Microsoft Announces General Availability of Azure AD Continuous Access Evaluation

Microsoft unveiled a new Continuous Access Evaluation (CAE) security solution for its Azure AD Conditional Access service back in October 2020. The company has recently announced that the CAE feature is generally available for enterprise customers.

With this new service, Azure Active Directory customers can securely revoke an access token and force a re-authentication of the specific user as a result of an event or a context change for CAE compatible clients. CAE support is currently available for Exchange Online, SharePoint Online, and Microsoft Teams. You can check out the full list of all supported platforms on this support page.

Microsoft says that CAE is a part of its “Azure AD Zero Trust Session Management portfolio,” and it enables customers to enforce account lifecycle events and policies such as account revocation, account disablement/deletion, password change, user location change, and user risk increase.

“With CAE, we have introduced a new concept of Zero Trust authentication session management that is built on the foundation of Zero Trust principles–Verify Explicitly and Assume Breach. With the Zero Trust approach, the authentication session lifespan now depends on session integrity rather than on a predefined duration,” the company explained.

How to migrate Continuous Access Evaluation (CAE) settings to a Conditional Access policy

IT Admins will be able to access the CAE feature under the “Session” blade menu item available on the Azure portal. For organizations that have previously configured CAE settings under “Security,” Microsoft has provided a step-by-step guide to migrate settings to a new Conditional Access policy.

• Sign in to the Azure portal and navigate to Azure Active Directory >> Security >> Continuous access evaluation.
• The Continuous access evaluation (Preview) page will show an option to Migrate your policy.
• Then, browse to “Conditional Access” and search for the “CA policy created from CAE settings.” You can either create a new policy or customize an existing Conditional Access policy (if needed).

The Continuous Access Evaluation (CAE) feature is now enabled by default for all Azure Active Directory customers. However, keep in mind that only Azure AD Premium 1 customers will be able to configure or disable CAE in their organizations.