Snow resting on the Oquirrh Mountain Temple this morning, a quiet reminder that even in the coldest seasons, God is still building something holy in us.
EXCERPT
God does not just see who we are. He sees what we can become — and invites us to help Him get there.
INTRO
Most of us want to feel valued, not just noticed, but trusted. We want to know that our lives matter beyond our own circle, that what we do makes a real difference.
One of the quiet truths of the gospel is that God increases our sense of worth by inviting us to participate in His work. He does not simply affirm who we are. He assigns us something meaningful to do.
When the Lord spoke to Moses, He first declared, “Thou art my son.” Then He added an invitation that changed everything: “I have a work for thee.” In that moment, identity became purpose.
The same pattern appears again and again in scripture. Abraham learned that he had been chosen before he was born. Alma taught that many were prepared from the foundation of the world to help others enter God’s rest. These were not random callings. They were expressions of divine confidence.
Not everyone receives a visible role like Moses or Abraham. Most of us are called in quieter ways. Still, the principle is the same. Whether the work feels large or small, every invitation to serve is God saying, I trust you. I need you. You matter in My plan.
NOTES FROM THE SCRIPTURES
Throughout scripture, God affirms worth and then invites action.
Moses learned he was a son of God before being sent to liberate a nation. Abraham learned he was chosen before being entrusted with leadership. Alma taught that many were prepared long before they were ever called.
The pattern is consistent. Calling follows confidence. Service follows identity.
Even Amulek, who described himself as being “called many times,” shows us that repeated, simple invitations can be just as sacred as dramatic ones.
PERSPECTIVE (DIRECT QUOTES)
Scripture
“I have a work for thee, Moses, my son.” Moses 1:6
“Thou wast chosen before thou wast born.” Abraham 3:23
“They were called and prepared from the foundation of the world.” Alma 13:3
President Spencer W. Kimball
God does notice us, and he watches over us. But it is usually through another person that he meets our needs. Therefore, it is vital that we serve each other in the kingdom. … So often, our acts of service consist of simple encouragement or of giving mundane help with mundane tasks, but what glorious consequences can flow from mundane acts and from small but deliberate deeds!
“Small Acts of Service,” Ensign, December 1974
President Thomas S. Monson
I experienced … as I have many times before, a sense of gratitude that my Heavenly Father had answered another person’s prayer through me.
“The Priesthood—a Sacred Gift,” April 2007 General Conference
PRACTICE (TODAY, NOT SOMEDAY)
Today, I will look for the ways God is calling me to serve.
Not only in the obvious moments, but in the quiet ones. In a kind word. In a listening ear. In a simple act that no one else may notice.
I will recognize these invitations for what they truly are. Not interruptions. Not obligations. But expressions of trust.
Each small call is a reminder that God believes in me. That He sees my potential. That He trusts my ability to bless others right now.
FINAL REFLECTION
Some people are asked to lead nations. Others are asked to lift one soul at a time.
Both are sacred.
God’s work does not move forward only through grand moments. It advances through countless quiet acts of faith, done by ordinary people who accept divine invitations.
To be given work in God’s kingdom is not a burden. It is a gift. A sign of confidence from heaven.
POCKET I’M KEEPING
When God gives me something to do, He is not testing me. He is trusting me.
WHAT I HEAR NOW
“I have a work for thee.”
Not just for prophets. Not just for leaders. But for me. Today.
A quiet morning at the Los Angeles Temple, where light meets stillness and reminds me that every day with Jesus Christ is a new beginning.
EXCERPT
A new year does not begin because the calendar changes. It begins because Jesus Christ makes change possible, again and again.
INTRO
January always feels like a threshold, but this year feels different. I am not stepping into 2026 only with goals, but with a deeper awareness of how much I still need the grace of new beginnings.
On a personal level, I began something in late December that has already humbled me. I enrolled in boxing training and quickly learned the truth of a saying I once heard, “Everyone can fight, but not everyone can box.” Since December 23, I have trained six days a week, three hours a day, discovering that boxing is not about force, but fundamentals. Footwork. Head movement. Timing. Discipline. Skills, technique, and speed matter more than power.
Watching the greats only deepened that lesson. Manny Pacquiao, an eight-division world champion, did not become legendary by relying on strength alone, but by mastering movement, adaptability, and relentless discipline. His career is proof that greatness is built on fundamentals refined over time.
The same principle echoes in Bruce Lee’s timeless words, “Be water, my friend.” To be adaptable. Formless. Fluid. To empty the mind and adjust to whatever shape life requires. Water flows around obstacles, yet can also crash through them when needed. That image has stayed with me in training. Every session feels like learning how to move with life rather than against it.
Professionally, 2026 brings its own kind of discipline. Major work lies ahead. Domain transitions. Intune migrations. Expanding responsibilities in Azure that will demand precision, patience, and steady endurance. These are not quick victories. They require humility, adaptability, and the willingness to begin again when plans change.
As I reflected on these personal and professional goals, Elder Patrick Kearon’s message from General Conference settled deeply in my heart. His words felt like the spiritual parallel to everything I was learning in the gym and at work.
“All of us can have a new beginning through, and because of, Jesus Christ. Even you.”
In that moment, I saw the connection clearly. Boxing teaches me to move with discipline. Work teaches me to adapt with patience. But the Savior teaches me something far greater.
No matter how many times I stumble, hesitate, or feel behind, through Jesus Christ I am never out of beginnings. This year is not just about improvement. It is about remembering that in every arena of life, spiritual and temporal, I am allowed to start again.
NOTES FROM ELDER PATRICK KEARON
Elder Kearon reminded us that when Jesus walked among the people, He did more than perform miracles. He restored hope. He reached those society avoided. He touched the diseased and comforted the weary. He taught liberating truth and called sinners to repentance.
To the blind, the lame, the grieving, the ashamed, and the broken in spirit, what the Savior offered was not simply relief from pain. He offered a new beginning.
