Microsoft Previews Continuous Access Evaluation for Azure AD Conditional Access Users -- Redmondmag.com

Microsoft Previews Continuous Access Evaluation for Azure AD Conditional Access Users

By Kurt Mackie
10/12/2020

A preview of Microsoft's Continuous Access Evaluation (CAE) security solution is now available for Azure Active Directory users that have configured Conditional Access policies, Microsoft announced on Friday.

CAE is an OpenID Foundation-led effort to increase communications between a token issuer, such as Azure AD, and an application or service. The idea with CAE is to enable so-called "real-time" communications when things change (such as when a user's account gets deleted). A somewhat instantaneous reaction to the change is the goal with CAE, although there can still be a 15-minute delay under the scheme.

Microsoft has its own version of CAE, which was applied to Microsoft Teams and Exchange Online. It reached "general availability" commercial-release status for those two services back in May.

Microsoft's Friday announcement clarified that Microsoft's earlier CAE release was for organizations that "had not configured any Conditional Access policies." Now, with this preview release, it's possible for organizations with Conditional Access policies configured to try Microsoft's CAE solution

The CAE preview with Azure AD Conditional Access, if wanted, needs to be turned on using a toggle button in the Azure portal. Using it requires having an Azure AD Premium subscription.

Turning on the CAE preview speeds up the actions to take when Conditional Access policies are in violation. "Microsoft services, like Exchange and SharePoint, can terminate active user sessions as soon as a Conditional Access policy violation is detected," Microsoft's announcement explained.

Microsoft's CAE preview will react to the following events, according to a Microsoft document, dated Aug. 28:

User Account is deleted or disabled
Password for a user is changed or reset
Multi-factor authentication is enabled for the user
Administrator explicitly revokes all refresh tokens for a user
Elevated user risk detected by Azure AD Identity Protection

Microsoft's CAE is initially focused on adding support for Exchange Online, SharePoint Online and Microsoft Teams applications, according to the document, which also lists Microsoft Office apps. At present, there are some client limitations. CAE is currently not supported on Android and iOS clients for SharePoint Online and Exchange Online services, nor is there Office Web App client support for those two services, per the document.

Microsoft has plans to bring CAE to other Microsoft services. "More Microsoft services, such as Dynamics and Azure, will be enabled [with CAE] in the future," the announcement indicated.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.