the ecosystem isn&rsquo;t as deep as VMware&rsquo;s.</li>
</ul>
<h3 id="what-about-open-source-proxmox-and-xcp-ng">What About Open Source? Proxmox and XCP-ng</h3>
<p>I&rsquo;d be doing you a disservice if I didn&rsquo;t mention the open-source options. If you&rsquo;re reading this blog, there&rsquo;s a decent chance you&rsquo;re the kind of person who&rsquo;d rather run free software than pay for a licence — I know I am.</p>
<p><strong>Proxmox VE</strong> is the one to watch. It&rsquo;s a full virtualisation platform built on Debian Linux, with a proper web interface, built-in firewall, software-defined storage, and support for both VMs and containers. The base platform is completely free and open source (AGPLv3). They offer a paid subscription for enterprise support and access to a more stable package repository, but the free community repo works fine. Proxmox has been around since 2008 and it&rsquo;s mature, well-documented, and genuinely good.</p>
<p>The kicker: Proxmox includes backup built in. No separate Veeam licence, no API restrictions. You get scheduled backups, replication, and even built-in clustering — features that cost thousands on VMware. For a small business running a handful of VMs, it&rsquo;s hard to argue against.</p>
<p><strong>XCP-ng</strong> is an open-source fork of Citrix Hypervisor (formerly XenServer), typically paired with <strong>Xen Orchestra</strong> for management, which is open source with optional paid support. XCP-ng is solid and performant — Xen has powered large-scale cloud infrastructure (AWS relied on it for many years). With XCP-ng, management is typically done via the Xen Orchestra web UI, which is feature-rich, though generally considered less polished and tightly integrated than Proxmox’s interface.</p>
<p><strong>The honest comparison:</strong> Proxmox is the better choice for most small businesses. The web interface is excellent, the community is active, the documentation is good, and the backup story is simpler. XCP-ng is technically solid but can take a bit more effort to set up and manage, especially compared to Proxmox’s all-in-one experience.</p>
<p><strong>The catch with open source:</strong> You&rsquo;re your own support. There&rsquo;s no 1-800 number. If something breaks at 2am, you&rsquo;re on the forums and the documentation. If you&rsquo;ve got Linux chops (or want to learn), that&rsquo;s fine. If you need hand-holding, Hyper-V with its Windows familiarity might be the safer bet.</p>
<p>I&rsquo;ll cover Proxmox installation in detail on Patreon, with full setup, VM creation, and backup configuration walkthroughs. This one&rsquo;s worth getting right.</p>
<h3 id="head-to-head">Head to Head</h3>
<table>
	<thead>
			<tr>
					<th></th>
					<th>VMware vSphere</th>
					<th>Hyper-V</th>
					<th>Proxmox VE</th>
					<th>XCP-ng</th>
			</tr>
	</thead>
	<tbody>
			<tr>
					<td><strong>Cost</strong></td>
					<td>$$$ (licensing per CPU)</td>
					<td>Free with Windows Server</td>
					<td>Free (open source)</td>
					<td>Free (open source)</td>
			</tr>
			<tr>
					<td><strong>Ease of use</strong></td>
					<td>Excellent web interface</td>
					<td>Functional but dated</td>
					<td>Very good web interface</td>
					<td>Xen Orchestra (web UI)</td>
			</tr>
			<tr>
					<td><strong>Performance</strong></td>
					<td>Slightly better</td>
					<td>Very close</td>
					<td>Very close</td>
					<td>Very close</td>
			</tr>
			<tr>
					<td><strong>Linux VM support</strong></td>
					<td>Excellent</td>
					<td>Adequate</td>
					<td>Excellent</td>
					<td>Excellent</td>
			</tr>
			<tr>
					<td><strong>Backup ecosystem</strong></td>
					<td>Universal</td>
					<td>Good, fewer options</td>
					<td>Built-in + any Linux tool</td>
					<td>Xen Orchestra (backup built-in)</td>
			</tr>
			<tr>
					<td><strong>Stability</strong></td>
					<td>Battle-tested</td>
					<td>Solid</td>
					<td>Mature but younger</td>
					<td>Mature (Xen heritage)</td>
			</tr>
			<tr>
					<td><strong>Future outlook</strong></td>
					<td>Uncertain (Broadcom)</td>
					<td>Stable (Microsoft)</td>
					<td>Strong community</td>
					<td>Strong community</td>
			</tr>
			<tr>
					<td><strong>Support model</strong></td>
					<td>Paid/enterprise</td>
					<td>Microsoft docs/forums</td>
					<td>Community + paid subscription</td>
					<td>Community + paid Xen Orchestra</td>
			</tr>
			<tr>
					<td><strong>Best for</strong></td>
					<td>Enterprise</td>
					<td>Windows-only SMBs</td>
					<td>FOSS advocates, mixed OS</td>
					<td>Cloud veterans, mixed OS</td>
			</tr>
	</tbody>
</table>
<h3 id="my-honest-take-for-small-business">My Honest Take for Small Business</h3>
<p>If you&rsquo;re a small business running a handful of Windows-based VMs — file server, maybe a line-of-business app, maybe a domain controller — <strong>Hyper-V is the pragmatic choice.</strong></p>
<p>It&rsquo;s free (or already included), it&rsquo;s from a vendor you&rsquo;re already paying, and it does the job well enough. You&rsquo;re not running a data centre. You don&rsquo;t need vMotion and distributed switches and all the enterprise bells and whistles. You need something that runs your VMs reliably and doesn&rsquo;t cost extra.</p>
<p><strong>But</strong> — if you&rsquo;re comfortable with Linux, or willing to learn, <strong>Proxmox is the one I&rsquo;d actually recommend.</strong> It&rsquo;s free, it&rsquo;s open source, the web interface is excellent, and the built-in backup alone saves you from needing Veeam. For a FOSS-minded small business, it&rsquo;s the sweet spot between capability and complexity. XCP-ng is solid too, but Proxmox has the edge in usability and community.</p>
<p>Save the VMware budget for when you&rsquo;ve got ten VMs, a mix of Windows and Linux, and someone managing it full time. That&rsquo;s when it earns its keep.</p>
<h3 id="the-real-question-isnt-vmware-vs-hyper-v">The Real Question Isn&rsquo;t VMware vs Hyper-V</h3>
<p>It&rsquo;s whether you should be virtualising at all.</p>
<p>If you&rsquo;ve got a single physical server doing one thing, you&rsquo;re wasting money. Hardware is cheap compared to the downtime when that one server dies and you&rsquo;re reinstalling everything from scratch.</p>
<p>Virtualise it. Pick Hyper-V if you want the familiar Windows path, or Proxmox if you&rsquo;re ready to go open source. Get your VMs running. Set up proper backups — and I mean proper, not &ldquo;copy the VHD file while it&rsquo;s running.&rdquo; Use something that&rsquo;s VM-aware.</p>
<p>That&rsquo;s where the real payoff is. Not in which hypervisor you pick, but in actually doing it.</p>
<hr>
<p><em>I&rsquo;ve put together a complete installation and backup guide on Patreon — covering both VMware ESXi and Proxmox VE, with step-by-step VM creation and backup configuration for each. <a href="https://www.patreon.com/c/ITMadeSimple">Grab the guide here</a>.</em></p>
