Microsoft Previews Continuous Access Evaluation for Azure AD Conditional Access Users

A preview of Microsoft's Continuous Access Evaluation (CAE) security solution is now available for Azure Active Directory users that have configured Conditional Access policies, Microsoft announced on Friday.

CAE is an OpenID Foundation-led effort to increase communications between a token issuer, such as Azure AD, and an application or service. The idea with CAE is to enable so-called "real-time" communications when things change (such as when a user's account gets deleted). A somewhat instantaneous reaction to the change is the goal with CAE, although there can still be a 15-minute delay under the scheme.

Microsoft has its own version of CAE, which was applied to Microsoft Teams and Exchange Online. It reached "general availability" commercial-release status for those two services back in May.

Microsoft's Friday announcement clarified that Microsoft's earlier CAE release was for organizations that "had not configured any Conditional Access policies." Now, with this preview release, it's possible for organizations with Conditional Access policies configured to try Microsoft's CAE solution

The CAE preview with Azure AD Conditional Access, if wanted, needs to be turned on using a toggle button in the Azure portal. Using it requires having an Azure AD Premium subscription.

Turning on the CAE preview speeds up the actions to take when Conditional Access policies are in violation. "Microsoft services, like Exchange and SharePoint, can terminate active user sessions as soon as a Conditional Access policy violation is detected," Microsoft's announcement explained.

Microsoft's CAE preview will react to the following events, according to a Microsoft document, dated Aug. 28:

  • User Account is deleted or disabled
  • Password for a user is changed or reset
  • Multi-factor authentication is enabled for the user
  • Administrator explicitly revokes all refresh tokens for a user
  • Elevated user risk detected by Azure AD Identity Protection

Microsoft's CAE is initially focused on adding support for Exchange Online, SharePoint Online and Microsoft Teams applications, according to the document, which also lists Microsoft Office apps. At present, there are some client limitations. CAE is currently not supported on Android and iOS clients for SharePoint Online and Exchange Online services, nor is there Office Web App client support for those two services, per the document.

Microsoft has plans to bring CAE to other Microsoft services. "More Microsoft services, such as Dynamics and Azure, will be enabled [with CAE] in the future," the announcement indicated.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube