Here for the biceps :-) Seriously thanks for the details and the time !

Hello team, Comments: minute 24:23 Pre-requirement for CAP user action "register or Join device" If you plan to create the conditional access policy for the user action "register or Join device", you need to have in EntraID-->Devices-->Device Settings--> Option: "Require MFA to register or join devices with Microsoft Entra" set to NO. Amazing material, I see you r videos like I am in a very serious class, this is the knowledge that make difference

Great overview I'm going to share this with some of my admin buddies. I had not known that they had added the ability to not login from Linux operating systems that'll be a default going forward. one thing you could take back to Microsoft on our behalf is that I would like the ability to have multiple country choices for logins for example, some of my clients are very close to the border and often go over into Canada, but there is no way to choose that they can login from both Canada or the United States that should be fixed.

@41:00 - can we printer a report and see what needs to be done to fix what's needs to be fix?

Minute 28:28 is there any way to setup a prefered MFA method, meaning that from admin setup the priority for the authentication methods i.e.: 1. Passkey 2. Authenticator Passwordless 3. Authenticator Nubmer matching. How can I know what is the primary MFA verification method that user is using to verify his identity?

minute 31:04 App consent is there any way to reduce the extra workload to user consent to the admins? minute: 31:54: admin consent request how the admins can know if the app that is requesting the permissions is secure or not? In the option "Allow user consent apps from verified published from selected permissions" All users can concent for permissions classfied as "low impact" do you know where can I find the low impact, medium impact and high impact permissions?

Minute 35:09: who are the tenantadmins, are only the Global admins or any admin will receive the message, i.e.: will intune admin receive this alert?

Does MS not block Tor nodes by default ?