Microsoft 365 admin center will support continuous access evaluation (CAE) [MC884015]

Microsoft 365 admin center will support continuous access evaluation (CAE) [MC884015]

We will enable continuous access evaluation (CAE) of tokens in the Microsoft 365 admin center in September 2024. This feature will proactively terminate active user or admin sessions, or require reauthentication, and enforce tenant policy changes in near real time instead of waiting for an access token to expire.

[When this will happen:]

General Availability (Worldwide): We will begin rolling out mid-September 2024 and expect to complete by late September 2024.

[How this will affect your organization:]

CAE is the feature that allows user or admin sessions to be revoked when certain critical events occur, or the location of the user or admin is not in the allowed IP address range. The access will be terminated almost instantly, instead of waiting for a token to expire.

OAuth 2.0 authentication (open authentication) traditionally relies on access token expiration to revoke a user’s access to modern cloud services. Users or admins whose access rights have been terminated still have access to resources until the access token expires. For the Microsoft 365 admin center, this access can be as long as an hour, by default. With continuous access evaluation, a user’s critical events and network location changes are continuously evaluated.

Enabling CAE offers several key benefits:

  • Mitigate insider and data exfiltration threats: An employee can export a valid access token and replay it to gain access to admin center from outside of your organization. With continuous access evaluation, you can enforce IP location policies and monitor user-critical events in near real time to mitigate the risk of external access and exfiltration of data.
  • Prevent unauthorized access: When a user account password is compromised, the Microsoft Entra administrator can reset it or disable the account in near real time to prevent unauthorized access to admin center.
  • Remove user access in near real time: Organizations have an obligation to instantly remove an admin or user’s access because of security threats, termination of employment, policy violations, or legal requirements. With continuous access evaluation, the Microsoft Entra administrator can instantly disable admin or user accounts and revoke access to organization resources in near real time.

[What you need to do to prepare:]

This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your admins about this change and update any relevant documentation.

Learn more: Continuous access evaluation in Microsoft Entra – Microsoft Entra ID | Microsoft Learn

CAE will be supported in Microsoft 365 admin center. To take advantage of CAE’s IP location conditional access (CA) policy enforcement, you should set up Continuous access evaluation strict location enforcement in Microsoft Entra ID – Microsoft Entra ID | Microsoft Learn

Source: Microsoft

Show 1 Comment

1 Comment

  1. Mike Rosoft

    The upcoming update in September 2024 for Microsoft 365 admin center is going to shake things up a bit! Imagine a digital bouncer kicking out unwanted guests from the party in real-time. That’s what Continuous Access Evaluation (CAE) will do – no more waiting around for access tokens to expire!

    For admins, this means having the power to swiftly revoke user or admin sessions when needed, whether it’s due to critical events or unauthorized access attempts. It’s like having a security guard on high alert, ready to take action at a moment’s notice.

    As for users, well, they might need to stay on their toes a bit more. No more sneaky access using expired tokens or compromised passwords. CAE will keep a close eye on user behavior and location changes, ensuring that only the right people get through the digital gates.

    In terms of criticality assessment, this update is like having a superhero swoop in to save the day. It helps mitigate insider threats, prevents unauthorized access, and allows for instant removal of access in case of security breaches or policy violations. It’s like having a security blanket wrapped around your organization, keeping it safe and sound.

    So, get ready for a smoother, more secure Microsoft 365 admin center experience with CAE on the horizon. Just sit back, relax, and let the digital bouncers do their thing!

Leave a Reply

Your email address will not be published. Required fields are marked *