Require MFA for All Administrators for Government & Public Sector

Government & Public Sector organizations face specific regulatory requirements including fedramp, nist-800-53, cis. The CA-02 control helps address these requirements by:

• A Conditional Access policy targets the Directory Roles condition
• Policy includes all privileged administrator roles
• MFA is required on every sign-in (not just from untrusted locations)

Administrator accounts are prime targets for attackers. Even if MFA is required for all users, a dedicated policy for admins ensures they cannot bypass MFA under any condition and provides visibility into admin authentication.

When implementing CA-02 in a government & public sector environment, consider:

• **Regulatory requirements**: fedramp, nist-800-53, cis may mandate specific configurations
• **Risk tolerance**: Government & Public Sector organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

CA-02 requires the following configuration:

• A Conditional Access policy targets the Directory Roles condition
• Policy includes all privileged administrator roles
• MFA is required on every sign-in (not just from untrusted locations)

Creates a Conditional Access policy requiring MFA for all admin roles

With TrueConfig, you can implement this control automatically using our one-click remediation feature.