Designing a strategy for CA
CA policies enforce additional verification actions based on a signal that a user or device may be potentially compromised. The foundation of CA policies is the Zero Trust methodology. Azure AD CA analyzes signals such as user, device, and location to automate decisions and enforce organizational access policies for the resource. CA policies allow you to prompt users for MFA when needed for security and stay out of the user’s way when not needed.
As you will notice in Figure 4.7, the policies that we determine for our company are what then enforce these CA requirements from signal to decision to enforcement:
Figure 4.7: CA workflow
The planning and creation of CA policies should be a foundation of access policy enforcement in Zero Trust. In addition, you should have a set of active and fallback policies to start your deployment. You need to have a proper plan and understand how conditional access policies would potentially...