Not once. Not rarely. But as often as needed.
Elder Kearon taught that baptism is not our only chance to start again. Through weekly sacrament and daily repentance, we are invited into continual renewal. This is not a church of one-time forgiveness. This is the Church of new beginnings.
PERSPECTIVE (DIRECT QUOTES)
“All of us can have a new beginning through, and because of, Jesus Christ. Even you.”
“With baptism by water and the Spirit, we are born again and can walk in newness of life.”
“These new beginnings can happen every day.”
“Jesus gives us as many new beginnings as we need.”
PRACTICE (TODAY, NOT SOMEDAY)
Today’s practice is choosing renewal over regret.
It is stepping into the gym again, even when yesterday felt like failure. It is opening the laptop again, even when yesterday felt overwhelming. It is kneeling in prayer again, even when yesterday felt heavy.
Faith is not demanding perfect conditions. Faith is trusting the Savior who makes imperfect beginnings holy.
Repentance is not fear. It is hope in motion.
FINAL REFLECTION
The Savior never gave up on His mission, even when the cost was suffering beyond measure. He endured so that I would never run out of beginnings.
Not just at baptism. Not just at major turning points. But every ordinary day when I choose to stand up again.
That is what faithful endurance looks like. Not perfection. But persistence with God.
POCKET I’M KEEPING
I do not have to wait for a perfect moment to change. I only need to choose to begin again, today.
WHAT I HEAR NOW
“All of us can have a new beginning through, and because of, Jesus Christ. Even you.”
“This is the Church of new beginnings.”
“Jesus gives us as many new beginnings as we need.”
Cheerful Giver. A quiet reminder that faith is practiced through trust, discipline, and gratitude.
Excerpt
In 2025, the Doctrine and Covenants did more than guide my study. It quietly shaped my choices, my discipline, my priorities, and the way I practiced faith in ordinary life.
Intro
Studying the Doctrine and Covenants this year felt less like following a schedule and more like walking alongside revelation that insisted on application. The lessons were not abstract. They pressed gently but consistently into how I prayed, how I worked, how I cared for my body, how I gave, and how I treated time as something sacred rather than expendable.
This was not a year of dramatic spiritual moments. It was a year of steady alignment.
Notes from the Doctrine and Covenants
Again and again, the Doctrine and Covenants reminded me that God is already offering light, direction, and help. Receiving those gifts requires intention. Revelation is not passive. It is chosen.
Holiness emerged as something practical. Holy places matter, but so do holy habits. Order invites peace. Discipline creates freedom. Obedience is not restriction. It is alignment with divine patterns that actually work.
Joy was reframed. Not as ease, but as purpose. Even in difficulty, joy grows when time is used wisely and life is ordered toward things of eternal value.
Education stood out as a divine expectation. Learning is not optional. God prepares His people by helping them develop intelligence, skill, and faith together.
Family relationships deepened my understanding of eternity. Joy increases as relationships are strengthened on both sides of the veil. Zion is not built alone.
Perspective (Direct Quotes)
Stand ye in holy places, and be not moved.
Be anxiously engaged in a good cause.
Teach ye diligently.
Seek learning, even by study and also by faith.
Where much is given, much is required.
Practice (Today, Not Someday)
Today, I choose to receive light intentionally. Today, I guard time spent in holy places. Today, I live the Word of Wisdom as a daily discipline, not a checklist. Today, I practice the law of tithing with trust rather than fear. Today, I invest in learning, family, and unity.
Holiness is not postponed. It is practiced now.
Final Reflection
The Doctrine and Covenants taught me that obedience is not about perfection. It is about direction. When life is ordered according to divine patterns, strength is renewed, clarity increases, and peace follows.
God does not rush His work. He prepares His people patiently as they choose to act.
Pocket I’m Keeping
Light fills every part of life that is opened to receive it.
What I Hear Now
Be anxiously engaged in a good cause.
Where much is given, much is required.
I am bound when you do what I say.
Every blessing is predicated upon obedience.
Be ye clean that bear the vessels of the Lord.
Let virtue garnish thy thoughts unceasingly.
Stand ye in holy places, and be not moved.
Seek learning, even by study and also by faith.
As health is honored, wisdom and hidden treasures of knowledge are revealed, and strength is renewed to run and not be weary, to walk and not faint.
As trust is practiced through tithing, fear gives way to confidence, and the promise stands that the faithful shall not be burned at His coming.
The same sociality that exists among us here will exist among us there, coupled with eternal glory.
Whatever principles of intelligence we gain in this life will rise with us in the resurrection.
From the Last General Conference Address of President Jeffrey R. Holland, October 2025
After nearly four years since moving to Utah, I returned here for proxy endowment. As I arrived at the temple grounds, news came that Jeffrey R. Holland had passed away. California had endured storms through Christmas Eve, Christmas Day, and the day after. As the rain finally lifted, light broke through lingering clouds, marking a quiet and sacred hour.
MIT8 — “And Now I See”
From President Jeffrey R. Holland, Oct 2025 General Conference
Excerpt
“Whereas I was blind, now I see.” John 9:25
Intro
On December 27, 2025, while I was inside the Los Angeles Temple performing proxy endowment work, President Jeffrey R. Holland passed away.
As I later reflected on his final General Conference message, my thoughts returned not to sentiment, but to scripture — to the blind man healed by the Savior, and to the simple, unmistakable declaration that became the heart of Elder Holland’s witness:
“And now I see.”
Notes from President Jeffrey R. Holland
President Holland anchored his message in John chapter 9, where Jesus and His disciples encounter a man blind from birth. When the disciples asked complicated questions about blame and cause, the Savior answered not with theory, but with action.
He spat on the ground, made clay, anointed the man’s eyes, and sent him to wash in the pool of Siloam. The man obeyed. He returned seeing.
