Instantly revoke users and enforce IP restriction with CAE
Important
This content is archived and is not being updated. For the latest documentation, go to What is Microsoft Dataverse?. For the latest release plans, go to Dynamics 365, Power Platform, and Cloud for Industry release plans.
Important
Some of the functionality described in this release plan has not been released. Delivery timelines may change and projected functionality may not be released (see Microsoft policy). Learn more: What's new and planned
| Enabled for | Public preview | General availability |
|---|---|---|
| Users by admins, makers, or analysts | 
Jun 30, 2023 |
To be announced |
Business value
With this feature, you'll be able to revoke users instantly and enforce IP restrictions using continuous access evaluation (CAE) while complying with Azure Active Directory (Azure AD) identity policy for user revocation and conditional access IP enforcement policy.
Feature details
CAE evaluates user critical events like user account deletion or disablement, password change, whether multi-factor authentication is enabled for the user, and conditional access policy like IP enforcement in near real time. Once the CAE detects the changes, the user is denied access to the resource.
The key benefits of CAE are:
- User termination or password change or reset: User session revocation will be enforced in near real time.
- Network location change: Conditional access location policies will be enforced in near real time.
- Token export to a machine outside of a trusted network can be prevented with conditional access location policies.
See also
Block access by location with Azure AD Conditional Access (docs)