Skip to main content Frontier Transformation AI for business Use cases Consumer goods Digital sovereignty Education Overview Power and utilities Oil and gas Mining Overview Banking Capital markets Insurance Overview Defense and intelligence Transportation and urban infrastructure Public health and social services Public safety and justice Public finance Overview Providers Payors Life sciences Health solutions Overview Industrial transformation Media and entertainment Overview Automotive Travel and transportation Retail Telecommunications Microsoft 365 Copilot AI agents at work Agent 365 Security for AI Copilot Studio Microsoft Foundry Azure AI apps and agents Microsoft Marketplace Copilot+ PCs Microsoft Copilot Download the Copilot app Microsoft responsible AI Principles and approach Tools and practices Advancing sustainability Securing AI Data protection and privacy AI 101 AI learning hub Industry blog Microsoft Cloud blog Support for business Industry documentation
An illustration depicting a modern workplace, next to an illustration of Bit the Raccoon.
·
1 min read

Enforcing Azure Active Directory security via Continuous Access Evaluation

An illustration depicting a modern workplace, next to an illustration of Bit the Raccoon.

Microsoft’s Azure AD Identity Protection and Azure AD Conditional Access provides the ability to monitor user sign-in attempts and analyse them for risk. Reducing the risk of a compromised account or a risky sign-in attempt from successfully completing an authentication and authorisation attempt is quite important, but what if circumstances change after a user has successfully logged in?

An end user is issued with an OAuth 2.0 access token at the time of a successful authentication, and that token has a lifespan making the end user’s session valid until that token expires. Configurable Token Lifetime policy is one hour by default unless configured otherwise. Imagine, however, if you’re an admin who needs to block a specific user’s access immediately, or if the service detects that a user is now accessing authenticated driven data from a free Wi-Fi at a coffee shop instead of from their corporate office. The end user’s non-expired access token would need to be immediately revoked forcing them to re-attempt authentication and authorisation – which will fail if their account has been disabled or may present them with a multi-factor authentication challenge because of their new location.

This is addressed via Continuous Access Evaluation, which provides a standard way for an identity provider or a service (also known as the relaying party or resource provider) to stop honouring a valid token and to re-issue an authentication and authorisation attempt. Sonia Cuff has recently shared a brilliant writeup detailing how with Continuous Access Evaluation in place, the lifespan of a token is no longer important, as we can re-challenge a user whenever circumstances change, without having to wait for their token to expire.

As you are aware, our team thrives on IT Professionals feedback which inspires the content we create. This includes technical articles, demo videos and interviews. We are also actively monitoring and engaging with the #AzOps hashtag on twitter. Feel free to reach out with any of your questions as our team is always happy to help.

Learn more

A photo of Anthony Bartolo
Anthony Bartolo
Senior Cloud Advocate at Microsoft

Related posts

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organisations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store Support Returns Order tracking Recycling Microsoft Store Promise Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education Office Education Educator training and development Deals for students and parents Azure for students
Microsoft AI Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft 365 Copilot Microsoft Teams Small Business Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Microsoft Power Platform Software companies Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Sustainability
English (United Kingdom)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Contact Microsoft Privacy Manage cookies Terms of use Trademarks About our ads EU Compliance DoCs Regulatory reporting