In designing a modern authentication and authorization strategy, how would you incorporate Conditional Access, continuous access evaluation, risk scoring, and protected actions to enhance security and user experience?