secure
Identity & Access Management
Conditional Access, MFA, Privileged Identity Management, and passwordless authentication.
Foundation (Plan 1)
- Conditional Access - Users — Conditional Access policies for standard users (MFA, device compliance, guest access, risk-based controls)
- Conditional Access - Admins — Conditional Access policies for administrators (enhanced MFA, risk-based CA, session controls, location restrictions)
Added in Endpoint (Plan 2)
- Conditional Access - Devices — Conditional Access policies requiring device compliance
- Privileged Identity Management — Entra ID PIM for just-in-time privileged access, cloud-only accounts, access reviews
- Workload Identity Governance — Discover, remediate, and govern non-human identities including service principals, managed identities, and workload identity federation
- Passwordless & FIDO2 Strategy — Strategic credential roadmap covering FIDO2 keys, Windows Hello for Business, Authenticator passwordless methods, and password elimination