Block or Require MFA for Risky Sign-Ins for Financial Services & Banking

Financial Services & Banking organizations face specific regulatory requirements including soc2, pci-dss, nist-800-53, iso27001. The CA-03 control helps address these requirements by:

• An Identity Protection sign-in risk policy is enabled
• High-risk sign-ins are blocked
• Medium-risk sign-ins require MFA

Microsoft analyzes each sign-in for anomalies (impossible travel, anonymous IP, malware-linked IPs). Risk-based policies automatically escalate protection when threats are detected, without user friction during normal access.

When implementing CA-03 in a financial services & banking environment, consider:

• **Regulatory requirements**: soc2, pci-dss, nist-800-53 may mandate specific configurations
• **Risk tolerance**: Financial Services & Banking organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

CA-03 requires the following configuration:

• An Identity Protection sign-in risk policy is enabled
• High-risk sign-ins are blocked
• Medium-risk sign-ins require MFA

Creates sign-in risk policy in Identity Protection

With TrueConfig, you can implement this control automatically using our one-click remediation feature.