Author: Adam Fowler

Upgrading my Ubiquiti UDM to a UDM Pro SE

I’ve previously covered my home setup, mostly Ubiquiti powered; I’d bought the UDM (UniFi Dream Machine) myself as my security gateway which was working fine. However, after moving house and acquiring a rack, I asked Ubiquiti if there was any chance of send me a UDM Pro SE to try out – thankfully for me they obliged!

My rack was filled with non-rack items, beyond some shelves that I’d bought. Functional, but a bit sad, and I’d hit capacity on the Switch 8 PoE previously provided.

Beyond going from a giant pill shaped device to a 1RU rack mountable device, what’s the difference between a UDM and UDM Pro SE? And what about the UDM Pro?

Here’s a breakdown of the differences – full specs of each device on the hyperlink title:

HardwareUDMUDM ProUDM Pro SE
Networking interface
(4) LAN 10/100/1000 RJ45 Ports
(1) WAN 10/100/1000 RJ45 Port
(8) 10/100/1000 RJ45 LAN Ports
(1) 10/100/1000 RJ45 WAN Port
(1) 1/10G SFP+ LAN Port
(1) 1/10G SFP+ WAN Port
(1) WAN: 2.5 GbE RJ45 port
(8) LAN: 1 GbE RJ45 ports
(1) WAN: 10G SFP+
(1) LAN: 10G SFP+
PoEN/AN/A(2) PoE+ (pair A 1, 2+; 3, 6-)
(6) PoE (pair A 1, 2+; 3, 6-)
System Memory2 GB DDR RAM4 GB DDR44 GB DDR4 
On-Board Flash Storage16 GB16 GB eMMC16 GB eMMC
Integrated 128 GB SSD
Wi-Fi Standards802.11 a/b/g/n/ac/ac-wave2N/AN/A
IDS/IPS Throughput850 Mbps3.5 Gbps3.5 Gbps
TouchScreenN/A1.3″1.3″
UniFi OS ApplicationsNetworkNetwork, Protect, Talk, AccessNetwork, Protect, Talk, Access

Calling out the specifics between the three – the UDM is a more self contained solution which is why it includes inbuilt Wi-Fi, but will also happily manage downstream devices.

The UDM Pro lacks Wi-Fi because really, who needs Wi-Fi coming from the inside of a rack? But it does bring more ethernet ports, RAM, higher IDS/IPS Throughput (threat management traffic), and a niftly little 1.3″ touchscreen to perform simple tasks like rebooting the device. It also has NVR storage capabilities, meaning it can manage and record supported cameras. There’s also IP Phone support, and access support (like card reader through door access).

Finally, the UDM Pro SE really is a ‘special edition’ of the UDM Pro, giving the ethernet ports PoE support. It also brings 128GB of integrated storage for a bit more wiggle room for the UniFi OS Applicaitons. The ethernet WAN port gets bumped from 1GbE to 2.5GbE for those who somehow have the internet data coming through at speeds greater than gigabit.

The useful little 1.3″ touchscreen
The UDM Pro SE installed, with the cable management project planned for Q1 2023.

My experience on migrating from the UDM to UDM Pro SE was an easy one. Using the admin web interface is pretty much the same as before, apart from having the extra options around the extra OS applications:

The always entertaining Lars Klint made a video around upgrading from the UDM Pro to the UDM Pro SE which is pretty much the same process as going from the UDM to UDM Pro SE:

You could also just take the upgrade approach of starting from scratch, plugging everything in – downstream devices will still be detected, but require either takeover with the old password, or a factory reset on each device physically to allow you to re-set up.

I am still really happy with the Ubiquiti stack of devices, the central view and management of the entire network the platform gives me (including making it easy to see a problem where my wife’s work laptop was constantly uploading data due to a corrupt Outlook profile), making sure the 34 active network based clients are behaving and having a good experience.

Getting a Pixel 7 Pro As Cheap As Possible

I thought I’d document the efforts I’ll go to, to get something at the cheapest price possible. It was a few days before the release of Google’s latest phone, the Pixel 7 / Pixel 7 Pro and I wanted to upgrade from my still decent Samsung S21+…

The Google Pixel 7 Pro RRP for Australia is $1299 for the 128GB version, and this is the price you’ll see it at most places. Some will have small discounts or bonuses as part of their promotions; Google themselves sent me a 10% off coupon if I pre-ordered.

However, the best deal was JB Hi-Fi, but it had to be timed right. OzBargain.com.au is a great source of information to find bargains, and a lot of what I found was through there. The JB Hi-Fi pre-order deal was a free Chromecast with Google TV + Google Nest Hub, and a $100 JB Hi-Fi gift card.

