006: Rollout CA with device controls

Overview

Update your CA policies to include controls based on device state. This is a key element of a zero trust strategy for user access. The possible controls are:

• Require Compliant Device: Use this control for devices that enrolled in MDM
• Require Entra Hybrid Joined device: Use this control for devices that are not managed in MDM yet, which rely on Group Policy Objects, or similar on-premises management tools.

Reference

• Require compliant, hybrid joined devices, or MFA - Microsoft Entra ID | Microsoft Learn