Microsoft 365 Admin Center to Get Support for Continuous Access Evaluation (CAE)

Published: Sep 09, 2024

Security

SHARE ARTICLE

Key Takeaways:

  • Continuous Access Evaluation (CAE) allows for immediate enforcement of access policies, ensuring faster responses to changes like account compromise.
  • CAE proactively terminates active user/admin sessions or requires reauthentication.
  • Administrators can leverage CAE to enforce IP-based policies, track critical user events, and revoke access instantly.

Microsoft is getting ready to add support for continuous access evaluation (CAE) to the Microsoft 365 admin center. The CAE feature will proactively terminate active user or admin sessions, prompt reauthentication, and enforce policy changes without relying on token expiration.

What is continuous access evaluation?

In Microsoft Entra ID, Continuous Access Evaluation (CAE) is a security feature that enforces access policies in real-time. Unlike traditional methods that rely on token expiration, CAE responds instantly to changes in user conditions, such as account compromises, network location changes, or password updates.

“OAuth 2.0 authentication (open authentication) traditionally relies on access token expiration to revoke a user’s access to modern cloud services. Users or admins whose access rights have been terminated still have access to resources until the access token expires. For the Microsoft 365 admin center, this access can be as long as an hour, by default. With continuous access evaluation, a user’s critical events and network location changes are continuously evaluated,” the company explained on the Microsoft 365 admin center.

Microsoft 365 Admin Center will Support for Continuous Access Evaluation (CAE)
Continuous access evaluation – User revocation event flow (Image Credit: Microsoft)

Key benefits of continuous access evaluation

With continuous access evaluation, administrators can enforce IP location policies and track user-critical events to mitigate insider and data exfiltration threats. Additionally, it enables IT admins to reset passwords or disable compromised accounts instantly to prevent unauthorized access. CAE also provides the ability to immediately revoke user or admin access to organizational resources.

Microsoft plans to roll out continuous access evaluation (CAE) support for the Microsoft 365 admin center later this month. The company says that administrators will need to configure continuous access evaluation in Microsoft Entra ID.

SHARE ARTICLE