Require MFA for All Administrators for Financial Services & Banking

Financial Services & Banking organizations face specific regulatory requirements including soc2, pci-dss, nist-800-53, iso27001. The CA-02 control helps address these requirements by:

• A Conditional Access policy targets the Directory Roles condition
• Policy includes all privileged administrator roles
• MFA is required on every sign-in (not just from untrusted locations)

Administrator accounts are prime targets for attackers. Even if MFA is required for all users, a dedicated policy for admins ensures they cannot bypass MFA under any condition and provides visibility into admin authentication.

When implementing CA-02 in a financial services & banking environment, consider:

• **Regulatory requirements**: soc2, pci-dss, nist-800-53 may mandate specific configurations
• **Risk tolerance**: Financial Services & Banking organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

To implement CA-02 in your Microsoft 365 environment:

• A Conditional Access policy targets the Directory Roles condition
• Policy includes all privileged administrator roles
• MFA is required on every sign-in (not just from untrusted locations)

TrueConfig can automatically remediate this control with one click.