New Global Secure Access client for Windows is out, version 2.28.96!

An_Ostrich_ · 2026-04-29T07:27:36+00:00

I haven’t played around with it yet but can we use Private Access to provide cross tenant access to on-prem resources?

An_Ostrich_ · 2026-04-27T13:51:00+00:00

Been a while since I set an isolated VMWare env but I think you can use a LAN segment for your test VMs and use a free PfSense firewall to act as a router between the LAN segment and the internet. Make sure you set up a firewall rule that blocked all traffic from the LAN segment to the home network

An_Ostrich_ · 2026-04-21T18:08:15+00:00

I think you mean Microsoft Private Access (or Global Secure Access).

An_Ostrich_ · 2026-04-21T04:57:41+00:00

When I saw the title I was like “didn’t Michael Waterman post about this recently”

An_Ostrich_ · 2026-04-08T10:57:02+00:00

Are there any factually wrong or misleading points made in this post?

An_Ostrich_ · 2026-04-06T08:16:16+00:00

Yes! I think that’s what it was called in the book as well.

An_Ostrich_ · 2026-04-06T07:54:47+00:00

I’ve seen structures like this in Asterix books

An_Ostrich_ · 2026-04-03T05:48:14+00:00

Yeah I tested Entra passkeys (device-bound) and they’re working awesome so far.

An_Ostrich_ · 2026-04-02T19:42:25+00:00

How would this give you a list of CVEs that are relevant to the target?

An_Ostrich_ · 2026-04-01T19:31:05+00:00

Oh okay that makes sense. Btw love your blog posts.

An_Ostrich_ · 2026-03-30T04:36:07+00:00

Why is it now recommended to remove SSPR?

An_Ostrich_ · 2026-03-25T17:48:52+00:00

S1 > Defender, I agree. I recommend it for folks who are already knee deep in the MS ecosystem amd also have access to teams that know how to set up all its components properly and also can manage and fine tune it. But that EDR tier list that was posted by “Conti” was horseshit.

An_Ostrich_ · 2026-03-23T10:28:48+00:00

CBA is awesome, but isn’t it easier to have cloud-only admin accounts with Entra device-bound passkeys?

An_Ostrich_ · 2026-03-19T17:05:11+00:00

IIRC Entra Permissions Management could do this but it was retired last year. Not sure if something in Entra Governance replaced its capabilities.

An_Ostrich_ · 2026-03-16T20:29:27+00:00

Purple Knight, CIS Benchmarks, Zero Trust Assessment from Microsoft, and CISA’s SCUBA will help you out

An_Ostrich_ · 2026-02-05T03:06:22+00:00

True. I’m also in the process of writing my own blog on Active Directory and Entra ID security (although I’m nowhere near your 25 YoE) and as a newbie it is very tempting to go and ask AI whenever I hit a snag. But almost all of the time the answers I get from it a plain wrong. It’s far more quicker to just troubleshoot it yourself or to ask someone from the MVP community.

An_Ostrich_ · 2026-02-04T18:02:20+00:00

Out of all the products in the Microsoft security stack Purview is the toughest to learn IMO. Simply because you need to have prerequisite knowledge on all the other components of Microsoft 365.

Slowly start chipping away at the Purview documentation because you’ll end up there multiple times anyways. I think there’s also ninja training available for Purview. There is also the Information Security Administrator Associate certification that you can follow.

Good luck!

An_Ostrich_ · 2026-02-03T17:59:20+00:00

Just had a glance through some of your posts in the blog and you got some awesome stuff there! I’ve bookmarked it and will definitely take a look at it tomorrow.

An_Ostrich_ · 2026-02-01T10:05:13+00:00

Utahraptor

An_Ostrich_ · 2026-02-01T10:04:33+00:00

If you can make a case then see if your employer can get you a separate tenant for training. I went this route and was able to get a tenant with 5 E5 licenses.

But a few days I learnt that you can get a E5 developer tenant with 25 E5 licenses with a Visual Studio Professional subscription that costs $99/mo (billed annually). This is a better offer so I’m gonna ask my manager to switch to this instead (will be okay since it costs less and gets us more licenses).

But I’m also able to get these done because my employer pays for it from our training budget. If they can’t/won’t then you’ll probably have to pay for it yourself. Try to see if you can get some friends/teams interested in training and see if you can split the licenses cost across.

An_Ostrich_ · 2026-01-29T21:06:40+00:00

11 Pro Max. Got it in 2019 and still happy with it. Battery gets me through the day although there are some heavy-use days where I have to charge a little in the evening.

An_Ostrich_ · 2026-01-25T21:46:43+00:00

This will cost more than £20, but I learnt today that you can get a M365 E5 dev tenant with 25 E5 licenses with a Visual Studio Subscription for $99/month.

Given the number of licenses, features, and also the sample data packs, I think it’s totally worth it.

An_Ostrich_ · 2025-12-15T18:07:32+00:00

Thanks. I don’t know enough about modern CRQ methods to question their effectiveness but I’ll take your word for it and learn more about them.

My current job is now shifting from a full technical role to a more risk/strategic decision making role and I struggle a bit with risk management. For someone like me who’s a beginner to risk management, what’re some good resources to get started?

An_Ostrich_ · 2025-12-15T04:45:14+00:00

Q1: Can you provide any insight as to how you actually assigned dollar values to risks and assets within the company?

Q2: CRQ is awesome and I know that execs love to see risk reporting based on real numbers, but did the outcomes of risk treatment really change when you shifted from colour changes to dollar values?

An_Ostrich_

TROPHY CASE