Merge pull request #104216 from SanDeo-MSFT/patch-52

PRMerger7 · web-flow · commit bb083146e9bb · 2020-02-18T18:08:39.000-08:00
Update plan-conditional-access.md
diff --git a/articles/active-directory/conditional-access/plan-conditional-access.md b/articles/active-directory/conditional-access/plan-conditional-access.md
@@ -29,6 +29,9 @@ There are two types of Conditional Access policies: baseline and standard. A [ba
 
 In a standard Conditional Access policy, you can customize all settings to adjust the policy to your business requirements. Standard policies require an Azure AD Premium P1 license.
 
+>[!NOTE]
+> We recommend using Azure AD device based Conditional Access policy to get the best enforcement after initial device authentication. This includes closing sessions if the device falls out of compliance and device code flow.
+
 ## Draft policies
 
 Azure Active Directory Conditional Access enables you to bring the protection of your cloud apps to a new level. In this new level, how you can access a cloud app is based on a dynamic policy evaluation instead of a static access configuration. With a Conditional Access policy, you define a response (**do this**) to an access condition (**when this happens**).