When challenged by those who opposed Jesus, the healed man bore a witness rooted not in argument, but in experience:
“Whether he be a sinner or no, I know not: one thing I know, that, whereas I was blind, now I see.”
President Holland emphasized that evidence matters — lived truth over accusation, obedience over debate.
Perspective (Direct Quotes)
Scripture — John 9:25 “Whereas I was blind, now I see.”
President Jeffrey R. Holland: “So what if the answers to our prayers come in plain or convoluted ways? Are we willing to persevere, to keep trying to live Christ’s gospel no matter how much spit and clay it takes? It may not always be clear to us what is being done or why, and from time to time, we will all feel a little like the senior sister who said, ‘Lord, how about a blessing that isn’t in disguise?’”
President Jeffrey R. Holland: “My first sight-giving, life-giving encounter with real evidence of truth did not come with anointing clay or in the pool of Siloam. No, the instrument of truth that brought my healing from the Lord came as pages in a book, yes, the Book of Mormon: Another Testament of Jesus Christ! The claims about this book have been attacked and dismissed by some unbelievers, the anger often matching the vitriol of those who told the healed man that he could not possibly have experienced what he knew he had experienced.”
Practice (Today, Not Someday)
Today’s practice is obedience without full explanation.
It is accepting that the Savior may heal us through methods that seem plain, uncomfortable, or disguised. It is choosing to wash in the pool when instructed — even when we do not yet understand the why.
Faith is not demanding better ingredients. Faith is trusting the Healer.
Final Reflection
President Holland taught that God’s power is not diminished by simple instruments.
Spit and dirt. Clay and water. A book of scripture.
What matters is not the method, but the obedience — and the courage to testify afterward.
Inside the temple that day, I felt again the quiet power of a witness earned through experience, not argument:
Whereas I was blind, now I see.
Pocket I’m Keeping
“Are we willing to persevere, no matter how much spit and clay it takes?”
What I Hear Now
The Savior does not always heal in ways that impress the crowd. But He always heals in ways that change the soul.
In the world of Infrastructure Engineering, we often say that “Complexity is the enemy of reliability.” Whether we are managing an M365 environment or a distributed network of remote nodes, the goal is always the same: High Availability (HA).
As a Senior Engineer, I view system resilience through three specific forensic lenses. Here is how we ensure “Uptime” when the environment becomes unpredictable.
1. The Heartbeat Protocol: Real-Time Telemetry
In a distributed system, you cannot manage what you cannot see. Implementing a “Heartbeat” or real-time location sharing for remote assets is the difference between proactive recovery and forensic failure analysis.
A consistent heartbeat ensures that the central controller knows exactly where the data (or the asset) is at all times. If a node goes silent—especially during a critical window like a 3:00 AM deployment—the system shouldn’t have to wait for a user to report a “down” status; the heartbeat failure should trigger the “Rescue Protocol” automatically.
2. Edge Hardening: Preparing for Environmental Extremes
We often focus on the software, but the physical “Base Layer” is where many systems fail. In engineering, we call this Environmental Hardening. Just as we provide thermal protection for outdoor hardware to prevent “cold-start” failures, we must ensure our digital assets have the proper “insulation.” In an enterprise context, this means:
Redundant Power: Ensuring “thermodynamic” stability for remote nodes.
Physical Security: Using high-fidelity interfaces to maintain signal integrity in noisy environments.
3. Resource Pooling: Eliminating Single Points of Failure
The most resilient systems utilize Resource Pooling. By creating a “Joint Account” of resources (storage, compute, or capital), we ensure that the system has immediate access to what it needs, even if one “administrator” is offline.
Moving from a single-owner architecture to a shared-resource model reduces latency and ensures that the mission (the application) continues to run without interruption. It is the ultimate safeguard against the “Government Thieves” of data—bottlenecks and probate-like locks.
Forensic Conclusion: True engineering isn’t about building a system that never fails; it’s about building a system that is sensible enough to recover when it does. As the late Bruce Lee said, “The stiffest tree is most easily cracked, while the bamboo or willow survives by bending with the wind.”
Layton Temple beneath the final supermoon of 2025 — a quiet witness that light continues to rise, even after long nights.
Excerpt
“Don’t give up, boy. Don’t you quit. You keep walking. You keep trying. There is help and happiness ahead. Trust God and believe in good things to come.”
Intro
For the last four days, I have listened repeatedly to Elder Jeffrey R. Holland’s talk An High Priest of Good Things to Come. On December 4, 2025, standing at the Layton Temple beneath the final supermoon of the year, those words settled deeply into my heart.
This was not a message of quick relief or easy answers. It was a message spoken to the weary, the long-suffering, and those who keep walking even when the road feels endless.
Notes from Elder Jeffrey R. Holland
Elder Holland shared a tender, personal account from his life — a moment when he imagined speaking to his younger self during a season of discouragement and uncertainty.
Rather than rewriting the past, he offered reassurance. Not denial of hardship, but perspective gained through time, faith, and endurance.
His message was simple and powerful: God was already at work. Help was already coming. And quitting was never the answer.
Perspective (Direct Quotes)
“In that imaginary instant, I couldn’t help calling out to him: ‘Don’t give up, boy. Don’t you quit. You keep walking. You keep trying.’”
“There is help and happiness ahead — a lot of it — 30 years of it now, and still counting.”
“You keep your chin up. It will be all right in the end.”
“Trust God and believe in good things to come.”
Practice (Today, Not Someday)
Today, the practice is not dramatic change. It is refusal to quit.
It is continuing to walk when answers are delayed. It is continuing to believe when outcomes are unseen. It is choosing faith not because the road is easy, but because God is faithful.
Today, I keep walking.
Final Reflection
Under the rising supermoon at the Layton Temple, I felt something quiet but firm: reassurance does not erase trials, but it strengthens the traveler.
God does not rush us through our struggles. He walks with us through them.
