Enable Continuous Access Evaluation for Financial Services & Banking

Financial Services & Banking organizations face specific regulatory requirements including soc2, pci-dss, nist-800-53, iso27001. The PA-07 control helps address these requirements by:

• Continuous Access Evaluation (CAE) is enabled for all supported applications
• Critical event evaluation (user disabled, password changed) triggers immediate revocation
• Strict location enforcement is enabled for admin access

Standard OAuth tokens are valid for 60-90 minutes. If an admin is compromised and you disable their account, the attacker still has that time window. CAE revokes access within seconds of critical events.

When implementing PA-07 in a financial services & banking environment, consider:

• **Regulatory requirements**: soc2, pci-dss, nist-800-53 may mandate specific configurations
• **Risk tolerance**: Financial Services & Banking organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

To implement PA-07 in your Microsoft 365 environment:

• Continuous Access Evaluation (CAE) is enabled for all supported applications
• Critical event evaluation (user disabled, password changed) triggers immediate revocation
• Strict location enforcement is enabled for admin access

This control requires manual implementation through the Entra admin center.