CA-09CriticalMaximum Security
Zero Trust Network Access
Conditional Access control for Microsoft 365 and Entra ID
Why This Control Matters
Full Zero Trust: never trust, always verify. Every access request is validated against device health, user risk, and location. This ensures compromised devices and credentials cannot access resources.
Expected State
When this control is compliant, your tenant should meet these criteria:
- 1All cloud app access requires a compliant device
- 2Named locations are configured for corporate networks
- 3Location-based blocking policies are enforced
- 4Risk-based sign-in policies are active
Enforcement
Default Mode
Strict
Zero-tolerance enforcement with immediate remediation
Auto-Remediation
Available
Creates a CA policy requiring device compliance for all cloud apps. PREREQUISITE: Intune device compliance policies must be configured.
Ready to implement this control?
TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.