Pocket I’m Keeping
“Don’t give up. Don’t quit. Keep walking. Trust God. Good things are coming.”
Oquirrh Mountain Temple glowing at dusk, December 13, 2025 — a quiet reminder that holiness is preserved by preparation.
Excerpt
“The other card which I have is what we call a temple recommend. It represents a credit card with the Lord, making available to me many of His greatest gifts. The bank card is concerned with things of the world, the recommend with things of God.”
Intro
December 13, 2025. 6:00 PM. Proxy Endowment at the Oquirrh Mountain Temple.
As the sky deepened into winter color and the temple stood illuminated against the dusk, I carried more than a recommend in my pocket. I carried a reminder. President Gordon B. Hinckley’s words returned clearly and quietly, teaching not just what a temple recommend is, but what it represents. Not a formality. Not a routine. A sacred trust.
Notes from President Gordon B. Hinckley
President Hinckley offered a simple but unforgettable comparison.
He held up two cards.
One was a bank credit card. Useful. Valuable. Governed by contracts and conditions. Issued temporarily. Revocable if misused. Owned ultimately by the bank.
The other was a temple recommend.
A different kind of credit entirely. A credit card with the Lord.
Unlike financial credit, eligibility for a temple recommend is not based on wealth, status, or means. It is based on consistent personal behavior, moral worthiness, and the goodness of one’s life. It is concerned not with money, but with eternity.
He reminded us that a recommend is not permanent. It must be renewed. Worthiness must be maintained. And sometimes, he cautioned, we rush people to the temple before they are truly prepared.
So sacred was this matter in earlier times that Presidents of the Church personally signed every recommend themselves.
Perspective (Direct Quotes)
“I hold before you two credit cards. Most of you are familiar with cards such as these.”
“The other card which I have is what we call a temple recommend. It represents a credit card with the Lord, making available to me many of His greatest gifts.”
“Eligibility for a temple recommend is not based on financial worth. That has nothing whatever to do with it. It is based on consistent personal behavior, on the goodness of one’s life.”
“The temple recommend which you carry, if honestly obtained, is certification of your moral worthiness.”
“What a unique and remarkable thing is a temple recommend. It is only a piece of paper with a name and signatures, but in reality it is a certificate that says the bearer is honest, true, chaste, benevolent, virtuous.”
“It makes one eligible for an exclusive and remarkable privilege—the privilege of entering that House which says on its wall, ‘Holiness to the Lord—the House of the Lord.’”
“Live worthy to serve in that house. Keep it holy.”
Practice (Today, Not Someday)
Today I ask myself:
Am I treating my temple recommend as a privilege or as a routine?
Am I living in a way that quietly honors what it certifies?
Worthiness is not proven at the interview table alone. It is practiced daily in private choices, honest dealings, clean thoughts, and deliberate restraint. Today, not later. Now, not eventually.
Final Reflection
Standing before the Oquirrh Mountain Temple, I was reminded that holiness is not accidental. It is cultivated. A recommend is renewed on paper every two years, but it is renewed in the soul every single day.
The Lord does not rush holiness. He invites preparation.
Pocket I’m Keeping
“Entering the temple is a privilege to be earned and not a right that automatically goes with Church membership.”
System Monitoring Made Simple for IT Admins & Security Pros
Sysmon (System Monitor) is part of Microsoft’s Sysinternals Suite, and it gives you deep visibility into process creation, network connections, file changes, and system activity. For threat detection, forensics, and baselining, Sysmon is one of the most powerful free tools you can deploy.
In this guide, I’ll walk through the step-by-step process of installing Sysmon cleanly on a Windows 11 machine, loading a hardened configuration, enabling the event log, and validating that everything is working.
This is the exact method I used on my laptop — clean, repeatable, and production-ready.
1. Prerequisites
Before you start:
Log in as a user with Local Administrator rights.
Open PowerShell as Administrator.
You’ll be using a mixture of PowerShell commands and Event Viewer, so make sure you have admin elevation.
2. Download Sysinternals Suite
Microsoft distributes Sysmon inside the Sysinternals Suite ZIP.
Download Sysinternals Suite from Microsoft’s official site.
Right-click Sysmon → Operational → Add to Favorites.
9. Updating the Sysmon Config Later
If you want to modify or replace the config:
cd C:\Sysinternals
.\Sysmon64.exe -c C:\Scripts\Sysmon\sysmonconfig.xml
You should see:
Configuration updated.
No reinstall required.
10. Uninstall Sysmon (if needed)
cd C:\Sysinternals
.\Sysmon64.exe -u force
This removes:
Sysmon64 service
SysmonDrv driver
Registry entries
Event manifest
Conclusion
Once installed, Sysmon becomes a powerful source of system telemetry for:
Threat hunting
Malware investigation
Lateral movement detection
Process monitoring
Incident response
Forensic analysis
With a hardened config, Sysmon gives deep visibility with minimal overhead — making it an essential component of any Windows security stack.
If you’re deploying Sysmon across multiple endpoints (like we do at work), you can automate it using Intune, GPO, or a custom PowerShell deployment package.
A fiery sky closing the day, almost as if heaven was offering its own hymn. The temple stood steady, unchanged, reminding me to praise Him not only in blessings received, but in blessings still forming.
Excerpt
A Thanksgiving weekend temple visit, four evening photos, quiet worship, and a lesson about gratitude that opened my heart in a new way.
Intro
Last night at the Syracuse Utah Temple, I watched the sky turn from warm sunset to cold moonrise. Christmas lights glowed on the temple grounds, and a waxing gibbous moon appeared just as I finished my proxy endowment session. It reminded me of something simple but powerful: joy is meant to be expressed. And worship, especially through music, is one of the clearest ways to do it.
