Continues Access Evaluation or CAE is still in preview, but it has proven to refresh the near-real time refresh for Conditional Access Policies.
Ideally this is a very helpful feature in the world of Identity and Access Management, because there are frequent attacks happening and the IdAM Admins need to take action quickly.
Some actions including Reset user password, adding or removing Trusted IPs and specially when the user is moving from location to location and when the Conditional Access policies to govern the trusted locations.
Usually the token expiration and refresh interval is 1 hour and ideally when a client application that is Modern Authentication aware tries to connect, the API requests are authorized using OAuth 2.0 access tokens.
Every hour, when they are due to refresh, it reevaluates the user state, policies in order to enforce what’s in the policy.
The client app redirects back to the Azure AD to refresh the token and according to the user state, the new token will make sure whether the user access to be blocked or to be allowed.Continue reading “Why Azure AD Continues Access Evaluation is Important?”