]]></content:encoded></item><item><title>What Is Microsoft Entra (Azure AD) and Why Should You Care?</title><link>https://itmadesimple.co.nz/posts/what-is-microsoft-entra/</link><pubDate>Mon, 08 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/what-is-microsoft-entra/</guid><description>Microsoft Entra (formerly Azure Active Directory) sounds like enterprise jargon — but it&amp;#39;s the backbone of your Microsoft 365 account. Here&amp;#39;s what it actually does and why it matters.</description><content:encoded><![CDATA[<p>You might have heard the term &ldquo;Microsoft Entra&rdquo; or &ldquo;Azure AD&rdquo; thrown around and immediately tuned out. Sounds like enterprise nonsense. Something that only big companies with dedicated IT teams need to worry about.</p>
<p>Fair enough. But here&rsquo;s the thing — if you use Microsoft 365, you&rsquo;re already using Entra. Whether you know it or not. It&rsquo;s the system that controls who can log in to your email, your files, your Teams — everything.</p>
<p>So let&rsquo;s demystify it.</p>
<h3 id="what-is-microsoft-entra-actually">What Is Microsoft Entra, Actually?</h3>
<p>Microsoft Entra ID (formerly Azure Active Directory, or Azure AD — Microsoft loves renaming things) is Microsoft&rsquo;s <strong>identity and access management</strong> service.</p>
<p>In plain English: it&rsquo;s the system that decides <strong>who gets in</strong> and <strong>what they can see</strong> once they&rsquo;re in.</p>
<p>Every time you log in to Outlook, OneDrive, Teams, or any Microsoft 365 service, Entra is the bouncer at the door. It checks your username, verifies your password, maybe asks for your MFA code, and then lets you through.</p>
<p>That&rsquo;s it. That&rsquo;s the core job. It&rsquo;s the lock on the front door.</p>
<h3 id="why-the-name-changes">Why the Name Changes?</h3>
<p>Quick sidebar because I know someone is wondering — yes, this used to be called Azure Active Directory, and yes, Microsoft renamed it to Entra ID, and yes, it&rsquo;s confusing.</p>
<p>Here&rsquo;s the deal: &ldquo;Azure Active Directory&rdquo; was a terrible name. While it shared some high-level concepts with the traditional Active Directory you might know from on-premises Windows servers — users, groups, authentication — it was a completely different architecture underneath. The name made people assume it was just Active Directory in the cloud. It wasn&rsquo;t. That caused endless confusion. So Microsoft split the identity product line into &ldquo;Entra&rdquo; and now it&rsquo;s called <strong>Microsoft Entra ID</strong>.</p>
<p>Same product. Shiny new name. If you see Azure AD in older documentation, it&rsquo;s the same thing. Old habits die hard — you&rsquo;ll still see Azure AD everywhere in older docs, scripts, and PowerShell modules. Just know it&rsquo;s the same thing with a new label.</p>
<h3 id="what-does-it-actually-do">What Does It Actually Do?</h3>
<p>Let&rsquo;s get specific about what Entra handles day to day in a small business:</p>
<p><strong>1. User accounts and passwords.</strong>
Every person in your business who has a Microsoft 365 account — that account lives in Entra. Their username, password, display name, job title, all of it. You manage users through the Microsoft 365 admin centre (which is backed by Entra).</p>
<p><strong>2. Single Sign-On (SSO).</strong>
If your device is set up with your work account, you’ll often sign in once to your computer and won’t be prompted again when you open apps like Teams. That’s Entra working behind the scenes — one login, access to everything. It’s more convenient and more secure than using separate passwords everywhere.</p>
<p><strong>3. Multi-Factor Authentication (MFA).</strong>
This is the big one. MFA means that even if someone gets your password, they still can&rsquo;t log in without the second factor — usually a code from an app on your phone.</p>
<p>Without MFA, your password is the only thing standing between a hacker and your business email, files, and customer data. That&rsquo;s one lock. MFA adds a second. Simple concept, massive impact.</p>
<p><strong>4. Conditional Access.</strong>
This is where it gets powerful. Conditional Access lets you set rules about <em>how</em> and <em>where</em> people can log in. For example:</p>
<ul>
<li>Only allow logins from New Zealand</li>
<li>Require MFA if someone is logging in from a new device</li>
<li>Block logins from countries you don&rsquo;t operate in</li>
<li>Only allow company-managed devices to access certain files</li>
</ul>
<p>Business Premium includes Conditional Access. Basic and Standard rely on Security Defaults, which enforces MFA automatically but with less flexibility.</p>
<p><strong>5. Device management (with Intune).</strong>
If you add Intune to the mix (Business Premium), Entra tells Intune which devices are trusted and which aren&rsquo;t. A company laptop that&rsquo;s been set up properly? Fine. A random personal laptop from a coffee shop? Maybe not.</p>
<h3 id="why-should-you-care">Why Should You Care?</h3>
<p>Because identity is the new firewall.</p>
<p>Old school IT thinking was: build a strong perimeter. Get a good firewall, lock down the network, and you&rsquo;re safe. That worked when everyone worked in an office and all the computers were plugged into the same network.</p>
<p>That&rsquo;s not how most businesses work anymore. People work from home. They check email on their phones. They log into SharePoint from their laptop at the airport. The perimeter is gone.</p>
<p>So what&rsquo;s left? <strong>Identity.</strong> The only thing that matters now is: is this person actually who they say they are, and should they be allowed to access this thing?</p>
<p>That&rsquo;s Entra&rsquo;s job. And if you&rsquo;re not paying attention to it — if MFA isn&rsquo;t enabled, if former employees still have active accounts, if you&rsquo;ve got no control over what devices can access your data — you&rsquo;ve got a gaping hole in your security and you don&rsquo;t even know it&rsquo;s there.</p>
<h3 id="the-scary-bit">The Scary Bit</h3>
<p>Here&rsquo;s what keeps me up at night when I think about small businesses:</p>
<p>The number one way business accounts get compromised is <strong>stolen or phished passwords</strong>. Someone gets tricked into entering their Microsoft 365 password on a fake login page. The hacker now has their username and password. They log in. They read emails. They access files. They send <em>from that person&rsquo;s email</em> to suppliers with new bank account details.</p>
<p>Sound far-fetched? It happens <em>constantly</em>.</p>
<p>And the fix is dead simple: <strong>enable MFA.</strong> If you do nothing else after reading this post, go turn on MFA for every user in your Microsoft 365 account.</p>
<p>With MFA enabled, the stolen password is useless. The hacker needs the second factor — the code from your phone — and they don&rsquo;t have it.</p>
<p>It&rsquo;s not bulletproof. Nothing is. But according to Microsoft, MFA stops over 99.2% of identity-based account compromise attacks dead in their tracks.</p>
<h3 id="what-about-business-standard-users">What About Business Standard Users?</h3>
<p>If you&rsquo;re on Business Standard, you still get basic MFA and user management through Entra. You just don&rsquo;t get the fancier conditional access policies and Intune integration.</p>
<p>Here&rsquo;s what you should still do:</p>
<ol>
<li><strong>Enable MFA for every user.</strong> No exceptions. Not just the important ones. Everyone.</li>
<li><strong>Use the Microsoft Authenticator app.</strong> It&rsquo;s free, it works well, and it&rsquo;s easier than SMS codes.</li>