Notes from Elder Cook and Elder Soares
Giving voice to our joy is just as important as seeking comfort in sorrow. Elder Quentin L Cook taught that lives full of praise, music, and thanksgiving are uniquely blessed. Moroni described worship this way: Preaching, exhorting, prayer, supplication, and singing — all led by the Spirit. Elder Ulisses Soares reminded us to tune our hearts to the Lord through sincere singing of sacred hymns. Singing is the one form of worship where the entire congregation participates. It is unity in real time.
Perspective
Last night I thought about the way music lifts the soul. A hymn is not just melody. It is prayer with a pulse. When we sing, we do not stand alone. Heaven joins us. I felt that inside the endowment room and again as I took photos outside: worship is not something we check off. It is something we become.
Practice (today, not someday)
Today I will worship with music. I will lift my voice, even quietly, in hymn-singing. I will let the words settle into my mind and soften my heart. I will give thanks in song, not just in thought.
Final Reflection
Tonight a single scripture opened in a new way for me: D&C 59:21. The Lord did not say to thank Him for all things. He said to acknowledge His hand “in” all things.
There is a difference. For is gratitude for what God has already done. In is gratitude for what God is about to do.
“For” looks back. “In” looks forward. For celebrates what arrived. In trusts what is still forming.
Being thankful for blessings is remembering. Being thankful in blessings is faith — the kind that walks forward without seeing the whole path. Last night I learned that gratitude is not only a reaction to the past. It is trust in the present. It is the courage to say, even before the blessing is visible, I know God is working in this.
Pocket I’m Keeping
Gratitude is not only looking back at what God has done. It is looking forward with faith at what He is shaping next.
What I Hear Now (direct quotes)
Moroni 6:6 Their meetings were conducted after the manner of the workings of the Spirit. Elder Cook Lives full of praise, music, and thanksgiving are uniquely blessed. Elder Soares Tune your heart to the Lord through sincere singing.
Whether it’s PowerShell, VMware, or supporting the team, I give my best because people depend on what happens behind this screen.
Introduction
Email is still the heart of business communication, and it’s also the easiest door for attackers to exploit. This is my real-world approach to securing Exchange Online: how I protect messages, enforce policies, retain critical data, and keep unwanted activity out of the environment. These are the tools I use every day — quiet, behind-the-scenes work that keeps an entire organization safe.
Messaging Policies and Mail Protection
What
Mail flow rules control how messages enter, exit, and move inside the company. They prevent risky behavior, secure sensitive data, and keep communication structured.
Why
Without strict policies, users can accidentally leak information, forward confidential data, or bypass compliance rules.
How
Mail Flow Rules I Maintain
• Prevent auto-forwarding outside the company • Block forwarding to personal Gmail/Yahoo • Restrict sensitive keywords (finance, HR, payroll) • Add disclaimers for external recipients • Enforce rules for shared mailboxes
This is my Exchange Online security toolkit — the messaging controls, retention systems, compliance protections, and routing safeguards I use every day. These tools protect users, leadership, legal teams, and the entire organization from silent risks that hide inside email traffic.
Real security isn’t loud. It’s consistent, careful, and invisible — until the moment it saves the business.
One of my favorite seasons of my life. Serving the city, keeping critical systems alive, and learning the foundations that shaped who I am as an engineer today. Every console screen taught me something new and every problem strengthened my desire to help others through technology.
My Essential IT Troubleshooting Guide
In every company I have worked for, the tools that saved the day were not fancy dashboards but simple commands and fundamentals I could trust. This is my personal troubleshooting arsenal, written so even a non technical reader can follow the logic behind what I do.
Each section answers three things • What it is • Why it matters • How I use it in real life
Name Resolution Basics
A record
What • A record is a phone book entry that says “this name belongs to this IP address.”
Why • Users remember names better than numbers. If the A record is wrong or missing, they land in the wrong place or nowhere.
How I use it • When a site is not loading, I ping the name and check if the IP address matches what we expect. • If it does not, I fix the A record in DNS and wait for it to replicate.
CNAME
What • A CNAME is a nickname that points one name to another name.
Why • It lets you move services without breaking users. The public name stays the same while the target changes behind the scenes.
How I use it • For services like autodiscover or app portals, I often see CNAMEs that point to Microsoft or another provider. • When something breaks after a cutover, CNAMEs are one of the first things I verify.
DNS
What • DNS is the global phone book that turns names into IP addresses.
Why • If DNS fails, everything feels broken. Browsers, Outlook, file shares, all of them depend on DNS.
How I use it • I run nslookup name.company.com to see which DNS server is answering and what IP it returns. • If users in one site can reach something and other users cannot, I compare DNS answers between locations.
Hosts file
What • The hosts file is a tiny local phone book on the computer.
Why • It overrides DNS for that machine. One bad line can send traffic to the wrong place.
How I use it • Location on Windows
C:\Windows\System32\drivers\etc\hosts
• I open it with Notepad as administrator. • If someone hard coded a testing IP and forgot about it, I comment it out or remove it, then flush DNS.
Flush cache
ipconfig /flushdns
Nbtstat and TCP IP
What • Nbtstat is an older tool for NetBIOS name resolution. • Hard coded TCP IP means a manual IP instead of DHCP.
Why • Nbtstat helps when legacy name lookups act strange. • Hard coded IPs can cause conflicts or make VLAN changes painful.
How I use it • nbtstat -n to see local NetBIOS names. • nbtstat -c to see the name cache. • When I find static IPs on client machines, I document them and move them to DHCP reservations so the network is easier to manage.
Network control panel shortcut
I still use this every week
From Run
ncp.cpl
It opens the Network Connections window so I can quickly check adapters, enable or disable, or look at IPv4 settings.
DHCP Essentials
What • DHCP hands out IP addresses, gateways and DNS to clients.
Why • If DHCP fails, users cannot get on the network or suddenly have duplicate addresses.
Best practices • Use at least two DHCP servers where possible. • Define scopes with correct gateway and DNS. • Use reservations for printers and key servers.