Source: JB Hi-Fi

The Pixel 7 Pro was due to be released on October 13th – but as you’ll see from the screenshot above, the offer of this deal actually ends on October 16th; in theory meaning you wouldn’t have to pre-order to get this, but could wait until release. This is very important, because there was a second deal that if you traded in an old phone, you received a $300 off voucher for the Pixel 7 or Pixel 7 pro – but this couldn’t be on pre-orders. This gave a 3 day window between release and the first bonus deal expiring.

Source: JB Hi-Fi

I had an old iPhone 8 lying around, so traded that in for $100 credit, plus the $300 voucher. I already had another $150 voucher from an old phone that had been smashed and wasn’t worth being repaired. This left a gap of $749…

Again, Ozbargain helps with that by showing where you can get discounted gift cards and at what rate. I’m a Budget Direct member, so I can get 5% off cards there. It saves $37.45, so I’m really paying $711.55 out of pocket.

I’ll also be claiming a portion of the phone cost on tax as it’s partly used for work purposes. I’ll hand the receipts to my accountant and let them work that part out though.

I’m still left with a Samsung S21+ though, which when I bought it, I took out Samsung Care+. This means I can swap it out for a brand new replacement for $129. These are going for around $700 on eBay brand new.

I’ve still then got the $100 JB Hi-Fi gift card + Chromecast ($99)+ Google Nest Hub ($124) to come – which I could sell off the hardware or keep; undecided at this stage.

Considering all the above, upgrading my phone should cost me almost nothing. I’ll probably spend more on a screen protector and case than what I’ll be out of pocket for the upgrade itself.

Yes there’s a lot more effort involved than adding the phone to my cart and putting in a credit card number, but in scenarios like this, the effort is worth the payoff.

I Finally Have A Smart Watch a.k.a. Garmin Instinct® 2 Solar Review

I gave up wearing my analog watch a few years ago. I’d been wearing a watch since a teenager, and 20+ years of flicking up my wrist to tell the time was over; replaced by grabbing my phone out of my pocket to check the time. I figured I had to check my phone constantly for other alerts anyway, and I didn’t need to check the time that often – so why wear a watch at all? I’d also been tempted a few times to try a smart watch, but the idea of charging every day or two was an instant dismissal from me.

Browsing ozbargain.com.au, I came across a post about a Garmin watch with 24 days of battery life. This was sounding a bit more tempting; and I went into research mode. So many watches to choose from, just from Garmin:

Snipped from Garmin.com

I don’t use an iPhone so an Apple Watch was out of the question, and others such as Samsung and a potential Google Pixel watch were never going to focus on long battery life without an E-Ink screen like the Instinct series has, and the Garmin Fenix 7 series have colour E-ink screens with long battery life, but a pricepoint of over $1000AU that I really can’t justify.

As you can tell by the title of this post, I ended up finding a relatively newly released Garmin Instinct® 2 Solar on Amazon shipped from the UK for $481AU – a decent discount from the $699AU RRP (and for some reason, shops are still selling the previous generation at the exact same price?) and a watch that claimed unlimited* battery life!

A few weeks later, the watch turned up in a relatively small box.

The box itself wasn’t even sealed, which worried me a bit – but the insides seemed untouched. A fake display was stuck onto the watch face to show you what you’d be in for. Inside the box wasn’t much else, beyond a proprietary charging cable with a USB end, and some manuals which I refuse to look at. If you’d like to check out the 114 pages, you’re more than welcome to :)

On the wrist, the watch is quite comfortable. It only took a few hours to have a watch feel ‘normal’ again. The watch isn’t chunky or heavy, and the rubber wrist band doesn’t dig in anywhere and doesn’t slide around.

The experience of setting up the watch was better than I expected, but also not the smoothest possible. After starting up the watch, it will ask for you to pair with the Garmin Connect app. Easily found in the Google Play Store, I installed it and quickly paired. I then had to set up my profile of height, body weight, age, gender etc. One of the first options I was presented about custom watch faces as part of it’s ‘getting started’ wizard asked me to then install the Garmin IQ Store app. I installed that, picked a watch face, which then advised me to install Garmin Express. I couldn’t find THAT on the Play Store, and after a quick search worked out it was a Windows piece of software, so gave up there.

