https://community.dynatrace.com/t5/Open-Q-A/Difference-between-Security-Context-and-Management-Zone/m-p/273994#M36173 <P>Hi <a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/36245">@waikeat_chan</a> , you could more easily think of this as Pre-Grail and Post-Grail.</P><P>If you're not using Grail, MZ is the option for filtering entities and metrics. You can assign users to see only certain MZs or a more general view and then filter by MZ. Customers with Dynatrace Managed or SaaS without Grail.</P><P>In the Post-Grail scenario, as you described, Dynatrace has announced that MZ will be deprecated in the future. Therefore, if you have a new user, using only security_context would be a good recommendation.</P> Mon, 31 Mar 2025 19:41:05 GMT DanielS 2025-03-31T19:41:05Z https://community.dynatrace.com/t5/Open-Q-A/Difference-between-Security-Context-and-Management-Zone/m-p/273894#M36167 <P>I've read about the technical difference between these two, however I am more curious about the <STRONG>GENERAL difference</STRONG> between these two when it comes to handling customer (to at least know, if my understanding is correct)</P><P>&nbsp;</P><P><U>1) Customer that is <STRONG>about to upgrade from Managed</STRONG> or Normal-SaaS to SaaS-Grail:</U></P><UL class="lia-list-style-type-circle"><LI>a.&nbsp; For the things that're <STRONG>visible as a SmartScape bubbles,&nbsp; set the security_context to be the same value as management zone</STRONG> (to ease the migration to Grail later)</LI><LI>b.&nbsp; For the things that<STRONG> aren't visible as bubbles</STRONG> (for example, logs ingested via streaming/forwarding from other sources), <STRONG>set the security_context for them</STRONG> before the Migration</LI><LI>c.&nbsp; <STRONG>After migration, management zone can still be use</STRONG>, but MOSTLY would be<STRONG> as a mechanism for slice-and-dice data</STRONG> instead of mechanism for data-access-control <STRONG>because policy+security_context would be use for data access control</STRONG> <EM><FONT face="andale mono,times">(if customer still want to use Management Zone in data access control, they can do so too because management zone is allowed in the syntax of policy. Just that apparently Dynatrace Team would not advise to do so?)</FONT></EM></LI></UL><P>&nbsp;</P><P><U>2) For customer that would <STRONG>straight away onboard to SaaS Grail</STRONG></U></P><UL class="lia-list-style-type-circle"><LI>a.&nbsp; <STRONG>Just use Security Context</STRONG></LI><LI>b.&nbsp; Management Zone is totally optional ('optional' in the sense that, as exactly what I described in point 1c above)</LI><LI>But to make things easier in future (I don't know, maybe in future Dynatrace would remove this feature altogether...), <STRONG>Management Zone should be avoid</STRONG> for all new customer<STRONG>?</STRONG></LI></UL><P>&nbsp;</P><P>Any comment or correction are welcome, thanks!</P><P>&nbsp;</P><P>Best Regards,</P><P>Wai Keat</P> Sun, 30 Mar 2025 14:28:06 GMT https://community.dynatrace.com/t5/Open-Q-A/Difference-between-Security-Context-and-Management-Zone/m-p/273894#M36167 waikeat_chan 2025-03-30T14:28:06Z https://community.dynatrace.com/t5/Open-Q-A/Difference-between-Security-Context-and-Management-Zone/m-p/273994#M36173 <P>Hi <a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/36245">@waikeat_chan</a> , you could more easily think of this as Pre-Grail and Post-Grail.</P><P>If you're not using Grail, MZ is the option for filtering entities and metrics. You can assign users to see only certain MZs or a more general view and then filter by MZ. Customers with Dynatrace Managed or SaaS without Grail.</P><P>In the Post-Grail scenario, as you described, Dynatrace has announced that MZ will be deprecated in the future. Therefore, if you have a new user, using only security_context would be a good recommendation.</P> Mon, 31 Mar 2025 19:41:05 GMT https://community.dynatrace.com/t5/Open-Q-A/Difference-between-Security-Context-and-Management-Zone/m-p/273994#M36173 DanielS 2025-03-31T19:41:05Z