Commands I use on clients
ipconfig /release ipconfig /renew
If a user can reach the internet but not internal resources, I check that DNS from DHCP is internal and not a public resolver.
MX, Autodiscover and Mail Flow
MX record
What • MX tells the world which server receives mail for your domain.
Why • If MX points to the wrong place or has a low priority backup you forgot, email can vanish or queue.
How I use it • I use MXToolbox to check MX records and verify that they point to Exchange Online or the correct email gateway.
Autodiscover
What • Autodiscover tells Outlook where to find the mailbox and settings.
Why • A broken autodiscover record means constant password prompts or profile creation failures.
How I use it • I verify the Autodiscover CNAME or SRV record. • I test with Outlook connectivity tools or Test-OutlookConnectivity when available.
Hunting spam engines and bad SMTP
Where malware hides • In browser extensions • In Outlook add ins • In unknown services or scheduled tasks that send mail through SMTP
How I clean it without reimaging • Check Outlook add ins and disable anything suspicious. • Run msconfig and Task Manager to review startup items and tasks. • Review SMTP logs on the server to see which host is sending unexpected traffic.
Certificates and SSL in Hybrid Environments
Internal web apps depend on trusted certificates so browsers know the site is safe. When an SSL expires, internal apps stop working and Chrome or Edge will show warnings.
Why we create new SSLs • Internal web apps must be trusted. • Intranet portals and legacy apps often stop working when an internal CA certificate expires. • External issued certs from DigiCert or GoDaddy are trusted by browsers.
Where I keep it • C:\Certs or another controlled folder • Never leave certificates scattered in Downloads
Core servers • I open Task Manager with Ctrl Shift Esc • File, Run, then mmc • Add the Certificates snap in and import there Or I import directly with PowerShell.
Machine Trust Relationship Problems
When Windows says “the trust relationship between this workstation and the primary domain failed,” the computer account and the domain no longer agree.
On a traditional domain • Disable LAN and WiFi • Log in using cached credentials • Reset the local admin password if needed • Disjoin from the domain and put it in a workgroup • Reboot • Join it back to the domain
For Azure AD joined devices
Check status
dsregcmd /status
If broken
dsregcmd /leave
Then re join from Settings under Access work or school.
RDP Session Cleanup
Sometimes users cannot remote into their office desktop because a stale session is still connected.
After that, they can reconnect without rebooting the server.
Active Directory Tools
ADSIEdit
What • A low level editor for Active Directory objects.
Why • Last resort for fixing broken attributes or lingering records when normal tools cannot reach them.
How I use it • Only with full backups and a clear change plan. • I use it to clean up orphaned objects or legacy settings left behind.
Event Viewer
What • The black box recorder of Windows.
Why • Every blue screen, login failure, replication problem and service crash leaves a trace here.
How I use it • eventvwr.msc • I focus on System and Directory Service logs on domain controllers, and Application logs on servers hosting apps.
FSMO Roles
What • Flexible Single Master Operations are special AD roles for schema, naming, PDC, RID and infrastructure.
Why • These make sure there is one source of truth for sensitive changes.
Best practice • Know exactly which DC holds each role. • Protect those DCs like crown jewels.
If a FSMO owner is gone forever • You can seize the role to a healthy DC using ntdsutil. • After seizing you never bring the old DC back online.
This is rare but every senior engineer should know the process in theory.
AD and Entra ID Health
On premise AD health
dcdiag repadmin /replsummary repadmin /showrepl
I always confirm • DNS is correct • SYSVOL is in sync • Time is correct and within a few minutes across all DCs
Entra ID health
Connect-MgGraph Get-MgUser Get-MgDirectoryAudit
I check • Sign in logs for failures • Conditional Access for blocked locations • Device compliance for machines that suddenly appear non compliant
AD controls computers and users on site. Entra controls cloud identity and device trust. In a hybrid world, both must be healthy.
Azure and Terraform
Azure CLI read only commands
az login az account show az group list az vm list az storage account list
These tell me what exists without changing anything.
Terraform for infrastructure as code • Initialize the directory terraform init • Format terraform fmt • Validate terraform validate • Plan terraform plan
Nothing changes until terraform apply is run. For interviews, being comfortable with init, plan and validate already shows good understanding.
Microsoft 365 Services
Group Policy
Purpose • Central control of security and settings for on premise joined machines.
How I create it gpmc.msc • New GPO • Edit with the settings I want • Link to the correct OU
Universal Print
What • Cloud based printing that removes the need for classic print servers.
Why • Easier management for hybrid and remote users.
I register printers in Universal Print and assign permissions based on groups, so users can get printers automatically.
SharePoint Online
Steps I follow • Go to Microsoft 365 admin center • Open SharePoint admin • Create a new site • Assign owners and members • Set sharing and retention policies
This becomes the central place for team documents and intranet content.
OneDrive and Data Migration
OneDrive • Sync client installed on machines • Known Folder Move for Desktop, Documents and Pictures • Version history to protect from mistakes and ransomware
Migrating data • I prefer SharePoint Migration Tool or Mover. • I clean old data first so I do not carry garbage into the cloud. • I communicate to users what will move and what will not.
Why This Arsenal Matters
These are the tools I have relied on in city government, banks, energy drinks, and manufacturing. They are not fancy, but they work.
Every time I help a user reconnect, restore a service, or clean up a broken configuration, I am really doing three things
• Protecting the company and its data • Supporting my teammates so they are not alone in the fire • Honoring the gift God gave me to understand and fix complex systems
This arsenal is how I serve. Whether I am helping a small office or a multi site enterprise, the pattern is the same ask good questions, run the right checks, fix the root cause, and leave clear notes so the next engineer can see the path.
Introduction Infrastructure as Code is not optional anymore. Terraform gives you a declarative way to build, modify, and destroy cloud resources cleanly. This tutorial shows exactly how to install Terraform, create your first configuration, and connect it to Azure without affecting your company’s production environment. I used these steps to rebuild my own skills after leaving California and stepping into Utah’s quiet season of learning.