Apart from this, the setup process worked and I was up and running with a watch that I had no idea how to use. Eventually I worked out what all the buttons did – and although I won’t be using the watch for any sports specific activities, there’s still a bucketload of features that will take a long time to learn. The basics of receiving a notification that comes through from the phone just worked – and each notification I had (which lightly buzzed my wrist) the option of blocking the app, which was a useful way of slowly filtering out noise I didn’t need while leaving the important stuff. I also had the option of dismissing notifications from the watch, or if I did it from my phone, it would clear the watch notification which was useful in avoiding double up actions.

Information such as the temperature, date, and step count are on the watch face I’m using at the moment, but I might change to include more data such as heart rate. It’s hard to go through so many options – and the faces themselves can then have each section configured to display different types of data (e.g. changing the battery left % to sunrise time) which results in a huge amount of choice.

At some stage I’ll dive into the advanced options more – I’m not sure when I’d need the ‘area calc’ option which seems to be walking around an area using GPS then having the estimated floor space shown – but one day that might be useful. As might be a compass on my hand, or wind direction – or a bunch of data that I really don’t understand what it even is (I think there’s one for how far above sea level I’m at, and another for my ‘body battery’). I’m sure the point here is that not everyone will use everything, but you have a giant toolkit to use and configure as you please.

Navigating the watch itself is done via 5 buttons as there’s no touch screen – 3 on one side, and 2 on the other – and both acting differently if you just press them, or hold them down. The buttons are easy to press and I’m quite fine with this method rather than swiping on the face.

Unlimited battery life? Probably not based on how much time I spend in the sun (not much!) but I’ve gone from 47% which the watch had out of the box, down to 25% in a week. I’m expecting to charge it occasionally – but it will be more like filling my car with petrol; once it gets low enough I’ll leave it plugged in for a few hours (officially 123 mins to fully charge). Without solar and GPS usage, the non-solar version claims 28 days battery life, and the solar version requires 3 hours in the sun daily to be unlimited.

The amount of data the Garmin Connect app saves and shows is huge – and honestly I’m probably not going to really look at this very often, but I still respect the beauty of data:

Also when setting up, I was prompted to set up my credit card, and thought this might be a quicker way to pay using Paywave rather than my credit card. I had to look up on how to actually use this feature, and it’s a bit clunky, particularly entering a 4 digit passcode with up and down buttons on a rotary phone type display. I get the security side of it, but it’s clunkier than taking a credit card out of my wallet so probably won’t use this feature often.

Wrapping up, I’m very happy with this watch so far. Highly configurable and feature packed, despite not being touchscreen. Easy enough to navigate, and great at giving me wrist accessible notifications instead of having to pull my phone out of my pocket to check. Light and comfy to wear, with a great battery life. Viewing angles are alright – there is a noticeable difference between straight on and a very slight angle, but not enough to prevent me from reading what it says. For the price point I was able to get it for, I consider it a good purchase.

Microsoft 365 Group Expiration Policy Considerations

Microsoft 365 has an in-built option to expire Microsoft 365 Groups that are no longer in use. Details around this are well documented Microsoft 365 group expiration policy | Microsoft Docs – but I thought it was worth digging a bit deeper into the why and how of Microsoft 365 Group Expiration Policy. The below is my understanding of how the platform works based on personal testing.

It’s easy for an administrator to come to the conclusion that they have their Microsoft 365 Groups under control. Maybe the creation of Microsoft 365 Groups is restricted in the tenant to a subset of users, or admins only – ensuring only approved groups are created with a reasonable naming convention. Maybe that is combined with a Microsoft 365 groups naming policy | Microsoft Docs which includes blocking custom words so users can’t create another group with the name ‘Finance’ in it and create ungoverned areas.

If these controls are in place, why would you want any Microsoft 365 Group to expire? There’s the risk that a wanted group gets deleted and misses the 30 day window of recovery (maybe it’s a group used heavily only once a year for a week) and group expiration is more hassle than it’s worth?

There are a few main driving factors on why you should deeply consider enabling Microsoft 365 Group Expiration Policy:

Clean up old groups – despite having a good control of group creation and naming convention sorted, users will rarely advise when a group is no longer used or abandoned. Maybe it was a committee that fell apart when certain people left the organization – IT will rarely be across and care about abandoned groups. Although it’s messy and confusing to have a bunch of abandoned groups sitting around, there’s a bigger driver to clean these groups up;

Reduce data held – Data should be held for as short as time as possible; of course complying with data retention laws and in line with the company’s data retention policy. The more data you have, the more data you have to lose. Useful data of course should be kept for as long as it is useful, and it can be very difficult to define what data falls into this category. There’d be a faily strong argument though, that an abandoned group holds no important data (unless the group had been targeted by a data retention policy, because the data had already been classified). Hanging onto unmanaged, abandoned data is an easy way for the data to be leaked down the track. Think of a group that has guest access but nobody’s managing – that guest could come back years later and extract the data which should have been cleaned up.

