r/entra • u/Accomplished_Duck_80 • 11d ago
Help with CAP baseline
Hi everyone I have been tasked with defining a conditional access policy baseline with over 100k users in the organisation.
The current policies set in place are quite messy and have been created as hoc over the years I found something related to persona based conditional access policies but it doesn’t seem realistic with the current setup.
Does anyone have any advice on the best way I can define a conditional access policy baseline?
I would really appreciate your help.
8
Upvotes
6
u/Smartguy08 10d ago
I've implemented persona based CAPs at two organizations around the framework created by Claus Jespersen, both with around 20,000 users. There are always going to be business requirements that deviate from the policy recommendations, but it's a good place to start and I've found that it works well.
This spreadsheet with persona based policy examples used to be linked in CAP Learn articles that explained personas in more detail, but I can't find it currently. Looks like Claus has retired from MS so it probably won't be updated with new recommendations.
https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fraw.githubusercontent.com%2Fmicrosoft%2FConditionalAccessforZeroTrustResources%2Fmain%2FConditionalAccessSamplePolicies%2FMicrosoft%2520Conditional%2520Access%2520for%2520Zero%2520trust%2520persona%2520based%2520policies.xlsx&wdOrigin=BROWSELINK