Continuous Access Evaluation in Azure AD [General Availability]
CAE introduces real-time enforcement of account lifecycle events and policies, including:
- Account revocation
- Account disablement/deletion
- Password change
- User location change
- User risk increase
On receiving such events, app sessions are immediately interrupted and users are redirected back to Azure AD to reauthenticate or reevaluate policy.
With CAE, Microsoft has introduced a new concept of Zero Trust authentication session management that is built on the foundation of Zero Trust principles–Verify Explicitly and Assume Breach. With the Zero Trust approach, the authentication session lifespan now depends on session integrity rather than on a predefined duration.
CAS is enabled for all tenants.
Azure AD Premium 1 customers can make configuration changes or disable CAE in a session blade of Conditional Access.
Session blade of CAE for customizing configurations