This repository holds some Conditional Access resources that complement the Azure Architecture design note "Conditional Access Guidance for Zero Trust". See more here for a description on CA configured for Zero Trust

https://docs.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-zero-trust?msclkid=d1768a34ceda11ec9b6c8f244f8d05bd and

• Detailed guidance as PDF documents on Conditional Access Guidance that complements the formal documentation. Latest updates from October 2023
• ConditionalAccessSamplePolicies folder holds an Excel Spreadsheet documenting the suggested set of policies
• ConditionalAccessSamplePolicies\Microsoft365DSCCAGroups folder has a Microsoft365dsc file to automate the creation of groups used for the CA policies
• ConditionalAccessSamplePolicies\Microsoft365DSCCAPolicies folder has a Microsoft365dsc file to automate the creation of CA policies
• ToolBox folder has a few helper scripts. Open the script for furhter information.
• Workbooks folder has enhanced workbooks to look at CA policies and compliancy as well as a troubleshooing solution for Always-On VPN including a workbook for that.
• Presentations folder has a few presentations that I have given about CA configured for Zero Trust
• ConditionalAccessSamplePoliciesTerraform folder holds sample code to be used from GitHub Actions based on Terraform. Thanks to Suryendu Bhattacharyya, https://www.linkedin.com/in/suryendub/

see other readme files in the sub-folders for further details.

PS! I would like to thank contributors, and those who have made PRs. This is much appreciated. If I am too slow in looking at and potentially approve any PRs, feel free to ping me on channels like LinkedIn for us to have a chat.

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.