Skip to main content
IT KORR
IT KORRKeeping Organizations Reliable & Resilient
Identity & Access Management · Download

Conditional Access Planning Workbook

A multi-phase rollout workbook for planning a Conditional Access implementation from baseline to advanced policy sets.

IT KORR Knowledge Center

Conditional Access Planning Workbook

A multi-phase rollout workbook for planning a Conditional Access implementation from baseline to advanced policy sets.

How to Use This Workbook

Unlike the per-policy Conditional Access Policy Worksheet, this workbook plans the overall rollout sequence across phases. Use it alongside the Conditional Access Planner tool, which generates the specific policy recommendations this workbook helps you sequence.

Phase 1 — Baseline (Target: Weeks 1-2)

  • Policies: MFA for all users, block legacy authentication, break-glass exclusion.
  • Stakeholders to involve: IT/security lead, at least one additional administrator for break-glass setup.
  • Success criteria: Report-only testing shows no unexpected impact; policies enforced.

Phase 2 — Device & Risk (Target: Weeks 3-5)

  • Policies: compliant device for sensitive apps, sign-in risk response, location-based blocking.
  • Prerequisite: device enrollment/compliance coverage confirmed broad enough via Report-only logs.
  • Success criteria: pilot group shows no unexpected lockouts before tenant-wide enforcement.

Phase 3 — Privileged Roles (Target: Weeks 6-7)

  • Policies: phishing-resistant MFA for admins, shorter session timeout for sensitive apps.
  • Prerequisite: phishing-resistant MFA methods (hardware key/passkey) provisioned for administrative accounts.
  • Success criteria: all administrative accounts migrated and confirmed functioning under the new policy.

Ongoing — Review Cadence

  • Review all active policies at least annually, or after any significant tenant change.
  • Re-test any modified policy in Report-only mode before re-enforcing.

Related Resources

  • Conditional Access Planner — /tools/conditional-access-planner
  • Download: Conditional Access Policy Worksheet — /knowledge-center/cybersecurity/identity-access-management/downloads/conditional-access-policy-worksheet

This document is a starting-point resource, not legal or compliance advice. Review it against your organization's actual systems before adoption — see the full Identity & Access Management Hub for the reasoning behind each recommendation, or use the Identity & MFA Readiness Assessment to evaluate your current posture.

Build: add8299 | Built: Jul 9, 2026 9:26 PM EDT