How would you validate the alignment of Conditional Access policies with a Zero Trust strategy in an organization that operates across multiple geographic locations and uses a variety of cloud services?