Require MFA for All Administrators for Education & Research

Education & Research organizations face specific regulatory requirements including cis, nist-800-53, soc2. The CA-02 control helps address these requirements by:

• A Conditional Access policy targets the Directory Roles condition
• Policy includes all privileged administrator roles
• MFA is required on every sign-in (not just from untrusted locations)

Administrator accounts are prime targets for attackers. Even if MFA is required for all users, a dedicated policy for admins ensures they cannot bypass MFA under any condition and provides visibility into admin authentication.

When implementing CA-02 in a education & research environment, consider:

• **Regulatory requirements**: cis, nist-800-53, soc2 may mandate specific configurations
• **Risk tolerance**: Education & Research organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

To implement CA-02 in your Microsoft 365 environment:

• A Conditional Access policy targets the Directory Roles condition
• Policy includes all privileged administrator roles
• MFA is required on every sign-in (not just from untrusted locations)

TrueConfig can automatically remediate this control with one click.