Skip to Content

MC273937: Continuous Access Evaluation (CAE) on by default in premium Azure Active Directory tenants

To improve security and minimize the time that at-risk sessions stay active, we’ll begin to enable continuous access evaluation (CAE) in premium Azure Active Directory tenants on September 30, 2021. This was previously announced in MC255540 in May of 2021, with a beginning implementation date of mid-June, however this date has been moved to September to provide you additional time to take the required action appropriate for your tenant. Existing CAE configuration will be honored. You are receiving this message because Continuous Access Evaluation (CAE) will be enabled by default in your tenant if it is not explicitly disabled by September 30, 2021.

MC273937: Continuous Access Evaluation (CAE) on by default in premium Azure Active Directory tenants

Affected Workloads

  • Identity Service

Key points

  •  Timing: This will be enabled between November (previously mid-September) and the end of December (previously late November).
  • Roll-out: tenant level
  • Control type: admin control
  •  Action: review, assess and ensure CAE settings are correct for the environment by October 30, 2021 (previously September 30, 2021)

How this will affect your organization

CAE enables critical security events and policies to be evaluated in near real time in your organization to help minimize the time that an at-risk session stays active.

Security events and policies include:

  • Account disable
  • Password reset
  • Location change

Note: Continuous access evaluation will only be active in sessions between clients and services that support it.

When it’s enabled in your tenants

  • Critical events, such as disabling users and resetting passwords, and critical policies, like location policy, will take effect within minutes.
  • Access token lifetime will be up to 28 hours for sessions that use continuous access evaluation.
  • Changes that you make to group membership and Conditional Access policies may require up to 28 hours to take effect for clients and services that use continuous access evaluation

What you need to do to prepare

If you don’t want continuous access evaluation enabled in your tenants, disable it before September 30, 2021. We’ll honor any configuration that you set before that date.

Learn more

Message ID: MC273937
Published: 29 July 2021
Updated: 05 October 2021

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.