To improve security and minimize the time that at-risk sessions stay active, we’ll begin to enable continuous access evaluation (CAE) in premium Azure Active Directory tenants on September 30, 2021. This was previously announced in MC255540 in May of 2021, with a beginning implementation date of mid-June, however this date has been moved to September to provide you additional time to take the required action appropriate for your tenant. Existing CAE configuration will be honored. You are receiving this message because Continuous Access Evaluation (CAE) will be enabled by default in your tenant if it is not explicitly disabled by September 30, 2021.
Affected Workloads
- Identity Service
Key points
- Timing: This will be enabled between November (previously mid-September) and the end of December (previously late November).
- Roll-out: tenant level
- Control type: admin control
- Action: review, assess and ensure CAE settings are correct for the environment by October 30, 2021 (previously September 30, 2021)
How this will affect your organization
CAE enables critical security events and policies to be evaluated in near real time in your organization to help minimize the time that an at-risk session stays active.
Security events and policies include:
- Account disable
- Password reset
- Location change
Note: Continuous access evaluation will only be active in sessions between clients and services that support it.
When it’s enabled in your tenants
- Critical events, such as disabling users and resetting passwords, and critical policies, like location policy, will take effect within minutes.
- Access token lifetime will be up to 28 hours for sessions that use continuous access evaluation.
- Changes that you make to group membership and Conditional Access policies may require up to 28 hours to take effect for clients and services that use continuous access evaluation
What you need to do to prepare
If you don’t want continuous access evaluation enabled in your tenants, disable it before September 30, 2021. We’ll honor any configuration that you set before that date.
Learn more
- To learn how to disable CAE from the Azure AD Security Configuration blade, see Continuous Access Evaluation.
- To view the list of CAE-capable M365 services and clients, see CAE scenarios.
Message ID: MC273937
Published: 29 July 2021
Updated: 05 October 2021
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