Step 1 Install Terraform using Winget
Open PowerShell as admin
Run the installer winget install HashiCorp.Terraform –source winget
Restart your PowerShell window
Verify the installation terraform -version
You should see something like Terraform v1.14.0
Step 2 Create your Terraform workspace
Create a folder mkdir C:\terraform\test1
Go inside the folder cd C:\terraform\test1
Create a new file New-Item main.tf -ItemType File
Leave the file empty for now. Terraform just needs to see that a configuration file exists.
Step 3 Write your first Terraform configuration
Open main.tf and paste this:
provider “azurerm” { features {} }
Nothing created yet. This is read only.
The goal is to connect Terraform to Azure safely.
Save the file.
Step 4 Initialize Terraform
Run terraform init
This downloads the AzureRM provider and sets up your working directory.
You should see Terraform has been successfully initialized
Step 5 Install the Azure CLI
Terraform connects to Azure using your Azure CLI login. Install it with:
winget install Microsoft.AzureCLI
Verify it az –version
Step 6 Log into Azure
Run az login
A browser opens. Select your Azure account.
Important note If you see Martin’s Azure subscription, stop here and do not run terraform apply. Terraform plan is safe because it does not make changes.
Step 7 Check your Azure subscription
az account show
This confirms who you are logged in as and which subscription Terraform will use.
Step 8 Run your first Terraform plan
terraform plan
This reads your main.tf and checks for any required changes. Since your config is empty, the output will say: No changes. Infrastructure is up to date.
Step 9 Useful Azure CLI commands for Cloud Engineers
Check all resource groups az group list -o table
Check all VMs az vm list -o table
Check storage accounts az storage account list -o table
Check virtual networks az network vnet list -o table
Check VM status az vm get-instance-view –name VMNAME –resource-group RGNAME –query instanceView.statuses[1].displayStatus
Check Azure AD users az ad user list –filter “accountEnabled eq true” -o table
Check your role assignments az role assignment list –assignee <your UPN> -o table
These commands show LC that you are comfortable with both Terraform and Azure CLI.
Step 10 Can Terraform check Defender?
Terraform itself does not “check” Defender, but you can manage Defender settings as resources.
Since we did not deploy anything, no cleanup is required.
If you later create real resources, destroy them with terraform destroy
Final thoughts Terraform is one of the most powerful tools in cloud engineering. Once you know how to initialize it, authenticate with Azure, and run plans, you are already ahead of many engineers who feel overwhelmed by IaC. LC will immediately see that you are not just an Exchange guy or a VMware guy. You are becoming a modern DevOps cloud engineer who can manage infrastructure in code.
Terraform for M365 and Azure — Infrastructure-as-Code Made Simple
Introduction
Terraform is one of the most powerful tools for managing cloud environments because it lets you declare what you want and Azure builds it. No guessing. No clicking. No forgetting what you changed.
Even if M365 doesn’t support Terraform natively for all workloads, you can still automate Azure AD, Conditional Access, Groups, SPNs, Networking, Key Vault, and App Registrations through the Microsoft Graph provider.
I used IaC principles while supporting Church systems — Terraform makes environments repeatable, auditable, and consistent.
1. Installing Terraform
choco install terraform
2. Azure Login Block
provider "azurerm" {
features {}
}
provider "azuread" {
}
Elder Dieter F. Uchtdorf — October 2025 General Conference
Where effort meets grace, discipleship blooms
Excerpt
“Trust the Savior and engage, patiently and diligently, in doing your part with all your heart.”
Intro
Life moves fast — technology, deadlines, expectations, and noise. Elder Uchtdorf’s message reminded me to slow down, trust the Savior, and stay consistent in the small habits that shape who I am. It’s not about speed. It’s about direction. And the quiet discipline behind every disciple’s journey.
Notes from Elder Uchtdorf
Trust the Savior completely and give Him your steady daily effort. Discipleship requires practice. Skills fade without continued effort. Greatness grows from repetition, humility, and patience. The Lord magnifies even small efforts when offered with heart.
Perspective (direct quotes)
“Getting good at anything… takes consistent self-discipline and practice.” Whether flying, rowing, sowing, learning, or becoming — practice never stops.
“Trust the Savior and engage… in doing your part with all your heart.” He doesn’t ask perfection — just faith in motion.
Practice — Today, Not Someday
My Discipline in IT Technology evolves every day. You don’t master it once — you study daily. I use Microsoft Learn, Udemy, and YouTube Premium, and I blog because writing helps me lock in what I learn. This is my stewardship: my part in staying sharp.
My Discipline in Photography Photography isn’t just technical settings. It’s learning to read the light, study it, and anticipate it. Capturing it is an act of patience and discipline — just like discipleship.
My Discipline in Health My body is my engine. If I don’t stay fit, how can I keep up with the never-ending pace of IT? Health keeps my mind focused. My discipline keeps me grounded.
My RFC Trio Just like SPF, DKIM, and DMARC work as a trio — strengthening trust and protecting identity — my three disciplines work together:
Mind (IT) Creativity (Photography) Body (Health)
One supports the other. One anchors the next. And that’s how discipleship grows: line upon line, habit upon habit.
Final Reflection
Discipline is not punishment. It’s devotion — devotion to the future you, and trust in a God who sees more in you than you see in yourself. “Doing your part” isn’t dramatic or loud. It’s small steady steps that build spiritual muscle.
Pocket I’m Keeping
“Trust the Savior… and engage diligently in doing your part.” Not perfectly. Not instantly. Just faithfully.
What I Hear Now (direct quotes)
Consistency is strength. “Keep practicing.” “I will make your small offering enough.” “Do your part — I will do Mine.”
