I am doing my annual security audit (a few days late) and were wondering if anyone has put together a chart showing the interaction between the various elements of Azure Active Directory as it relates to Office 365. There are so many layers when we consider:
Azure conditional access policies,
Exchange mail flow and spam rules,
Windows Defender Advanced Threat Protection (Enterprise E5 users)
Cloud App security policies and notification rules
Not to mention the authentication polices I have in place for Exchange Online, MFA policies, on and on. I have a good handle on how it all works together, but have never put together a chart showing the interaction of the various elements and the order of application. Example, in Exchange online the authentication policy comes first, with MFA, then the conditional access policy. For a CA rule blocking sign on from a restricted region, the flow goes through the authentication policy, then MFA, then to the CA policy. Alerts fire according to the Cloud App Security policy in the first step.