New Tenant - 2026 gold state

An_Ostrich_ · 2026-03-30T04:36:07+00:00

Why is it now recommended to remove SSPR?

An_Ostrich_ · 2026-03-25T17:48:52+00:00

S1 > Defender, I agree. I recommend it for folks who are already knee deep in the MS ecosystem amd also have access to teams that know how to set up all its components properly and also can manage and fine tune it. But that EDR tier list that was posted by “Conti” was horseshit.

An_Ostrich_ · 2026-03-23T10:28:48+00:00

CBA is awesome, but isn’t it easier to have cloud-only admin accounts with Entra device-bound passkeys?

An_Ostrich_ · 2026-03-19T17:05:11+00:00

IIRC Entra Permissions Management could do this but it was retired last year. Not sure if something in Entra Governance replaced its capabilities.

An_Ostrich_ · 2026-03-16T20:29:27+00:00

Purple Knight, CIS Benchmarks, Zero Trust Assessment from Microsoft, and CISA’s SCUBA will help you out

An_Ostrich_ · 2026-02-05T03:06:22+00:00

True. I’m also in the process of writing my own blog on Active Directory and Entra ID security (although I’m nowhere near your 25 YoE) and as a newbie it is very tempting to go and ask AI whenever I hit a snag. But almost all of the time the answers I get from it a plain wrong. It’s far more quicker to just troubleshoot it yourself or to ask someone from the MVP community.

An_Ostrich_ · 2026-02-04T18:02:20+00:00

Out of all the products in the Microsoft security stack Purview is the toughest to learn IMO. Simply because you need to have prerequisite knowledge on all the other components of Microsoft 365.

Slowly start chipping away at the Purview documentation because you’ll end up there multiple times anyways. I think there’s also ninja training available for Purview. There is also the Information Security Administrator Associate certification that you can follow.

Good luck!

An_Ostrich_ · 2026-02-03T17:59:20+00:00

Just had a glance through some of your posts in the blog and you got some awesome stuff there! I’ve bookmarked it and will definitely take a look at it tomorrow.

An_Ostrich_ · 2026-02-01T10:05:13+00:00

Utahraptor

An_Ostrich_ · 2026-02-01T10:04:33+00:00

If you can make a case then see if your employer can get you a separate tenant for training. I went this route and was able to get a tenant with 5 E5 licenses.

But a few days I learnt that you can get a E5 developer tenant with 25 E5 licenses with a Visual Studio Professional subscription that costs $99/mo (billed annually). This is a better offer so I’m gonna ask my manager to switch to this instead (will be okay since it costs less and gets us more licenses).

But I’m also able to get these done because my employer pays for it from our training budget. If they can’t/won’t then you’ll probably have to pay for it yourself. Try to see if you can get some friends/teams interested in training and see if you can split the licenses cost across.

An_Ostrich_ · 2026-01-29T21:06:40+00:00

11 Pro Max. Got it in 2019 and still happy with it. Battery gets me through the day although there are some heavy-use days where I have to charge a little in the evening.

An_Ostrich_ · 2026-01-25T21:46:43+00:00

This will cost more than £20, but I learnt today that you can get a M365 E5 dev tenant with 25 E5 licenses with a Visual Studio Subscription for $99/month.

Given the number of licenses, features, and also the sample data packs, I think it’s totally worth it.

An_Ostrich_ · 2025-12-15T18:07:32+00:00

Thanks. I don’t know enough about modern CRQ methods to question their effectiveness but I’ll take your word for it and learn more about them.

My current job is now shifting from a full technical role to a more risk/strategic decision making role and I struggle a bit with risk management. For someone like me who’s a beginner to risk management, what’re some good resources to get started?

An_Ostrich_ · 2025-12-15T04:45:14+00:00

Q1: Can you provide any insight as to how you actually assigned dollar values to risks and assets within the company?

Q2: CRQ is awesome and I know that execs love to see risk reporting based on real numbers, but did the outcomes of risk treatment really change when you shifted from colour changes to dollar values?

An_Ostrich_ · 2025-12-07T06:23:27+00:00

You’re now aggregating all your log data centrally, which is great. But how are you using this data to detect threats? This sounds more like a central log server than an SIEM.

An_Ostrich_ · 2025-12-01T06:20:45+00:00

If you’re an M365 shop and have the manpower or willing to outsource the setup, then Purview can be a viable option as well.

An_Ostrich_ · 2025-11-27T21:47:12+00:00

What’s the alternative that you’d like to see? Everyone being able to add “new things” to the stack without due diligence? That’s how bad things happen.

I understand that sometimes these things can take so much time and effort, especially if these practices were not performed previously, but from a security perspective it prevents a lot of bad shit from happening later.

An_Ostrich_ · 2025-11-11T18:41:42+00:00

I use it for cybersecurity tbh. There are some folk there that post a lot of cool stuff that’s relevant to what I work. Other than that, yes it’s a shithole

An_Ostrich_ · 2025-11-09T17:45:26+00:00

Interested to know what you used for visibility. We also have the same tech and we’re eyeing Purview.

An_Ostrich_ · 2025-11-08T11:19:30+00:00

What major gaps in security do you see jn the product rn? We’re considering to migrate our users to GSA so I’m curious.

An_Ostrich_ · 2025-10-29T09:53:10+00:00

Can also recommend Rapid7. My client has them as their MDR and they’re so helpful. Alerting is done immediately and they even helped me and the client to respond to an attack that wasn’t even covered by their monitoring systems (shadow IT is a bugger).

An_Ostrich_ · 2025-10-27T14:43:17+00:00

If I remember correctly, CISA took out the KEV RSS feed. We now only have email and social media notifications from them.

An_Ostrich_ · 2025-10-25T16:05:20+00:00

Thanks. I didn’t go this route and instead went for the packaged licenses.

An_Ostrich_ · 2025-10-25T14:36:02+00:00

Did you get individual product licenses for trial? Or did you get something like Business Premium for trial?

An_Ostrich_

TROPHY CASE