Introducing Conditional Access as Code. A fully automated solution to kick-start and maintain your Conditional Access deployment. The solution consists of three main components.
A collection of conditional access policies in JSON format which are divided into the following categories:
- Admin protection
- Application protection
- Attack surface reduction
- Base protection
- Compliance
- Data protection
Policy sets are based on the policies in the repository and form complete policy sets depending on company maturity and licensing:
- Bare minimum
- Device trust with AADP1
- Device trust with AADP1 and AADP2
- Device trust with AADP2
- Network trust with AADP1
- Network trust with AADP1 and AADP2
- Network trust with AADP2
- Your custom policy set
A script based automation solution to deploy and update policy sets in environments.
Together, these three components enable an extremely fast deployment of conditional access concepts and their long-term maintenance, e.g. in the form of source control.
Get started with the Quick-start wiki
Although I work for Microsoft, this is not an official recommendation, I exclude any liability and warranty. This is only a personal recommendation which has to be implemented with the utmost care and testing.