F. Access Plane

MFA, Zero Trust, SASE, Certificate-Based Auth, Privileged Access

Published

April 24, 2026

F. Access Plane

Identity-bound network + application access controls. The access plane is the enforcement surface for every Conditional Access policy, every Zero Trust segment, and every privileged-access workflow. It replaces the AD-centric network-perimeter model with identity + device posture.

Leaves

F.1 MFA (methods, phishing resistance, FIDO2)
F.2 Zero Trust model — modernization-specs/zero-trust
F.3 SASE — modernization-specs/sase
F.4 Certificate-Based Authentication (Entra CBA)
F.5 Privileged Access Management — CyberArk adapter
F.6 Break-glass accounts