Microsoft docs

Plan a Conditional Access deployment

• https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access

Create a resilient access control management strategy with Azure Active Directory

• https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-resilient-controls

Follow best practices

• Apply CA policies to every app
• Minimize the number of CA policies
• Set up emergency access accounts
• Set up report-only mode
• Plan for disruption
• Set naming standards for your policies
• Exclude countries from which you never expect a sign-in.

Common policies

• Require MFA
• Respond to potentially compromised accounts
• Require managed devices
• Require approved client applications
• Block access

Five steps to securing your identity infrastructure: Step 3 - Automate threat response

• https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity#step-3---automate-threat-response

How To: Configure and enable risk policies

• https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies

Identity and device access configurations: Applying these capabilities across the three tiers of protection

• https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-policies-configurations?view=o365-worldwide#applying-these-capabilities-across-the-three-tiers-of-protection

Common identity and device access policies

• https://docs.microsoft.com/en-us/microsoft-365/enterprise/identity-access-policies?view=o365-worldwide

What you should avoid doing

• https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/best-practices#what-you-should-avoid-doing