<li><strong>Remove accounts for people who&rsquo;ve left.</strong> When someone leaves your business — voluntarily or otherwise — disable their account immediately. Don&rsquo;t leave old accounts sitting there. They&rsquo;re an open door.</li>
<li><strong>Check sign-in logs occasionally.</strong> In the Entra admin centre, you can see who&rsquo;s been logging in and from where. If you see a login from Nigeria and you don&rsquo;t have staff in Nigeria, something&rsquo;s wrong.</li>
</ol>
<h3 id="how-to-enable-mfa-quick-version">How to Enable MFA (Quick Version)</h3>
<p>There are two approaches depending on your licence. Pick the one that applies to you.</p>
<p><strong>Option A: Security Defaults (Business Basic / Business Standard)</strong></p>
<p>This is the simplest option. Security Defaults enforces MFA for all users with no configuration needed.</p>
<ol>
<li>Go to <a href="https://entra.microsoft.com">entra.microsoft.com</a></li>
<li>Sign in as at least a Conditional Access Administrator</li>
<li>Navigate to <strong>Entra ID → Overview → Properties</strong></li>
<li>Click <strong>Manage Security Defaults</strong></li>
<li>Set it to <strong>Enabled</strong></li>
<li>Save</li>
<li>Tell your staff to download Microsoft Authenticator and set it up — they&rsquo;ll be prompted on their next login</li>
</ol>
<p><strong>Option B: Conditional Access Policy (Business Premium)</strong></p>
<p>If you&rsquo;re on Business Premium, you have Entra ID P1 and can create Conditional Access policies for more control.</p>
<ol>
<li>Go to <a href="https://entra.microsoft.com">entra.microsoft.com</a></li>
<li>Sign in as at least a Conditional Access Administrator</li>
<li>Navigate to <strong>Entra ID → Conditional Access</strong></li>
<li>Click <strong>New Policy</strong></li>
<li>Under <strong>Users</strong>, select <strong>All users</strong></li>
<li>Under <strong>Target resources</strong>, select <strong>All cloud apps</strong></li>
<li>Under <strong>Grant</strong>, select <strong>Require multifactor authentication</strong></li>
<li>Set <strong>Enable policy</strong> to <strong>On</strong> and save</li>
<li>Tell your staff to download Microsoft Authenticator and set it up</li>
</ol>
<blockquote>
<p><strong>Note:</strong> Microsoft is phasing out the older per-user MFA page. Don&rsquo;t use it for new setups — use Security Defaults or Conditional Access instead.</p>
</blockquote>
<p>Staff grumble about MFA for about a week. Then they forget it&rsquo;s even there. It becomes second nature. Don&rsquo;t let a bit of initial pushback stop you from enabling it.</p>
<h3 id="the-bottom-line">The Bottom Line</h3>
<p>Microsoft Entra isn&rsquo;t just enterprise jargon. It&rsquo;s the lock on the door of your entire digital business. If you&rsquo;re on Microsoft 365 — which most businesses are — you&rsquo;re already using it.</p>
<p>The question is: are you using it well? Is MFA on? Are old accounts disabled? Do you know who has access to what?</p>
<p>If you can&rsquo;t answer those questions, it&rsquo;s time to take a look. Not next month. This week.</p>
<hr>
<p><em>I&rsquo;ve put together a step-by-step MFA setup guide on Patreon — covering both Security Defaults and Conditional Access, with a staff onboarding email template you can send to your team and a monthly security checklist. <a href="https://www.patreon.com/c/ITMadeSimple">Grab the guide here</a>.</em></p>
]]></content:encoded></item><item><title>M365 Licensing — Which Plan Does Your Business Actually Need?</title><link>https://itmadesimple.co.nz/posts/m365-licensing-which-plan/</link><pubDate>Fri, 05 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/m365-licensing-which-plan/</guid><description>Microsoft 365 has more plans than an airline has seats. Here&amp;#39;s a plain English breakdown of what each one actually gives you, and which one makes sense for a small business.</description><content:encoded><![CDATA[<p>If you&rsquo;ve ever tried to compare Microsoft 365 business plans, you know the experience. You end up on a Microsoft comparison table with 47 columns, a dozen feature names you&rsquo;ve never heard of, and absolutely no idea which one you actually need.</p>
<p>I don&rsquo;t know about you, but I didn&rsquo;t get into IT to become a licensing consultant.</p>
<p>Here&rsquo;s the thing though — picking the right plan matters. Pay too little and you miss out on features your business actually needs. Pay too much and you&rsquo;re burning cash on stuff you&rsquo;ll never use. Let&rsquo;s cut through the noise.</p>
<h3 id="the-three-that-actually-matter-for-small-business">The Three That Actually Matter for Small Business</h3>
<p>Microsoft has a <em>lot</em> of plans. There are enterprise plans, education plans, frontline worker plans, non-profit plans&hellip; it goes on. But for a typical small business — say, 2 to 50 employees — there are really only three you should be looking at:</p>
<p><strong>Microsoft 365 Business Basic</strong> (<del>$9.70 NZD/user/month)
<strong>Microsoft 365 Business Standard</strong> (</del>$20.20 NZD/user/month)
<strong>Microsoft 365 Business Premium</strong> (~$35.60 NZD/user/month)
<img loading="lazy" src="/posts/m365-licensing-which-plan/o365-costs.png" type="" alt=""  />
Let&rsquo;s break them down.</p>
<h3 id="business-basic--the-essentials">Business Basic — The Essentials</h3>
<p>This is the entry point. For about $9.70 per person per month you get:</p>
<ul>
<li>Email via Outlook (50GB per user)</li>
<li>OneDrive storage (1TB per user)</li>
<li>Microsoft Teams (chat, video calls, meetings)</li>
<li>SharePoint (shared file storage)</li>
<li>Web and mobile versions of Word, Excel, PowerPoint</li>
</ul>
<p>What you <strong>don&rsquo;t</strong> get is the desktop versions of Office. No installed Word, no Excel on your actual computer. Just the web versions.</p>
<p>This plan works if your team is happy working in a browser. Some businesses genuinely are. But in my experience, most people want the full desktop apps. They want Excel with all the features, Outlook on their taskbar, and Word that doesn&rsquo;t need an internet connection to open.</p>
<p>If you&rsquo;ve got a couple of staff and they just need email, file storage, and Teams, this might be all you need. But if anyone needs to work on complex Excel spreadsheets or use Outlook offline, you&rsquo;re going to hit limits fast.</p>
<h3 id="business-standard--the-sweet-spot">Business Standard — The Sweet Spot</h3>
<p>For about $22.20 per person per month — double the Basic plan — you get everything above <strong>plus</strong>:</p>
<ul>
<li><strong>Desktop versions</strong> of Word, Excel, PowerPoint, Outlook, and OneNote</li>
<li>Everything installs and runs locally on your computer</li>
<li>Works offline (you don&rsquo;t need the internet to open and edit files)</li>
</ul>
<p>This is where most small businesses should be. You get the full Office experience everyone is used to, cloud file storage, email, Teams — the lot.</p>
<p>For the extra 12 ish dollars per user per month over Basic, you get the actual Office apps. That&rsquo;s a no-brainer for almost every business.</p>
<h3 id="business-premium--when-you-need-the-extras">Business Premium — When You Need the Extras</h3>
