Thank you everyone for your participation during today's webinar! Below is a list of questions & comments the panelists addressed during the live Q&A, along with associated timestamps: 

Question – What’s the one metric you track weekly that proves foundations are working—and what do you look for in the trend? – answered at 46:04.

Question – What are some of the most common mistakes people make when starting out with Conditional Access? – answered at 49:37.

Question – Great session!! I want to get started with the trial of Entra Suite. The information here today was amazing, and a little overwhelming! :) When I start the 90 day trial, what do you recommend I start with? As a baseline, or starting point? – answered at 52:06. Here are a couple additional resources the from the panelists:

• https://learn.microsoft.com/en-us/entra/architecture/gsa-poc-guidance-intro
• aka.ms/entrasuitetraining

Question – Is it possible to fully replace on premises Active Directory with Microsoft Entra? Is it recommended? How do we go about starting the migration? – answered at 56:33.

Question – BYOD -- bring your own device -- is unavoidable and a standard part of how our company operates. How do we handle these situations? – answered at 58:57.

Question – Is there a plan to incorporate the GSA client functionality into the Windows OS, like in the Defender agent for example?  – answered at 1:02:06.

Comment – Non Entra-related but this lineup is incredible, Microsoft community royalty! Seriously, how does it feel to be this awesome, and how do you all keep delivering such high-quality knowledge to the community? I think I’m speaking on behalf of everyone when I say: thank you for all you do and for sharing your expertise so generously! – addressed at 1:03:16.

Question – Can you elaborate on how Microsoft Entra Private Access helps to replace legacy VPNs with ZTNA, and how it is different from a traditional VPN? – answered at 1:04:47.

Question – Any tips for dealing with a "rats nest" of CA policies? Is it best to start from scratch or try and identify the gaps and close them? – answered at 1:08:22.

Question – If we're replacing VPN, what private app or apps we should onboard to Entra Private Access first? Which Conditional Access controls do you pair with it on day one? – answered at 1:13:30.

Question – How does Entra Suite work with on-prem domain controllers? – answered at 1:14:55.

Question – When can I get rid of AD with my servers? – answered at 1:17:22.

Question – For long-term modernization, which approaches do you prefer for replacing Legacy LDAP-dependent auth apps (reverse-proxy SSO, OAuth/OIDC adapter, etc.), and what are typical pitfalls? For orgs with a vast on-prem presence for core applications that are mission critical. – answered at 1:19:59.

Question – If we still have on-prem AD and aren’t ready to provision most users as cloud-only - can we still use ID Governance? – answered at 1:22:43.

Question – What’s the most important mindset or principle that practitioners should embrace as they start their Zero Trust and identity journey? – answered at 1:24:44.