Conditional Access consolidates signals to make decisions, and enforces organizational policies like in case of SCA, require a complaint device or App Protection Policies.
Use Conditional Access policies to apply the right access controls when needed to keep your organization secure. Azure AD Conditional Access is at the heart of the new identity-driven control plane.
Conditional Access policies are enforced after first-factor authentication is completed. Conditional Access isn't intended to be an organization's first line of defense for scenarios like denial-of-service (DoS) attacks, but it can use signals from these events to determine access.