<p>At about $35.60 per user/month, you get everything in Standard <strong>plus</strong>:</p>
<ul>
<li><strong>Intune</strong> (device management — manage laptops, phones, and tablets)</li>
<li><strong>Entra ID P1</strong> (identity and access management — conditional access, MFA controls)</li>
<li><strong>Azure Information Protection</strong> (control who can open, forward, or print sensitive files)</li>
<li><strong>Advanced threat protection</strong> (safer email, anti-phishing)</li>
</ul>
<p>This is where it gets interesting — and where most small businesses overpay.</p>
<p>If you&rsquo;re a business with 5 employees and you&rsquo;ve got one shared laptop in the office, you almost certainly do not need Intune. You don&rsquo;t need conditional access policies. You don&rsquo;t need AIP.</p>
<p>But if you&rsquo;ve got staff working from home on their own devices, or you handle sensitive data (customer info, financial records, health data), or you&rsquo;re in a regulated industry, then Premium starts making sense. Intune lets you enforce security policies on every device that accesses your data. Entra ID lets you control who can log in and from where.</p>
<p>If you are choosing this level you really need a dedicated IT support person at the very least. Managing Intune, Entra/Azure is a beast and it takes a person working with it full time to understand it.</p>
<h3 id="side-quest-the-microsoft-licensing-treadmill">Side Quest: The Microsoft Licensing Treadmill</h3>
<p>Here&rsquo;s something that grinds my gears. Microsoft keeps changing plan names, shuffling features between tiers, and making it harder to compare. Features that were in Business Standard get moved to Premium. New plan names appear. Old ones get retired. It&rsquo;s a <em>deliberate</em> strategy to keep you slightly confused so you just pick a plan and stop asking questions.</p>
<p>Don&rsquo;t play that game. Know what you&rsquo;re paying for. If you don&rsquo;t use Intune, don&rsquo;t pay for Intune. Downgrade.</p>
<h3 id="so-which-one-should-you-pick">So Which One Should You Pick?</h3>
<p>Here&rsquo;s my quick and dirty guide:</p>
<p><strong>If your team just needs email, file storage, and web-based Office:</strong>
→ Business Basic</p>
<p><strong>If your team needs the full desktop Office apps (Word, Excel, Outlook, etc.):</strong>
→ Business Standard</p>
<p><strong>If you have remote staff, handle sensitive data, or need to control who accesses what:</strong>
→ Business Premium</p>
<p>For most small businesses I&rsquo;d say the answer is <strong>Business Standard</strong>. It&rsquo;s the plan where nothing important is missing and you&rsquo;re not paying for enterprise features you&rsquo;ll never touch.</p>
<h3 id="hidden-costs-nobody-talks-about">Hidden Costs Nobody Talks About</h3>
<p>A few things to watch for:</p>
<p><strong>It&rsquo;s per user, not per device.</strong> If someone has a desktop, a laptop, and a phone, that&rsquo;s still one license. That&rsquo;s actually good news. But if you&rsquo;ve got 10 employees and only 5 computers, you still need 10 licenses if all 10 people need email and file access.</p>
<p><strong>Domain name required.</strong> You probably want email that&rsquo;s <code>you@yourbusiness.co.nz</code>, not <code>yourbusiness.onmicrosoft.com</code>. That means you need a domain, which is an extra ~$15-20/year. Worth it for the professionalism alone. In my humble opinion this is one of the things that turns me away from a business. Instead of <a href="mailto:battler@myplumbing.co.nz">battler@myplumbing.co.nz</a> they expect me to email <a href="mailto:myplumbing@gmail.com">myplumbing@gmail.com</a>. That&rsquo;s a deal breaker for me.</p>
<p><strong>Migration takes longer than you think.</strong> If you&rsquo;re moving from Gmail or another provider, budget for a weekend or two of setting things up properly. Don&rsquo;t try to do it on a Monday morning.</p>
<p><strong>You&rsquo;ll almost certainly need help setting it up.</strong> Intune and Entra are powerful but they&rsquo;re not simple. If you&rsquo;re going Premium, factor in some setup help from an IT person. Even if it&rsquo;s just a few hours to get the basics configured. Even better, keep them on hand for any changes you need to make, I can&rsquo;t see someone fighting fires with their biz coming home and expecting to know what to do with Intune and or Entra.</p>
<h3 id="the-bottom-line">The Bottom Line</h3>
<p>Don&rsquo;t overthink it and don&rsquo;t overpay. Most businesses need Business Standard, a few can get away with Basic, and Premium is for businesses that actually need the security features.</p>
<p>And whatever you pick, make sure you&rsquo;re actually using what you&rsquo;re paying for. I&rsquo;ve seen businesses on the Premium plan for &ldquo;the security&rdquo; and then never configure a single Intune policy. You&rsquo;re just lighting money on fire at that point.</p>
<hr>
<p><em>Need help deciding or want a checklist for setting up your chosen plan? I&rsquo;ve put together a companion guide on Patreon that walks you through the decision process step by step. <a href="https://www.patreon.com/cw/ITMadeSimple">Check it out here</a>.</em></p>
]]></content:encoded></item><item><title>The 3-2-1 Backup Rule Explained</title><link>https://itmadesimple.co.nz/posts/the-321-backup-rule-explained/</link><pubDate>Tue, 02 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/the-321-backup-rule-explained/</guid><description>The 3-2-1 backup rule is the gold standard for protecting your business data. Here&amp;#39;s what it actually means and how to do it without breaking the bank.</description><content:encoded><![CDATA[<p>In a <a href="https://itmadesimple.co.nz/posts/what-backup-actually-means/">recent post</a> we covered the difference between syncing and backing up — and why OneDrive or Google Drive alone won&rsquo;t save you when things go sideways.</p>
<p>This time, let&rsquo;s talk about what a proper backup strategy actually looks like. There&rsquo;s a well-known framework for this, and it&rsquo;s refreshingly simple.</p>
<p>It&rsquo;s called the <strong>3-2-1 Backup Rule</strong>.</p>
<h3 id="what-is-the-3-2-1-rule">What Is the 3-2-1 Rule?</h3>
<p>The concept comes from <a href="https://en.wikipedia.org/wiki/Backup#:~:text=relational%20database.-,3%2D2%2D1%20Backup%20Rule,-%5Bedit%5D">Peter Krogh</a>, a photographer who was thinking about how to protect his life&rsquo;s work. It&rsquo;s since become the gold standard for data protection across every kind of business.</p>
<p>The rule is:</p>
<blockquote>
<p><strong>3</strong> copies of your data
<strong>2</strong> different types of storage
<strong>1</strong> copy stored offsite</p>
</blockquote>
<p>That&rsquo;s it. Three lines. But each one matters, and most grassroots businesses aren&rsquo;t following any of them.</p>
<p>Let&rsquo;s break it down.</p>
<h3 id="3-copies-of-your-data">3 Copies of Your Data</h3>
<p>This means the original data on your computer, plus <strong>two separate backups</strong>. Not one backup — two.</p>
<p>Why two? Because your single backup can fail. Hard drives die. USB sticks get lost. Cloud accounts get compromised. If you only have one backup and it&rsquo;s corrupted or missing when you need it, you&rsquo;re in the same position as someone with no backups at all.</p>
