Wave 15 · Identity and Endpoint Expansion Microsoft / Entra / Conditional Access proof Synthetic policy snapshots + exception exports

Conditional Access policy drift, admin exclusions, and device/risk posture that stay operator-readable.

This control plane turns Conditional Access snapshots into one identity-governance surface: report-only admin policies, exclusion sprawl, device-trust gaps, missing sign-in risk coverage, weak session controls, and the remediation packets needed before audit or incident windows drift.

Overview Policy Lane Control Gaps Exception Posture Verification Docs

Commercial Front Door

Conditional Access, identity protection, and tenant-governance operations for platform, IAM, and security teams.
Audit-safe visibility into policy enforcement, exclusions, device trust, and app-targeting posture without exposing tenant credentials.

Proof Layer

Offline posture analyzer + CLI + dashboard surface.
This repo includes a reusable analyzer that reads Conditional Access exports and turns them into owner, control-gap, and remediation packets.

Why it matters

Recruiters looking for Azure / Entra / Conditional Access / Intune / identity governance should see real admin work: policy enforcement, exclusions, device trust, and audit-safe cleanup proof.