cqrenet/antifragile
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Correct M365 E3 licensing capabilities across playbooks

Browse Source 
E3 includes Entra ID P1 (conditional access, SSPR) and Defender for
Endpoint P1 (AV, device control, ASR audit mode), not just 'Free'/'AV only'.

Key corrections:
- m365-e3-hardening.md: Entra ID P1 with conditional access is now
  correctly listed as included; Intune is full not 'basic'; ASR audit
  mode is available in P1; risk-based gap reframed as 'No Entra ID P2'
- zero-budget-hardening.md: E3 comparison table now shows Entra ID P1
  and Defender for Endpoint P1 correctly; pitch text updated
- modular-engagements.md: MFA description now reflects conditional
  access availability in E3
- m365-antifragile-project.md: Conditional Access heading now correctly
  notes E3 includes P1; E3 baseline mentions conditional access
- endpoint-management-entry-vector.md: Intune described as full MDM/MAM
This commit is contained in:
Tomas Kracmar
2026-05-09 16:58:36 +02:00
parent 763da003d3
commit 3569cd7c45
5 changed files with 36 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
antifragile-consulting/core/modular-engagements.md
View File

@@ -67,7 +67,7 @@ We do not sell monolithic transformation projects. We sell **building blocks** t
**What is delivered**:
- Full identity census: human accounts, service accounts, guests, enterprise apps
- MFA enforcement for 100% of users (per-user MFA for E3; conditional access for E5)
- MFA enforcement for 100% of users (conditional access with MFA for E3; risk-based conditional access and PIM for E5)
- Legacy authentication blocked tenant-wide
- Privileged access workstation (PAW) architecture for admins
- PIM deployment (if E5/Entra ID P2) or manual JIT process (if E3)