<p>The good news: copies don&rsquo;t all need to be full system images. One could be an image backup of your entire machine, and the other could be a copy of your critical business files — accounting data, customer records, emails, whatever would hurt most to lose.</p>
<h3 id="2-different-types-of-storage">2 Different Types of Storage</h3>
<p>Don&rsquo;t put both backups on the same kind of device. If both backups are on external hard drives and one fails due to a manufacturing defect, the other might not be far behind — same batch, same usage, same environment.</p>
<p>Instead, use <strong>two different storage mediums</strong>:</p>
<ul>
<li><strong>External hard drive or NAS</strong> (Network Attached Storage) at your office — for fast, local restores</li>
<li><strong>Cloud backup</strong> (Backblaze, Wasabi, Azure Blob, AWS S3) — for protection against physical disasters</li>
</ul>
<p>The point is diversity. Different storage types fail in different ways. Cover more bases.</p>
<h3 id="1-copy-stored-offsite">1 Copy Stored Offsite</h3>
<p>This is the one most people skip. Your office has a fire, flood, theft, or power surge — and suddenly your computer and your backup drive are both gone.</p>
<p>An offsite copy means at least one backup lives somewhere physically separate from your business. For a small business, this doesn&rsquo;t have to mean a data centre. It can mean:</p>
<ul>
<li>A cloud backup service (the most practical option for most)</li>
<li>An external drive you rotate weekly to someone&rsquo;s home</li>
<li>A NAS at your house if the business is at your shop</li>
</ul>
<p>The cloud option is honestly the easiest for a grassroots business. Once it&rsquo;s set up, it runs automatically. No one has to remember to take a hard drive home on a Friday.</p>
<h3 id="what-this-looks-like-in-practice">What This Looks Like in Practice</h3>
<p>Let&rsquo;s say you run a plumbing business with one office computer and a server.</p>
<p><strong>Copy 1 (Original):</strong> Your live data on the office computer and server.</p>
<p><strong>Copy 2 (Local backup):</strong> A NAS device in the office running daily backups of everything. If your server dies, you restore from the NAS. Done in minutes, not days.</p>
<p><strong>Copy 3 (Offsite/Cloud):</strong> A cloud backup service running nightly, pushing encrypted backups offsite. If the office burns down, you buy a new computer, connect to the cloud, and start restoring. You&rsquo;re operational again within a day or two instead of starting from scratch.</p>
<p>That&rsquo;s the 3-2-1 rule in action. Not complicated, not expensive, but dramatically better than nothing.</p>
<h3 id="what-about-the-cost">What About the Cost?</h3>
<p>This is where I expect some pushback: &ldquo;Yeah, but I&rsquo;m a tradie with 3 employees. I can&rsquo;t afford a NAS and a cloud service.&rdquo;</p>
<p>Here&rsquo;s the thing — you can&rsquo;t afford not to. A decent 2-bay NAS runs about $300-400 NZD. A 4TB external drive is around $100. Cloud backup for a small business runs about $50-100/month depending on how much data you have.</p>
<p><img loading="lazy" src="/posts/the-321-backup-rule-explained/nas-example.png" type="" alt=""  /></p>
<p>Compare that to the cost of losing all your business data. Customer records, invoices, job records, accounting files. The stuff you actually run your business on. What&rsquo;s that worth?</p>
<p>And you don&rsquo;t have to do it all at once. Start with an external drive and a cloud backup first. Add a NAS later. The key is to <strong>start</strong>.</p>
<h3 id="the-bare-minimum">The Bare Minimum</h3>
<p>If budget is genuinely tight, here&rsquo;s the absolute baseline:</p>
<ul>
<li><strong>Copy 1:</strong> Your computer (original)</li>
<li><strong>Copy 2:</strong> External hard drive plugged in at the office, backing up weekly</li>
<li><strong>Copy 3:</strong> Cloud backup service running automatically</li>
</ul>
<p>This costs you about <strong>$8-10/week</strong> for a basic cloud backup and possibly a one-time cost for an external drive. Less than most people spend on coffee.</p>
<p>If that&rsquo;s still too much, I&rsquo;d challenge you to think about what your business data is worth. Because the question isn&rsquo;t really &ldquo;Can I afford to back up?&rdquo; It&rsquo;s &ldquo;Can I afford not to?&rdquo;</p>
<h3 id="automate-or-forget">Automate or Forget</h3>
<p>The biggest enemy of backups isn&rsquo;t cost — it&rsquo;s forgetting. If backing up requires someone to plug in a drive, click a button, or remember to do something, it will eventually get skipped.</p>
<p><strong>Automate everything you can.</strong> Set your backup software to run on a schedule. Cloud backups should be continuous or nightly. A local backup should run at least weekly, ideally daily.</p>
<p>Set it and forget it. Except for one thing: verify.</p>
<h3 id="test-your-backups-seriously">Test Your Backups. Seriously.</h3>
<p>I mentioned this in the <a href="https://itmadesimple.co.nz/posts/what-backup-actually-means/">last post</a> but it bears repeating: a backup you&rsquo;ve never tested is just a guess.</p>
<p>Pick a file. Restore it from your backup. Confirm it works. Do this every month or so. It takes five minutes. It&rsquo;s the difference between &ldquo;I think we&rsquo;re backed up&rdquo; and &ldquo;I <strong>know</strong> we&rsquo;re backed up.&rdquo;</p>
<h3 id="the-3-2-1-rule-is-a-starting-point">The 3-2-1 Rule Is a Starting Point</h3>
<p>This rule doesn&rsquo;t cover everything — you also need to think about how often you back up (daily? hourly?), how long you keep old backups (30 days? 90 days?), and what you&rsquo;re actually backing up (just files? system images? email?).</p>
<p>But the 3-2-1 rule is the foundation. Nail this first. Build on it later.</p>
<p>If you follow nothing else, do this:</p>
<ol>
<li>Buy an external hard drive</li>
<li>Set up a cloud backup service</li>
<li>Automate both to run on a schedule</li>
<li>Test a restore once a month</li>
</ol>
<p>That&rsquo;s it. You&rsquo;re ahead of 90% of small businesses already.</p>
<hr>
<p><em>Want a step-by-step walkthrough of setting this up? I&rsquo;ve put together a companion guide on Patreon that walks you through choosing a cloud provider, setting up automated backups, and creating a restore checklist. <a href="https://www.patreon.com/cw/ITMadeSimple">Check it out on Patreon</a>.</em></p>
]]></content:encoded></item><item><title>To AI or Not to AI</title><link>https://itmadesimple.co.nz/posts/to-ai-or-not-to-ai/</link><pubDate>Sun, 24 May 2026 08:12:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/to-ai-or-not-to-ai/</guid><description>A little AI self reflection</description><content:encoded><![CDATA[<h3 id="the-conundrum">The Conundrum</h3>
<p>After my last post, <a href="https://itmadesimple.co.nz/posts/10-things-it-pros-dont-want-you-to-know/">&ldquo;10 Things IT Pros Don&rsquo;t Want You to Know&rdquo;</a>, I did some soul-searching. I realised I might be <strong>leaning on AI too much to solve my problems</strong>.</p>
<p>Where would I be if AI suddenly imploded and shat itself?</p>
