Consolidated Conditional Access strategy builder
Design stronger environments with fewer, clearer policies.
CA Architect V2 simplifies Conditional Access by compressing best-practice controls into the fewest safe policies, explaining each build step, and mapping the design to MITRE ATT&CK so teams can see which identity threats they are mitigating.
Attack vectors addressed
MITRE coverage for selected requirements
Recommended strategy
Strongest safe design
Why some controls stay separate Guardrails for policies that should not be merged.
Baseline traceability Shows which original baseline policies are represented by each consolidated policy.
MITRE detail and residual gaps Extra ATT&CK mapping and items Conditional Access cannot solve alone.
Advanced threat model Optional scope, suggested threats, and control mapping for engineers who want to tune the strategy manually.
Choose an identity and target to see suggested threats and matching controls.
Scope
Identity and target
Identity profile
Target resources
Threat model
Threats to defend against
Scenario outcome
Secure access plan
Threats mitigated
MITRE and safety view
Recommended policy pack
Build these scenario policies
Prerequisites
Before Conditional Access
Manual build notes
What to configure
Policy detail
Select a policy
Select a policy to review controls, structured edits, and Graph JSON.
Rollout decision
Recommended states start higher-risk controls in report-only where supported.
Prerequisites
Required objects
Manual build guide
Entra portal checklist
Generated from the configured export shapeStructured edits
Export overrides
Sanitized Graph JSON
v1.0 policy shapeImport and compare