A Technical History Through the Tools, Upgrades, and Real-World Administration That Shaped Modern Email
Email administration today looks nothing like it did in the mid-1990s. What began as a system of flat files and small IS databases has evolved into a globally distributed, cloud-secure service powered by modern authentication, forensic automation, and layered identity protections.
This article covers the full evolution — from Exchange 5.0 → 5.5 → 2000 → 2003 → 2007 → 2010 → 2013 → 2016 → Hybrid → Exchange Online — through the practical tools and real operational practices that defined each era.
It also highlights legacy repair tools (ISINTEG, ESEUTIL), the emergence of PowerShell, and modern security controls such as DKIM, DMARC, and real-time EXO policies.
1. Exchange 5.0 — The GroupWise Era & The Limits of Early Messaging
When Exchange 5.0 existed, Novell GroupWise was still considered the enterprise email standard. Capacity was limited and reliability required constant hands-on administration.
Key Characteristics
Basic directory service
Small private and public folder stores
No Active Directory yet
No PowerShell
16GB database ceiling
Frequent corruptions under heavy load
Real Tools Used
🔧 ISINTEG — Logical Database Repair
Example usage:
ISINTEG -pri -fix -test alltests
🔧 ESEUTIL — Physical Database Repair
Soft recovery:
ESEUTIL /r E00 /l "E:\logs" /d "E:\mdbdata"
Hard recovery:
ESEUTIL /p "E:\mdbdata\priv.edb"
Defrag/whitespace removal:
ESEUTIL /d "E:\mdbdata\priv.edb"
White space mattered because the database could never exceed the size limit, and defrags were essential to survive weekly growth.
2. Exchange 5.5 — The First True Enterprise Version
Exchange 5.5 replaced GroupWise in many organizations because it solved the two biggest weaknesses:
Major Improvements
Larger database limits
Internet Mail Connector (IMC) matured
Directory replication across sites
Better MAPI stability
More predictable backups
This was the version where large organizations first began to trust Exchange for hundreds or thousands of users.
Database limitations still required:
Regular whitespace removal
Offline defrags
ISINTEG repairs
3. Exchange 2000 / 2003 — Active Directory Arrives
The introduction of Active Directory changed everything.
Last-generation threats require immediate defensive controls. These are sanitized versions of the two emergency scripts used to block impersonation attacks:
🛑 Kill Switch Transport Rule (Blocks All External Sender Impersonation)
DKIM (DomainKeys Identified Mail) is one of the most effective ways to verify that an email truly came from your organization. But many companies misunderstand one crucial truth:
DKIM is only as strong as the protection of its private key.
If attackers obtain your DKIM private key, they can sign email that appears cryptographically legitimate — even if it comes from a malicious server. This is why key length, rotation, and protection matter just as much as turning DKIM “on.”
Section 1 — What DKIM Actually Does
DKIM works by attaching a digital signature to every outbound message. It ensures:
The message hasn’t been altered
The sender is authorized
The domain identity can be verified
The core elements are:
1️⃣ DKIM Selector (s=)
Identifies which key is used. Example: s=mail2025;
2️⃣ DKIM Domain (d=)
The domain signing the message. Example: d=example-corp-secure.com;
3️⃣ Public Key (Published in DNS)
Stored in a TXT record: mail2025._domainkey.example-corp-secure.com
4️⃣ Private Key (kept hidden on the mail server)
This is the key attackers target. It signs every outbound message.
Section 2 — Why Private Keys Must Be 2048-bit Minimum
Attackers today can break 1024-bit DKIM keys.
Cloud computing
GPU farms
Distributed cracking
This is why Microsoft and major ESPs recommend 2048-bit keys.
Weak DKIM = forged trust.
Section 3 — Why You Must Rotate DKIM Keys Regularly
Even a strong key becomes weaker over time:
Keys leak
Keys get copied
Keys get exposed in old backups
Misconfigured systems reuse keys
Bad actors gather DNS data for months
Weekly or monthly rotation is considered best practice in regulated industries like banking.
Rotation protects your domain even if an attacker manages to obtain an older key.
Section 4 — How an Attacker Exploits DKIM
If the private key is stolen:
They can sign malware
They can sign phishing
They bypass SPF failures
They pass DKIM alignment
They pass DMARC alignment
Email goes straight to inbox
This is why DKIM alone is not enough.
Section 5 — Why DKIM Matters
Prevents email tampering
Builds domain trust
Enables DMARC “reject” mode
Protects your brand
Reduces false positives
Ensures message integrity
But DKIM is only strong if the private key is protected and rotated.
Conclusion
Most executives think DKIM is “set it and forget it.” But email security today requires:
Strong 2048-bit DKIM keys
Regular rotation
Tight private key protection
Monitoring through Proofpoint and EOP
DMARC enforcement
This is not optional anymore — especially for banks.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is the control system that tells receiving email servers what to do when a message fails SPF or DKIM. Without DMARC, attackers can spoof your domain freely.
Section 1 — What DMARC Does
DMARC:
Protects your domain from spoofing
Defines how mail servers should handle failures
Provides visibility into fraud attempts
Supports brand protection
Enables full enforcement (“p=reject”)
Section 2 — DMARC Tags and Their Meaning
1️⃣ v=DMARC1
Protocol version. Always DMARC1.
2️⃣ p= (Policy)
Tells receiving servers what to do:
p=none → Monitor only
p=quarantine → Send failures to spam
p=reject → Block failures entirely (best practice for banks)
3️⃣ rua= (Aggregate Reports)
Where daily XML reports are delivered. Example: rua=mailto:[email protected]
adkim=s and aspf=s enforce strict alignment — critical for banks and regulated industries.
Section 4 — Why DMARC Matters
Blocks domain impersonation
Reduces malware/phishing impact
Protects customers from fraud
Shields executives from spoofing
Enables brand trust
Essential for financial institutions
Conclusion
A strong DMARC policy (“reject”) is one of the strongest defenses against email spoofing — but only when SPF and DKIM are configured properly and regularly monitored.