<p>Is AI making me a <strong>better, more constructive team member</strong>, or is it slowly turning me into a moron like those in <a href="https://www.imdb.com/title/tt0387808/"><em>Idiocracy</em></a> (great movie, by the way)?</p>
<p>So, with that said&hellip; <strong>what’s the plan moving forward?</strong></p>
<hr>
<h3 id="a-very-real-problem">A Very Real Problem</h3>
<p>I’ve dabbled with AI music—both as a consumer and a creator.</p>
<p>At first, I didn’t even realise I was listening to AI-generated music. Like I always do when I find a song I enjoy, I went looking for more tracks from the same artist. The assumption is simple: </p>
<blockquote>
<p><em>If they’ve got one banger, they must have more.</em></p>
</blockquote>
<p>Well… this artist had banger after banger.</p>
<p>Normally, that’s a good thing—but this time, it became clear that they weren’t a real band.</p>
<p>Not entirely bad, though. I liked the music (if you can call it that), and at the end of the day, it made my commute more enjoyable.</p>
<p>That got me thinking: </p>
<blockquote>
<p><em>“Alright, let’s try this AI music thing.”</em></p>
</blockquote>
<p>Within <strong>15 minutes</strong>, with minimal prompting, I was pumping out some surprisingly passable tracks.</p>
<hr>
<h3 id="so-whats-the-issue">So What’s the Issue?</h3>
<p>Here’s where things get murky.</p>
<p>Some AI music platforms may have trained their models on <strong>real musicians’ work without permission</strong>. That puts us in a bit of a <strong>quagmire</strong>:</p>
<ul>
<li>On one hand: 
  AI is an <strong>incredible tool</strong> for quickly mocking up ideas.</li>
<li>On the other hand: 
  It’s potentially <strong>lifting from real artists without credit, compensation, or acknowledgment</strong>.</li>
</ul>
<p>That’s… not great.</p>
<hr>
<h3 id="the-aha-moment">The <em>Aha!</em> Moment</h3>
<p>I stumbled across this video: </p>
<p>👉 <a href="https://www.youtube.com/watch?v=Z8aLGHmnRyc">Poison Your Data. Fight Back Against AI</a></p>
<p>Which led me to: </p>
<p>👉 <a href="https://www.youtube.com/watch?v=xMYm2d9bmEA">The Art of Poison-Pilling Music Files</a></p>
<p>These two videos genuinely <strong>shifted my perspective on AI</strong>.</p>
<p>Then came the final piece of the puzzle: </p>
<p>👉 <a href="https://www.youtube.com/watch?v=jPDKbSZfXQE">CyberCPU</a></p>
<p>He talks about stepping back from creating how-to content because AI is <strong>scraping and repackaging his work without attribution</strong>.</p>
<p>And honestly? That hit home.</p>
<hr>
<h3 id="whats-the-big-problem">What’s the Big Problem?</h3>
<p>If AI is pulling its knowledge from everyday creators—musicians, bloggers, YouTubers like CyberCPU—then what happens when those people stop creating?</p>
<p>We end up with a dangerous cycle:</p>
<blockquote>
<p><strong>Creators stop → content dries up → AI quality drops → everything gets worse</strong></p>
</blockquote>
<p>No fresh ideas. </p>
<p>No new tutorials. </p>
<p>No original music. </p>
<p>Just increasingly mediocre output built on stale data.</p>
<p>In the long run, <strong>AI actually depends on humans continuing to create</strong>. Without that, the whole system degrades.</p>
<hr>
<h3 id="the-plan-moving-forward">The Plan Moving Forward</h3>
<p>I’m not ditching AI—but I <em>am</em> changing how I use it.</p>
<p>For example, in Microsoft Copilot, you can define <strong>custom instructions</strong>:</p>
<p><img loading="lazy" src="/posts/to-ai-or-not-to-ai/custom-instructions.png" type="" alt=""  /></p>
<p>You can tell it <em>how</em> to respond, <em>what tone to use</em>, and even <em>how to behave</em>. </p>
<p>(Not that asking it to speak in a Jamaican accent is particularly useful… but it might be good for a laugh.)</p>
<h4 id="my-new-rules">My New Rules:</h4>
<ul>
<li>
<p>✅ <strong>Always require references</strong> for answers </p>
</li>
<li>
<p>✅ <strong>Double-check outputs</strong> instead of blindly trusting them </p>
</li>
<li>
<p>✅ Use AI as a <strong>learning tool</strong>, not a crutch </p>
</li>
</ul>
<p>At the very least, AI should point me toward <strong>real sources and creators worth acknowledging</strong>.</p>
<hr>
<h3 id="final-thought">Final Thought</h3>
<blockquote>
<p><strong>Don’t trust. Verify.</strong></p>
</blockquote>
<p>If I can use AI to <em>learn better</em>, rather than <em>think less</em>, then maybe there’s a balance to strike after all.</p>
]]></content:encoded></item><item><title>10 Things IT Professionals don't want you to know</title><link>https://itmadesimple.co.nz/posts/10-things-it-pros-dont-want-you-to-know/</link><pubDate>Wed, 13 May 2026 08:12:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/10-things-it-pros-dont-want-you-to-know/</guid><description>Things you should probably know but we don&amp;#39;t want you to</description><content:encoded><![CDATA[<h3 id="1-we-would-be-lost-without-google">1. We would be lost without Google</h3>
<p>When you have a problem and I don&rsquo;t know the answer <em>I search it</em>. I personally don&rsquo;t use Google but the term is grandfathered in now and is synonymous with searching. So by using simple logic, if I&rsquo;m searching for the fix <em>you probably can too</em>. Take the error message if you have one, plug it into your favourite search engine such as Google, Bing (<em>why, just why</em>) or Brave search (the one I use) and hopefully you come up with a solution.</p>
<h3 id="2-sometimes-i-just-restart-machines-and-they-work">2. Sometimes I just restart machines and they work</h3>
<p>You would be amazed at how often a reboot fixes the problem. Actually, a shutdown, give it 30 seconds and then start that bad boy up. You will be off to the races in no time. Why does this work and why should you do this first before bothering someone for help? Well, it&rsquo;s kinda the same as sleeping. When we sleep all sorts of things downregulate and other things get cleared out. A computer is <strong>much the same</strong>. Resources like RAM get completely wiped clean, and the system gets a <em>fresh start</em>.</p>
<h3 id="3-i-use-ai-to-solve-basically-everything">3. I use AI to solve basically everything</h3>
<p>This is really the endgame when it comes to getting shit done. Number 1 above was the gold standard but now <strong>AI holds that mantle</strong>. It can get me <strong>90% of the way there</strong> in one or two prompts. You have <em>no idea</em> how much IT teams rely on it to sort issues.</p>
<h3 id="4-we-are-mortals-like-you-not-it-gods">4. We are mortals like you, not IT Gods</h3>
<p>When it comes to IT we can come across as being all-knowing beings that can solve IT problems like Gods. What if I told you that your <em>very new problem</em> is something I&rsquo;ve seen <strong>20+ times</strong>. All I am is a <em>pattern recogniser</em>. I&rsquo;ve seen your problem enough times that it&rsquo;s ingrained into my <strong>muscle memory</strong>. We are pattern recognisers.</p>
<h3 id="5-your-urgent-is-not-our-urgent">5. Your &ldquo;Urgent&rdquo; is not our urgent</h3>
<p>You might think your laptop running slow is a code red. Meanwhile, the email server is down and <strong>200 people can&rsquo;t work</strong>. IT triages like an emergency room — we&rsquo;re not ignoring you, you&rsquo;re just in the waiting room with a sore knee while someone else is <em>flatlining</em>.</p>
