From: Architecting Zero Trust: Crafting Baseline Conditional Access Policies with Intune
applicationpractical

How can I start designing my organization's baseline Conditional Access policies effectively?

Begin by identifying your organization's most critical assets, sensitive data, and privileged accounts. Prioritize policies that protect these first. Start with a foundational set, such as requiring MFA for administrators and for all users accessing sensitive cloud apps, and blocking access from untrusted locations. Always implement policies in 'Report-only' mode initially to monitor their impact and refine them based on logs and user feedback before enforcing them fully.

Action

Create a matrix of critical applications/data, user groups (e.g., Admins, All Users), and access scenarios (e.g., from corporate device, from personal device, from untrusted location). Use this to map out initial policy ideas.

Read the full exploration
What else is in this exploration
4 evidence blocks4 perspectives4 visualizations3 media resources8 rabbit holes
evidence
Conditional Access is the 'If-Then-Else' statement of Microsoft's identity security, evaluating a...
evidence
The 'Report-only' mode is crucial for testing Conditional Access policies and understanding their...
evidence
Baseline Conditional Access policies should typically enforce Multi-Factor Authentication (MFA) f...
Sign up to unlock
Continue exploring
Architecting Zero Trust: Crafting Baseline Conditional Access Policies with Intune
Evidence, perspectives, rabbit holes, and more