I’ve been working on conditional access for a while now with a client, trying to find the right balance of command and control versus usability for the organisation. Just as I thought we were there, I noticed a new policy called “Baseline policy: Require MFA for admins (Preview)” had appeared. Given that this is buried …