<h3 id="6-most-it-policies-exist-because-one-person-ruined-it-for-everyone">6. Most IT policies exist because one person ruined it for everyone</h3>
<p>Ever wonder why you can&rsquo;t install apps or plug in a USB stick? That&rsquo;s because <em>Dave from accounting</em> installed a dodgy toolbar in 2019 and took down half the network. <strong>Every annoying policy has an origin story</strong>, and it&rsquo;s always <em>one person</em>.</p>
<hr>
<h3 id="side-quest-rant">Side Quest (Rant)</h3>
<p>You can skip this part entirely but as I was writing that last one it sent me off on a tangent. The whole reason we can&rsquo;t have nice things is because <strong>some bastard ruined it for everyone else</strong>. We have speed bumps on the road because some knob was speeding and nearly took someone out. Now we <em>all</em> have to ruin our suspension. We have speed limits on roads because other people crash and aren&rsquo;t paying attention. We have all sorts of suppression on various things in our lives because <em>someone</em> ruined it for everyone else.</p>
<p>Everyone should have a blog if for nothing else but to <strong>let go of some mental load</strong> haha.</p>
<hr>
<h3 id="7-we-break-stuff-too">7. We break stuff too</h3>
<p>We have caused more outages than we&rsquo;ll <em>ever</em> admit. That &ldquo;scheduled maintenance&rdquo; at 2am? Sometimes that&rsquo;s us quietly fixing something <strong>we broke at 5pm</strong>. The difference between us and you is we know how to undo it (<em>most of the time</em>).</p>
<hr>
<h3 id="another-side-quest">Another Side Quest</h3>
<p>The <em>we break things</em> is too real. In my early days (my 1st full year as a sys admin) I may have accidentally <strong>deleted an entire database</strong> for a quarter of our users. That quarter could no longer receive any email nor send. It was a very real reminder of how easy it is to get distracted and ruin a lot of peoples day (<em>none more so than myself</em>). All was not lost though, I quickly realised and kicked into gear. Had the database back and running in <strong>just over an hour</strong>. I learned the importance of <em>taking things slow</em> and if you screw up royally, how to hustle to save face. <strong>Biggest learnings</strong>.</p>
<hr>
<h3 id="8-we-can-see-way-more-than-you-think">8. We can see way more than you think</h3>
<p>Your browsing history, what&rsquo;s installed on your machine, how long it&rsquo;s been since you restarted — <strong>we can see all of it</strong>. So when you say <em>&ldquo;I haven&rsquo;t done anything different&rdquo;</em>&hellip; <em>we know</em>.</p>
<h3 id="9-we-have-favourite-users-and-you-know-who-you-arent">9. We have favourite users (and you know who you aren&rsquo;t)</h3>
<p>The person who gives clear details, tries a restart first, and says thanks? Their ticket goes to <strong>the top</strong>. The person who sends &ldquo;IT&rsquo;S BROKEN&rdquo; with no context for the fifth time this week? <em>Back of the queue, mate</em>.</p>
<h3 id="10-we-youtube-and-read-documentation-just-like-you-could">10. We YouTube and read documentation just like you could</h3>
<p>There&rsquo;s no secret IT knowledge vault. Half the time we&rsquo;re reading the <strong>same vendor documentation</strong> or watching the <strong>same YouTube tutorial</strong> you could find yourself. We&rsquo;re just better at knowing <em>what</em> to search for and <em>which</em> answer to trust.</p>
]]></content:encoded></item><item><title>What Backup Actually Means</title><link>https://itmadesimple.co.nz/posts/what-backup-actually-means/</link><pubDate>Wed, 06 May 2026 08:12:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/what-backup-actually-means/</guid><description>My take on backups and where businesses get it wrong</description><content:encoded><![CDATA[<p>When I think of a small business I think of a husband wife combo. A plumber or builder where the partner assists with accounts, maybe an apprentice or 2. Not exactly a big business and as such, probably not a lot of funds to spend on IT support if anything at all. My own parents ran their own floor sanding business for many years and profit margins are tight but luckily for them, I was the IT support.</p>
<p>With my small business scope in mind, I do worry that there are solid battlers out there, earning an honest dollar with little to no budget or time to spend on adequate backup solutions. I assume they&rsquo;re running some sort of system like OneDrive, Google Drive or Dropbox thinking they&rsquo;re backed up to the cloud, job done right? Nah, that&rsquo;s a sync, not a backup.</p>
<p>That may sound elitist, but this is a critical distinction. It&rsquo;s the difference between recovering from an IT disaster or losing everything. Let&rsquo;s crack on to understand the difference and clear it up.</p>
<h3 id="what-people-think-backup-means">What People <em>Think</em> Backup Means</h3>
<p>A backup should never be treated as chore. I think some SMB&rsquo;s (small medium business) treat backups as a task that once done is completed. Data copied to an external hard drive, maybe some files saved in cloud storage. Tick!</p>
<p>Little care of thought is given to something that, <strong>in my humble opinion</strong>, is one of the most important things a business can do. In my day to day job, albeit a big multi country company, there is always someone (practically weekly) that asks if I can restore a file/folder because they accidentally overwrote/deleted it.</p>
<hr>
<h3 id="side-quest-rant">Side Quest (Rant)</h3>
<p>I&rsquo;m going to take a quick detour here for a rant. Feel free to skip this part but I think I need to dump this so I stay sane.</p>
<p>It really grinds my gears that people are so flippant with their corporate data. &ldquo;Oh can you restore x, I accidentally deleted it&rdquo;. What would happen if we didn&rsquo;t have that backed up? Would you be more careful?</p>
<p>I grew up in the 80&rsquo;s and 90&rsquo;s where we had trampolines with exposed springs and no safety nets. You&rsquo;d do a flip or some munter mate would double bounce you. You would often land, legs between the springs, grazes etc&hellip; if you were lucky. Sometimes you would bounce straight off altogether. This taught you to be careful unlike the children today that grow up with zipped up nets stopping them from learning a valuable life lesson.</p>
<p>Anyway the tramp rant is how I see people today. They are so used to having the net (backups) that they are reckless with their files. The assumption is that I can restore it for them. News flash, depending on budget, some things may not be backed up. Take some ownership and be careful with your files!</p>
<p>Anyway, enough of this rant even though it has been quite cathartic</p>
<hr>
<h3 id="what-people-think-backup-means---continued">What People <em>Think</em> Backup Means - Continued</h3>
<p>What most people think is a backup is actually just <strong>file syncing</strong> — OneDrive, Google Drive, Dropbox. These tools are great for day‑to‑day use, but they’re not backup systems. That’s not what they were designed for.</p>
