Great session. I really like your explanation why Tier 0 is important even we have the Enterprise Access Model => Tier 0 is key. If the attacker controls Tier 0 he controls everything. Maybe here is a good link to protect Tier 0 in the On-Premises world https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/protecting-tier-0-the-modern-way/bc-p/4099397#M5944 The combination of Azure RBAC, with PAWs and OnPrem T0 account isolation it is the right way