Which services and applications
are more sensitive than others? For example, you might want stronger
authentication for key financial documents than for search engines.
To protect your most sensitive services and applications, you can
configure
Multi-Factor
Authentication (MFA) to ensure that each user authenticates
using multiple methods (factors) when accessing those services and
applications. To accommodate a variety of security needs,
Configure
Authentication Policy rules that trigger MFA or single factor
authentication (such as login credentials or certificates) based
on specific services, applications, and end users. Other ways to
reduce your attack surface include
network segmentation and
user groups for allowed applications.