How can I use Conditional Access to enable new, secure ways of working?
Conditional Access is not just about blocking; it's also about enabling secure flexibility. For example, you can allow users to access specific, less sensitive applications from their personal devices, but only if those devices are enrolled in Intune's App Protection Policies (MAM) and the apps are protected. Or, you can enable remote work from anywhere in the world, while dynamically requiring MFA and blocking access to highly sensitive systems if the location is deemed high-risk by Azure AD Identity Protection.
Consider a 'stretch' goal: How can you leverage Conditional Access to securely enable a business process that currently feels too risky (e.g., allowing specific contractor access without VPN, enabling BYOD for certain roles)? Design a hypothetical policy for it.