Entra Conditional Access (CA) is an incredibly power tool for implementing authentication-related security controls in an organization, especially one that leverages cloud-based identity. Organizations often start with CA to implement a narrow goal and end up with it having a critical role in dictating the company-wide security posture. Once it is mission critical, the need for mature operations emerges. How do you prevent configuration mistakes? How do you perform change control? How do you maintain effective governance and manage exceptions? How do you scale the platform effectively while staying within system constraints? In this session, we will take you through the approach we have developed over many years at Accenture to implement a robust CA framework. Accenture uses CA for numerous critical controls including device-based posture, MFA and phishing-resistance, risk-based authentication, and privileged access. We apply CA to over 1.1 million users, including over 800K employees and contractors and guests from over 2000 connected organizations, including their devices. We made plenty of mistakes in that time and we’ll share all things we’ve learned and built to manage and scale the platform so that you might be able to get to maturity a little faster.