Principle 5 - MFA

[ColinRobbins]

In Principle 5, the comment is made:

MFA is a requirement for a zero trust architecture. This doesn't mean that the user experience has to be poor. On modern devices and platforms, strong MFA can be achieved with a good user experience.

Should this also reference the concept of conditional access, often deployed to ensure a good user experience.
For example the MFA token is only requested when the access appears to come for a different device / location or unusual time?

[PeterR707]

Hi Colin

I have accepted some changes this morning which may have answered your question. As yes need to be a bit more clearer on how to balance user experience and gaining trust. The relevant updates are under MFA and usability. https://github.com/ukncsc/zero-trust-architecture/blob/master/05-Authenticate-everywhere.md

Please let me know your thoughts

Thank you for your feedback