Continuous Access Evaluation

CAE
access

Real-time policy enforcement that can revoke access within seconds when critical security events occur.

What is Continuous Access Evaluation?

Traditional OAuth access tokens are valid for their full lifetime (typically 60-90 minutes) even after the user is disabled or their location changes. CAE enables near-instantaneous token revocation when critical events occur—user disabled, password changed, high risk detected, or location policy violated. This closes the window of opportunity for attackers using stolen tokens.

In Microsoft 365

CAE is enabled by default in Azure AD for supported applications (Exchange, SharePoint, Teams, Graph). Strict location enforcement can be configured in Conditional Access to require CAE for location-based policies. Critical event evaluation triggers on user disablement and password changes.

Examples

  • 1Disabled user loses access within seconds instead of waiting for token expiry
  • 2Location change triggers re-authentication
  • 3Risk detection immediately blocks access

Related TrueConfig Controls

These controls help implement and verify continuous access evaluation in your Microsoft 365 environment.

PA-07Enable Continuous Access Evaluation

Frequently Asked Questions

What is Continuous Access Evaluation (CAE)?
Real-time policy enforcement that can revoke access within seconds when critical security events occur.
How does Continuous Access Evaluation work in Microsoft 365?
CAE is enabled by default in Azure AD for supported applications (Exchange, SharePoint, Teams, Graph). Strict location enforcement can be configured in Conditional Access to require CAE for location-based policies. Critical event evaluation triggers on user disablement and password changes.
What are examples of Continuous Access Evaluation?
Examples of Continuous Access Evaluation include: Disabled user loses access within seconds instead of waiting for token expiry, Location change triggers re-authentication, Risk detection immediately blocks access.
Which TrueConfig controls relate to Continuous Access Evaluation?
TrueConfig controls related to Continuous Access Evaluation include: PA-07. These controls help implement and verify continuous access evaluation in your environment.

Related Terms

Conditional Access

Policy-based access control that evaluates signals and enforces security requirements before granting access.

Zero Trust

Security model that assumes breach and verifies every access request as though it originates from an untrusted network.

← Back to GlossaryBrowse Controls →