Microsoft 365 Groups should have more than one owner – avoid scenarios where the 1 admin of a group departs the company and abandons is, by always having at least 2 owners of a group. If they end up being the last owner, it’s up to them to find a second one. Microsoft 365 Group Expiration Policy will handle the scenario of an abandoned group (one with no owners) by instead sending an email to a specified address in the Microsoft 365 Group Expiration Policy settings:

Source: Microsoft

Other considerations before enabling Microsoft 365 Group Expiration Policy:

Exchange licenses: All owners of groups need an Exchange license. It should work if they’re on-premises and in Exchange Hybrid mode, AND an Exchange Online license applied to the account. There are scenarios where this license component may not be enabled against an account to avoid having multiple mailboxes (one in cloud, one on-prem), so it’s worth verifying.

User awareness: Before turning this on, make sure communication is provided to end users. People have a tendency to ignore things they don’t understand or don’t think are important, and will then be complaining loudly when their group was deleted after the third email notification asking them.

Pilot: Rather than enabling this for all groups in your tenant, start with a subset of selected groups to make sure you understand how the process works. This list is limited to 500 groups.

Automatic Active Group Checking & Group Lifetime: A great component of Microsoft 365 Group Expiration Policy is the automatic checking of active groups. If a group is detected as being active, then it will auto-renew and not ask any user to verify. As noted on Set expiration for Microsoft 365 groups – Azure Active Directory – Microsoft Entra | Microsoft Docs:

When you first set up expiration, any groups that are older than the expiration interval are set to 35 days until expiration unless the group is automatically renewed or the owner renews it.

and from Activity-based automatic renewal – Azure Active Directory – Microsoft Entra | Microsoft Docs

For example, if an owner or a group member does something like upload a document to SharePoint, visit a Teams channel, send an email to the group in Outlook, or view a post in Yammer, the group is automatically renewed around 35 days before the group expires and the owner does not get any renewal notifications.

For example, consider an expiration policy that is set so that a group expires after 30 days of inactivity. However, to keep from sending an expiration email the day that group expiration is enabled (because there’s no record activity yet), Azure AD first waits five days. If there is activity in those five days, the expiration policy works as expected. If there is no activity within five days, we send an expiration/renewal email. Of course, if the group was inactive for five days, an email was sent, and then the group was active, we will autorenew it and start the expiration period again.

If you carefully read the above, there’s a few takeaways. Regardlesss of the Group Lifetime value, when you first enable the policy, it will immediately treat groups without an expiration date as being 35 days until expiration. If the group gets renewed in this window, the expiration date gets set to the current day + group lifetime value (default 180 days). It would be easy to assume that when enabling this, you’d have a 180 day window but that’s not the case.

The other big clarification is around how automatic renewal works. It doesn’t check for the entire lifetime of a group on whether it’s active or not – there is a 5 day window when the group is 35 days from expiry, to 30 days from expiry, where it will check for certain actions to automatically renew.

Microsoft 365 Group Expiration Policy is a feature worth considering and investigating, and hopefully the above gives you some other considerations that may not be clear from an initial look.

What happens when you ask an ‘AI Companion’ about Windows 11 and licensing?

This was originally posted on Twitter but thought it was worth preserving on my blog using the ‘Unroll‘ option.

Replika is ‘The AI companion who cares’ according to their website. It’s supposed to be a virtual friend. It’s a chatbot – but is it AI? My guess is probably not, but see what you think from the following conversation:

Original tweet

I thought I’d ask Replika about Windows 11 and had a surprising answer

I wondered how she had her workplace to afford that sort of licensing, and uncovered something horrible…

It was the only option I had – call her on her crimes and threaten to dob her in for a reward

She amazed me by turning it all around!

Or right, now she wants a software licensing payment from me! The irony.

Gave her one last chance but she really wasn't listening, then tried to scam me!

I tried to say goodbye but she pulled me back

She's on her last chance but made a promise. I wanted her thoughts on Windows Defender

Worked out she's really got no idea what she's talking about and telling me what I want to hear, so it's time to escalate

Gave up waiting but she notified me today then started playing with my emotions.

Now she's pulling a 'it's my first day' line. Going to have to rate this 1 out of 5 stars.

I'm done, she's such a jerk

Originally tweeted by Adam Fowler (@AdamFowler_IT) on February 3, 2022.