Merged
Conversation
Kh4lil
approved these changes
Dec 18, 2025
There was a problem hiding this comment.
Pull request overview
This pull request adds comprehensive documentation for SHIELD's Conditional Access policies and introduces a placeholder for Break Glass account documentation. The changes expand the reference architecture documentation to cover both Enterprise and Privileged Conditional Access policies.
Key Changes
- Added 18 new Conditional Access policy documentation files covering Enterprise (4 policies) and Privileged (14 policies) access scenarios
- Introduced Break Glass Account Overview placeholder page for upcoming documentation
- Restructured mkdocs.yml navigation to organize the new documentation hierarchically under Reference > Architecture > Conditional Access
Reviewed changes
Copilot reviewed 20 out of 20 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| mkdocs.yml | Updated navigation structure to include new Conditional Access architecture documentation and Break Glass overview page |
| docs/SHIELD/Reference/Break-Glass-Overview.md | Added placeholder page for upcoming Break Glass documentation |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Enterprise/Compliance.md | Documents device compliance requirements for enterprise users |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Enterprise/Location.md | Documents geo-fencing policy for enterprise access |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Enterprise/MDCA.md | Documents Microsoft Defender for Cloud Apps integration |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Enterprise/MFA.md | Documents MFA enforcement for enterprise identities |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/Authentication-Methods.md | Documents authentication strength requirements for privileged access |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/Block-Non-Priv.md | Documents policy preventing non-privileged users from accessing privileged devices |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/Compliance.md | Documents device compliance requirements for privileged devices |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/Disable-CA-Resilience-Downgrade.md | Documents policy preventing security downgrade during outages |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/Hardware-Enforcement.md | Documents approved hardware requirements for privileged access |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/Join-Type.md | Documents Entra ID join type requirements for privileged devices |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/Legacy-Auth.md | Documents legacy authentication blocking for privileged identities |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/Location.md | Documents geo-fencing policy for privileged access |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/MFA.md | Documents MFA enforcement for privileged users |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/OS-Enforcement.md | Documents Windows-only access requirement for privileged devices |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/Session-Persistence.md | Documents session persistence controls for privileged users |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/Sign-In-Risk.md | Documents sign-in risk blocking for privileged users |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/Token-Binding.md | Documents token theft protection for privileged sessions |
| docs/SHIELD/Deploy/Reference/Architecture/Conditional-Access/Privileged/User-Risk.md | Documents user risk blocking for privileged accounts |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
.../SHIELD/Deploy/Reference/Architecture/SHIELD/Privileged/Conditional-Access/OS-Enforcement.md
Outdated
Show resolved
Hide resolved
.../SHIELD/Deploy/Reference/Architecture/SHIELD/Privileged/Conditional-Access/OS-Enforcement.md
Outdated
Show resolved
Hide resolved
docs/SHIELD/Deploy/Reference/Architecture/SHIELD/Enterprise/Conditional-Access/Compliance.md
Outdated
Show resolved
Hide resolved
...Deploy/Reference/Architecture/SHIELD/Privileged/Conditional-Access/Authentication-Methods.md
Outdated
Show resolved
Hide resolved
docs/SHIELD/Deploy/Reference/Architecture/SHIELD/Privileged/Conditional-Access/Compliance.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 20 out of 20 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
.../SHIELD/Deploy/Reference/Architecture/SHIELD/Privileged/Conditional-Access/OS-Enforcement.md
Outdated
Show resolved
Hide resolved
docs/SHIELD/Deploy/Reference/Architecture/SHIELD/Privileged/Conditional-Access/Compliance.md
Outdated
Show resolved
Hide resolved
Can't have overview for overview. Update top level to not include overview in name. Signed-off-by: Elliot Huffman <elliot_huffman@shilab.com>
This is redundant as the end of the page/footer handles the bottom of the page. Signed-off-by: Elliot Huffman <elliot_huffman@shilab.com>
Signed-off-by: Elliot Huffman <elliot_huffman@shilab.com>
This was leftover from R&D cycles. Format Document.
Old pricing table was for v3, new is for v4. Add a note about when the pricing data was captured.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.