Good Morning,

I have watched the webinar a couple of times between yesterday and today.

I spent a better part of 90 days trying to convince a client to purchase the Entra ID Suite.

One item of note if you’re interested in purchasing the full Entra ID Suite is that if you’re a M365 E5 customer you may be eligible for step up pricing to Entra ID Suite.

We were able to get the cost per user down to $7.50 per user per month which is much more palatable than the MSRP cost.

Thought I’d share that bit of information. Not sure if that pricing is still available or not but it was for us.

I did have a question.

Ru mentioned that something about going Entra ID joined as opposed to hybrid joined. I have had back to back clients that just when Hybrid joined because they had Active Directory and were essentially scared to go cloud only.

I expressed to them that this just wasn’t true and Entra ID Suite could help them bridge this gap in instances where there might be an on-premise dependency.

Is there any documentation anywhere about why you must go Hybrid Join as opposed to Entra ID joined? Perhaps a blog that breaks it down in small bite sized increments that stakeholders can understand? 

Going Entra only is a hard sell. Can you help me with supporting documentation on how to sell it to my organization? 

Thank you everyone for your participation during today's webinar! Below is a list of questions & comments the panelists addressed during the live Q&A, along with associated timestamps: 

Question – What’s the one metric you track weekly that proves foundations are working—and what do you look for in the trend? – answered at 46:04.

Question – What are some of the most common mistakes people make when starting out with Conditional Access? – answered at 49:37.

Question – Great session!! I want to get started with the trial of Entra Suite. The information here today was amazing, and a little overwhelming! :) When I start the 90 day trial, what do you recommend I start with? As a baseline, or starting point? – answered at 52:06. Here are a couple additional resources the from the panelists:

• https://learn.microsoft.com/en-us/entra/architecture/gsa-poc-guidance-intro
• aka.ms/entrasuitetraining

Question – Is it possible to fully replace on premises Active Directory with Microsoft Entra? Is it recommended? How do we go about starting the migration? – answered at 56:33.

Question – BYOD -- bring your own device -- is unavoidable and a standard part of how our company operates. How do we handle these situations? – answered at 58:57.

Question – Is there a plan to incorporate the GSA client functionality into the Windows OS, like in the Defender agent for example?  – answered at 1:02:06.

Comment – Non Entra-related but this lineup is incredible, Microsoft community royalty! Seriously, how does it feel to be this awesome, and how do you all keep delivering such high-quality knowledge to the community? I think I’m speaking on behalf of everyone when I say: thank you for all you do and for sharing your expertise so generously! – addressed at 1:03:16.

Question – Can you elaborate on how Microsoft Entra Private Access helps to replace legacy VPNs with ZTNA, and how it is different from a traditional VPN? – answered at 1:04:47.

Question – Any tips for dealing with a "rats nest" of CA policies? Is it best to start from scratch or try and identify the gaps and close them? – answered at 1:08:22.

Question – If we're replacing VPN, what private app or apps we should onboard to Entra Private Access first? Which Conditional Access controls do you pair with it on day one? – answered at 1:13:30.

Question – How does Entra Suite work with on-prem domain controllers? – answered at 1:14:55.

Question – When can I get rid of AD with my servers? – answered at 1:17:22.

Question – For long-term modernization, which approaches do you prefer for replacing Legacy LDAP-dependent auth apps (reverse-proxy SSO, OAuth/OIDC adapter, etc.), and what are typical pitfalls? For orgs with a vast on-prem presence for core applications that are mission critical. – answered at 1:19:59.

Question – If we still have on-prem AD and aren’t ready to provision most users as cloud-only - can we still use ID Governance? – answered at 1:22:43.

Question – What’s the most important mindset or principle that practitioners should embrace as they start their Zero Trust and identity journey? – answered at 1:24:44.

For office (small O) users, Entra is a nice fit. People generally have dedicated workstations and phones for phishing-resistant MFA. How can Entra help in the case of workers who move around the plant-floor, restaurant, or other scenarios where there are shared workstations where sharing a logged-in computer is the norm. How to you get to a Zero Trust posture in the shared-workstation environment? Thanks!

If a third-party application, such as HP’s WXP, uses a connector to access and import Entra ID groups, does Entra offer any controls or monitoring capabilities to ensure the process is legitimate, routinely used, and not potentially malicious? Additionally, if the third-party application becomes unused, retired, or uninstalled, can Entra detect this change and provide an overview to help identify and mitigate any unnecessary attack surface?

For long-term modernization, which approaches do you prefer for replacing Legacy LDAP-dependent auth apps (reverse-proxy SSO, OAuth/OIDC adapter, etc.), and what are typical pitfalls? For orgs with a vast on-prem presence with core applications that are mission critical.  

That’s the best idea: policy inventory

can’t that be automated?

How does Entra Suite work with On-prem domain controllers?

Any tips for dealing with a rats nest of CA policies, is it best to start from scratch or try and identify the gaps and close them?

When can I get rid of AD with my Servers?

Non Entra-related but this lineup is incredible, Microsoft community royalty! Seriously, how does it feel to be this awesome, and how do you all keep delivering such high-quality knowledge to the community? I think I’m speaking on behalf of everyone when I say: thank you for all you do and for sharing your expertise so generously!