We appreciate your participation! Friendly reminder that Q&A is open through this Friday at 12p PT. 

Below are the questions the panelists answered live, along with associated timestamps: 

Question – Systems Architect for ~200 users in fully cloud M365 environment. What is Microsoft's or your own opinions on enforcing Zero Trust with CA policies? I took over an existing CA setup a year ago and although it works, it's very dependent on static grouping and I want something that can be easily scaled without relying on not missing adding someone to a group. – answered at 2:23.

Question – One shortcoming for Intune management is a standardized connectivity test that reports on connectivity issues and helps Intune admins check and act on connectivity issues; it would even enable security admins and network admins to smoke test Intune pro-actively when making changes and thus avoid disruptions for Intune. What is the Intune team's opinion on this? – answered at 9:11.

• For more info, read the blog Support tip: Aligning network policy with Microsoft Intune and Zero Trust

Question – I love the Zero Trust Workshop Assessment and workbook, but it is overwhelming. Is there a recommended approach to tackling the "to do" list? – answered at 18:09.

• Go to the Microsoft Zero Trust Workshop & the Intune Advanced Analytics to learn more.

Question – Using GSA for part of my Zero trust solution. Global Secure Access on BYOD (Android and iOS) not depending on the Microsoft Defender app is needed. Maybe an app just for GSA, similar to Windows. Asking users to install the Microsoft Defender app on their BYOD device is way too much. For my organization, GSA on Android was blocked, issues with Android version 15 and many other issues and just never working on some devices. Recommendation for Android welcome!! – answered at 24:04.