<p>Here’s why that matters: if you, your partner, or any staff you may have accidentally delete files or folders, that deletion is synced everywhere. If <a href="https://en.wikipedia.org/wiki/Ransomware">ransomware</a> encrypts your files, the encrypted versions are replicated across all devices as well.</p>
<p>Most of these platforms do offer some mitigation by keeping a limited number of file versions that you can roll back to. But if you’re not regularly accessing all of those files and folders, there’s a real risk you won’t notice a problem until it’s too late.</p>
<p>Syncing keeps your files <em>available</em>. Backup keeps your files <em>recoverable</em>. Those are two very different jobs.</p>
<p>And files and folders aren’t the only things that need backing up. Locally installed software that’s critical to the business also needs to be considered. Is this software essential to how you operate? Can you recover if your hard drive gives up the ghost? Even if you have a copy, is it as simple as reinstalling and pointing the application back at the data?</p>
<h3 id="so-what-is-a-real-backup">So What <em>Is</em> a Real Backup?</h3>
<p>To me,  a real backup means in the event where you lose a file, delete a folder or you start your computer/laptop up and you have a <a href="https://en.wikipedia.org/wiki/Blue_screen_of_death">blue screen of death</a>, you know you are able to recover and get back up and running.</p>
<p>A real backup is a <strong>separate, independent copy</strong> of your data that can be restored to a specific point in time. The copy doesn&rsquo;t change when your live data changes. No syncs, it&rsquo;s just a break glass in case of emergency copy of your data for when you need it.</p>
<p>At a minimum following a <a href="https://en.wikipedia.org/wiki/Backup#:~:text=relational%20database.-,3%2D2%2D1%20Backup%20Rule,-%5Bedit%5D"><strong>3-2-1 rule</strong></a> is a good starting point. This is a baseline to start with and you can build on it from there depending on how often your files are changing and how much work you want to make for yourself:</p>
<ul>
<li><strong>3</strong> copies of your data (the original plus two backups)</li>
<li><strong>2</strong> different types of storage (say, a local device and the cloud)</li>
<li><strong>1</strong> copy stored offsite (physically separate from your office)</li>
</ul>
<p>Remember, this isn&rsquo;t overkill. It&rsquo;s the minimum standard that actually protects you when things go sideways — whether that&rsquo;s a hardware failure, a cyberattack, a fire, or plain old human error.</p>
<h3 id="where-smbs-commonly-get-it-wrong">Where SMBs Commonly Get It Wrong</h3>
<p>Blind trust, assumptions and wilful thinking is where most issues arise.</p>
<p>If you are lucky enough to have some IT guru that takes backups for you have you verified them? Do you know how often or what is being backed up? There is a common saying in Crypto Currency circles, &ldquo;<em>don&rsquo;t trust, verify</em>&rdquo; which basically means don&rsquo;t trust a &ldquo;<em>trust me bro</em>&rdquo; person, make sure it is what they say it is.</p>
<p>Some think they are small fish, too small to be a ransomware target. Well, given the current landscape with AI and script kiddies online. It&rsquo;s not a case of if you will be targeted but a case of when. We are all busy and prone to mistakes especially when you&rsquo;re grinding hard to make a buck and you mistake a malicious email for a legit one. Never assume you are too small to be a target. Some people just dangle a hook out there with malicious stuff for shits and giggles and you happen to be the fish that latches on.</p>
<p>Lets say you actually do have backups. Have you tested them? This comes back to the &ldquo;<em>don&rsquo;t trust, verify</em>&rdquo;. A backup isn&rsquo;t a backup until you can verify it will be capable of doing what you need it to do. If you have taken a full backup image of your computer have you restored this in a development location to confirm:</p>
<ol>
<li>You actually know how to restore your computer in a disaster recovery situation</li>
<li>That your backups are actually working
<strong>Verify!!!</strong>.</li>
</ol>
<p><strong>&ldquo;We back up our files, so we&rsquo;re fine.&rdquo;</strong> Files are only part of the picture. What about your email? Your accounting software? What about your passwords that you save to your browser (which you shouldn&rsquo;t but that is another topic later). A proper backup strategy covers your entire business environment, not just the documents folder.</p>
<h3 id="why-this-matters-more-than-you-think">Why This Matters More Than You Think</h3>
<p>Data loss isn&rsquo;t a hypothetical. Hard drives fail. Employees make mistakes. Ransomware is a real and growing threat to every business no matter the size. And when data disappears, the consequences are immediate: operations grind to a halt, invoices can&rsquo;t go out and customer records vanish</p>
<p>The businesses that recover quickly from these events aren&rsquo;t lucky — they&rsquo;re prepared. They have real backups, they test them regularly, and they know exactly what&rsquo;s protected and what isn&rsquo;t.</p>
<h3 id="what-you-should-be-asking">What You Should Be Asking</h3>
<p>You don&rsquo;t need to become a backup expert. But you do need to ask the right questions — of yourself, or of whoever manages your IT:</p>
<ul>
<li>What exactly is being backed up? (Files, emails, databases?)</li>
<li>How often are backups running?</li>
<li>Where are the backups stored? Is there an offsite copy?</li>
<li>When was the last time a backup was actually <em>tested</em> by restoring data from it?</li>
<li>How long would it take to get back up and running after a total loss?</li>
</ul>
<p>If you can&rsquo;t answer these questions — or if the answers make you uncomfortable — that&rsquo;s a sign it&rsquo;s time to take a closer look.</p>
<h3 id="the-bottom-line">The Bottom Line</h3>
<p>&ldquo;Backup&rdquo; isn&rsquo;t a product you buy or a box you tick. It&rsquo;s a strategy. It&rsquo;s knowing that when something goes wrong — and eventually, something will — you can get your business back to where it was, without losing days, weeks, or years of work.</p>
<p>If the only thing standing between your business and total data loss is a OneDrive sync and a prayer, it&rsquo;s time to have a proper conversation about what backup really means.</p>
]]></content:encoded></item><item><title>My First Post</title><link>https://itmadesimple.co.nz/posts/my-first-post/</link><pubDate>Thu, 30 Apr 2026 00:00:00 +0000</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/my-first-post/</guid><description>A quick intro to my blog and what I&amp;#39;ll be writing about.</description><content:encoded><![CDATA[<p>Hello world! This is my first blog post. I&rsquo;m a Systems Administrator
based in New Zealand, and I&rsquo;ll be writing about infrastructure,
automation, and the things I learn on the job. I will probably rant about nonsensical things, go off on side quests and generally be somewhat incoherent from time to time but that is the fun stuff.</p>
<h2 id="what-to-expect">What to expect</h2>
<ul>
<li>Troubleshooting guides</li>
<li>Automation scripts and tips</li>
<li>Infrastructure deep dives</li>
<li>Backups</li>
<li>General IT guidance gold!</li>
</ul>
<p>Stay tuned for more!</p>
]]></content:encoded></item></channel></rss>