Continuous Access Evaluation in Azure AD is now generally available!

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Howdy folks,

 

We’re thrilled to announce the General Availability (GA) of Continuous Access Evaluation (CAE) as part of the overall Azure AD Zero Trust Session Management portfolio!

 

CAE introduces real-time enforcement of account lifecycle events and policies, including:

 

  • Account revocation
  • Account disablement/deletion
  • Password change
  • User location change
  • User risk increase

 

On receiving such events, app sessions are immediately interrupted and users are redirected back to Azure AD to reauthenticate or reevaluate policy. With CAE, we have introduced a new concept of Zero Trust authentication session management that is built on the foundation of Zero Trust principles–Verify Explicitly and Assume Breach. With the Zero Trust approach, the authentication session lifespan now depends on session integrity rather than on a predefined duration. This work is consistent with an industry effort called Shared Signals and Events, and we’re proud to be the first company in the group with a generally available implementation of continuous access!

In fact, we’re so excited about CAE that we auto-enabled it for all tenants. Azure AD Premium 1 customers can make configuration changes or disable CAE in a session blade of Conditional Access


Session blade of CAE for customizing configurationsSession blade of CAE for customizing configurations

 

 

With this GA, you’ll be more secure and resilient because the real-time enforcement of policies can safely extend session duration. In case of any Azure AD outages, users with CAE sessions can ride out these outages without ever noticing them.

 

“With CAE, gone are the days where we are waiting for the session to be revoked or the user to be reauthenticated for critical services like Exchange Online and SharePoint Online. If we ever had a security incident pop with a user identity, knowing that the token can be revoked instantly, is confidence inspiring. Further, the long default session lifetime with CAE is another benefit we welcome, particularly from the perspective of additional resilience to potential outages.”

-- BRIDGEWATER

CAE has been one of our most popular preview features and has already been deployed successfully by thousands of customers across millions of users. You can learn more about CAE here, including a full list of apps that support CAE today.


As always, we’d love to hear any feedback or suggestions you have. Let us know what you think in the comments below or on the Azure AD feedback forum

 

Best regards,

Alex Simons (Twitter: @alex_a_simons)

Corporate Vice President Program Management

Microsoft Identity Division

 

 

 

Learn more about Microsoft identity:

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.