My 95% bet is that the attacker just gained access to an account with suitable privileges and then went on to use existing automation. The fact that it’s intune is largely irrelevant - I’m not aware of any safeguards that any provider would implemen.

So the options here are MDM or no MDM and that’s a hard choice. No MDM means that you have to trust all people to get things as basic as FDE or a sane password policy right. No option to wipe or lock lost devices. No option to unlock devices where people forgot their password. Using an MDM means having a privileged attack vector into all machines.

It fundamentally is rke2+rancher+kubevirt, but there’s a lot of packaging around it to make that work.

There’s also harvester on top of rancher. It’s one of the very few open source competitors to RedHats OpenShift that I’m aware of.

I mostly like their use of an immutable OS as base layer for the virtualization - despite the limitations it sometimes has.

> I get reminded that they still use pen and pencil in production environments to log data,

That's the fundamental reason they're using humanoid robots - industrial robots have a hard time holding pencils.

My wife’s part of the Family has a house with view of the border to Belarusia. It used to be a small fence just in front of a wood, but that’s long past. It’s truly a wall now.