What is Conditional Access?
Conditional Access is a core component of Zero Trust security that evaluates a set of signals at the moment of every access request before deciding whether to allow, block, or challenge the user. Rather than treating all users inside the network as trusted, conditional access policies examine factors like the user’s identity, the health and compliance status of their device, their physical location, and the sensitivity of the resource being requested. For example, a policy might allow access from a managed corporate device but require additional MFA when the same user attempts to log in from a personal phone. Conditional access is deeply integrated into platforms like Microsoft Entra ID and Okta