Require MFA for All Administrators for Retail & E-Commerce

Retail & E-Commerce organizations face specific regulatory requirements including pci-dss, soc2, cis. The CA-02 control helps address these requirements by:

• A Conditional Access policy targets the Directory Roles condition
• Policy includes all privileged administrator roles
• MFA is required on every sign-in (not just from untrusted locations)

Administrator accounts are prime targets for attackers. Even if MFA is required for all users, a dedicated policy for admins ensures they cannot bypass MFA under any condition and provides visibility into admin authentication.

When implementing CA-02 in a retail & e-commerce environment, consider:

• **Regulatory requirements**: pci-dss, soc2, cis may mandate specific configurations
• **Risk tolerance**: Retail & E-Commerce organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

CA-02 requires the following configuration:

• A Conditional Access policy targets the Directory Roles condition
• Policy includes all privileged administrator roles
• MFA is required on every sign-in (not just from untrusted locations)

Creates a Conditional Access policy requiring MFA for all admin roles

With TrueConfig, you can implement this control automatically using our one-click remediation feature.