Unit 11: Conditional Access Optimization Agent

The optimization agent:

• Reviews existing policies.
• Finds unprotected users.
• Suggests best-practice improvements.
• Enables one-click remediation.

Requirements:

• Entra ID P1 license.
• Security Compute Units.
• Security Administrator role.

What the Agent Optimizes

• MFA coverage.
• Device-based controls.
• Legacy authentication blocking.
• Policy consolidation.
• Device code flow blocking.

Final Retention Summary

Conditional Access is:

• Context-aware access control.
• Central to Zero Trust.
• Powerful but dangerous if misconfigured.

Security defaults are:

• A starting point.
• Free and easy.
• Replaced by Conditional Access when ready.

Testing, exclusions, and emergency access accounts are non-negotiable.