Require MFA via Conditional Access Policy for Manufacturing & Industrial

Manufacturing & Industrial organizations face specific regulatory requirements including iso27001, nist-800-53, cis. The CA-01 control helps address these requirements by:

• At least one Conditional Access policy requires MFA for all users
• Policy applies to all cloud applications
• Emergency access accounts are excluded
• Policy state is Enabled (not Report-only)

Conditional Access policies provide granular MFA enforcement with proper exclusions. Unlike Security Defaults, CA policies allow you to exclude emergency access accounts while still protecting all users.

When implementing CA-01 in a manufacturing & industrial environment, consider:

• **Regulatory requirements**: iso27001, nist-800-53, cis may mandate specific configurations
• **Risk tolerance**: Manufacturing & Industrial organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

CA-01 requires the following configuration:

• At least one Conditional Access policy requires MFA for all users
• Policy applies to all cloud applications
• Emergency access accounts are excluded
• Policy state is Enabled (not Report-only)

Creates a Conditional Access policy requiring MFA for all users

With TrueConfig, you can implement this control automatically using our one-click remediation feature.