Block or Require MFA for Risky Sign-Ins for Manufacturing & Industrial

Manufacturing & Industrial organizations face specific regulatory requirements including iso27001, nist-800-53, cis. The CA-03 control helps address these requirements by:

• An Identity Protection sign-in risk policy is enabled
• High-risk sign-ins are blocked
• Medium-risk sign-ins require MFA

Microsoft analyzes each sign-in for anomalies (impossible travel, anonymous IP, malware-linked IPs). Risk-based policies automatically escalate protection when threats are detected, without user friction during normal access.

When implementing CA-03 in a manufacturing & industrial environment, consider:

• **Regulatory requirements**: iso27001, nist-800-53, cis may mandate specific configurations
• **Risk tolerance**: Manufacturing & Industrial organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

CA-03 requires the following configuration:

• An Identity Protection sign-in risk policy is enabled
• High-risk sign-ins are blocked
• Medium-risk sign-ins require MFA

Creates sign-in risk policy in Identity Protection

With TrueConfig, you can implement this control automatically using our one-click remediation feature.