Frequent questions about using Conditional Access to secure remote access

Deleted - Good question.  To me, the two docs are different discussions about the same thing - 'best practices for Conditional Access.'  The "best practices" doc has alot of background information about CA, what the different elements of a Policy are, how policies are processed, etc. - how to conceptualize Conditional Access.  However, in terms of enterprise guidance and real-world implementation details (i.e. what specifically should I click/choose in the UI to end up with a complete CA design), the "common policies" doc is where I go.  

@Sonam Singh Chouhan - this is another common ask these days and yes, you can control attachments.  Either limit - (open in browser/save to SharePoint Online or OneDrive for Business) - or block from OWA with interop between AAD Conditional Access and OWA mailbox policy.  There is a two-step here where AAD Conditional Access Policy and Exchange Online work together.  With the Conditional Access Policy, you can exclude Hybrid AAD Joined (i.e. Domain Joined devices represented in your AAD) and/or 'compliant' devices (i.e. devices marked as 'compliant' in AAD by Intune) from getting the limits so they work 'fully' but sessions from un-managed devices are limited  https://techcommunity.microsoft.com/t5/outlook-blog/conditional-access-in-outlook-on-the-web-for-exchange-online/ba-p/267069