Instantly revoke users and enforce restrictions
Important
Some of the functionality described in this release plan has not been released. Delivery timelines may change and projected functionality may not be released (see Microsoft policy). Learn more: What's new and planned
| Enabled for | Public preview | General availability |
|---|---|---|
| Users, automatically | 
Jul 7, 2023 |
Sep 2024 |
Business value
With this feature, you'll be able to revoke users instantly and enforce IP restrictions. This feature uses continuous access evaluation (CAE) while complying with Azure Active Directory (Azure AD), part of Microsoft Entra, identity policy for user revocation and conditional access IP enforcement policy.
Feature details
CAE evaluates critical events like user account deletion or disablement, password changes, whether multi-factor authentication is enabled for users, and conditional access policy like IP enforcement in near real time. Once the CAE detects changes, a user is denied access to the resource.
The key benefits of CAE are:
- User termination or password change or reset: User session revocation is enforced in near real time.
- Network location change: Conditional access location policies are enforced in near real time.
- Token export: Token export to a machine outside of a trusted network can be prevented with conditional access location policies.
See also
Continuous access evaluation (docs)
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for