Claritiq — E - CA Policies Mockup

Cq · Refreshed today

Critical Caution Healthy · target

Scope: eni.enigron.com · c1.eni.enigron.com

Total policies

across 6 categories

Enabled

77.8%

Report-only

≥ 30d in this state

Disabled

review intent

Overlap pairs

redundant rules

MFA gap users

not covered by any MFA-required policy

Policies × state

Category	Enabled	Report-only	Disabled	Total
MFA enforcement	8	1	0	9
Block legacy auth	3	0	0	3
Device compliance	4	1	1	6
Risk-based sign-in	2	1	0	3
Privileged role guard	3	0	0	3
Location filter	1	1	1	3

Overlap & gap findings

Finding	Affected	Severity
Overlap: 'MFA-AllUsers' + 'MFA-AllApps'	(both)	Caution
Overlap: 'Block-Legacy-Outlook' + 'Block-Legacy-EWS'	(both)	Caution
Gap: 47 users not covered by MFA-required	47	Critical
Stale: 4 policies in report-only > 30d	4	Caution
Stale: 2 disabled policies (no recent edits)	2	Caution

CA policy overlap creates evaluation noise; gaps create exposure. Quarterly access-review export should include this matrix.

Quick views

All CA policies — inventory snapshot Showing 6 of 27 · Sorted by Category, Name

Policy name	State	Users target	Apps	Conditions	Grant	Last modified
MFA-AllUsers	Enabled	All users	All cloud apps	Any device	Require MFA	2025-11-04
MFA-AllApps	Enabled	All users	All cloud apps	Any platform	Require MFA	2024-09-12
Block-Legacy-Outlook	Enabled	All users	Office 365	Legacy auth	Block	2024-04-22
Risk-Based-SignIn-High	Enabled	All users	All cloud apps	High user risk	Require MFA + reset	2025-08-14
Privileged-Role-Guard	Enabled	Tier-0 admins	All cloud apps	Any	Compliant device + FIDO2	2025-12-11
Location-EU-Only	Disabled	EU subsidiary	All cloud apps	Outside EU	Block	2023-06-04