Skip to content
AscendCore
Back to Runbook Library
Security Template: configurable per customer

Conditional Access Policy Review

Surface a proposed conditional-access change as a clear diff for approval before it affects sign-in, with a full audit record.

Integrates with

Entra ID

The problem

Conditional-access policies govern who can sign in and from where. A careless change can lock out an entire organization, which is exactly why these changes deserve a reviewed, recorded approval rather than a quiet edit.

What AscendCore does

A proposed change is rendered as a readable diff in Slack or Teams. AscendCore routes it to approvers and, on approval, stages the change (report-only first where the platform supports it). The change and its approver are recorded in the audit chain.

Status

Template. Policy scope and rollout style are configurable per customer. Connect it to your Microsoft Entra ID tenant to enable.

Runbook source preview

Versioned, deterministic, auditable

Every runbook is defined as a versioned YAML manifest with explicit triggers, steps, and approval policies. The runbook itself is the audit-ready record of what AscendCore can and will do. Chat is just the interface that triggers it.

name: conditional-access-review
trigger:
  channels: [slack, teams]
  intents: [ca_policy_change]
steps:
  - render_policy_diff
  - admin_approval
  - stage_policy_change        # report-only first where supported
approval:
  required: true
  approvers: [it-admins, sec-team]
Want this runbook?

Configure conditional access policy review for your environment

Templates are configurable per customer environment. Talk to us about the specific systems and approval flow you need.

See plans & pricingBrowse all runbooks

More security runbooks

Live

Security Alert Triage

IT-admin-initiated security triage: invoke /alert-triage on a user account when you spot suspicious activity, AscendCore proposes account suspension pending investigation, suspension executes only on explicit approval. Distinct security-event audit namespace for SOC-2 evidence separation.

Read more
Template

Endpoint Isolation

Quarantine a suspected-compromised device from the network on explicit approval, with owner notification and a security-namespaced audit row.

Read more
Template

Exposed Secret Response

Respond to a leaked credential by rotating or revoking it and notifying the owner in one approval-gated action, fully audited.

Read more