News

Microsoft Previews Continuous Access Evaluation for Azure AD Conditional Access Users

A preview of Microsoft's Continuous Access Evaluation (CAE) security solution is now available for Azure Active Directory users that have configured Conditional Access policies, Microsoft announced on Friday.

CAE is an OpenID Foundation-led effort to increase communications between a token issuer, such as Azure AD, and an application or service. The idea with CAE is to enable so-called "real-time" communications when things change (such as when a user's account gets deleted). A somewhat instantaneous reaction to the change is the goal with CAE, although there can still be a 15-minute delay under the scheme.

Microsoft has its own version of CAE, which was applied to Microsoft Teams and Exchange Online. It reached "general availability" commercial-release status for those two services back in May.

Microsoft's Friday announcement clarified that Microsoft's earlier CAE release was for organizations that "had not configured any Conditional Access policies." Now, with this preview release, it's possible for organizations with Conditional Access policies configured to try Microsoft's CAE solution

The CAE preview with Azure AD Conditional Access, if wanted, needs to be turned on using a toggle button in the Azure portal. Using it requires having an Azure AD Premium subscription.

Turning on the CAE preview speeds up the actions to take when Conditional Access policies are in violation. "Microsoft services, like Exchange and SharePoint, can terminate active user sessions as soon as a Conditional Access policy violation is detected," Microsoft's announcement explained.

Microsoft's CAE preview will react to the following events, according to a Microsoft document, dated Aug. 28:

  • User Account is deleted or disabled
  • Password for a user is changed or reset
  • Multi-factor authentication is enabled for the user
  • Administrator explicitly revokes all refresh tokens for a user
  • Elevated user risk detected by Azure AD Identity Protection

Microsoft's CAE is initially focused on adding support for Exchange Online, SharePoint Online and Microsoft Teams applications, according to the document, which also lists Microsoft Office apps. At present, there are some client limitations. CAE is currently not supported on Android and iOS clients for SharePoint Online and Exchange Online services, nor is there Office Web App client support for those two services, per the document.

Microsoft has plans to bring CAE to other Microsoft services. "More Microsoft services, such as Dynamics and Azure, will be enabled [with CAE] in the future," the announcement indicated.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

comments powered by Disqus