Block End of Life Operating Systems
Configure policy to only allow ‘Windows 10’ or ‘Windows 11’ devices
Enforce MFA for Administrators
Configure policy to enforce second factor MFA if user is a member of the ‘Administrator’ group.
Password Only Access when in Office
Configure policy to allow ‘Password Only’ access to ‘Salesforce’ application when IP Address = ‘Office IP Address Range
Block Access from Certain Countries
Configure policy to block access if Location is ‘X’
Alert Weekend Access to Finance Application
Configure policy to trigger email Alert to administrator when users authenticate to application ‘SAP Concur’ when day of week is ‘Saturday’ or ‘Sunday’
Enable the Conditional Access Policy Engine with a Default Action set to “Deny Access”
Then, you can create specific policy rules to allow access or define an alternative default action if no policy rule is triggered.
These rules are always enforced based on the principle of least privilege. For instance, if a rule requires multi-factor authentication (MFA) and a “Deny Access” policy rule are both triggered, access will be blocked in accordance with the least privilege rule activated.